Add or update folder (#168)

osinfra-io · Nov 22, 2023 · 96af6be · 96af6be
1 parent 5bde39a
commit 96af6be
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 29 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,7 +12,7 @@ repos:
       - id: no-commit-to-branch
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.83.5
+    rev: v1.83.6
     hooks:
       - id: terraform_fmt
 

diff --git a/global/infra/README.md b/global/infra/README.md
@@ -9,7 +9,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 5.4.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 5.7.0 |
 
 ## Modules
 
@@ -39,7 +39,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_billing_account"></a> [billing\_account](#input\_billing\_account) | The alphanumeric ID of the billing account this project belongs to | `string` | n/a | yes |
 | <a name="input_customer_id"></a> [customer\_id](#input\_customer\_id) | The unique customer ID assigned to you when you signed up for Google Workspace or Cloud Identity. You can look up this ID in your Admin console | `string` | n/a | yes |
-| <a name="input_folder_iam_policies"></a> [folder\_iam\_policies](#input\_folder\_iam\_policies) | A map of authoritative IAM policies for the folder, replaces any existing policy already attached | <pre>map(object({<br>    team        = string<br>    service     = string<br>    environment = string<br>    bindings = list(object({<br>      members = list(string)<br>      role    = string<br>    }))<br>  }))</pre> | n/a | yes |
+| <a name="input_folder_iam_policies"></a> [folder\_iam\_policies](#input\_folder\_iam\_policies) | A map of authoritative IAM policies for the folder, replaces any existing policy already attached | <pre>map(object({<br>    service     = string<br>    environment = string<br>    bindings = list(object({<br>      members = list(string)<br>      role    = string<br>    }))<br>  }))</pre> | n/a | yes |
 | <a name="input_folder_services"></a> [folder\_services](#input\_folder\_services) | A map of folder services to create | <pre>map(object({<br>    display_name          = string<br>    environments          = list(string)<br>    monthly_budget_amount = optional(number, 10)<br>    parent                = string<br>  }))</pre> | n/a | yes |
 | <a name="input_folder_teams"></a> [folder\_teams](#input\_folder\_teams) | A map of folder teams to create | <pre>map(object({<br>    display_name = string<br>  }))</pre> | n/a | yes |
 | <a name="input_identity_groups"></a> [identity\_groups](#input\_identity\_groups) | A map of identity groups to create | <pre>map(object({<br>    description  = string<br>    display_name = string<br>    managers     = list(string)<br>    members      = list(string)<br>    owners       = list(string)<br>    roles        = list(string)<br>  }))</pre> | n/a | yes |

diff --git a/global/infra/tfvars/production.tfvars b/global/infra/tfvars/production.tfvars
@@ -1,6 +1,5 @@
 folder_iam_policies = {
   390812006260 = {
-    team        = "Platform - Landing Zone"
     service     = "Audit Logging"
     environment = "Sandbox"
     bindings = [
@@ -20,7 +19,6 @@ folder_iam_policies = {
   }
 
   988946273293 = {
-    team        = "Platform - Landing Zone"
     service     = "Audit Logging"
     environment = "Non-Production"
     bindings = [
@@ -40,7 +38,6 @@ folder_iam_policies = {
   }
 
   606239917687 = {
-    team        = "Platform - Landing Zone"
     service     = "Audit Logging"
     environment = "Production"
     bindings = [
@@ -59,9 +56,8 @@ folder_iam_policies = {
     ]
   }
 
-  515753002772 = {
-    team        = "Platform - Landing Zone"
-    service     = "Terraform Backend"
+  589091281803 = {
+    service     = "Kubernetes"
     environment = "Sandbox"
     bindings = [
       {
@@ -72,17 +68,15 @@ folder_iam_policies = {
       },
       {
         members = [
-          "serviceAccount:plt-lz-backend[email protected]"
+          "serviceAccount:plt-k8s[email protected]"
         ]
         role = "roles/resourcemanager.projectCreator"
       }
-
     ]
   }
 
-  574432336767 = {
-    team        = "Platform - Landing Zone"
-    service     = "Terraform Backend"
+  308872035878 = {
+    service     = "Kubernetes"
     environment = "Non-Production"
     bindings = [
       {
@@ -93,16 +87,15 @@ folder_iam_policies = {
       },
       {
         members = [
-          "serviceAccount:plt-lz-backend[email protected]"
+          "serviceAccount:plt-k8s[email protected]"
         ]
         role = "roles/resourcemanager.projectCreator"
       }
     ]
   }
 
-  131486843041 = {
-    team        = "Platform - Landing Zone"
-    service     = "Terraform Backend"
+  450746270117 = {
+    service     = "Kubernetes"
     environment = "Production"
     bindings = [
       {
@@ -113,15 +106,14 @@ folder_iam_policies = {
       },
       {
         members = [
-          "serviceAccount:plt-lz-backend[email protected]"
+          "serviceAccount:plt-k8s[email protected]"
         ]
         role = "roles/resourcemanager.projectCreator"
       }
     ]
   }
 
   13103602325 = {
-    team        = "Platform - Landing Zone"
     service     = "Networking"
     environment = "Sandbox"
     bindings = [
@@ -147,7 +139,6 @@ folder_iam_policies = {
   }
 
   345391277536 = {
-    team        = "Platform - Landing Zone"
     service     = "Networking"
     environment = "Non-Production"
     bindings = [
@@ -173,7 +164,6 @@ folder_iam_policies = {
   }
 
   1033174574192 = {
-    team        = "Platform - Landing Zone"
     service     = "Networking"
     environment = "Production"
     bindings = [
@@ -198,8 +188,65 @@ folder_iam_policies = {
     ]
   }
 
+  515753002772 = {
+    service     = "Terraform Backend"
+    environment = "Sandbox"
+    bindings = [
+      {
+        members = [
+          "group:[email protected]"
+        ]
+        role = "roles/resourcemanager.folderIamAdmin"
+      },
+      {
+        members = [
+          "serviceAccount:plt-lz-backend-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com"
+        ]
+        role = "roles/resourcemanager.projectCreator"
+      }
+
+    ]
+  }
+
+  574432336767 = {
+    service     = "Terraform Backend"
+    environment = "Non-Production"
+    bindings = [
+      {
+        members = [
+          "group:[email protected]"
+        ]
+        role = "roles/resourcemanager.folderIamAdmin"
+      },
+      {
+        members = [
+          "serviceAccount:plt-lz-backend-github@ptl-lz-terraform-tf05-nonprod.iam.gserviceaccount.com"
+        ]
+        role = "roles/resourcemanager.projectCreator"
+      }
+    ]
+  }
+
+  131486843041 = {
+    service     = "Terraform Backend"
+    environment = "Production"
+    bindings = [
+      {
+        members = [
+          "group:[email protected]"
+        ]
+        role = "roles/resourcemanager.folderIamAdmin"
+      },
+      {
+        members = [
+          "serviceAccount:plt-lz-backend-github@ptl-lz-terraform-tf62-prod.iam.gserviceaccount.com"
+        ]
+        role = "roles/resourcemanager.projectCreator"
+      }
+    ]
+  }
+
   1069400145815 = {
-    team        = "Platform - Landing Zone"
     service     = "Testing"
     environment = "Sandbox"
     bindings = [
@@ -232,7 +279,6 @@ folder_iam_policies = {
   }
 
   1094321749831 = {
-    team        = "Platform - Landing Zone"
     service     = "Testing"
     environment = "Non-Production"
     bindings = [
@@ -252,7 +298,6 @@ folder_iam_policies = {
   }
 
   642644757390 = {
-    team        = "Platform - Landing Zone"
     service     = "Testing"
     environment = "Production"
     bindings = [
@@ -272,7 +317,6 @@ folder_iam_policies = {
   }
 
   267179923152 = {
-    team        = "Platform - Landing Zone"
     service     = "Workload Identity Federation"
     environment = "Sandbox"
     bindings = [
@@ -292,7 +336,6 @@ folder_iam_policies = {
   }
 
   8288220956 = {
-    team        = "Platform - Landing Zone"
     service     = "Workload Identity Federation"
     environment = "Non-Production"
     bindings = [
@@ -312,7 +355,6 @@ folder_iam_policies = {
   }
 
   679274494921 = {
-    team        = "Platform - Landing Zone"
     service     = "Workload Identity Federation"
     environment = "Production"
     bindings = [
@@ -378,6 +420,12 @@ folder_services = {
     environments = ["Sandbox", "Non-Production", "Production"]
     parent       = "team-1"
   }
+
+  service-7 = {
+    display_name = "Kubernetes"
+    environments = ["Sandbox", "Non-Production", "Production"]
+    parent       = "team-1"
+  }
 }
 
 identity_groups = {

diff --git a/global/infra/variables.tf b/global/infra/variables.tf
@@ -24,7 +24,6 @@ variable "customer_id" {
 variable "folder_iam_policies" {
   description = "A map of authoritative IAM policies for the folder, replaces any existing policy already attached"
   type = map(object({
-    team        = string
     service     = string
     environment = string
     bindings = list(object({