diff --git a/.gitignore b/.gitignore index ddd957c8b..04a1725bb 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,6 @@ helpers/foundation-deployer/.steps.json # File to populate env vars used by Docker test runs .envrc + +# Handle files generated on sed command by old (2013-) MacOS versions +*.tf-e diff --git a/0-bootstrap/README-GitHub.md b/0-bootstrap/README-GitHub.md index ecb4a32ca..952a6b55e 100644 --- a/0-bootstrap/README-GitHub.md +++ b/0-bootstrap/README-GitHub.md @@ -212,8 +212,8 @@ export the GitHub fine grained access token as an environment variable: cp backend.tf.example backend.tf cd ../../../ - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_ME/${backend_bucket}/" $i; done - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_PROJECTS_BACKEND/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_PROJECTS_BACKEND/${backend_bucket}/" $i; done cd gcp-bootstrap/envs/shared ``` @@ -307,7 +307,7 @@ See the shared folder [README.md](../1-org/envs/shared/README.md#inputs) for add echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi + if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i'' -e "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi ``` 1. Update the `remote_state_bucket` variable with the backend bucket from step Bootstrap. @@ -317,7 +317,7 @@ See the shared folder [README.md](../1-org/envs/shared/README.md#inputs) for add echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars ``` 1. Check if a Security Command Center Notification with the default name, **scc-notify**, already exists in your organization. @@ -427,7 +427,7 @@ See any of the envs folder [README.md](../2-environments/envs/production/README. export backend_bucket=$(terraform -chdir="../gcp-bootstrap/envs/shared" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" terraform.tfvars ``` 1. Commit changes. @@ -536,7 +536,7 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - sed -i "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars + sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars ``` 1. Update `common.auto.tfvars` file with values from your GCP environment. @@ -549,7 +549,7 @@ See any of the envs folder [README.md](../3-networks-dual-svpc/envs/production/R echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` 1. Commit changes @@ -699,7 +699,7 @@ See any of the envs folder [README.md](../3-networks-hub-and-spoke/envs/producti echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` 1. Commit changes @@ -852,7 +852,7 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th export remote_state_bucket=$(terraform -chdir="../gcp-bootstrap/envs/shared/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${remote_state_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars ``` 1. Commit changes. diff --git a/0-bootstrap/README-Jenkins.md b/0-bootstrap/README-Jenkins.md index 497e71374..6d3162c40 100644 --- a/0-bootstrap/README-Jenkins.md +++ b/0-bootstrap/README-Jenkins.md @@ -227,7 +227,7 @@ You arrived to these instructions because you are using the `jenkins_bootstrap` ```bash mv backend.tf.example backend.tf - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_ME/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done ``` 1. Re-run `terraform init` and agree to copy state to gcs when prompted @@ -333,15 +333,15 @@ Here you will configure a VPN Network tunnel to enable connectivity between the ```bash BACKEND_STATE_BUCKET_NAME=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "_STATE_BUCKET_NAME = ${BACKEND_STATE_BUCKET_NAME}" - sed -i "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile + sed -i'' -e "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile TERRAFORM_SA_EMAIL=$(terraform -chdir="../0-bootstrap/" output -raw organization_step_terraform_service_account_email) echo "_TF_SA_EMAIL = ${TERRAFORM_SA_EMAIL}" - sed -i "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile + sed -i'' -e "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile CICD_PROJECT_ID=$(terraform -chdir="../0-bootstrap/" output -raw cicd_project_id) echo "_PROJECT_ID = ${CICD_PROJECT_ID}" - sed -i "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile + sed -i'' -e "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile ``` 1. Rename `./envs/shared/terraform.example.tfvars` to `./envs/shared/terraform.tfvars` @@ -370,9 +370,9 @@ Here you will configure a VPN Network tunnel to enable connectivity between the export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars - if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi + if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i'' -e "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi ``` 1. Commit changes. @@ -439,15 +439,15 @@ Here you will configure a VPN Network tunnel to enable connectivity between the ```bash BACKEND_STATE_BUCKET_NAME=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "_STATE_BUCKET_NAME = ${BACKEND_STATE_BUCKET_NAME}" - sed -i "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile + sed -i'' -e "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile TERRAFORM_SA_EMAIL=$(terraform -chdir="../0-bootstrap/" output -raw environment_step_terraform_service_account_email) echo "_TF_SA_EMAIL = ${TERRAFORM_SA_EMAIL}" - sed -i "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile + sed -i'' -e "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile CICD_PROJECT_ID=$(terraform -chdir="../0-bootstrap/" output -raw cicd_project_id) echo "_PROJECT_ID = ${CICD_PROJECT_ID}" - sed -i "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile + sed -i'' -e "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile ``` 1. Rename `terraform.example.tfvars` to `terraform.tfvars` and update the file with values from your environment and 0-bootstrap. @@ -461,7 +461,7 @@ Here you will configure a VPN Network tunnel to enable connectivity between the ```bash export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./terraform.tfvars ``` 1. Commit changes. @@ -545,15 +545,15 @@ Here you will configure a VPN Network tunnel to enable connectivity between the ```bash BACKEND_STATE_BUCKET_NAME=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "_STATE_BUCKET_NAME = ${BACKEND_STATE_BUCKET_NAME}" - sed -i "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile + sed -i'' -e "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile TERRAFORM_SA_EMAIL=$(terraform -chdir="../0-bootstrap/" output -raw networks_step_terraform_service_account_email) echo "_TF_SA_EMAIL = ${TERRAFORM_SA_EMAIL}" - sed -i "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile + sed -i'' -e "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile CICD_PROJECT_ID=$(terraform -chdir="../0-bootstrap/" output -raw cicd_project_id) echo "_PROJECT_ID = ${CICD_PROJECT_ID}" - sed -i "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile + sed -i'' -e "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile ``` 1. Rename `common.auto.example.tfvars` to `common.auto.tfvars`, rename `shared.auto.example.tfvars` to `shared.auto.tfvars` and rename `access_context.auto.example.tfvars` to `access_context.auto.tfvars`. @@ -573,11 +573,11 @@ Here you will configure a VPN Network tunnel to enable connectivity between the export ORGANIZATION_ID=$(terraform -chdir="../0-bootstrap/" output -json common_config | jq '.org_id' --raw-output) export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)") echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - sed -i "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars + sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` 1. Commit changes. @@ -592,7 +592,7 @@ Here you will configure a VPN Network tunnel to enable connectivity between the 1. Also update `backend.tf` with your backend bucket from 0-bootstrap output. ```bash - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_ME/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done ``` 1. Use `terraform output` to get the Cloud Build project ID and the networks step Terraform Service Account from 0-bootstrap output. An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set using the Terraform Service Account to enable impersonation. @@ -698,15 +698,15 @@ Here you will configure a VPN Network tunnel to enable connectivity between the ```bash BACKEND_STATE_BUCKET_NAME=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "_STATE_BUCKET_NAME = ${BACKEND_STATE_BUCKET_NAME}" - sed -i "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile + sed -i'' -e "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile TERRAFORM_SA_EMAIL=$(terraform -chdir="../0-bootstrap/" output -raw networks_step_terraform_service_account_email) echo "_TF_SA_EMAIL = ${TERRAFORM_SA_EMAIL}" - sed -i "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile + sed -i'' -e "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile CICD_PROJECT_ID=$(terraform -chdir="../0-bootstrap/" output -raw cicd_project_id) echo "_PROJECT_ID = ${CICD_PROJECT_ID}" - sed -i "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile + sed -i'' -e "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile ``` 1. Rename `common.auto.example.tfvars` to `common.auto.tfvars`, rename `shared.auto.example.tfvars` to `shared.auto.tfvars` and rename `access_context.auto.example.tfvars` to `access_context.auto.tfvars`. @@ -726,11 +726,11 @@ Here you will configure a VPN Network tunnel to enable connectivity between the export ORGANIZATION_ID=$(terraform -chdir="../0-bootstrap/" output -json common_config | jq '.org_id' --raw-output) export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)") echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - sed -i "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars + sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` 1. Commit changes. @@ -745,7 +745,7 @@ Here you will configure a VPN Network tunnel to enable connectivity between the 1. Also update `backend.tf` with your backend bucket from 0-bootstrap output. ```bash - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_ME/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done ``` 1. Use `terraform output` to get the Cloud Build project ID and the networks step Terraform Service Account from 0-bootstrap output. An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set using the Terraform Service Account to enable impersonation. @@ -851,15 +851,15 @@ Here you will configure a VPN Network tunnel to enable connectivity between the ```bash BACKEND_STATE_BUCKET_NAME=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "_STATE_BUCKET_NAME = ${BACKEND_STATE_BUCKET_NAME}" - sed -i "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile + sed -i'' -e "s/BACKEND_STATE_BUCKET_NAME/${BACKEND_STATE_BUCKET_NAME}/" ./Jenkinsfile TERRAFORM_SA_EMAIL=$(terraform -chdir="../0-bootstrap/" output -raw projects_step_terraform_service_account_email) echo "_TF_SA_EMAIL = ${TERRAFORM_SA_EMAIL}" - sed -i "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile + sed -i'' -e "s/TERRAFORM_SA_EMAIL/${TERRAFORM_SA_EMAIL}/" ./Jenkinsfile CICD_PROJECT_ID=$(terraform -chdir="../0-bootstrap/" output -raw cicd_project_id) echo "_PROJECT_ID = ${CICD_PROJECT_ID}" - sed -i "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile + sed -i'' -e "s/CICD_PROJECT_ID/${CICD_PROJECT_ID}/" ./Jenkinsfile ``` 1. Rename `auto.example.tfvars` files to `auto.tfvars`. @@ -879,7 +879,7 @@ Here you will configure a VPN Network tunnel to enable connectivity between the ```bash export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` 1. Commit changes. @@ -892,7 +892,7 @@ Here you will configure a VPN Network tunnel to enable connectivity between the 1. Also update `backend.tf` with your backend bucket from 0-bootstrap output. ```bash - for i in `find -name 'backend.tf'`; do sed -r -i "s/UPDATE_ME|UPDATE_PROJECTS_BACKEND/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -r -i "s/UPDATE_ME|UPDATE_PROJECTS_BACKEND/${backend_bucket}/" $i; done ``` 1. You need to manually plan and apply only once the `shared` environments since `development`, `non-production`, and `production` depend on it. diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md index 576f87f33..e3ad159a3 100644 --- a/0-bootstrap/README.md +++ b/0-bootstrap/README.md @@ -208,8 +208,8 @@ Using GitHub Actions requires manual creation of the GitHub repositories used in cp backend.tf.example backend.tf cd .. - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_ME/${backend_bucket}/" $i; done - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_PROJECTS_BACKEND/${backend_bucket_projects}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_PROJECTS_BACKEND/${backend_bucket_projects}/" $i; done cd 0-bootstrap ``` diff --git a/0-bootstrap/modules/jenkins-agent/files/jenkins_gce_startup_script.sh b/0-bootstrap/modules/jenkins-agent/files/jenkins_gce_startup_script.sh index d04070ba1..b3d6243d2 100755 --- a/0-bootstrap/modules/jenkins-agent/files/jenkins_gce_startup_script.sh +++ b/0-bootstrap/modules/jenkins-agent/files/jenkins_gce_startup_script.sh @@ -62,7 +62,7 @@ echo "**** Startup Step 8/8: Add public SSH key to the list of authorized keys. SSHD_CONFIG_DIR="/etc/ssh" # Setting up the sshd_config file -sed -i $SSHD_CONFIG_DIR/sshd_config \ +sed -i'' -e $SSHD_CONFIG_DIR/sshd_config \ -e 's/#PubkeyAuthentication.*/PubkeyAuthentication yes/' \ -e 's/#AuthorizedKeysFile.*/AuthorizedKeysFile \/etc\/ssh\/authorized_keys/' diff --git a/1-org/README.md b/1-org/README.md index d5e28640e..9dd52a4fc 100644 --- a/1-org/README.md +++ b/1-org/README.md @@ -166,9 +166,9 @@ If required, run `terraform output cloudbuild_project_id` in the `0-bootstrap` f export backend_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars - if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi + if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i'' -e "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi ``` 1. Commit changes. @@ -248,9 +248,9 @@ Change into the `1-org` folder, copy the Terraform wrapper script, and ensure it export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars - if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi + if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i'' -e "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi ``` You can now deploy your environment (production) using this script. diff --git a/2-environments/README.md b/2-environments/README.md index 71682ccb9..ef26d7a93 100644 --- a/2-environments/README.md +++ b/2-environments/README.md @@ -126,7 +126,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get export backend_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" terraform.tfvars ``` 1. Commit changes. @@ -203,7 +203,7 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./terraform.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./terraform.tfvars ``` We will now deploy each of our environments(development/production/non-production) using this script. diff --git a/3-networks-dual-svpc/README.md b/3-networks-dual-svpc/README.md index d60c6656e..d8e2f385b 100644 --- a/3-networks-dual-svpc/README.md +++ b/3-networks-dual-svpc/README.md @@ -182,12 +182,12 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)") echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - sed -i "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars + sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars export backend_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` **Note:** Make sure that you update the `perimeter_additional_members` variable with your e-mail in order to be able to view/access resources in the project protected by the VPC service controls. @@ -307,12 +307,12 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)") echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - sed -i "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars + sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ```` We will now deploy each of our environments(development/production/non-production) using this script. diff --git a/3-networks-hub-and-spoke/README.md b/3-networks-hub-and-spoke/README.md index bcee1c7d0..73bf4db3c 100644 --- a/3-networks-hub-and-spoke/README.md +++ b/3-networks-hub-and-spoke/README.md @@ -186,12 +186,12 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)") echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - sed -i "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars + sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars export backend_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` **Note:** Make sure that you update the `perimeter_additional_members` variable with your e-mail in order to be able to view/access resources in the project protected by the VPC service controls. @@ -311,12 +311,12 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)") echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}" - sed -i "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars + sed -i'' -e "s/ACCESS_CONTEXT_MANAGER_ID/${ACCESS_CONTEXT_MANAGER_ID}/" ./access_context.auto.tfvars export backend_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${backend_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars ``` We will now deploy each of our environments(development/production/non-production) using this script. diff --git a/4-projects/README.md b/4-projects/README.md index 12fc09142..fcb785a94 100644 --- a/4-projects/README.md +++ b/4-projects/README.md @@ -131,7 +131,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get export remote_state_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${remote_state_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars ``` 1. Commit changes. @@ -250,7 +250,7 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s export remote_state_bucket=$(terraform -chdir="../0-bootstrap/" output -raw gcs_bucket_tfstate) echo "remote_state_bucket = ${remote_state_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars ``` We will now deploy each of our environments(development/production/non-production) using the `tf-wrapper.sh` script. diff --git a/5-app-infra/README.md b/5-app-infra/README.md index f93c8339a..843bd0f30 100644 --- a/5-app-infra/README.md +++ b/5-app-infra/README.md @@ -150,7 +150,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get ```bash export remote_state_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw projects_gcs_bucket_tfstate) echo "remote_state_bucket = ${remote_state_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars ``` 1. Commit changes. @@ -214,7 +214,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get ```bash export remote_state_bucket=$(terraform -chdir="../0-bootstrap/" output -raw projects_gcs_bucket_tfstate) echo "remote_state_bucket = ${remote_state_bucket}" - sed -i "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars + sed -i'' -e "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars ``` 1. Provide the user that will be running `./tf-wrapper.sh` the Service Account Token Creator role to the bu1 Terraform service account. @@ -239,7 +239,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get export backend_bucket=$(terraform -chdir="../4-projects/business_unit_1/shared/" output -json state_buckets | jq '."bu1-example-app"' --raw-output) echo "backend_bucket = ${backend_bucket}" - for i in `find -name 'backend.tf'`; do sed -i "s/UPDATE_APP_INFRA_BUCKET/${backend_bucket}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_APP_INFRA_BUCKET/${backend_bucket}/" $i; done ``` We will now deploy each of our environments (development/production/non-production) using this script. diff --git a/build/Jenkinsfile b/build/Jenkinsfile index 478e8ffe0..aab93742e 100644 --- a/build/Jenkinsfile +++ b/build/Jenkinsfile @@ -17,7 +17,7 @@ pipeline { echo "Setting up gcloud for impersonation" gcloud config set auth/impersonate_service_account ${_TF_SA_EMAIL} echo "Adding bucket information to backends" - for i in `find -name 'backend.tf'`; do sed -r -i "s/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/" $i; done + for i in `find . -name 'backend.tf'`; do sed -r -i "s/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/" $i; done ''' } } diff --git a/build/cloudbuild-tf-apply.yaml b/build/cloudbuild-tf-apply.yaml index 015348d76..4caafe09e 100644 --- a/build/cloudbuild-tf-apply.yaml +++ b/build/cloudbuild-tf-apply.yaml @@ -29,7 +29,7 @@ steps: gcloud config set auth/impersonate_service_account $tf_sa_email fi echo "Adding bucket information to backends" - for i in `find -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/' $i; done + for i in `find . -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/' $i; done # [START tf-init] diff --git a/build/cloudbuild-tf-plan.yaml b/build/cloudbuild-tf-plan.yaml index f6f8ac3eb..7c8f11fdb 100644 --- a/build/cloudbuild-tf-plan.yaml +++ b/build/cloudbuild-tf-plan.yaml @@ -29,7 +29,7 @@ steps: gcloud config set auth/impersonate_service_account $tf_sa_email fi echo "Adding bucket information to backends" - for i in `find -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/' $i; done + for i in `find . -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/${_STATE_BUCKET_NAME}/' $i; done # [START tf-plan_validate_all] diff --git a/build/github-tf-apply.yaml b/build/github-tf-apply.yaml index 5051cb0e7..e1e94207a 100644 --- a/build/github-tf-apply.yaml +++ b/build/github-tf-apply.yaml @@ -55,10 +55,10 @@ jobs: shell: bash run: | echo "Adding bucket information to backends" - for i in `find -name 'backend.tf'` + for i in `find . -name 'backend.tf'` do - sed -i "s/UPDATE_ME/${TF_BACKEND}/" $i - sed -i "s/UPDATE_PROJECTS_BACKEND/${TF_BACKEND}/" $i + sed -i'' -e "s/UPDATE_ME/${TF_BACKEND}/" $i + sed -i'' -e "s/UPDATE_PROJECTS_BACKEND/${TF_BACKEND}/" $i done - id: init diff --git a/build/github-tf-pull-request.yaml b/build/github-tf-pull-request.yaml index 595362c22..69a2f08ba 100644 --- a/build/github-tf-pull-request.yaml +++ b/build/github-tf-pull-request.yaml @@ -57,10 +57,10 @@ jobs: shell: bash run: | echo "Adding bucket information to backends" - for i in `find -name 'backend.tf'` + for i in `find . -name 'backend.tf'` do - sed -i "s/UPDATE_ME/${TF_BACKEND}/" $i - sed -i "s/UPDATE_PROJECTS_BACKEND/${TF_BACKEND}/" $i + sed -i'' -e "s/UPDATE_ME/${TF_BACKEND}/" $i + sed -i'' -e "s/UPDATE_PROJECTS_BACKEND/${TF_BACKEND}/" $i done - id: plan-validate-all diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md index 7c3c025d8..2837a29b5 100644 --- a/docs/TROUBLESHOOTING.md +++ b/docs/TROUBLESHOOTING.md @@ -428,7 +428,7 @@ You can get this information from step `0-bootstrap` by running the following co 1. Update `backend.tf` with the remote state backend bucket you got on previously inside ``: ```bash - for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME//' $i; done + for i in `find . -name 'backend.tf'`; do sed -i'' -e 's/UPDATE_ME//' $i; done ``` 1. Navigate into `envs/development` where your terraform config files are in and run terraform init: diff --git a/docs/change_resource_hierarchy.md b/docs/change_resource_hierarchy.md index 34e0fae1f..6ed2f3542 100644 --- a/docs/change_resource_hierarchy.md +++ b/docs/change_resource_hierarchy.md @@ -180,17 +180,17 @@ example-organization/ 1. **(Optional)** To simplify the below changes renaming business_units here is helper script. **Remember to review the changes**. The below script assumes you are in `gcp-projects` folder: ```bash - for i in `find "./business_unit_1" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i "s/bu1//" $i; done + for i in `find "./business_unit_1" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i'' -e "s/bu1//" $i; done - for i in `find "./business_unit_1" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i "s/business_unit_1//" $i; done + for i in `find "./business_unit_1" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i'' -e "s/business_unit_1//" $i; done - for i in `find "./business_unit_2" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i "s/bu2//" $i; done + for i in `find "./business_unit_2" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i'' -e "s/bu2//" $i; done - for i in `find "./business_unit_2" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i "s/business_unit_2//" $i; done + for i in `find "./business_unit_2" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i'' -e "s/business_unit_2//" $i; done - for i in `find "./business_unit_" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i "s/bu//" $i; done + for i in `find "./business_unit_" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i'' -e "s/bu//" $i; done - for i in `find "./business_unit_" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i "s/business_unit_//" $i; done + for i in `find "./business_unit_" -type f -not -path "*/.terraform/*" -name '*.tf'`; do sed -i'' -e "s/business_unit_//" $i; done ``` 1. For this example, just rename folders business_unit_1 and business_unit_2 to your Business Units names, i.e: finance and retail, to match the example folder hierarchy. diff --git a/helpers/foundation-deployer/gcp/testdata/failure_build.json b/helpers/foundation-deployer/gcp/testdata/failure_build.json index 7ec09f5cc..62b244713 100644 --- a/helpers/foundation-deployer/gcp/testdata/failure_build.json +++ b/helpers/foundation-deployer/gcp/testdata/failure_build.json @@ -62,7 +62,7 @@ { "args": [ "-c", - "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" + "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find . -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" ], "entrypoint": "/bin/bash", "id": "setup", diff --git a/helpers/foundation-deployer/gcp/testdata/queued_build.json b/helpers/foundation-deployer/gcp/testdata/queued_build.json index 31b2edc34..fa2225511 100644 --- a/helpers/foundation-deployer/gcp/testdata/queued_build.json +++ b/helpers/foundation-deployer/gcp/testdata/queued_build.json @@ -45,7 +45,7 @@ { "args": [ "-c", - "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" + "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find . -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" ], "entrypoint": "/bin/bash", "id": "setup", diff --git a/helpers/foundation-deployer/gcp/testdata/success_build.json b/helpers/foundation-deployer/gcp/testdata/success_build.json index bf24ddecd..bdd820e77 100644 --- a/helpers/foundation-deployer/gcp/testdata/success_build.json +++ b/helpers/foundation-deployer/gcp/testdata/success_build.json @@ -62,7 +62,7 @@ { "args": [ "-c", - "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" + "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find . -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" ], "entrypoint": "/bin/bash", "id": "setup", diff --git a/helpers/foundation-deployer/gcp/testdata/working_build.json b/helpers/foundation-deployer/gcp/testdata/working_build.json index 58d040f48..5cee4bd4e 100644 --- a/helpers/foundation-deployer/gcp/testdata/working_build.json +++ b/helpers/foundation-deployer/gcp/testdata/working_build.json @@ -45,7 +45,7 @@ { "args": [ "-c", - "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" + "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n echo \"Setting up gcloud for impersonation\"\n gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find . -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n" ], "entrypoint": "/bin/bash", "id": "setup",