Allow explicit definition of automation prefix in project factory (#3124)
* Allow explicit definition of automation prefix in project factory * update schema doc
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
46c97f1847
commit
e391a3ff75
@@ -428,6 +428,8 @@ service_accounts:
|
||||
- automation/rw
|
||||
automation:
|
||||
project: test-pf-teams-iac-0
|
||||
# prefix used for automation resources can be explicitly set if needed
|
||||
# prefix: test-pf-dev-tb-0-0
|
||||
service_accounts:
|
||||
rw:
|
||||
description: Team B app 0 read/write automation sa.
|
||||
|
||||
@@ -21,8 +21,11 @@ locals {
|
||||
for k, v in local.projects :
|
||||
k => merge(try(v.automation.bucket, {}), {
|
||||
automation_project = v.automation.project
|
||||
prefix = v.prefix
|
||||
project_name = v.name
|
||||
prefix = coalesce(
|
||||
try(v.automation.prefix, null),
|
||||
"${v.prefix}-${v.name}"
|
||||
)
|
||||
project_name = v.name
|
||||
}) if try(v.automation.bucket, null) != null
|
||||
}
|
||||
automation_sa = flatten([
|
||||
@@ -30,9 +33,12 @@ locals {
|
||||
for ks, kv in try(v.automation.service_accounts, {}) : merge(kv, {
|
||||
automation_project = v.automation.project
|
||||
name = ks
|
||||
prefix = v.prefix
|
||||
project = k
|
||||
project_name = v.name
|
||||
prefix = coalesce(
|
||||
try(v.automation.prefix, null),
|
||||
"${v.prefix}-${v.name}"
|
||||
)
|
||||
project = k
|
||||
project_name = v.name
|
||||
})
|
||||
]
|
||||
])
|
||||
@@ -45,7 +51,7 @@ module "automation-bucket" {
|
||||
# from the IAM dependency in the outputs of the main project
|
||||
project_id = each.value.automation_project
|
||||
prefix = each.value.prefix
|
||||
name = "${each.value.project_name}-tf-state"
|
||||
name = "tf-state"
|
||||
encryption_key = lookup(each.value, "encryption_key", null)
|
||||
iam = {
|
||||
for k, v in lookup(each.value, "iam", {}) : k => [
|
||||
@@ -113,7 +119,7 @@ module "automation-service-accounts" {
|
||||
# from the IAM dependency in the outputs of the main project
|
||||
project_id = each.value.automation_project
|
||||
prefix = each.value.prefix
|
||||
name = "${each.value.project_name}-${each.value.name}"
|
||||
name = each.value.name
|
||||
description = lookup(each.value, "description", null)
|
||||
display_name = lookup(
|
||||
each.value,
|
||||
|
||||
@@ -11,6 +11,9 @@
|
||||
"project"
|
||||
],
|
||||
"properties": {
|
||||
"prefix": {
|
||||
"type": "string"
|
||||
},
|
||||
"project": {
|
||||
"type": "string"
|
||||
},
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
|
||||
- **automation**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **prefix**: *string*
|
||||
- ⁺**project**: *string*
|
||||
- **bucket**: *reference([bucket](#refs-bucket))*
|
||||
- **service_accounts**: *object*
|
||||
@@ -86,6 +87,7 @@
|
||||
- **iam_self_roles**: *array*
|
||||
- items: *string*
|
||||
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
|
||||
- **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
|
||||
- **service_encryption_key_ids**: *object*
|
||||
<br>*additional properties: false*
|
||||
- **`^[a-z-]+\.googleapis\.com$`**: *array*
|
||||
|
||||
Reference in New Issue
Block a user