981e4581ee
* dp rewrite stage 0, projects * remove plan files * generalize handling of basepath for projects in project-factory module * central-0 ---> core-0 * add schemas, validate YAMLs, tags * aspect types * data catalog policy tag factory * add support for data catalog taxonomy to project factory * complete retrofit of old stage configuration, except networking * shared vpc networking * networking * data platform as pf dataset * docs * test * remove legacy dp stage, fix tests and links * boilerplate * tfdoc * fix unrelated tfdoc * schemas * fix errors * schema * duplicate schemas * yamllint * Fix module naming convention for aspect-types * Fix factories_config in vpcs.tf for net-vpc-factory compatibility * Update schema documentation based on schema changes * Fix false rename conflict in .config.yaml files * Sync schemas and update documentation * Fix path expansion for aspect-types and revert projects_input to master * Restore path expansion for org_policies in projects-iam call * Fix trailing newlines in schema duplicates to satisfy duplicate-diff * Fix path expansion for data_catalog_taxonomy in taxonomies.tf * Update inventory for data-platform test and clean up debug prints * Add full values to data-platform inventory * Align Stage 2 VPC Factory integration with Stage 0 and fix tests TAG=agy * Fix project factory context resolution and data platform datasets - Update tag context keys in project factory to use file key without 'projects/' prefix. - Fix tag reference in product-0.yaml. - Fix shared_vpc_service_config in shared-0.yaml by moving service account to network_users. - Set parent for domain-0 folder to data-platform. - Mock net-dev-0 project ID in tests. - Update inventories. TAG=agy CONV=4b37fa5b-bf59-4604-9e8f-b55353d967a0 * Fix project-level tag keys context resolution in project factory * Fix commented out tag reference in domain-0 .config.yaml * Fix merge() calls with empty arguments in project-factory and data-catalog-policy-tag * Update Data Platform dataset README with prerequisites and customization guide * Add Table of Contents to Data Platform dataset README * docs: update Data Platform README with project templates tip * Document data platform output files and linking sequence in README * Update data platform README with VPC-SC and delegated IAM details * Refactor data platform dataset and align stage defaults * Update test inventory and variables for data platform with new prefix
Network Test Resources
This add-on allows creating an arbitrary number of Compute instances and service accounts, and is designed to simplify testing of the FAST networking stage.
Design overview and choices
The add-on is very simple, as it just deals with creating service accounts and instances using pre-existing projects, networks and subnets.
To allow creation of portable configurations, it extensively leverages FAST output variables so that project ids, network ids, regions, and subnet ids can refer to the relevant FAST aliases.
A simple factory is also provided, so that YAML configurations can be used instead of Terraform tfvars.
How to run this stage
Once the main networking stage has been configured and applied, the following configuration is added the the resource management fast_addon variable to create the add-on provider files, and its optional CI/CD resources if those are also required. The add-on name (networking-test) is customizable, in case the add-on needs to be run multiple times to create gateways in different projects.
fast_addon = {
networking-test = {
parent_stage = "2-networking"
}
}
Provider and Terraform variables
As all other FAST stages, the mechanism used to pass variable values and pre-built provider files from one stage to the next is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the fast-links.sh script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following example uses local files but GCS behaves identically.
# File linking commands for Test resources networking add-on stage
# provider file
ln -s ~/fast-config/providers/2-networking-test-providers.tf ./
# input files from other stages
ln -s ~/fast-config/tfvars/2-networking.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
ln -s ~/fast-config/2-networking-test.auto.tfvars ./
If a factory is used and neither the default factory paths nor the resource name prefix in the name variable need to be changed, the last file is unnecessary as there's no additional configuration for this add-on.
Impersonating the automation service account
The preconfigured provider file uses impersonation to run with this stage's automation service account's credentials. The gcp-devops and organization-admins groups have the necessary IAM bindings in place to do that, so make sure the current user is a member of one of those groups.
Variable configuration
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the
0-globals.auto.tfvars.jsonfile linked or copied above - variables which refer to resources managed by previous stages, which are prepopulated here via the
0-org-setup.auto.tfvars.json,2-networking.auto.tfvars.jsonfiles linked or copied above - and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom
terraform.tfvarsfile
The first two sets are defined in the variables-fast.tf file, the latter set in the variables.tf file. The full list of variables can be found in the Variables table at the bottom of this document.
Once output files are in place, define your addon configuration in a tfvars file if needed (see section above).
Running the stage
Once provider and variable values are in place and the correct user is configured, the stage can be run:
terraform init
terraform apply
Files
| name | description | modules |
|---|---|---|
| context.tf | FAST context locals | |
| factory.tf | Factory locals. | |
| main.tf | Module-level locals and resources. | compute-vm · iam-service-account |
| outputs.tf | Module outputs. | |
| variables-fast.tf | FAST stage interface. | |
| variables.tf | Module variables. |
Variables
| name | description | type | required | default | producer |
|---|---|---|---|---|---|
| factories_config | Configuration for the resource factories. | object({…}) |
{} |
||
| host_project_ids | Networking stage host project id aliases. | map(string) |
{} |
2-networking |
|
| name | Prefix used for all resource names. | string |
"test" |
||
| regions | Region aliases. | map(string) |
{} |
2-networking |
|
| subnet_self_links | Subnet self links. | map(map(string)) |
{} |
2-networking |
|
| test_instances | Test instances to be created. | map(object({…})) |
{} |
||
| test_service_accounts | Service accounts used by instances. | map(object({…})) |
{} |
||
| vpc_self_links | VPC network self links. | map(string) |
{} |
2-networking |
Outputs
| name | description | sensitive | consumers |
|---|---|---|---|
| instance_addresses | Instance names and addresses. | ||
| instance_ssh | Instance SSH commands. | ✓ | |
| service_account_emails | Service account emails. |