From 8d6f6df73952d3cb66825afd452cec968e1389ae Mon Sep 17 00:00:00 2001
From: Daniel da Silva Andrade <dandrade@ciandt.com>
Date: Mon, 28 Mar 2022 17:51:37 -0300
Subject: [PATCH 1/4] set the location for cloud build related buckets based in
 the default region

---
 .../shared/example_infra_pipeline.tf          |  1 +
 .../shared/example_infra_pipeline.tf          |  1 +
 4-projects/modules/infra_pipelines/main.tf    | 40 ++++++++++++++-----
 3 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/4-projects/business_unit_1/shared/example_infra_pipeline.tf b/4-projects/business_unit_1/shared/example_infra_pipeline.tf
index 9a37a62aa..ff427d043 100644
--- a/4-projects/business_unit_1/shared/example_infra_pipeline.tf
+++ b/4-projects/business_unit_1/shared/example_infra_pipeline.tf
@@ -50,6 +50,7 @@ module "infra_pipelines" {
   project_prefix              = var.project_prefix
   billing_account             = var.billing_account
   default_region              = var.default_region
+  bucket_region               = var.default_region
   app_infra_repos             = ["bu1-example-app"]
 }
 
diff --git a/4-projects/business_unit_2/shared/example_infra_pipeline.tf b/4-projects/business_unit_2/shared/example_infra_pipeline.tf
index ab3a3aaad..f24d13ce4 100644
--- a/4-projects/business_unit_2/shared/example_infra_pipeline.tf
+++ b/4-projects/business_unit_2/shared/example_infra_pipeline.tf
@@ -49,6 +49,7 @@ module "infra_pipelines" {
   project_prefix              = var.project_prefix
   billing_account             = var.billing_account
   default_region              = var.default_region
+  bucket_region               = var.default_region
   app_infra_repos             = ["bu2-example-app"]
 }
 
diff --git a/4-projects/modules/infra_pipelines/main.tf b/4-projects/modules/infra_pipelines/main.tf
index 5d16ea97b..596666b43 100644
--- a/4-projects/modules/infra_pipelines/main.tf
+++ b/4-projects/modules/infra_pipelines/main.tf
@@ -15,12 +15,14 @@
  */
 
 locals {
-  gar_repo_name        = var.gar_repo_name != "" ? var.gar_repo_name : format("%s-%s", var.project_prefix, "tf-runners")
-  gar_name             = split("/", google_artifact_registry_repository.tf-image-repo.name)[length(split("/", google_artifact_registry_repository.tf-image-repo.name)) - 1]
-  created_csrs         = toset([for repo in google_sourcerepo_repository.app_infra_repo : repo.name])
-  artifact_buckets     = { for created_csr in local.created_csrs : "${created_csr}-ab" => format("%s-%s-%s", created_csr, "cloudbuild-artifacts", random_id.suffix.hex) }
-  state_buckets        = { for created_csr in local.created_csrs : "${created_csr}-tfstate" => format("%s-%s-%s", created_csr, "tfstate", random_id.suffix.hex) }
-  apply_branches_regex = "^(${join("|", var.terraform_apply_branches)})$"
+  gar_repo_name          = var.gar_repo_name != "" ? var.gar_repo_name : format("%s-%s", var.project_prefix, "tf-runners")
+  gar_name               = split("/", google_artifact_registry_repository.tf-image-repo.name)[length(split("/", google_artifact_registry_repository.tf-image-repo.name)) - 1]
+  created_csrs           = toset([for repo in google_sourcerepo_repository.app_infra_repo : repo.name])
+  artifact_buckets       = { for created_csr in local.created_csrs : "${created_csr}-ab" => format("%s-%s-%s", created_csr, "cloudbuild-artifacts", random_id.suffix.hex) }
+  state_buckets          = { for created_csr in local.created_csrs : "${created_csr}-tfstate" => format("%s-%s-%s", created_csr, "tfstate", random_id.suffix.hex) }
+  apply_branches_regex   = "^(${join("|", var.terraform_apply_branches)})$"
+  cloudbuild_bucket_name = "${var.cloudbuild_project_id}_cloudbuild"
+  cloudbuild_bucket      = { "cloudbuild" = local.cloudbuild_bucket_name }
 }
 
 # Create CSRs
@@ -66,13 +68,29 @@ resource "google_storage_bucket" "cloudbuild_artifacts" {
   }
 }
 
+resource "google_storage_bucket" "cloudbuild_bucket" {
+  project  = var.cloudbuild_project_id
+  name     = local.cloudbuild_bucket_name
+  location = var.bucket_region
+
+  uniform_bucket_level_access = true
+  versioning {
+    enabled = true
+  }
+}
+
 # IAM for Cloud Build SA to access cloudbuild_artifacts and tfstate buckets
 resource "google_storage_bucket_iam_member" "cloudbuild_artifacts_iam" {
-  for_each   = merge(local.artifact_buckets, local.state_buckets)
-  bucket     = each.value
-  role       = "roles/storage.admin"
-  member     = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
-  depends_on = [google_storage_bucket.cloudbuild_artifacts, google_storage_bucket.tfstate]
+  for_each = merge(local.artifact_buckets, local.state_buckets, local.cloudbuild_bucket)
+  bucket   = each.value
+  role     = "roles/storage.admin"
+  member   = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
+
+  depends_on = [
+    google_storage_bucket.cloudbuild_artifacts,
+    google_storage_bucket.tfstate,
+    google_storage_bucket.cloudbuild_bucket
+  ]
 }
 
 # Cloud Build plan/apply triggers

From a4fa605f61ded98adbf5aa79df847765b2987ba9 Mon Sep 17 00:00:00 2001
From: Daniel da Silva Andrade <dandrade@ciandt.com>
Date: Mon, 28 Mar 2022 20:55:41 -0300
Subject: [PATCH 2/4] add force distroy to cloud build source bucket in step 4
 infra pipelines

---
 4-projects/modules/infra_pipelines/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/4-projects/modules/infra_pipelines/main.tf b/4-projects/modules/infra_pipelines/main.tf
index 596666b43..62dba2244 100644
--- a/4-projects/modules/infra_pipelines/main.tf
+++ b/4-projects/modules/infra_pipelines/main.tf
@@ -74,6 +74,7 @@ resource "google_storage_bucket" "cloudbuild_bucket" {
   location = var.bucket_region
 
   uniform_bucket_level_access = true
+  force_destroy               = true
   versioning {
     enabled = true
   }

From 6fc491277b853d241bb7d2017ad82f0edd2f8bd2 Mon Sep 17 00:00:00 2001
From: Daniel da Silva Andrade <dandrade@ciandt.com>
Date: Tue, 29 Mar 2022 16:17:27 -0300
Subject: [PATCH 3/4] use for_each to create pipeline infra buckets in step 4

---
 4-projects/modules/infra_pipelines/main.tf | 36 +++++-----------------
 1 file changed, 7 insertions(+), 29 deletions(-)

diff --git a/4-projects/modules/infra_pipelines/main.tf b/4-projects/modules/infra_pipelines/main.tf
index 62dba2244..a742c2a59 100644
--- a/4-projects/modules/infra_pipelines/main.tf
+++ b/4-projects/modules/infra_pipelines/main.tf
@@ -46,29 +46,9 @@ resource "random_id" "suffix" {
   byte_length = 2
 }
 
-resource "google_storage_bucket" "tfstate" {
-  for_each                    = local.state_buckets
-  project                     = var.cloudbuild_project_id
-  name                        = each.value
-  location                    = var.bucket_region
-  uniform_bucket_level_access = true
-  versioning {
-    enabled = true
-  }
-}
-
-resource "google_storage_bucket" "cloudbuild_artifacts" {
-  for_each                    = local.artifact_buckets
-  project                     = var.cloudbuild_project_id
-  name                        = each.value
-  location                    = var.bucket_region
-  uniform_bucket_level_access = true
-  versioning {
-    enabled = true
-  }
-}
+resource "google_storage_bucket" "pipeline_infra" {
+  for_each = merge(local.artifact_buckets, local.state_buckets, local.cloudbuild_bucket)
 
-resource "google_storage_bucket" "cloudbuild_bucket" {
   project  = var.cloudbuild_project_id
   name     = local.cloudbuild_bucket_name
   location = var.bucket_region
@@ -88,9 +68,7 @@ resource "google_storage_bucket_iam_member" "cloudbuild_artifacts_iam" {
   member   = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
 
   depends_on = [
-    google_storage_bucket.cloudbuild_artifacts,
-    google_storage_bucket.tfstate,
-    google_storage_bucket.cloudbuild_bucket
+    google_storage_bucket.pipeline_infra
   ]
 }
 
@@ -109,8 +87,8 @@ resource "google_cloudbuild_trigger" "main_trigger" {
     _BILLING_ID           = var.billing_account
     _DEFAULT_REGION       = var.default_region
     _GAR_REPOSITORY       = local.gar_name
-    _STATE_BUCKET_NAME    = google_storage_bucket.tfstate["${each.value}-tfstate"].name
-    _ARTIFACT_BUCKET_NAME = google_storage_bucket.cloudbuild_artifacts["${each.value}-ab"].name
+    _STATE_BUCKET_NAME    = google_storage_bucket.pipeline_infra["${each.value}-tfstate"].name
+    _ARTIFACT_BUCKET_NAME = google_storage_bucket.pipeline_infra["${each.value}-ab"].name
     _TF_ACTION            = "apply"
   }
 
@@ -135,8 +113,8 @@ resource "google_cloudbuild_trigger" "non_main_trigger" {
     _BILLING_ID           = var.billing_account
     _DEFAULT_REGION       = var.default_region
     _GAR_REPOSITORY       = local.gar_name
-    _STATE_BUCKET_NAME    = google_storage_bucket.tfstate["${each.value}-tfstate"].name
-    _ARTIFACT_BUCKET_NAME = google_storage_bucket.cloudbuild_artifacts["${each.value}-ab"].name
+    _STATE_BUCKET_NAME    = google_storage_bucket.pipeline_infra["${each.value}-tfstate"].name
+    _ARTIFACT_BUCKET_NAME = google_storage_bucket.pipeline_infra["${each.value}-ab"].name
     _TF_ACTION            = "plan"
   }
 

From f0e910f1ba1efb895cbdaceeff872a2f4ccbfea1 Mon Sep 17 00:00:00 2001
From: Daniel da Silva Andrade <dandrade@ciandt.com>
Date: Tue, 29 Mar 2022 17:43:42 -0300
Subject: [PATCH 4/4] fix pipeline infra bucket names definition

---
 4-projects/modules/infra_pipelines/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4-projects/modules/infra_pipelines/main.tf b/4-projects/modules/infra_pipelines/main.tf
index a742c2a59..e7b7cf352 100644
--- a/4-projects/modules/infra_pipelines/main.tf
+++ b/4-projects/modules/infra_pipelines/main.tf
@@ -50,7 +50,7 @@ resource "google_storage_bucket" "pipeline_infra" {
   for_each = merge(local.artifact_buckets, local.state_buckets, local.cloudbuild_bucket)
 
   project  = var.cloudbuild_project_id
-  name     = local.cloudbuild_bucket_name
+  name     = each.value
   location = var.bucket_region
 
   uniform_bucket_level_access = true