-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Add roles and service enablements to bootstrap project #1175
fix: Add roles and service enablements to bootstrap project #1175
Conversation
Going through PR approval procedures to the readme in specifically how to request review time from the https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/CODEOWNERS reference: #1179 |
Team, let me know what else needs to be provided in this initial PR to get it merged. I am working on behalf of 2 Canadian Government organizations (one Federal, one Provincial) wishing to directly use and contribute to the TEF as a default GCP LZ |
Lint ran - fixing whitespace issues in another commit
|
I'll raise in a separate PR but 3-networks-hub-and-spoke also needs the compute.orgSecurityPolicyAdmin or User or more recently compute.orgFirewallPolicyAdmin IAM role on the super admin to be able to view Hierarchical Firewall Policies created under the common branch https://cloud.google.com/firewall/docs/firewall-policies#iam As well as compute api on bootstrap project in step 11 of 3-networks-hub-and-spoke
tested entire 3-networks-hub-and-spoke with these changes including the hierarchical firewall policy retry rename procedure |
Thanks for the submission, for the additional roles are LGTM. Can you re-sync the branch? |
sounds good, there are additional sections in the gitlab, github, jenkins build variants that i will separately test/pr later. |
main branch merged - waiting on "lint" task report... |
Thank you TEF team - we really appreciate this initial PR!!! |
Overview
This PR is an initial canary PR that addresses a couple minor service enablement and IAM role requirements during the 0-bootstrap and 1-org subsections that occurred on a clean GCP organization when following the readme instructions deploying the landing zone.
We as a team would like to also determine the formal process ( #1179 ) around PR submission as we add more ER or Bug PRs while we bring up the as-is TEF deployment for future additional functionality
see testing in #1133
specifically
#1136
#1139
#1140
#1142
#1143
#1161
Guidance
This first PR is a preliminary fix for service enablements and roles required during bootstrap of the TEF deployment.
Later in #1144 the readme instructions will be added to a bootstrap.sh script