Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: tflint fixes #909

Merged
merged 10 commits into from
Dec 16, 2022
Merged

fix: tflint fixes #909

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
fe2d7c6
fix: tflint fixes
daniel-cit Dec 10, 2022
11178a4
Merge branch 'master' into tflint-fixes
daniel-cit Dec 10, 2022
f613734
Merge branch 'master' into tflint-fixes
daniel-cit Dec 12, 2022
63f3450
move cloud build local to cloud build file
daniel-cit Dec 13, 2022
adb7f4d
fix interconnet missing values
daniel-cit Dec 13, 2022
db091d8
Merge remote-tracking branch 'origin/master' into tflint-fixes
daniel-cit Dec 15, 2022
6be5df9
Merge branch 'master' into tflint-fixes
daniel-cit Dec 16, 2022
f6460d8
Merge remote-tracking branch 'origin/master' into tflint-fixes
daniel-cit Dec 16, 2022
f0431ad
bump dev tools version to 1.10
daniel-cit Dec 16, 2022
85dfab3
Merge remote-tracking branch 'origin/master' into tflint-fixes
daniel-cit Dec 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions 0-bootstrap/cb.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ locals {

cicd_project_id = module.tf_source.cloudbuild_project_id

bucket_self_link_prefix = "https://www.googleapis.com/storage/v1/b/"
default_state_bucket_self_link = "${local.bucket_self_link_prefix}${module.seed_bootstrap.gcs_bucket_tfstate}"
gcp_projects_state_bucket_self_link = module.gcp_projects_state_bucket.bucket.self_link

Expand Down
4 changes: 2 additions & 2 deletions 0-bootstrap/groups.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ data "google_organization" "org" {
}

module "required_group" {
for_each = local.required_groups_to_create
source = "terraform-google-modules/group/google"
version = "~> 0.4"
for_each = local.required_groups_to_create

id = each.value
display_name = each.key
Expand All @@ -45,9 +45,9 @@ module "required_group" {
}

module "optional_group" {
for_each = local.optional_groups_to_create
source = "terraform-google-modules/group/google"
version = "~> 0.4"
for_each = local.optional_groups_to_create

id = each.value
display_name = each.key
Expand Down
3 changes: 2 additions & 1 deletion 0-bootstrap/jenkins.tf.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ locals {
}

module "jenkins_bootstrap" {
source = "./modules/jenkins-agent"
source = "./modules/jenkins-agent"

org_id = var.org_id
folder_id = google_folder.bootstrap.id
billing_account = var.billing_account
Expand Down
5 changes: 2 additions & 3 deletions 0-bootstrap/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,8 @@ locals {
org_admins_org_iam_permissions = var.org_policy_admin_role == true ? [
"roles/orgpolicy.policyAdmin", "roles/resourcemanager.organizationAdmin", "roles/billing.user"
] : ["roles/resourcemanager.organizationAdmin", "roles/billing.user"]
bucket_self_link_prefix = "https://www.googleapis.com/storage/v1/b/"
group_org_admins = var.groups.create_groups ? var.groups.required_groups.group_org_admins : var.group_org_admins
group_billing_admins = var.groups.create_groups ? var.groups.required_groups.group_billing_admins : var.group_billing_admins
group_org_admins = var.groups.create_groups ? var.groups.required_groups.group_org_admins : var.group_org_admins
group_billing_admins = var.groups.create_groups ? var.groups.required_groups.group_billing_admins : var.group_billing_admins
}

resource "google_folder" "bootstrap" {
Expand Down
1 change: 0 additions & 1 deletion 0-bootstrap/modules/cb-private-pool/vpn_ha.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ module "vpn_ha_cb_to_onprem" {
version = "~> 2.3"
count = var.vpn_configuration.enable_vpn ? 1 : 0


project_id = var.project_id
region = var.private_worker_pool.region
network = local.peered_network_id
Expand Down
1 change: 0 additions & 1 deletion 0-bootstrap/modules/jenkins-agent/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,6 @@ module "jenkins_bootstrap" {
| jenkins\_agent\_gce\_name | Jenkins Agent GCE Instance name. | `string` | `"jenkins-agent-01"` | no |
| jenkins\_agent\_gce\_private\_ip\_address | The private IP Address of the Jenkins Agent. This IP Address must be in the CIDR range of `jenkins_agent_gce_subnetwork_cidr_range` and be reachable through the VPN that exists between on-prem (Jenkins Controller) and GCP (CICD Project, where the Jenkins Agent is located). | `string` | n/a | yes |
| jenkins\_agent\_gce\_ssh\_pub\_key | SSH public key needed by the Jenkins Agent GCE Instance. The Jenkins Controller holds the SSH private key. The correct format is `'ssh-rsa [KEY_VALUE] [USERNAME]'` | `string` | n/a | yes |
| jenkins\_agent\_gce\_ssh\_user | Jenkins Agent GCE Instance SSH username. | `string` | `"jenkins"` | no |
| jenkins\_agent\_gce\_subnetwork\_cidr\_range | The subnetwork to which the Jenkins Agent will be connected to (in CIDR range 0.0.0.0/0) | `string` | n/a | yes |
| jenkins\_agent\_sa\_email | Email for Jenkins Agent service account. | `string` | `"jenkins-agent-gce"` | no |
| jenkins\_controller\_subnetwork\_cidr\_range | A list of CIDR IP ranges of the Jenkins Controller in the form ['0.0.0.0/0']. Usually only one IP in the form '0.0.0.0/32'. Needed to create a FW rule that allows communication with the Jenkins Agent GCE Instance. | `list(string)` | n/a | yes |
Expand Down
5 changes: 3 additions & 2 deletions 0-bootstrap/modules/jenkins-agent/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,9 @@ resource "random_id" "suffix" {
CICD project
*******************************************/
module "cicd_project" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

name = local.cicd_project_name
random_project_id = true
random_project_id_length = 4
Expand Down
6 changes: 0 additions & 6 deletions 0-bootstrap/modules/jenkins-agent/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,6 @@ variable "jenkins_agent_gce_private_ip_address" {
type = string
}

variable "jenkins_agent_gce_ssh_user" {
description = "Jenkins Agent GCE Instance SSH username."
type = string
default = "jenkins"
}

variable "jenkins_agent_gce_ssh_pub_key" {
description = "SSH public key needed by the Jenkins Agent GCE Instance. The Jenkins Controller holds the SSH private key. The correct format is `'ssh-rsa [KEY_VALUE] [USERNAME]'`"
type = string
Expand Down
5 changes: 3 additions & 2 deletions 0-bootstrap/modules/jenkins-agent/vpn_ha.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,9 @@
*/

module "vpn_ha_agent_to_onprem" {
source = "terraform-google-modules/vpn/google//modules/vpn_ha"
version = "~> 2.0"
source = "terraform-google-modules/vpn/google//modules/vpn_ha"
version = "~> 2.0"

project_id = module.cicd_project.project_id
region = var.default_region
network = google_compute_network.jenkins_agents.name
Expand Down
29 changes: 17 additions & 12 deletions 1-org/envs/shared/org_policy.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ locals {
policy_for = local.parent_folder != "" ? "folder" : "organization"

essential_contacts_domains_to_allow = concat(
[for domain in var.essential_contacts_domains_to_allow : "${domain}" if can(regex("^@.*$", domain)) == true],
[for domain in var.essential_contacts_domains_to_allow : domain if can(regex("^@.*$", domain)) == true],
[for domain in var.essential_contacts_domains_to_allow : "@${domain}" if can(regex("^@.*$", domain)) == false]
)

Expand All @@ -46,9 +46,10 @@ locals {
}

module "organization_policies_type_boolean" {
for_each = local.boolean_type_organization_policies
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"
for_each = local.boolean_type_organization_policies

organization_id = local.organization_id
folder_id = local.folder_id
policy_for = local.policy_for
Expand All @@ -62,8 +63,9 @@ module "organization_policies_type_boolean" {
*******************************************/

module "org_vm_external_ip_access" {
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"

organization_id = local.organization_id
folder_id = local.folder_id
policy_for = local.policy_for
Expand All @@ -73,8 +75,9 @@ module "org_vm_external_ip_access" {
}

module "restrict_protocol_fowarding" {
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"

organization_id = local.organization_id
folder_id = local.folder_id
policy_for = local.policy_for
Expand All @@ -89,8 +92,9 @@ module "restrict_protocol_fowarding" {
*******************************************/

module "org_domain_restricted_sharing" {
source = "terraform-google-modules/org-policy/google//modules/domain_restricted_sharing"
version = "~> 5.1"
source = "terraform-google-modules/org-policy/google//modules/domain_restricted_sharing"
version = "~> 5.1"

organization_id = local.organization_id
folder_id = local.folder_id
policy_for = local.policy_for
Expand All @@ -102,8 +106,9 @@ module "org_domain_restricted_sharing" {
*******************************************/

module "domain_restricted_contacts" {
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"
source = "terraform-google-modules/org-policy/google"
version = "~> 5.1"

organization_id = local.organization_id
folder_id = local.folder_id
policy_for = local.policy_for
Expand Down
44 changes: 26 additions & 18 deletions 1-org/envs/shared/projects.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,9 @@ locals {
*****************************************/

module "org_audit_logs" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand All @@ -54,8 +55,9 @@ module "org_audit_logs" {
}

module "org_billing_logs" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down Expand Up @@ -84,8 +86,9 @@ module "org_billing_logs" {
*****************************************/

module "org_secrets" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down Expand Up @@ -114,8 +117,9 @@ module "org_secrets" {
*****************************************/

module "interconnect" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down Expand Up @@ -144,8 +148,9 @@ module "interconnect" {
*****************************************/

module "scc_notifications" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down Expand Up @@ -174,8 +179,9 @@ module "scc_notifications" {
*****************************************/

module "dns_hub" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down Expand Up @@ -212,9 +218,10 @@ module "dns_hub" {
*****************************************/

module "base_network_hub" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
count = var.enable_hub_and_spoke ? 1 : 0
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
count = var.enable_hub_and_spoke ? 1 : 0

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down Expand Up @@ -259,9 +266,10 @@ resource "google_project_iam_member" "network_sa_base" {
*****************************************/

module "restricted_network_hub" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
count = var.enable_hub_and_spoke ? 1 : 0
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
count = var.enable_hub_and_spoke ? 1 : 0

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down
4 changes: 2 additions & 2 deletions 1-org/envs/shared/tags.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ locals {
tags_obj_list = flatten([
for tag_key, tag_obj in local.tags : [
for value in tag_obj.values : {
shortkey = "${tag_key}"
shortkey = tag_key
key = "${tag_key}_${value}"
val = "${value}"
val = value
}
]
])
Expand Down
2 changes: 0 additions & 2 deletions 2-environments/modules/env_baseline/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,8 @@

locals {
org_id = data.terraform_remote_state.bootstrap.outputs.common_config.org_id
parent_folder = data.terraform_remote_state.bootstrap.outputs.common_config.parent_folder
parent = data.terraform_remote_state.bootstrap.outputs.common_config.parent_id
billing_account = data.terraform_remote_state.bootstrap.outputs.common_config.billing_account
default_region = data.terraform_remote_state.bootstrap.outputs.common_config.default_region
project_prefix = data.terraform_remote_state.bootstrap.outputs.common_config.project_prefix
folder_prefix = data.terraform_remote_state.bootstrap.outputs.common_config.folder_prefix
tags = data.terraform_remote_state.org.outputs.tags
Expand Down
5 changes: 3 additions & 2 deletions 2-environments/modules/env_baseline/monitoring.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,9 @@
*****************************************/

module "monitoring_project" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
name = "${local.project_prefix}-${var.environment_code}-monitoring"
Expand Down
10 changes: 6 additions & 4 deletions 2-environments/modules/env_baseline/networking.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,9 @@
*****************************************/

module "base_shared_vpc_host_project" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
name = format("%s-%s-shared-base", local.project_prefix, var.environment_code)
Expand Down Expand Up @@ -53,8 +54,9 @@ module "base_shared_vpc_host_project" {
}

module "restricted_shared_vpc_host_project" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
name = format("%s-%s-shared-restricted", local.project_prefix, var.environment_code)
Expand Down
5 changes: 3 additions & 2 deletions 2-environments/modules/env_baseline/secrets.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,9 @@
*****************************************/

module "env_secrets" {
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"
source = "terraform-google-modules/project-factory/google"
version = "~> 14.0"

random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
Expand Down
9 changes: 7 additions & 2 deletions 3-networks-dual-svpc/envs/shared/dns-hub.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,9 @@
*****************************************/

module "dns_hub_vpc" {
source = "terraform-google-modules/network/google"
version = "~> 5.1"
source = "terraform-google-modules/network/google"
version = "~> 5.1"

project_id = local.dns_hub_project_id
network_name = "vpc-c-dns-hub"
shared_vpc_host = "false"
Expand Down Expand Up @@ -91,6 +92,7 @@ module "dns-forwarding-zone" {
module "dns_hub_region1_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 3.0"

name = "cr-c-dns-hub-${local.default_region1}-cr1"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
Expand All @@ -104,6 +106,7 @@ module "dns_hub_region1_router1" {
module "dns_hub_region1_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 3.0"

name = "cr-c-dns-hub-${local.default_region1}-cr2"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
Expand All @@ -117,6 +120,7 @@ module "dns_hub_region1_router2" {
module "dns_hub_region2_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 3.0"

name = "cr-c-dns-hub-${local.default_region2}-cr3"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
Expand All @@ -130,6 +134,7 @@ module "dns_hub_region2_router1" {
module "dns_hub_region2_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 3.0"

name = "cr-c-dns-hub-${local.default_region2}-cr4"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
Expand Down
1 change: 1 addition & 0 deletions 3-networks-dual-svpc/envs/shared/hierarchical_firewall.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

module "hierarchical_firewall_policy" {
source = "../../modules/hierarchical_firewall_policy/"

parent = local.common_folder_name
name = "common-firewall-rules"
associations = [
Expand Down
Loading