kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

allow FAST stage 0 provider template to work with universe (#3379)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-10-05 11:17:31 +02:00
committed by GitHub
parent 4db29a48eb
commit 7aa4e453d7
4 changed files with 49 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
fast/stages/0-org-setup/assets/providers.tf.tpl
View File

@@ -17,13 +17,26 @@
terraform {
backend "gcs" {
bucket = "${bucket}"
%{~ if try(universe_domain, null) == null ~}
impersonate_service_account = "${service_account}"
%{ if try(prefix, null) != null }prefix = "${prefix}"%{ endif }
%{~ endif ~}
%{~ if try(prefix, null) != null ~}
prefix = "${prefix}"
%{~ endif ~}
%{~ if try(universe_domain, null) != null ~}
storage_custom_endpoint = ""https://storage.${universe_domain}/storage/v1/b"
%{~ endif ~}
}
}
provider "google" {
impersonate_service_account = "${service_account}"
%{~ if try(universe_domain, null) != null ~}
universe_domain = "${universe_domain}"
%{~ endif ~}
}
provider "google-beta" {
impersonate_service_account = "${service_account}"
%{~ if try(universe_domain, null) != null ~}
universe_domain = "${universe_domain}"
%{~ endif ~}
}

12
fast/stages/0-org-setup/output-files.tf
View File

@@ -51,6 +51,11 @@ locals {
id = local.organization_id
}
prefix = local.defaults.prefix
universe = try(
local.project_defaults.overrides.universe,
local.project_defaults.defaults.universe,
null
)
}
org-setup = {
automation = {
@@ -79,6 +84,11 @@ locals {
)
}
}
of_universe_domain = try(
local.project_defaults.overrides.universe.domain,
local.project_defaults.defaults.universe.domain,
null
)
}
resource "local_file" "providers" {
@@ -93,6 +103,7 @@ resource "local_file" "providers" {
service_account = lookup(
local.of_service_accounts, each.value.service_account, each.value.service_account
)
universe_domain = local.of_universe_domain
})
}
@@ -108,6 +119,7 @@ resource "google_storage_bucket_object" "providers" {
service_account = lookup(
local.of_service_accounts, each.value.service_account, each.value.service_account
)
universe_domain = local.of_universe_domain
})
}

8
fast/stages/0-org-setup/schemas/defaults.schema.json
View File

@@ -314,9 +314,13 @@
"type": "object",
"additionalProperties": false,
"required": [
"domain",
"prefix"
],
"properties": {
"domain": {
"type": "string"
},
"forced_jit_service_identities": {
"type": "array",
"items": {
@@ -485,9 +489,13 @@
"type": "object",
"additionalProperties": false,
"required": [
"domain",
"prefix"
],
"properties": {
"domain": {
"type": "string"
},
"forced_jit_service_identities": {
"type": "array",
"items": {

30
tests/fast/stages/s0_org_setup/not-simple.yaml
View File

@@ -57,8 +57,8 @@ values:
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
\ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
}\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n }\n}\nprovider\
\ \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_disposition: null
@@ -89,8 +89,8 @@ values:
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
\ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
}\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n }\n}\nprovider\
\ \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_disposition: null
@@ -243,7 +243,7 @@ values:
google_storage_bucket_object.tfvars["globals"]:
bucket: ft0-prod-iac-core-0-iac-outputs
cache_control: null
content: '{"billing_account":{"id":"012345-012345-012345"},"groups":{"domain":"domain:example.org","gcp-billing-admins":"group:gcp-billing-admins@example.org","gcp-devops":"group:gcp-devops@example.org","gcp-network-admins":"group:gcp-network-admins@example.org","gcp-organization-admins":"group:fabric-fast-owners@google.com","gcp-secops-admins":"group:gcp-secops-admins@example.org","gcp-security-admins":"group:gcp-security-admins@example.org","gcp-support":"group:gcp-support@example.org"},"locations":{"bigquery":"europe-west1","logging":"europe-west1","pubsub":[],"storage":"eu"},"organization":{"customer_id":"abcd123456","domain":"example.org","id":"1234567890"},"prefix":"ft0"}'
content: '{"billing_account":{"id":"012345-012345-012345"},"groups":{"domain":"domain:example.org","gcp-billing-admins":"group:gcp-billing-admins@example.org","gcp-devops":"group:gcp-devops@example.org","gcp-network-admins":"group:gcp-network-admins@example.org","gcp-organization-admins":"group:fabric-fast-owners@google.com","gcp-secops-admins":"group:gcp-secops-admins@example.org","gcp-security-admins":"group:gcp-security-admins@example.org","gcp-support":"group:gcp-support@example.org"},"locations":{"bigquery":"europe-west1","logging":"europe-west1","pubsub":[],"storage":"eu"},"organization":{"customer_id":"abcd123456","domain":"example.org","id":"1234567890"},"prefix":"ft0","universe":null}'
content_disposition: null
content_encoding: null
content_language: null
@@ -306,8 +306,8 @@ values:
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
\ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
}\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n }\n}\nprovider\
\ \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_base64: null
@@ -327,8 +327,8 @@ values:
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
\ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
}\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n }\n}\nprovider\
\ \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_base64: null
@@ -426,7 +426,7 @@ values:
sensitive_content: null
source: null
local_file.tfvars["globals"]:
content: '{"billing_account":{"id":"012345-012345-012345"},"groups":{"domain":"domain:example.org","gcp-billing-admins":"group:gcp-billing-admins@example.org","gcp-devops":"group:gcp-devops@example.org","gcp-network-admins":"group:gcp-network-admins@example.org","gcp-organization-admins":"group:fabric-fast-owners@google.com","gcp-secops-admins":"group:gcp-secops-admins@example.org","gcp-security-admins":"group:gcp-security-admins@example.org","gcp-support":"group:gcp-support@example.org"},"locations":{"bigquery":"europe-west1","logging":"europe-west1","pubsub":[],"storage":"eu"},"organization":{"customer_id":"abcd123456","domain":"example.org","id":"1234567890"},"prefix":"ft0"}'
content: '{"billing_account":{"id":"012345-012345-012345"},"groups":{"domain":"domain:example.org","gcp-billing-admins":"group:gcp-billing-admins@example.org","gcp-devops":"group:gcp-devops@example.org","gcp-network-admins":"group:gcp-network-admins@example.org","gcp-organization-admins":"group:fabric-fast-owners@google.com","gcp-secops-admins":"group:gcp-secops-admins@example.org","gcp-security-admins":"group:gcp-security-admins@example.org","gcp-support":"group:gcp-support@example.org"},"locations":{"bigquery":"europe-west1","logging":"europe-west1","pubsub":[],"storage":"eu"},"organization":{"customer_id":"abcd123456","domain":"example.org","id":"1234567890"},"prefix":"ft0","universe":null}'
content_base64: null
directory_permission: '0777'
file_permission: '0644'
@@ -472,6 +472,11 @@ values:
condition: []
member: serviceAccount:iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
role: roles/billing.user
module.billing-accounts["default"].google_billing_account_iam_member.bindings["billing_viewer_org_ro"]:
billing_account_id: 012345-012345-012345
condition: []
member: serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
role: roles/billing.viewer
module.factory.module.bigquery-datasets["billing-0/billing_export"].google_bigquery_dataset.default:
dataset_id: billing_export
default_encryption_configuration: []
@@ -492,11 +497,6 @@ values:
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.billing-accounts["default"].google_billing_account_iam_member.bindings["billing_viewer_org_ro"]:
billing_account_id: 012345-012345-012345
condition: []
member: serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
role: roles/billing.viewer
module.factory.module.buckets["iac-0/iac-org-state"].google_storage_bucket.bucket[0]:
autoclass: []
cors: []