From 28de5314c174e51142f4a5e20e9e90d88e3649b7 Mon Sep 17 00:00:00 2001 From: Rohan Jerrems Date: Wed, 5 Aug 2020 16:08:06 +1000 Subject: [PATCH] refactor: use long name for environments (#183) --- .kitchen.yml | 6 +- 0-bootstrap/main.tf | 6 +- 1-org/README.md | 22 +++---- 1-org/envs/shared/folders.tf | 2 +- 1-org/envs/shared/projects.tf | 12 ++-- 2-environments/README.md | 42 ++++++------- .../envs/{dev => development}/README.md | 0 2-environments/envs/development/backend.tf | 22 +++++++ .../envs/{dev => development}/main.tf | 2 +- .../envs/{dev => development}/outputs.tf | 0 .../envs/{dev => development}/providers.tf | 0 .../{dev => development}/terraform.tfvars | 0 .../envs/{dev => development}/variables.tf | 0 .../{nonprod => non-production}/README.md | 0 2-environments/envs/non-production/backend.tf | 22 +++++++ .../envs/{nonprod => non-production}/main.tf | 2 +- .../{nonprod => non-production}/outputs.tf | 0 .../{nonprod => non-production}/providers.tf | 0 .../terraform.tfvars | 0 .../{nonprod => non-production}/variables.tf | 0 .../envs/{prod => production}/README.md | 0 .../envs/{nonprod => production}/backend.tf | 2 +- .../envs/{prod => production}/main.tf | 2 +- .../envs/{prod => production}/outputs.tf | 0 .../envs/{prod => production}/providers.tf | 0 .../{prod => production}/terraform.tfvars | 0 .../envs/{prod => production}/variables.tf | 0 2-environments/modules/env_baseline/README.md | 2 +- .../modules/env_baseline/folders.tf | 4 +- .../modules/env_baseline/variables.tf | 2 +- 3-networks/README.md | 52 ++++++++-------- .../envs/{prod => development}/README.md | 6 +- .../access_context.auto.tfvars | 0 .../envs/{dev => development}/backend.tf | 2 +- .../{dev => development}/common.auto.tfvars | 0 3-networks/envs/{dev => development}/main.tf | 4 +- .../envs/{dev => development}/outputs.tf | 0 .../envs/{dev => development}/providers.tf | 0 .../envs/{dev => development}/variables.tf | 0 .../envs/{dev => development}/versions.tf | 0 .../envs/{dev => development}/vpn.tf.example | 4 +- .../{nonprod => non-production}/README.md | 6 +- .../access_context.auto.tfvars | 0 .../envs/non-production}/backend.tf | 2 +- .../common.auto.tfvars | 0 .../envs/{nonprod => non-production}/main.tf | 4 +- .../{nonprod => non-production}/outputs.tf | 0 .../{nonprod => non-production}/providers.tf | 0 .../{nonprod => non-production}/variables.tf | 0 .../{nonprod => non-production}/versions.tf | 0 .../vpn.tf.example | 4 +- 3-networks/envs/nonprod/backend.tf | 22 ------- 3-networks/envs/prod/backend.tf | 22 ------- 3-networks/envs/{dev => production}/README.md | 6 +- .../access_context.auto.tfvars | 0 .../envs/production}/backend.tf | 2 +- .../{prod => production}/common.auto.tfvars | 0 3-networks/envs/{prod => production}/main.tf | 4 +- .../envs/{prod => production}/outputs.tf | 0 .../envs/{prod => production}/providers.tf | 0 .../envs/{prod => production}/variables.tf | 0 .../envs/{prod => production}/versions.tf | 0 .../envs/{prod => production}/vpn.tf.example | 4 +- 3-networks/envs/shared/main.tf | 2 +- 3-networks/modules/base_shared_vpc/dns.tf | 2 +- .../modules/restricted_shared_vpc/dns.tf | 2 +- 3-networks/modules/vpn-ha/README.md | 2 +- 3-networks/modules/vpn-ha/variables.tf | 2 +- 4-projects/README.md | 60 +++++++++---------- 4-projects/business_unit_1/dev/backend.tf | 22 ------- .../{dev => development}/README.md | 0 .../business_unit_1/development/backend.tf | 22 +++++++ .../{dev => development}/common.auto.tfvars | 0 .../{dev => development}/dev.auto.tfvars | 0 .../example_base_shared_vpc_project.tf | 2 +- .../example_floating_project.tf | 2 +- .../example_restricted_shared_vpc_project.tf | 2 +- .../{prod => development}/folder.tf | 2 +- .../{dev => development}/providers.tf | 0 .../{dev => development}/variables.tf | 0 .../{nonprod => non-production}/README.md | 0 .../business_unit_1/non-production/backend.tf | 22 +++++++ .../common.auto.tfvars | 0 .../example_base_shared_vpc_project.tf | 2 +- .../example_floating_project.tf | 2 +- .../example_restricted_shared_vpc_project.tf | 2 +- .../business_unit_1/non-production/folder.tf | 21 +++++++ .../nonprod.auto.tfvars | 0 .../{nonprod => non-production}/providers.tf | 0 .../{nonprod => non-production}/variables.tf | 0 4-projects/business_unit_1/nonprod/backend.tf | 22 ------- 4-projects/business_unit_1/prod/backend.tf | 22 ------- .../{prod => production}/README.md | 0 .../business_unit_1/production/backend.tf | 22 +++++++ .../{prod => production}/common.auto.tfvars | 0 .../example_base_shared_vpc_project.tf | 2 +- .../example_floating_project.tf | 2 +- .../example_restricted_shared_vpc_project.tf | 2 +- .../{dev => production}/folder.tf | 2 +- .../{prod => production}/prod.auto.tfvars | 0 .../{prod => production}/providers.tf | 0 .../{prod => production}/variables.tf | 0 4-projects/business_unit_2/dev/backend.tf | 22 ------- .../{dev => development}/README.md | 0 .../business_unit_2/development/backend.tf | 22 +++++++ .../{dev => development}/common.auto.tfvars | 0 .../{dev => development}/dev.auto.tfvars | 0 .../example_base_shared_vpc_project.tf | 2 +- .../example_floating_project.tf | 4 +- .../example_restricted_shared_vpc_project.tf | 2 +- .../{dev => development}/folder.tf | 2 +- .../{dev => development}/providers.tf | 0 .../{dev => development}/variables.tf | 0 .../{nonprod => non-production}/README.md | 0 .../business_unit_2/non-production/backend.tf | 22 +++++++ .../common.auto.tfvars | 0 .../example_base_shared_vpc_project.tf | 2 +- .../example_floating_project.tf | 4 +- .../example_restricted_shared_vpc_project.tf | 2 +- .../business_unit_2/non-production/folder.tf | 21 +++++++ .../nonprod.auto.tfvars | 0 .../{nonprod => non-production}/providers.tf | 0 .../{nonprod => non-production}/variables.tf | 0 4-projects/business_unit_2/nonprod/backend.tf | 22 ------- 4-projects/business_unit_2/nonprod/folder.tf | 21 ------- 4-projects/business_unit_2/prod/backend.tf | 22 ------- 4-projects/business_unit_2/prod/folder.tf | 20 ------- .../{prod => production}/README.md | 0 .../business_unit_2/production/backend.tf | 22 +++++++ .../{prod => production}/common.auto.tfvars | 0 .../example_base_shared_vpc_project.tf | 2 +- .../example_floating_project.tf | 2 +- .../example_restricted_shared_vpc_project.tf | 2 +- .../production}/folder.tf | 3 +- .../{prod => production}/prod.auto.tfvars | 0 .../{prod => production}/providers.tf | 0 .../{prod => production}/variables.tf | 0 ...tfvars => development.auto.example.tfvars} | 0 ...ars => non-production.auto.example.tfvars} | 0 ....tfvars => production.auto.example.tfvars} | 0 README.md | 6 +- build/Jenkinsfile | 36 +++++------ build/tf-wrapper.sh | 6 +- test/fixtures/envs/main.tf | 12 ++-- test/fixtures/envs/outputs.tf | 30 +++++----- test/fixtures/networks/main.tf | 12 ++-- test/fixtures/networks/outputs.tf | 24 ++++---- test/fixtures/projects/main.tf | 12 ++-- test/fixtures/projects/variables.tf | 6 +- .../bootstrap/controls/gcloud_cloudbuild.rb | 4 +- .../envs/controls/{dev.rb => development.rb} | 6 +- .../{nonprod.rb => non-production.rb} | 6 +- .../envs/controls/{prod.rb => production.rb} | 6 +- test/integration/org/controls/gcp_projects.rb | 2 +- 154 files changed, 465 insertions(+), 463 deletions(-) rename 2-environments/envs/{dev => development}/README.md (100%) create mode 100644 2-environments/envs/development/backend.tf rename 2-environments/envs/{dev => development}/main.tf (96%) rename 2-environments/envs/{dev => development}/outputs.tf (100%) rename 2-environments/envs/{dev => development}/providers.tf (100%) rename 2-environments/envs/{dev => development}/terraform.tfvars (100%) rename 2-environments/envs/{dev => development}/variables.tf (100%) rename 2-environments/envs/{nonprod => non-production}/README.md (100%) create mode 100644 2-environments/envs/non-production/backend.tf rename 2-environments/envs/{nonprod => non-production}/main.tf (96%) rename 2-environments/envs/{nonprod => non-production}/outputs.tf (100%) rename 2-environments/envs/{nonprod => non-production}/providers.tf (100%) rename 2-environments/envs/{nonprod => non-production}/terraform.tfvars (100%) rename 2-environments/envs/{nonprod => non-production}/variables.tf (100%) rename 2-environments/envs/{prod => production}/README.md (100%) rename 2-environments/envs/{nonprod => production}/backend.tf (93%) rename 2-environments/envs/{prod => production}/main.tf (96%) rename 2-environments/envs/{prod => production}/outputs.tf (100%) rename 2-environments/envs/{prod => production}/providers.tf (100%) rename 2-environments/envs/{prod => production}/terraform.tfvars (100%) rename 2-environments/envs/{prod => production}/variables.tf (100%) rename 3-networks/envs/{prod => development}/README.md (95%) rename 3-networks/envs/{dev => development}/access_context.auto.tfvars (100%) rename 3-networks/envs/{dev => development}/backend.tf (93%) rename 3-networks/envs/{dev => development}/common.auto.tfvars (100%) rename 3-networks/envs/{dev => development}/main.tf (99%) rename 3-networks/envs/{dev => development}/outputs.tf (100%) rename 3-networks/envs/{dev => development}/providers.tf (100%) rename 3-networks/envs/{dev => development}/variables.tf (100%) rename 3-networks/envs/{dev => development}/versions.tf (100%) rename 3-networks/envs/{dev => development}/vpn.tf.example (98%) rename 3-networks/envs/{nonprod => non-production}/README.md (95%) rename 3-networks/envs/{nonprod => non-production}/access_context.auto.tfvars (100%) rename {2-environments/envs/prod => 3-networks/envs/non-production}/backend.tf (93%) rename 3-networks/envs/{nonprod => non-production}/common.auto.tfvars (100%) rename 3-networks/envs/{nonprod => non-production}/main.tf (99%) rename 3-networks/envs/{nonprod => non-production}/outputs.tf (100%) rename 3-networks/envs/{nonprod => non-production}/providers.tf (100%) rename 3-networks/envs/{nonprod => non-production}/variables.tf (100%) rename 3-networks/envs/{nonprod => non-production}/versions.tf (100%) rename 3-networks/envs/{nonprod => non-production}/vpn.tf.example (98%) delete mode 100644 3-networks/envs/nonprod/backend.tf delete mode 100644 3-networks/envs/prod/backend.tf rename 3-networks/envs/{dev => production}/README.md (95%) rename 3-networks/envs/{prod => production}/access_context.auto.tfvars (100%) rename {2-environments/envs/dev => 3-networks/envs/production}/backend.tf (93%) rename 3-networks/envs/{prod => production}/common.auto.tfvars (100%) rename 3-networks/envs/{prod => production}/main.tf (99%) rename 3-networks/envs/{prod => production}/outputs.tf (100%) rename 3-networks/envs/{prod => production}/providers.tf (100%) rename 3-networks/envs/{prod => production}/variables.tf (100%) rename 3-networks/envs/{prod => production}/versions.tf (100%) rename 3-networks/envs/{prod => production}/vpn.tf.example (98%) delete mode 100644 4-projects/business_unit_1/dev/backend.tf rename 4-projects/business_unit_1/{dev => development}/README.md (100%) create mode 100644 4-projects/business_unit_1/development/backend.tf rename 4-projects/business_unit_1/{dev => development}/common.auto.tfvars (100%) rename 4-projects/business_unit_1/{dev => development}/dev.auto.tfvars (100%) rename 4-projects/business_unit_1/{dev => development}/example_base_shared_vpc_project.tf (96%) rename 4-projects/business_unit_1/{nonprod => development}/example_floating_project.tf (96%) rename 4-projects/business_unit_1/{dev => development}/example_restricted_shared_vpc_project.tf (97%) rename 4-projects/business_unit_1/{prod => development}/folder.tf (95%) rename 4-projects/business_unit_1/{dev => development}/providers.tf (100%) rename 4-projects/business_unit_1/{dev => development}/variables.tf (100%) rename 4-projects/business_unit_1/{nonprod => non-production}/README.md (100%) create mode 100644 4-projects/business_unit_1/non-production/backend.tf rename 4-projects/business_unit_1/{nonprod => non-production}/common.auto.tfvars (100%) rename 4-projects/business_unit_1/{nonprod => non-production}/example_base_shared_vpc_project.tf (96%) rename 4-projects/business_unit_1/{prod => non-production}/example_floating_project.tf (96%) rename 4-projects/business_unit_1/{prod => non-production}/example_restricted_shared_vpc_project.tf (96%) create mode 100644 4-projects/business_unit_1/non-production/folder.tf rename 4-projects/business_unit_1/{nonprod => non-production}/nonprod.auto.tfvars (100%) rename 4-projects/business_unit_1/{nonprod => non-production}/providers.tf (100%) rename 4-projects/business_unit_1/{nonprod => non-production}/variables.tf (100%) delete mode 100644 4-projects/business_unit_1/nonprod/backend.tf delete mode 100644 4-projects/business_unit_1/prod/backend.tf rename 4-projects/business_unit_1/{prod => production}/README.md (100%) create mode 100644 4-projects/business_unit_1/production/backend.tf rename 4-projects/business_unit_1/{prod => production}/common.auto.tfvars (100%) rename 4-projects/business_unit_1/{prod => production}/example_base_shared_vpc_project.tf (96%) rename 4-projects/business_unit_1/{dev => production}/example_floating_project.tf (96%) rename 4-projects/business_unit_1/{nonprod => production}/example_restricted_shared_vpc_project.tf (97%) rename 4-projects/business_unit_1/{dev => production}/folder.tf (95%) rename 4-projects/business_unit_1/{prod => production}/prod.auto.tfvars (100%) rename 4-projects/business_unit_1/{prod => production}/providers.tf (100%) rename 4-projects/business_unit_1/{prod => production}/variables.tf (100%) delete mode 100644 4-projects/business_unit_2/dev/backend.tf rename 4-projects/business_unit_2/{dev => development}/README.md (100%) create mode 100644 4-projects/business_unit_2/development/backend.tf rename 4-projects/business_unit_2/{dev => development}/common.auto.tfvars (100%) rename 4-projects/business_unit_2/{dev => development}/dev.auto.tfvars (100%) rename 4-projects/business_unit_2/{dev => development}/example_base_shared_vpc_project.tf (96%) rename 4-projects/business_unit_2/{nonprod => development}/example_floating_project.tf (96%) rename 4-projects/business_unit_2/{prod => development}/example_restricted_shared_vpc_project.tf (97%) rename 4-projects/business_unit_2/{dev => development}/folder.tf (95%) rename 4-projects/business_unit_2/{dev => development}/providers.tf (100%) rename 4-projects/business_unit_2/{dev => development}/variables.tf (100%) rename 4-projects/business_unit_2/{nonprod => non-production}/README.md (100%) create mode 100644 4-projects/business_unit_2/non-production/backend.tf rename 4-projects/business_unit_2/{nonprod => non-production}/common.auto.tfvars (100%) rename 4-projects/business_unit_2/{prod => non-production}/example_base_shared_vpc_project.tf (96%) rename 4-projects/business_unit_2/{dev => non-production}/example_floating_project.tf (96%) rename 4-projects/business_unit_2/{dev => non-production}/example_restricted_shared_vpc_project.tf (96%) create mode 100644 4-projects/business_unit_2/non-production/folder.tf rename 4-projects/business_unit_2/{nonprod => non-production}/nonprod.auto.tfvars (100%) rename 4-projects/business_unit_2/{nonprod => non-production}/providers.tf (100%) rename 4-projects/business_unit_2/{nonprod => non-production}/variables.tf (100%) delete mode 100644 4-projects/business_unit_2/nonprod/backend.tf delete mode 100644 4-projects/business_unit_2/nonprod/folder.tf delete mode 100644 4-projects/business_unit_2/prod/backend.tf delete mode 100644 4-projects/business_unit_2/prod/folder.tf rename 4-projects/business_unit_2/{prod => production}/README.md (100%) create mode 100644 4-projects/business_unit_2/production/backend.tf rename 4-projects/business_unit_2/{prod => production}/common.auto.tfvars (100%) rename 4-projects/business_unit_2/{nonprod => production}/example_base_shared_vpc_project.tf (96%) rename 4-projects/business_unit_2/{prod => production}/example_floating_project.tf (96%) rename 4-projects/business_unit_2/{nonprod => production}/example_restricted_shared_vpc_project.tf (97%) rename 4-projects/{business_unit_1/nonprod => business_unit_2/production}/folder.tf (95%) rename 4-projects/business_unit_2/{prod => production}/prod.auto.tfvars (100%) rename 4-projects/business_unit_2/{prod => production}/providers.tf (100%) rename 4-projects/business_unit_2/{prod => production}/variables.tf (100%) rename 4-projects/{dev.auto.example.tfvars => development.auto.example.tfvars} (100%) rename 4-projects/{nonprod.auto.example.tfvars => non-production.auto.example.tfvars} (100%) rename 4-projects/{prod.auto.example.tfvars => production.auto.example.tfvars} (100%) rename test/integration/envs/controls/{dev.rb => development.rb} (96%) rename test/integration/envs/controls/{nonprod.rb => non-production.rb} (96%) rename test/integration/envs/controls/{prod.rb => production.rb} (96%) diff --git a/.kitchen.yml b/.kitchen.yml index 6189b1b39..a6efc0668 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -67,9 +67,9 @@ suites: - name: inspec-gcp backend: gcp controls: - - dev - - nonprod - - prod + - development + - non-production + - production - name: dns_hub driver: root_module_directory: test/fixtures/dns_hub/ diff --git a/0-bootstrap/main.tf b/0-bootstrap/main.tf index 9eaa44f3b..2ad384a5d 100644 --- a/0-bootstrap/main.tf +++ b/0-bootstrap/main.tf @@ -161,9 +161,9 @@ module "cloudbuild_bootstrap" { ] terraform_apply_branches = [ - "dev", - "nonprod", - "prod" + "development", + "non-production", + "production" ] } diff --git a/1-org/README.md b/1-org/README.md index 93efdb048..fd4f132d6 100644 --- a/1-org/README.md +++ b/1-org/README.md @@ -17,21 +17,21 @@ You can choose not to enable the Data Access logs by setting variable `data_acce ### Setup to run via Cloud Build 1. Clone repo `gcloud source repos clone gcp-org --project=YOUR_CLOUD_BUILD_PROJECT_ID` (this is from terraform output from the previous section, 0-bootstrap). -1. Navigate into the repo `cd gcp-org` and change to a non prod branch `git checkout -b plan` +1. Navigate into the repo `cd gcp-org` and change to a non production branch `git checkout -b plan` 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/1-org/ .` (modify accordingly based on your current directory). 1. Copy cloud build configuration files for terraform `cp ../terraform-example-foundation/build/cloudbuild-tf-* . ` (modify accordingly based on your current directory). 1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . `1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory). to the root of your new repository (modify accordingly based on your current directory). 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`. 1. Rename `terraform.example.tfvars` to `terraform.tfvars` and update the file with values from your environment and bootstrap (you can re-run `terraform output` in the 0-bootstrap directory to find these values). Make sure that `default_region` is set to a valid [BigQuery dataset region](https://cloud.google.com/bigquery/docs/locations). 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). +1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to prod branch with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production branch with `git checkout -b production` and `git push origin production` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID ### Setup to run via Jenkins 1. Clone the repo you created manually in bootstrap: `git clone ` -1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-1-org` and change to a non prod branch `git checkout -b plan` +1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-1-org` and change to a non production branch `git checkout -b plan` 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/1-org/ .` (modify accordingly based on your current directory). 1. Copy the Jenkinsfile script `cp ../terraform-example-foundation/build/Jenkinsfile .` to the root of your new repository (modify accordingly based on your current directory). 1. Update the variables located in the `environment {}` section of the `Jenkinsfile` with values from your environment: @@ -44,10 +44,10 @@ You can choose not to enable the Data Access logs by setting variable `data_acce 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`. 1. Rename `terraform.example.tfvars` to `terraform.tfvars` and update the file with values from your environment and bootstrap (you can re-run `terraform output` in the 0-bootstrap directory to find these values). Make sure that `default_region` is set to a valid [BigQuery dataset region](https://cloud.google.com/bigquery/docs/locations). 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan. +1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan. - Assuming you configured an automatic trigger in your Jenkins Master (see [Jenkins sub-module README](../0-bootstrap/modules/jenkins-agent)), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see [Jenkins website](http://www.jenkins.io) for more details. 1. Review the plan output in your Master's web UI. -1. Merge changes to prod branch with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production branch with `git checkout -b production` and `git push origin production` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). 1. You can now move to the instructions in the step [2-environments](../2-environments/README.md). @@ -62,11 +62,11 @@ You can choose not to enable the Data Access logs by setting variable `data_acce ```for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME//' $i; done```. You can run `terraform output gcs_bucket_tfstate` in the 0-bootstap folder to obtain the bucket name. -We will now deploy our environment (prod) using this script. +We will now deploy our environment (production) using this script. When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 1-org step and only the corresponding environment is applied. -1. Run `./tf-wrapper.sh init prod` -1. Run `./tf-wrapper.sh plan prod` and review output. -1. Run `./tf-wrapper.sh apply prod` +1. Run `./tf-wrapper.sh init production` +1. Run `./tf-wrapper.sh plan production` and review output. +1. Run `./tf-wrapper.sh apply production` -If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan prod` before run `./tf-wrapper.sh apply prod` +If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan production` before run `./tf-wrapper.sh apply production` diff --git a/1-org/envs/shared/folders.tf b/1-org/envs/shared/folders.tf index 40ca8d58b..9fe3f028a 100644 --- a/1-org/envs/shared/folders.tf +++ b/1-org/envs/shared/folders.tf @@ -23,6 +23,6 @@ locals { *****************************************/ resource "google_folder" "common" { - display_name = "common" + display_name = "fldr-common" parent = local.parent } diff --git a/1-org/envs/shared/projects.tf b/1-org/envs/shared/projects.tf index 6c242a62c..8f9a7de93 100644 --- a/1-org/envs/shared/projects.tf +++ b/1-org/envs/shared/projects.tf @@ -32,7 +32,7 @@ module "org_audit_logs" { activate_apis = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"] labels = { - environment = "prod" + environment = "production" application_name = "org-logging" billing_code = "1234" primary_contact = "example1" @@ -59,7 +59,7 @@ module "org_billing_logs" { activate_apis = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"] labels = { - environment = "prod" + environment = "production" application_name = "org-billing-logs" billing_code = "1234" primary_contact = "example1" @@ -90,7 +90,7 @@ module "org_secrets" { activate_apis = ["logging.googleapis.com", "secretmanager.googleapis.com", "billingbudgets.googleapis.com"] labels = { - environment = "prod" + environment = "production" application_name = "org-secrets" billing_code = "1234" primary_contact = "example1" @@ -121,7 +121,7 @@ module "interconnect" { activate_apis = ["billingbudgets.googleapis.com", "compute.googleapis.com"] labels = { - environment = "prod" + environment = "production" application_name = "org-interconnect" billing_code = "1234" primary_contact = "example1" @@ -152,7 +152,7 @@ module "scc_notifications" { skip_gcloud_download = var.skip_gcloud_download labels = { - environment = "prod" + environment = "production" application_name = "org-scc" billing_code = "1234" primary_contact = "example1" @@ -191,7 +191,7 @@ module "dns_hub" { ] labels = { - environment = "prod" + environment = "production" application_name = "org-dns-hub" billing_code = "1234" primary_contact = "example1" diff --git a/2-environments/README.md b/2-environments/README.md index 88e2719dd..2503a99d4 100644 --- a/2-environments/README.md +++ b/2-environments/README.md @@ -1,6 +1,6 @@ # 2-environments -The purpose of this step is to set up dev, nonprod, and prod environments within the GCP organization. +The purpose of this step is to set updevelopment,non-production, and production environments within the GCP organization. ## Prerequisites @@ -20,18 +20,20 @@ The purpose of this step is to set up dev, nonprod, and prod environments within 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`. 1. Rename `terraform.example.tfvars` to `terraform.tfvars` and update the file with values from your environment and bootstrap (you can re-run `terraform output` in the 0-bootstrap directory to find these values). 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. Push your plan branch to trigger a plan for all environments `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). + +#### If using Cloud Build +1. Push your plan branch to trigger a plan for all environments `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to dev with `git checkout -b dev` and `git push origin dev` +1. Merge changes to development with `git checkout -b development` and `git push origin development` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to nonprod with `git checkout -b nonprod` and `git push origin nonprod` +1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to prod branch with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production branch with `git checkout -b production` and `git push origin production` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID ### Setup to run via Jenkins 1. Clone the repo you created manually in bootstrap: `git clone ` -1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-2-environments` and change to a non prod branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). +1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-2-environments` and change to a non production branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/2-environments/ .` (modify accordingly based on your current directory). 1. Copy the Jenkinsfile script `cp ../terraform-example-foundation/build/Jenkinsfile .` to the root of your new repository (modify accordingly based on your current directory). 1. Update the variables located in the `environment {}` section of the `Jenkinsfile` with values from your environment: @@ -44,14 +46,14 @@ The purpose of this step is to set up dev, nonprod, and prod environments within 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`. 1. Rename `terraform.example.tfvars` to `terraform.tfvars` and update the file with values from your environment and bootstrap (you can re-run `terraform output` in the 0-bootstrap directory to find these values). 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan. +1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan. - Assuming you configured an automatic trigger in your Jenkins Master (see [Jenkins sub-module README](../0-bootstrap/modules/jenkins-agent)), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see [Jenkins website](http://www.jenkins.io) for more details. 1. Review the plan output in your Master's web UI. -1. Merge changes to dev with `git checkout -b dev` and `git push origin dev` +1. Merge changes to development with `git checkout -b development` and `git push origin development` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). -1. Merge changes to nonprod with `git checkout -b nonprod` and `git push origin nonprod` +1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). -1. Merge changes to prod branch with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production branch with `git checkout -b production` and `git push origin production` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). 1. You can now move to the instructions in the step [3-networks](../3-networks/README.md). @@ -65,17 +67,17 @@ The purpose of this step is to set up dev, nonprod, and prod environments within ```for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME//' $i; done```. You can run `terraform output gcs_bucket_tfstate` in the 0-bootstap folder to obtain the bucket name. -We will now deploy each of our environments(dev/prod/nonprod) using this script. +We will now deploy each of our environments(development/production/non-production) using this script. When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 2-environments step and only the corresponding environment is applied. -1. Run `./tf-wrapper.sh init dev` -1. Run `./tf-wrapper.sh plan dev` and review output. -1. Run `./tf-wrapper.sh apply dev` -1. Run `./tf-wrapper.sh init nonprod` -1. Run `./tf-wrapper.sh plan nonprod` and review output. -1. Run `./tf-wrapper.sh apply nonprod` -1. Run `./tf-wrapper.sh init prod` -1. Run `./tf-wrapper.sh plan prod` and review output. -1. Run `./tf-wrapper.sh apply prod` +1. Run `./tf-wrapper.sh init development` +1. Run `./tf-wrapper.sh plan development` and review output. +1. Run `./tf-wrapper.sh apply development` +1. Run `./tf-wrapper.sh init non-production` +1. Run `./tf-wrapper.sh plan non-production` and review output. +1. Run `./tf-wrapper.sh apply non-production` +1. Run `./tf-wrapper.sh init production` +1. Run `./tf-wrapper.sh plan production` and review output. +1. Run `./tf-wrapper.sh apply production` If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan ` before run `./tf-wrapper.sh apply ` diff --git a/2-environments/envs/dev/README.md b/2-environments/envs/development/README.md similarity index 100% rename from 2-environments/envs/dev/README.md rename to 2-environments/envs/development/README.md diff --git a/2-environments/envs/development/backend.tf b/2-environments/envs/development/backend.tf new file mode 100644 index 000000000..421342a89 --- /dev/null +++ b/2-environments/envs/development/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/environments/development" + } +} diff --git a/2-environments/envs/dev/main.tf b/2-environments/envs/development/main.tf similarity index 96% rename from 2-environments/envs/dev/main.tf rename to 2-environments/envs/development/main.tf index ae7f24ef2..215df926d 100644 --- a/2-environments/envs/dev/main.tf +++ b/2-environments/envs/development/main.tf @@ -17,7 +17,7 @@ module "env" { source = "../../modules/env_baseline" - env = "dev" + env = "development" environment_code = "d" parent_id = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" diff --git a/2-environments/envs/dev/outputs.tf b/2-environments/envs/development/outputs.tf similarity index 100% rename from 2-environments/envs/dev/outputs.tf rename to 2-environments/envs/development/outputs.tf diff --git a/2-environments/envs/dev/providers.tf b/2-environments/envs/development/providers.tf similarity index 100% rename from 2-environments/envs/dev/providers.tf rename to 2-environments/envs/development/providers.tf diff --git a/2-environments/envs/dev/terraform.tfvars b/2-environments/envs/development/terraform.tfvars similarity index 100% rename from 2-environments/envs/dev/terraform.tfvars rename to 2-environments/envs/development/terraform.tfvars diff --git a/2-environments/envs/dev/variables.tf b/2-environments/envs/development/variables.tf similarity index 100% rename from 2-environments/envs/dev/variables.tf rename to 2-environments/envs/development/variables.tf diff --git a/2-environments/envs/nonprod/README.md b/2-environments/envs/non-production/README.md similarity index 100% rename from 2-environments/envs/nonprod/README.md rename to 2-environments/envs/non-production/README.md diff --git a/2-environments/envs/non-production/backend.tf b/2-environments/envs/non-production/backend.tf new file mode 100644 index 000000000..fda3c1cdb --- /dev/null +++ b/2-environments/envs/non-production/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/environments/non-production" + } +} diff --git a/2-environments/envs/nonprod/main.tf b/2-environments/envs/non-production/main.tf similarity index 96% rename from 2-environments/envs/nonprod/main.tf rename to 2-environments/envs/non-production/main.tf index 5abf6446b..17780fc3a 100644 --- a/2-environments/envs/nonprod/main.tf +++ b/2-environments/envs/non-production/main.tf @@ -17,7 +17,7 @@ module "env" { source = "../../modules/env_baseline" - env = "nonprod" + env = "non-production" environment_code = "n" parent_id = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" diff --git a/2-environments/envs/nonprod/outputs.tf b/2-environments/envs/non-production/outputs.tf similarity index 100% rename from 2-environments/envs/nonprod/outputs.tf rename to 2-environments/envs/non-production/outputs.tf diff --git a/2-environments/envs/nonprod/providers.tf b/2-environments/envs/non-production/providers.tf similarity index 100% rename from 2-environments/envs/nonprod/providers.tf rename to 2-environments/envs/non-production/providers.tf diff --git a/2-environments/envs/nonprod/terraform.tfvars b/2-environments/envs/non-production/terraform.tfvars similarity index 100% rename from 2-environments/envs/nonprod/terraform.tfvars rename to 2-environments/envs/non-production/terraform.tfvars diff --git a/2-environments/envs/nonprod/variables.tf b/2-environments/envs/non-production/variables.tf similarity index 100% rename from 2-environments/envs/nonprod/variables.tf rename to 2-environments/envs/non-production/variables.tf diff --git a/2-environments/envs/prod/README.md b/2-environments/envs/production/README.md similarity index 100% rename from 2-environments/envs/prod/README.md rename to 2-environments/envs/production/README.md diff --git a/2-environments/envs/nonprod/backend.tf b/2-environments/envs/production/backend.tf similarity index 93% rename from 2-environments/envs/nonprod/backend.tf rename to 2-environments/envs/production/backend.tf index 5669ed8e5..5d2e4e5bf 100644 --- a/2-environments/envs/nonprod/backend.tf +++ b/2-environments/envs/production/backend.tf @@ -17,6 +17,6 @@ terraform { backend "gcs" { bucket = "UPDATE_ME" - prefix = "terraform/environments/nonprod" + prefix = "terraform/environments/production" } } diff --git a/2-environments/envs/prod/main.tf b/2-environments/envs/production/main.tf similarity index 96% rename from 2-environments/envs/prod/main.tf rename to 2-environments/envs/production/main.tf index dba7ddc44..d2d0bdb1a 100644 --- a/2-environments/envs/prod/main.tf +++ b/2-environments/envs/production/main.tf @@ -17,7 +17,7 @@ module "env" { source = "../../modules/env_baseline" - env = "prod" + env = "production" environment_code = "p" parent_id = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" diff --git a/2-environments/envs/prod/outputs.tf b/2-environments/envs/production/outputs.tf similarity index 100% rename from 2-environments/envs/prod/outputs.tf rename to 2-environments/envs/production/outputs.tf diff --git a/2-environments/envs/prod/providers.tf b/2-environments/envs/production/providers.tf similarity index 100% rename from 2-environments/envs/prod/providers.tf rename to 2-environments/envs/production/providers.tf diff --git a/2-environments/envs/prod/terraform.tfvars b/2-environments/envs/production/terraform.tfvars similarity index 100% rename from 2-environments/envs/prod/terraform.tfvars rename to 2-environments/envs/production/terraform.tfvars diff --git a/2-environments/envs/prod/variables.tf b/2-environments/envs/production/variables.tf similarity index 100% rename from 2-environments/envs/prod/variables.tf rename to 2-environments/envs/production/variables.tf diff --git a/2-environments/modules/env_baseline/README.md b/2-environments/modules/env_baseline/README.md index 3bdc83ca2..e59121739 100644 --- a/2-environments/modules/env_baseline/README.md +++ b/2-environments/modules/env_baseline/README.md @@ -7,7 +7,7 @@ | base\_network\_project\_alert\_spent\_percents | A list of percentages of the budget to alert on when threshold is exceeded for the base networks project | list(number) | `` | no | | base\_network\_project\_budget\_amount | The amount to use as the budget for the base networks project | number | `"1000"` | no | | billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | -| env | The environment to prepare (ex. dev) | string | n/a | yes | +| env | The environment to prepare (ex. development) | string | n/a | yes | | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | string | n/a | yes | | monitoring\_project\_alert\_pubsub\_topic | The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}` for the monitoring project. | string | `"null"` | no | | monitoring\_project\_alert\_spent\_percents | A list of percentages of the budget to alert on when threshold is exceeded for the monitoring project. | list(number) | `` | no | diff --git a/2-environments/modules/env_baseline/folders.tf b/2-environments/modules/env_baseline/folders.tf index 052e1673c..0facb7e2d 100644 --- a/2-environments/modules/env_baseline/folders.tf +++ b/2-environments/modules/env_baseline/folders.tf @@ -19,7 +19,7 @@ *****************************************/ data "google_active_folder" "common" { - display_name = "common" + display_name = "fldr-common" parent = local.parent } @@ -28,6 +28,6 @@ data "google_active_folder" "common" { *****************************************/ resource "google_folder" "env" { - display_name = var.env + display_name = "fldr-${var.env}" parent = local.parent } diff --git a/2-environments/modules/env_baseline/variables.tf b/2-environments/modules/env_baseline/variables.tf index 78f2ed6e5..356aa5687 100644 --- a/2-environments/modules/env_baseline/variables.tf +++ b/2-environments/modules/env_baseline/variables.tf @@ -15,7 +15,7 @@ */ variable "env" { - description = "The environment to prepare (ex. dev)" + description = "The environment to prepare (ex. development)" type = string } diff --git a/3-networks/README.md b/3-networks/README.md index c879358bd..b4eeda1ba 100644 --- a/3-networks/README.md +++ b/3-networks/README.md @@ -33,30 +33,30 @@ If you are not able to use dedicated interconnect, you can also use an HA VPN to 1. Copy cloud build configuration files for terraform `cp ../terraform-example-foundation/build/cloudbuild-tf-* . ` (modify accordingly based on your current directory) 1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . `1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory). to the root of your new repository (modify accordingly based on your current directory). 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`. -1. Rename `common.auto.example.tfvars` to `common.auto.tfvars` and update the file with values from your environment and bootstrap. -1. Rename `shared.auto.example.tfvars` to `shared.auto.tfvars` and update the file with the `target_name_server_addresses` (the list of target name servers for the DNS forwarding zone in the DNS Hub). -1. Rename `access_context.auto.example.tfvars` to `access_context.auto.tfvars` and update the file with the `access_context_manager_policy_id`. +1. Rename common.auto.example.tfvars to common.auto.tfvars and update the file with values from your environment and bootstrap. +1. Rename shared.auto.example.tfvars to shared.auto.tfvars and update the file with the target_name_server_addresses (the list of target name servers for the DNS forwarding zone in the DNS Hub). +1. Rename access_context.auto.example.tfvars to access_context.auto.tfvars and update the file with the access_context_manager_policy_id. 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. You will need to manually plan + apply the `shared` environment (only once) since dev, nonprod and prod depend on it. +1. You will need only once to manually plan + apply the `shared` environment sincedevelopment, non-production and production depend on it. 1. cd to ./envs/shared/ 1. Update backend.tf with your bucket name from the bootstrap step. 1. Run `terraform init` 1. Run `terraform plan` and review output 1. Run `terraform apply` 1. If you would like the bucket to be replaced by cloud build at run time, change the bucket name back to `UPDATE_ME` -1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). +1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to prod with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production with `git checkout -b production` and `git push origin production` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. After prod has been applied apply dev and nonprod -1. Merge changes to dev with `git checkout -b dev` and `git push origin dev` +1. After production has been applied apply development and non-production +1. Merge changes to development with `git checkout -b development` and `git push origin development` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to nonprod with `git checkout -b nonprod` and `git push origin nonprod` +1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID ### Setup to run via Jenkins 1. Clone the repo you created manually in bootstrap: `git clone ` -1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-3-networks` and change to a non prod branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). +1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-3-networks` and change to a non production branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/3-networks/ .` (modify accordingly based on your current directory). 1. Copy the Jenkinsfile script `cp ../terraform-example-foundation/build/Jenkinsfile .` to the root of your new repository (modify accordingly based on your current directory). 1. Update the variables located in the `environment {}` section of the `Jenkinsfile` with values from your environment: @@ -71,22 +71,22 @@ If you are not able to use dedicated interconnect, you can also use an HA VPN to 1. Rename `shared.auto.example.tfvars` to `shared.auto.tfvars` and update the file with the `target_name_server_addresses`. 1. Rename `access_context.auto.example.tfvars` to `access_context.auto.tfvars` and update the file with the `access_context_manager_policy_id`. 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. You will need to manually plan + apply the `shared` environment (only once) since dev, nonprod and prod depend on it. +1. You will need to manually plan + apply the `shared` environment (only once) since development, non-production and production depend on it. 1. cd to ./envs/shared/ 1. Update backend.tf with your bucket name from the bootstrap step. 1. Run `terraform init` 1. Run `terraform plan` and review output 1. Run `terraform apply` 1. If you would like the bucket to be replaced by cloud build at run time, change the bucket name back to `UPDATE_ME` -1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan. +1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan. - Assuming you configured an automatic trigger in your Jenkins Master (see [Jenkins sub-module README](../0-bootstrap/modules/jenkins-agent)), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see [Jenkins website](http://www.jenkins.io) for more details. 1. Review the plan output in your Master's web UI. -1. Merge changes to prod branch with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production branch with `git checkout -b production` and `git push origin production` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). -1. After prod has been applied apply dev and nonprod -1. Merge changes to dev with `git checkout -b dev` and `git push origin dev` +1. After production has been applied apply development and non-production +1. Merge changes to development with `git checkout -b development` and `git push origin development` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). -1. Merge changes to nonprod with `git checkout -b nonprod` and `git push origin nonprod` +1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). 1. You can now move to the instructions in the step [4-projects](../4-projects/README.md). @@ -103,21 +103,21 @@ If you are not able to use dedicated interconnect, you can also use an HA VPN to ```for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME//' $i; done```. You can run `terraform output gcs_bucket_tfstate` in the 0-bootstap folder to obtain the bucket name. -We will now deploy each of our environments(dev/prod/nonprod) using this script. +We will now deploy each of our environments(development/production/non-production) using this script. When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch in the repository for 3-networks step and only the corresponding environment is applied. 1. Run `./tf-wrapper.sh init shared` 1. Run `./tf-wrapper.sh plan shared` and review output. 1. Run `./tf-wrapper.sh apply shared` -1. Run `./tf-wrapper.sh init prod` -1. Run `./tf-wrapper.sh plan prod` and review output. -1. Run `./tf-wrapper.sh apply prod` -1. Run `./tf-wrapper.sh init nonprod` -1. Run `./tf-wrapper.sh plan nonprod` and review output. -1. Run `./tf-wrapper.sh apply nonprod` -1. Run `./tf-wrapper.sh init dev` -1. Run `./tf-wrapper.sh plan dev` and review output. -1. Run `./tf-wrapper.sh apply dev` +1. Run `./tf-wrapper.sh init production` +1. Run `./tf-wrapper.sh plan production` and review output. +1. Run `./tf-wrapper.sh apply production` +1. Run `./tf-wrapper.sh init non-production` +1. Run `./tf-wrapper.sh plan non-production` and review output. +1. Run `./tf-wrapper.sh apply non-production` +1. Run `./tf-wrapper.sh init development` +1. Run `./tf-wrapper.sh plan development` and review output. +1. Run `./tf-wrapper.sh apply development` If you received any errors or made any changes to the Terraform config or any `.tfvars`you must re-run `./tf-wrapper.sh plan ` before run `./tf-wrapper.sh apply ` diff --git a/3-networks/envs/prod/README.md b/3-networks/envs/development/README.md similarity index 95% rename from 3-networks/envs/prod/README.md rename to 3-networks/envs/development/README.md index e2922d59b..ae007daa5 100644 --- a/3-networks/envs/prod/README.md +++ b/3-networks/envs/development/README.md @@ -1,12 +1,12 @@ -# 3-networks/prod +# 3-networks/development -The purpose of this step is to setup base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment prod. +The purpose of this step is to setup base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment development. ## Prerequisites 1. 0-bootstrap executed successfully. 1. 1-org executed successfully. -1. 2-environments/envs/prod executed successfully. +1. 2-environments/envs/development executed successfully. 1. 3-networks/envs/shared executed successfully. 1. Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)"`. diff --git a/3-networks/envs/dev/access_context.auto.tfvars b/3-networks/envs/development/access_context.auto.tfvars similarity index 100% rename from 3-networks/envs/dev/access_context.auto.tfvars rename to 3-networks/envs/development/access_context.auto.tfvars diff --git a/3-networks/envs/dev/backend.tf b/3-networks/envs/development/backend.tf similarity index 93% rename from 3-networks/envs/dev/backend.tf rename to 3-networks/envs/development/backend.tf index aaf1e48d3..805953cf5 100644 --- a/3-networks/envs/dev/backend.tf +++ b/3-networks/envs/development/backend.tf @@ -17,6 +17,6 @@ terraform { backend "gcs" { bucket = "UPDATE_ME" - prefix = "terraform/networks/dev" + prefix = "terraform/networks/development" } } diff --git a/3-networks/envs/dev/common.auto.tfvars b/3-networks/envs/development/common.auto.tfvars similarity index 100% rename from 3-networks/envs/dev/common.auto.tfvars rename to 3-networks/envs/development/common.auto.tfvars diff --git a/3-networks/envs/dev/main.tf b/3-networks/envs/development/main.tf similarity index 99% rename from 3-networks/envs/dev/main.tf rename to 3-networks/envs/development/main.tf index abcd9df56..b754dd3ad 100644 --- a/3-networks/envs/dev/main.tf +++ b/3-networks/envs/development/main.tf @@ -16,7 +16,7 @@ locals { environment_code = "d" - env = "dev" + env = "development" restricted_project_id = data.google_projects.restricted_host_project.projects[0].project_id restricted_project_number = data.google_project.restricted_host_project.number base_project_id = data.google_projects.base_project.projects[0].project_id @@ -24,7 +24,7 @@ locals { } data "google_active_folder" "env" { - display_name = local.env + display_name = "fldr-${local.env}" parent = local.parent_id } diff --git a/3-networks/envs/dev/outputs.tf b/3-networks/envs/development/outputs.tf similarity index 100% rename from 3-networks/envs/dev/outputs.tf rename to 3-networks/envs/development/outputs.tf diff --git a/3-networks/envs/dev/providers.tf b/3-networks/envs/development/providers.tf similarity index 100% rename from 3-networks/envs/dev/providers.tf rename to 3-networks/envs/development/providers.tf diff --git a/3-networks/envs/dev/variables.tf b/3-networks/envs/development/variables.tf similarity index 100% rename from 3-networks/envs/dev/variables.tf rename to 3-networks/envs/development/variables.tf diff --git a/3-networks/envs/dev/versions.tf b/3-networks/envs/development/versions.tf similarity index 100% rename from 3-networks/envs/dev/versions.tf rename to 3-networks/envs/development/versions.tf diff --git a/3-networks/envs/dev/vpn.tf.example b/3-networks/envs/development/vpn.tf.example similarity index 98% rename from 3-networks/envs/dev/vpn.tf.example rename to 3-networks/envs/development/vpn.tf.example index 16759a79b..05e032d0d 100644 --- a/3-networks/envs/dev/vpn.tf.example +++ b/3-networks/envs/development/vpn.tf.example @@ -25,7 +25,7 @@ module "shared_base_vpn" { region1_router2_name = module.base_shared_vpc.region1_router2.router.name region2_router1_name = module.base_shared_vpc.region2_router1.router.name region2_router2_name = module.base_shared_vpc.region2_router2.router.name - environment = "dev" + environment = "development" vpn_psk_secret_name = "" @@ -69,7 +69,7 @@ module "shared_restricted_vpn" { region1_router2_name = module.restricted_shared_vpc.region1_router2.router.name region2_router1_name = module.restricted_shared_vpc.region2_router1.router.name region2_router2_name = module.restricted_shared_vpc.region2_router2.router.name - environment = "dev" + environment = "development" vpn_psk_secret_name = "" on_prem_router_ip_address1 = "<8.8.8.8>" # on-prem router ip address 1 diff --git a/3-networks/envs/nonprod/README.md b/3-networks/envs/non-production/README.md similarity index 95% rename from 3-networks/envs/nonprod/README.md rename to 3-networks/envs/non-production/README.md index 75790a8d7..6fd046169 100644 --- a/3-networks/envs/nonprod/README.md +++ b/3-networks/envs/non-production/README.md @@ -1,12 +1,12 @@ -# 3-networks/nonprod +# 3-networks/non-production -The purpose of this step is to setup base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment nonprod. +The purpose of this step is to setup base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment non-production. ## Prerequisites 1. 0-bootstrap executed successfully. 1. 1-org executed successfully. -1. 2-environments/envs/nonprod executed successfully. +1. 2-environments/envs/non-production executed successfully. 1. 3-networks/envs/shared executed successfully. 1. Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)"`. diff --git a/3-networks/envs/nonprod/access_context.auto.tfvars b/3-networks/envs/non-production/access_context.auto.tfvars similarity index 100% rename from 3-networks/envs/nonprod/access_context.auto.tfvars rename to 3-networks/envs/non-production/access_context.auto.tfvars diff --git a/2-environments/envs/prod/backend.tf b/3-networks/envs/non-production/backend.tf similarity index 93% rename from 2-environments/envs/prod/backend.tf rename to 3-networks/envs/non-production/backend.tf index 04c32922e..fe37051be 100644 --- a/2-environments/envs/prod/backend.tf +++ b/3-networks/envs/non-production/backend.tf @@ -17,6 +17,6 @@ terraform { backend "gcs" { bucket = "UPDATE_ME" - prefix = "terraform/environments/prod" + prefix = "terraform/networks/non-production" } } diff --git a/3-networks/envs/nonprod/common.auto.tfvars b/3-networks/envs/non-production/common.auto.tfvars similarity index 100% rename from 3-networks/envs/nonprod/common.auto.tfvars rename to 3-networks/envs/non-production/common.auto.tfvars diff --git a/3-networks/envs/nonprod/main.tf b/3-networks/envs/non-production/main.tf similarity index 99% rename from 3-networks/envs/nonprod/main.tf rename to 3-networks/envs/non-production/main.tf index 9c7f60e72..a46f9a969 100644 --- a/3-networks/envs/nonprod/main.tf +++ b/3-networks/envs/non-production/main.tf @@ -16,7 +16,7 @@ locals { environment_code = "n" - env = "nonprod" + env = "non-production" restricted_project_id = data.google_projects.restricted_host_project.projects[0].project_id restricted_project_number = data.google_project.restricted_host_project.number base_project_id = data.google_projects.base_host_project.projects[0].project_id @@ -24,7 +24,7 @@ locals { } data "google_active_folder" "env" { - display_name = local.env + display_name = "fldr-${local.env}" parent = local.parent_id } diff --git a/3-networks/envs/nonprod/outputs.tf b/3-networks/envs/non-production/outputs.tf similarity index 100% rename from 3-networks/envs/nonprod/outputs.tf rename to 3-networks/envs/non-production/outputs.tf diff --git a/3-networks/envs/nonprod/providers.tf b/3-networks/envs/non-production/providers.tf similarity index 100% rename from 3-networks/envs/nonprod/providers.tf rename to 3-networks/envs/non-production/providers.tf diff --git a/3-networks/envs/nonprod/variables.tf b/3-networks/envs/non-production/variables.tf similarity index 100% rename from 3-networks/envs/nonprod/variables.tf rename to 3-networks/envs/non-production/variables.tf diff --git a/3-networks/envs/nonprod/versions.tf b/3-networks/envs/non-production/versions.tf similarity index 100% rename from 3-networks/envs/nonprod/versions.tf rename to 3-networks/envs/non-production/versions.tf diff --git a/3-networks/envs/nonprod/vpn.tf.example b/3-networks/envs/non-production/vpn.tf.example similarity index 98% rename from 3-networks/envs/nonprod/vpn.tf.example rename to 3-networks/envs/non-production/vpn.tf.example index 1abd0f4a4..c0e37b23c 100644 --- a/3-networks/envs/nonprod/vpn.tf.example +++ b/3-networks/envs/non-production/vpn.tf.example @@ -25,7 +25,7 @@ module "shared_base_vpn" { region1_router2_name = module.base_shared_vpc.region1_router2.router.name region2_router1_name = module.base_shared_vpc.region2_router1.router.name region2_router2_name = module.base_shared_vpc.region2_router2.router.name - environment = "nonprod" + environment = "non-production" vpn_psk_secret_name = "" on_prem_router_ip_address1 = "<8.8.8.8>" # on-prem router ip address 1 @@ -68,7 +68,7 @@ module "shared_restricted_vpn" { region1_router2_name = module.restricted_shared_vpc.region1_router2.router.name region2_router1_name = module.restricted_shared_vpc.region2_router1.router.name region2_router2_name = module.restricted_shared_vpc.region2_router2.router.name - environment = "nonprod" + environment = "non-production" vpn_psk_secret_name = "" on_prem_router_ip_address1 = "<8.8.8.8>" # on-prem router ip address 1 diff --git a/3-networks/envs/nonprod/backend.tf b/3-networks/envs/nonprod/backend.tf deleted file mode 100644 index 9fcd31cc6..000000000 --- a/3-networks/envs/nonprod/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/networks/nonprod" - } -} diff --git a/3-networks/envs/prod/backend.tf b/3-networks/envs/prod/backend.tf deleted file mode 100644 index 54516d922..000000000 --- a/3-networks/envs/prod/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/networks/prod" - } -} diff --git a/3-networks/envs/dev/README.md b/3-networks/envs/production/README.md similarity index 95% rename from 3-networks/envs/dev/README.md rename to 3-networks/envs/production/README.md index 91710aa30..0dab156f2 100644 --- a/3-networks/envs/dev/README.md +++ b/3-networks/envs/production/README.md @@ -1,12 +1,12 @@ -# 3-networks/dev +# 3-networks/production -The purpose of this step is to setup base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment dev. +The purpose of this step is to setup base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment production. ## Prerequisites 1. 0-bootstrap executed successfully. 1. 1-org executed successfully. -1. 2-environments/envs/dev executed successfully. +1. 2-environments/envs/production executed successfully. 1. 3-networks/envs/shared executed successfully. 1. Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)"`. diff --git a/3-networks/envs/prod/access_context.auto.tfvars b/3-networks/envs/production/access_context.auto.tfvars similarity index 100% rename from 3-networks/envs/prod/access_context.auto.tfvars rename to 3-networks/envs/production/access_context.auto.tfvars diff --git a/2-environments/envs/dev/backend.tf b/3-networks/envs/production/backend.tf similarity index 93% rename from 2-environments/envs/dev/backend.tf rename to 3-networks/envs/production/backend.tf index 5e3fa31e1..1da48524e 100644 --- a/2-environments/envs/dev/backend.tf +++ b/3-networks/envs/production/backend.tf @@ -17,6 +17,6 @@ terraform { backend "gcs" { bucket = "UPDATE_ME" - prefix = "terraform/environments/dev" + prefix = "terraform/networks/production" } } diff --git a/3-networks/envs/prod/common.auto.tfvars b/3-networks/envs/production/common.auto.tfvars similarity index 100% rename from 3-networks/envs/prod/common.auto.tfvars rename to 3-networks/envs/production/common.auto.tfvars diff --git a/3-networks/envs/prod/main.tf b/3-networks/envs/production/main.tf similarity index 99% rename from 3-networks/envs/prod/main.tf rename to 3-networks/envs/production/main.tf index 2b1c018d2..37bd1fd5d 100644 --- a/3-networks/envs/prod/main.tf +++ b/3-networks/envs/production/main.tf @@ -16,7 +16,7 @@ locals { environment_code = "p" - env = "prod" + env = "production" restricted_project_id = data.google_projects.restricted_host_project.projects[0].project_id restricted_project_number = data.google_project.restricted_host_project.number base_project_id = data.google_projects.base_host_project.projects[0].project_id @@ -24,7 +24,7 @@ locals { } data "google_active_folder" "env" { - display_name = local.env + display_name = "fldr-${local.env}" parent = local.parent_id } diff --git a/3-networks/envs/prod/outputs.tf b/3-networks/envs/production/outputs.tf similarity index 100% rename from 3-networks/envs/prod/outputs.tf rename to 3-networks/envs/production/outputs.tf diff --git a/3-networks/envs/prod/providers.tf b/3-networks/envs/production/providers.tf similarity index 100% rename from 3-networks/envs/prod/providers.tf rename to 3-networks/envs/production/providers.tf diff --git a/3-networks/envs/prod/variables.tf b/3-networks/envs/production/variables.tf similarity index 100% rename from 3-networks/envs/prod/variables.tf rename to 3-networks/envs/production/variables.tf diff --git a/3-networks/envs/prod/versions.tf b/3-networks/envs/production/versions.tf similarity index 100% rename from 3-networks/envs/prod/versions.tf rename to 3-networks/envs/production/versions.tf diff --git a/3-networks/envs/prod/vpn.tf.example b/3-networks/envs/production/vpn.tf.example similarity index 98% rename from 3-networks/envs/prod/vpn.tf.example rename to 3-networks/envs/production/vpn.tf.example index 1ffd5a0c8..527fe6010 100644 --- a/3-networks/envs/prod/vpn.tf.example +++ b/3-networks/envs/production/vpn.tf.example @@ -25,7 +25,7 @@ module "shared_base_vpn" { region1_router2_name = module.base_shared_vpc.region1_router2.router.name region2_router1_name = module.base_shared_vpc.region2_router1.router.name region2_router2_name = module.base_shared_vpc.region2_router2.router.name - environment = "prod" + environment = "production" vpn_psk_secret_name = "" on_prem_router_ip_address1 = "<8.8.8.8>" # on-prem router ip address 1 @@ -68,7 +68,7 @@ module "shared_restricted_vpn" { region1_router2_name = module.restricted_shared_vpc.region1_router2.router.name region2_router1_name = module.restricted_shared_vpc.region2_router1.router.name region2_router2_name = module.restricted_shared_vpc.region2_router2.router.name - environment = "prod" + environment = "production" vpn_psk_secret_name = "" on_prem_router_ip_address1 = "<8.8.8.8>" # on-prem router ip address 1 diff --git a/3-networks/envs/shared/main.tf b/3-networks/envs/shared/main.tf index 8adbcba2b..c40f185f8 100644 --- a/3-networks/envs/shared/main.tf +++ b/3-networks/envs/shared/main.tf @@ -20,7 +20,7 @@ locals { } data "google_active_folder" "common" { - display_name = "common" + display_name = "fldr-common" parent = local.parent_id } diff --git a/3-networks/modules/base_shared_vpc/dns.tf b/3-networks/modules/base_shared_vpc/dns.tf index 96acdcd73..37bbf0213 100644 --- a/3-networks/modules/base_shared_vpc/dns.tf +++ b/3-networks/modules/base_shared_vpc/dns.tf @@ -19,7 +19,7 @@ locals { } data "google_active_folder" "common" { - display_name = "common" + display_name = "fldr-common" parent = local.parent_id } diff --git a/3-networks/modules/restricted_shared_vpc/dns.tf b/3-networks/modules/restricted_shared_vpc/dns.tf index deed074c6..cf4c95fdb 100644 --- a/3-networks/modules/restricted_shared_vpc/dns.tf +++ b/3-networks/modules/restricted_shared_vpc/dns.tf @@ -19,7 +19,7 @@ locals { } data "google_active_folder" "common" { - display_name = "common" + display_name = "fldr-common" parent = local.parent_id } diff --git a/3-networks/modules/vpn-ha/README.md b/3-networks/modules/vpn-ha/README.md index e52562123..670107a4f 100755 --- a/3-networks/modules/vpn-ha/README.md +++ b/3-networks/modules/vpn-ha/README.md @@ -24,7 +24,7 @@ If you don't have Dedicated Interconnect you can use High Availability VPN to co | bgp\_peer\_asn | BGP ASN for cloud routes. | number | n/a | yes | | default\_region1 | Default region 1 for Cloud Routers | string | n/a | yes | | default\_region2 | Default region 2 for Cloud Routers | string | n/a | yes | -| environment | Environment for the VPN configuration. Valid options are dev, nonprod, prod | string | n/a | yes | +| environment | Environment for the VPN configuration. Valid options are development, non-production, production | string | n/a | yes | | on\_prem\_router\_ip\_address1 | On-Prem Router IP address | string | n/a | yes | | on\_prem\_router\_ip\_address2 | On-Prem Router IP address | string | n/a | yes | | project\_id | VPC Project ID | string | n/a | yes | diff --git a/3-networks/modules/vpn-ha/variables.tf b/3-networks/modules/vpn-ha/variables.tf index 289f8c3dc..16e52bb67 100644 --- a/3-networks/modules/vpn-ha/variables.tf +++ b/3-networks/modules/vpn-ha/variables.tf @@ -31,7 +31,7 @@ variable "default_region2" { variable "environment" { type = string - description = "Environment for the VPN configuration. Valid options are dev, nonprod, prod" + description = "Environment for the VPN configuration. Valid options are development, non-production, production" } variable "vpn_psk_secret_name" { diff --git a/4-projects/README.md b/4-projects/README.md index 29c5e47ad..bdbca06c3 100644 --- a/4-projects/README.md +++ b/4-projects/README.md @@ -17,29 +17,29 @@ If your user does not have access to run the commands above and you are in the o ## Usage ### Setup to run via Cloud Build 1. Clone repo `gcloud source repos clone gcp-projects --project=YOUR_CLOUD_BUILD_PROJECT_ID` -1. Change freshly cloned repo and change to non master branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). +1. Change freshly cloned repo and change to non master branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/4-projects/ .` (modify accordingly based on your current directory) 1. Copy cloud build configuration files for terraform `cp ../terraform-example-foundation/build/cloudbuild-tf-* . ` (modify accordingly based on your current directory). 1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` (modify accordingly based on your current directory) 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`. 1. Rename `common.auto.example.tfvars` to `common.auto.tfvars` and update the file with values from your environment and bootstrap. -1. Rename `dev.auto.example.tfvars` to `dev.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_d_shared_restricted`. -1. Rename `nonprod.auto.example.tfvars` to `nonprod.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_n_shared_restricted`. -1. Rename `prod.auto.example.tfvars` to `prod.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_p_shared_restricted`. +1. Rename `development.auto.example.tfvars` to `development.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_d_shared_restricted`. +1. Rename `non-production.auto.example.tfvars` to `non-production.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_n_shared_restricted`. +1. Rename `production.auto.example.tfvars` to `production.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_p_shared_restricted`. 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). +1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to dev branch with `git checkout -b dev` and `git push origin dev` +1. Merge changes to development with `git checkout -b development` and `git push origin development` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to nonprod branch with `git checkout -b nonprod` and `git push origin nonprod` +1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID -1. Merge changes to prod branch with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production with `git checkout -b production` and `git push origin production` 1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID ### Setup to run via Jenkins 1. Clone the repo you created manually in bootstrap: `git clone ` -1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-4-projects` and change to a non prod branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan). +1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-4-projects` and change to a non production branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan). 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/4-projects/ .` (modify accordingly based on your current directory). 1. Copy the Jenkinsfile script `cp ../terraform-example-foundation/build/Jenkinsfile .` to the root of your new repository (modify accordingly based on your current directory). 1. Update the variables located in the `environment {}` section of the `Jenkinsfile` with values from your environment: @@ -51,19 +51,19 @@ If your user does not have access to run the commands above and you are in the o 1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . `1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory). to the root of your new repository (modify accordingly based on your current directory). 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`. 1. Rename `common.auto.example.tfvars` to `common.auto.tfvars` and update the file with values from your environment and bootstrap. -1. Rename `dev.auto.example.tfvars` to `dev.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_d_shared_restricted`. -1. Rename `nonprod.auto.example.tfvars` to `nonprod.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_n_shared_restricted`. -1. Rename `prod.auto.example.tfvars` to `prod.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_p_shared_restricted`. +1. Rename `development.auto.example.tfvars` to `development.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_d_shared_restricted`. +1. Rename `non-production.auto.example.tfvars` to `non-production.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_n_shared_restricted`. +1. Rename `production.auto.example.tfvars` to `production.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_p_shared_restricted`. 1. Commit changes with `git add .` and `git commit -m 'Your message'` -1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `dev`, `nonprod` or `prod` will trigger a terraform plan. +1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan. - Assuming you configured an automatic trigger in your Jenkins Master (see [Jenkins sub-module README](../0-bootstrap/modules/jenkins-agent)), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see [Jenkins website](http://www.jenkins.io) for more details. 1. Review the plan output in your Master's web UI. -1. After prod has been applied apply dev and nonprod -1. Merge changes to dev branch with `git checkout -b dev` and `git push origin dev` +1. After production has been applied apply development and non-production +1. Merge changes to development branch with `git checkout -b development` and `git push origin development` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). -1. Merge changes to nonprod branch with `git checkout -b nonprod` and `git push origin nonprod` +1. Merge changes to non-production branch with `git checkout -b non-production` and `git push origin non-production` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). -1. Merge changes to prod branch with `git checkout -b prod` and `git push origin prod` +1. Merge changes to production branch with `git checkout -b production` and `git push origin production` 1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI). 1. You can now move to the instructions in the step [4-projects](../4-projects/README.md). @@ -73,24 +73,24 @@ If your user does not have access to run the commands above and you are in the o 1. Run `cp ../build/tf-wrapper.sh .` 1. Run `chmod 755 ./tf-wrapper.sh` 1. Rename `common.auto.example.tfvars` to `common.auto.tfvars` and update the file with values from your environment and bootstrap. -1. Rename `dev.auto.example.tfvars` to `dev.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_d_shared_restricted`. -1. Rename `nonprod.auto.example.tfvars` to `nonprod.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_n_shared_restricted`. -1. Rename `prod.auto.example.tfvars` to `prod.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_p_shared_restricted`. +1. Rename `development.auto.example.tfvars` to `development.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_d_shared_restricted`. +1. Rename `non-production.auto.example.tfvars` to `non-production.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_n_shared_restricted`. +1. Rename `production.auto.example.tfvars` to `production.auto.tfvars` and update the file with the `perimeter_name` that starts with `sp_p_shared_restricted`. 1. Update backend.tf with your bucket from bootstrap. You can run ```for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME//' $i; done```. You can run `terraform output gcs_bucket_tfstate` in the 0-bootstap folder to obtain the bucket name. -We will now deploy each of our environments(dev/prod/nonprod) using this script. +We will now deploy each of our environments(development/production/non-production) using this script. When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 4-projects step and only the corresponding environment is applied. -1. Run `./tf-wrapper.sh init prod` -1. Run `./tf-wrapper.sh plan prod` and review output. -1. Run `./tf-wrapper.sh apply prod` -1. Run `./tf-wrapper.sh init nonprod` -1. Run `./tf-wrapper.sh plan nonprod` and review output. -1. Run `./tf-wrapper.sh apply nonprod` -1. Run `./tf-wrapper.sh init dev` -1. Run `./tf-wrapper.sh plan dev` and review output. -1. Run `./tf-wrapper.sh apply dev` +1. Run `./tf-wrapper.sh init production` +1. Run `./tf-wrapper.sh plan production` and review output. +1. Run `./tf-wrapper.sh apply production` +1. Run `./tf-wrapper.sh init non-production` +1. Run `./tf-wrapper.sh plan non-production` and review output. +1. Run `./tf-wrapper.sh apply non-production` +1. Run `./tf-wrapper.sh init development` +1. Run `./tf-wrapper.sh plan development` and review output. +1. Run `./tf-wrapper.sh apply development` If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan ` before run `./tf-wrapper.sh apply ` diff --git a/4-projects/business_unit_1/dev/backend.tf b/4-projects/business_unit_1/dev/backend.tf deleted file mode 100644 index 28e4b71bc..000000000 --- a/4-projects/business_unit_1/dev/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/projects/business_unit_1/dev" - } -} diff --git a/4-projects/business_unit_1/dev/README.md b/4-projects/business_unit_1/development/README.md similarity index 100% rename from 4-projects/business_unit_1/dev/README.md rename to 4-projects/business_unit_1/development/README.md diff --git a/4-projects/business_unit_1/development/backend.tf b/4-projects/business_unit_1/development/backend.tf new file mode 100644 index 000000000..5e3b4af5f --- /dev/null +++ b/4-projects/business_unit_1/development/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/projects/business_unit_1/development" + } +} diff --git a/4-projects/business_unit_1/dev/common.auto.tfvars b/4-projects/business_unit_1/development/common.auto.tfvars similarity index 100% rename from 4-projects/business_unit_1/dev/common.auto.tfvars rename to 4-projects/business_unit_1/development/common.auto.tfvars diff --git a/4-projects/business_unit_1/dev/dev.auto.tfvars b/4-projects/business_unit_1/development/dev.auto.tfvars similarity index 100% rename from 4-projects/business_unit_1/dev/dev.auto.tfvars rename to 4-projects/business_unit_1/development/dev.auto.tfvars diff --git a/4-projects/business_unit_1/dev/example_base_shared_vpc_project.tf b/4-projects/business_unit_1/development/example_base_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_1/dev/example_base_shared_vpc_project.tf rename to 4-projects/business_unit_1/development/example_base_shared_vpc_project.tf index a3863e420..94185f74c 100644 --- a/4-projects/business_unit_1/dev/example_base_shared_vpc_project.tf +++ b/4-projects/business_unit_1/development/example_base_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "base_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "dev" + environment = "development" vpc_type = "base" # Metadata diff --git a/4-projects/business_unit_1/nonprod/example_floating_project.tf b/4-projects/business_unit_1/development/example_floating_project.tf similarity index 96% rename from 4-projects/business_unit_1/nonprod/example_floating_project.tf rename to 4-projects/business_unit_1/development/example_floating_project.tf index 6d609fe8d..4c4da548b 100644 --- a/4-projects/business_unit_1/nonprod/example_floating_project.tf +++ b/4-projects/business_unit_1/development/example_floating_project.tf @@ -21,7 +21,7 @@ module "example_floating_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "nonprod" + environment = "development" # Metadata project_prefix = "sample-floating" diff --git a/4-projects/business_unit_1/dev/example_restricted_shared_vpc_project.tf b/4-projects/business_unit_1/development/example_restricted_shared_vpc_project.tf similarity index 97% rename from 4-projects/business_unit_1/dev/example_restricted_shared_vpc_project.tf rename to 4-projects/business_unit_1/development/example_restricted_shared_vpc_project.tf index 3c3c9ee0c..6aced0a69 100644 --- a/4-projects/business_unit_1/dev/example_restricted_shared_vpc_project.tf +++ b/4-projects/business_unit_1/development/example_restricted_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "dev" + environment = "development" vpc_type = "restricted" activate_apis = ["accesscontextmanager.googleapis.com"] diff --git a/4-projects/business_unit_1/prod/folder.tf b/4-projects/business_unit_1/development/folder.tf similarity index 95% rename from 4-projects/business_unit_1/prod/folder.tf rename to 4-projects/business_unit_1/development/folder.tf index ee46c950c..d0e59957e 100644 --- a/4-projects/business_unit_1/prod/folder.tf +++ b/4-projects/business_unit_1/development/folder.tf @@ -15,7 +15,7 @@ */ data "google_active_folder" "env" { - display_name = "prod" + display_name = "fldr-development" parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" } diff --git a/4-projects/business_unit_1/dev/providers.tf b/4-projects/business_unit_1/development/providers.tf similarity index 100% rename from 4-projects/business_unit_1/dev/providers.tf rename to 4-projects/business_unit_1/development/providers.tf diff --git a/4-projects/business_unit_1/dev/variables.tf b/4-projects/business_unit_1/development/variables.tf similarity index 100% rename from 4-projects/business_unit_1/dev/variables.tf rename to 4-projects/business_unit_1/development/variables.tf diff --git a/4-projects/business_unit_1/nonprod/README.md b/4-projects/business_unit_1/non-production/README.md similarity index 100% rename from 4-projects/business_unit_1/nonprod/README.md rename to 4-projects/business_unit_1/non-production/README.md diff --git a/4-projects/business_unit_1/non-production/backend.tf b/4-projects/business_unit_1/non-production/backend.tf new file mode 100644 index 000000000..06325cb8a --- /dev/null +++ b/4-projects/business_unit_1/non-production/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/projects/business_unit_1/non-production" + } +} diff --git a/4-projects/business_unit_1/nonprod/common.auto.tfvars b/4-projects/business_unit_1/non-production/common.auto.tfvars similarity index 100% rename from 4-projects/business_unit_1/nonprod/common.auto.tfvars rename to 4-projects/business_unit_1/non-production/common.auto.tfvars diff --git a/4-projects/business_unit_1/nonprod/example_base_shared_vpc_project.tf b/4-projects/business_unit_1/non-production/example_base_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_1/nonprod/example_base_shared_vpc_project.tf rename to 4-projects/business_unit_1/non-production/example_base_shared_vpc_project.tf index f818f0313..6af95f521 100644 --- a/4-projects/business_unit_1/nonprod/example_base_shared_vpc_project.tf +++ b/4-projects/business_unit_1/non-production/example_base_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "base_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "nonprod" + environment = "non-production" vpc_type = "base" # Metadata diff --git a/4-projects/business_unit_1/prod/example_floating_project.tf b/4-projects/business_unit_1/non-production/example_floating_project.tf similarity index 96% rename from 4-projects/business_unit_1/prod/example_floating_project.tf rename to 4-projects/business_unit_1/non-production/example_floating_project.tf index 862be2b05..a952ed446 100644 --- a/4-projects/business_unit_1/prod/example_floating_project.tf +++ b/4-projects/business_unit_1/non-production/example_floating_project.tf @@ -21,7 +21,7 @@ module "example_floating_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "prod" + environment = "non-production" # Metadata project_prefix = "sample-floating" diff --git a/4-projects/business_unit_1/prod/example_restricted_shared_vpc_project.tf b/4-projects/business_unit_1/non-production/example_restricted_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_1/prod/example_restricted_shared_vpc_project.tf rename to 4-projects/business_unit_1/non-production/example_restricted_shared_vpc_project.tf index d8a1f3c7c..6bcfb70cc 100644 --- a/4-projects/business_unit_1/prod/example_restricted_shared_vpc_project.tf +++ b/4-projects/business_unit_1/non-production/example_restricted_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "prod" + environment = "non-production" vpc_type = "restricted" activate_apis = ["accesscontextmanager.googleapis.com"] diff --git a/4-projects/business_unit_1/non-production/folder.tf b/4-projects/business_unit_1/non-production/folder.tf new file mode 100644 index 000000000..3575b7368 --- /dev/null +++ b/4-projects/business_unit_1/non-production/folder.tf @@ -0,0 +1,21 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +data "google_active_folder" "env" { + display_name = "fldr-non-production" + parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" +} + diff --git a/4-projects/business_unit_1/nonprod/nonprod.auto.tfvars b/4-projects/business_unit_1/non-production/nonprod.auto.tfvars similarity index 100% rename from 4-projects/business_unit_1/nonprod/nonprod.auto.tfvars rename to 4-projects/business_unit_1/non-production/nonprod.auto.tfvars diff --git a/4-projects/business_unit_1/nonprod/providers.tf b/4-projects/business_unit_1/non-production/providers.tf similarity index 100% rename from 4-projects/business_unit_1/nonprod/providers.tf rename to 4-projects/business_unit_1/non-production/providers.tf diff --git a/4-projects/business_unit_1/nonprod/variables.tf b/4-projects/business_unit_1/non-production/variables.tf similarity index 100% rename from 4-projects/business_unit_1/nonprod/variables.tf rename to 4-projects/business_unit_1/non-production/variables.tf diff --git a/4-projects/business_unit_1/nonprod/backend.tf b/4-projects/business_unit_1/nonprod/backend.tf deleted file mode 100644 index 85c14a250..000000000 --- a/4-projects/business_unit_1/nonprod/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/projects/business_unit_1/nonprod" - } -} diff --git a/4-projects/business_unit_1/prod/backend.tf b/4-projects/business_unit_1/prod/backend.tf deleted file mode 100644 index 199e92401..000000000 --- a/4-projects/business_unit_1/prod/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/projects/business_unit_1/prod" - } -} diff --git a/4-projects/business_unit_1/prod/README.md b/4-projects/business_unit_1/production/README.md similarity index 100% rename from 4-projects/business_unit_1/prod/README.md rename to 4-projects/business_unit_1/production/README.md diff --git a/4-projects/business_unit_1/production/backend.tf b/4-projects/business_unit_1/production/backend.tf new file mode 100644 index 000000000..25b22f402 --- /dev/null +++ b/4-projects/business_unit_1/production/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/projects/business_unit_1/production" + } +} diff --git a/4-projects/business_unit_1/prod/common.auto.tfvars b/4-projects/business_unit_1/production/common.auto.tfvars similarity index 100% rename from 4-projects/business_unit_1/prod/common.auto.tfvars rename to 4-projects/business_unit_1/production/common.auto.tfvars diff --git a/4-projects/business_unit_1/prod/example_base_shared_vpc_project.tf b/4-projects/business_unit_1/production/example_base_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_1/prod/example_base_shared_vpc_project.tf rename to 4-projects/business_unit_1/production/example_base_shared_vpc_project.tf index 5a3e0c7b7..896537846 100644 --- a/4-projects/business_unit_1/prod/example_base_shared_vpc_project.tf +++ b/4-projects/business_unit_1/production/example_base_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "base_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "prod" + environment = "production" vpc_type = "base" # Metadata diff --git a/4-projects/business_unit_1/dev/example_floating_project.tf b/4-projects/business_unit_1/production/example_floating_project.tf similarity index 96% rename from 4-projects/business_unit_1/dev/example_floating_project.tf rename to 4-projects/business_unit_1/production/example_floating_project.tf index 853a5cfbb..05ec5e47e 100644 --- a/4-projects/business_unit_1/dev/example_floating_project.tf +++ b/4-projects/business_unit_1/production/example_floating_project.tf @@ -21,7 +21,7 @@ module "example_floating_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "dev" + environment = "production" # Metadata project_prefix = "sample-floating" diff --git a/4-projects/business_unit_1/nonprod/example_restricted_shared_vpc_project.tf b/4-projects/business_unit_1/production/example_restricted_shared_vpc_project.tf similarity index 97% rename from 4-projects/business_unit_1/nonprod/example_restricted_shared_vpc_project.tf rename to 4-projects/business_unit_1/production/example_restricted_shared_vpc_project.tf index 97e8e9f27..8a671307e 100644 --- a/4-projects/business_unit_1/nonprod/example_restricted_shared_vpc_project.tf +++ b/4-projects/business_unit_1/production/example_restricted_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "nonprod" + environment = "production" vpc_type = "restricted" activate_apis = ["accesscontextmanager.googleapis.com"] diff --git a/4-projects/business_unit_1/dev/folder.tf b/4-projects/business_unit_1/production/folder.tf similarity index 95% rename from 4-projects/business_unit_1/dev/folder.tf rename to 4-projects/business_unit_1/production/folder.tf index 12a7886cc..50a59e5ed 100644 --- a/4-projects/business_unit_1/dev/folder.tf +++ b/4-projects/business_unit_1/production/folder.tf @@ -15,7 +15,7 @@ */ data "google_active_folder" "env" { - display_name = "dev" + display_name = "fldr-production" parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" } diff --git a/4-projects/business_unit_1/prod/prod.auto.tfvars b/4-projects/business_unit_1/production/prod.auto.tfvars similarity index 100% rename from 4-projects/business_unit_1/prod/prod.auto.tfvars rename to 4-projects/business_unit_1/production/prod.auto.tfvars diff --git a/4-projects/business_unit_1/prod/providers.tf b/4-projects/business_unit_1/production/providers.tf similarity index 100% rename from 4-projects/business_unit_1/prod/providers.tf rename to 4-projects/business_unit_1/production/providers.tf diff --git a/4-projects/business_unit_1/prod/variables.tf b/4-projects/business_unit_1/production/variables.tf similarity index 100% rename from 4-projects/business_unit_1/prod/variables.tf rename to 4-projects/business_unit_1/production/variables.tf diff --git a/4-projects/business_unit_2/dev/backend.tf b/4-projects/business_unit_2/dev/backend.tf deleted file mode 100644 index 2c7ca3abc..000000000 --- a/4-projects/business_unit_2/dev/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/projects/business_unit_2/dev" - } -} diff --git a/4-projects/business_unit_2/dev/README.md b/4-projects/business_unit_2/development/README.md similarity index 100% rename from 4-projects/business_unit_2/dev/README.md rename to 4-projects/business_unit_2/development/README.md diff --git a/4-projects/business_unit_2/development/backend.tf b/4-projects/business_unit_2/development/backend.tf new file mode 100644 index 000000000..bf57d21c3 --- /dev/null +++ b/4-projects/business_unit_2/development/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/projects/business_unit_2/development" + } +} diff --git a/4-projects/business_unit_2/dev/common.auto.tfvars b/4-projects/business_unit_2/development/common.auto.tfvars similarity index 100% rename from 4-projects/business_unit_2/dev/common.auto.tfvars rename to 4-projects/business_unit_2/development/common.auto.tfvars diff --git a/4-projects/business_unit_2/dev/dev.auto.tfvars b/4-projects/business_unit_2/development/dev.auto.tfvars similarity index 100% rename from 4-projects/business_unit_2/dev/dev.auto.tfvars rename to 4-projects/business_unit_2/development/dev.auto.tfvars diff --git a/4-projects/business_unit_2/dev/example_base_shared_vpc_project.tf b/4-projects/business_unit_2/development/example_base_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_2/dev/example_base_shared_vpc_project.tf rename to 4-projects/business_unit_2/development/example_base_shared_vpc_project.tf index b71857468..193ff5476 100644 --- a/4-projects/business_unit_2/dev/example_base_shared_vpc_project.tf +++ b/4-projects/business_unit_2/development/example_base_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "base_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "dev" + environment = "development" vpc_type = "base" # Metadata diff --git a/4-projects/business_unit_2/nonprod/example_floating_project.tf b/4-projects/business_unit_2/development/example_floating_project.tf similarity index 96% rename from 4-projects/business_unit_2/nonprod/example_floating_project.tf rename to 4-projects/business_unit_2/development/example_floating_project.tf index a074d7121..59683290a 100644 --- a/4-projects/business_unit_2/nonprod/example_floating_project.tf +++ b/4-projects/business_unit_2/development/example_floating_project.tf @@ -14,8 +14,6 @@ * limitations under the License. */ - - module "example_floating_project" { source = "../../modules/single_project" impersonate_service_account = var.terraform_service_account @@ -23,7 +21,7 @@ module "example_floating_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "nonprod" + environment = "development" # Metadata project_prefix = "sample-floating" diff --git a/4-projects/business_unit_2/prod/example_restricted_shared_vpc_project.tf b/4-projects/business_unit_2/development/example_restricted_shared_vpc_project.tf similarity index 97% rename from 4-projects/business_unit_2/prod/example_restricted_shared_vpc_project.tf rename to 4-projects/business_unit_2/development/example_restricted_shared_vpc_project.tf index 3b8b833a9..3010d63b3 100644 --- a/4-projects/business_unit_2/prod/example_restricted_shared_vpc_project.tf +++ b/4-projects/business_unit_2/development/example_restricted_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "prod" + environment = "development" vpc_type = "restricted" activate_apis = ["accesscontextmanager.googleapis.com"] diff --git a/4-projects/business_unit_2/dev/folder.tf b/4-projects/business_unit_2/development/folder.tf similarity index 95% rename from 4-projects/business_unit_2/dev/folder.tf rename to 4-projects/business_unit_2/development/folder.tf index 12a7886cc..d0e59957e 100644 --- a/4-projects/business_unit_2/dev/folder.tf +++ b/4-projects/business_unit_2/development/folder.tf @@ -15,7 +15,7 @@ */ data "google_active_folder" "env" { - display_name = "dev" + display_name = "fldr-development" parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" } diff --git a/4-projects/business_unit_2/dev/providers.tf b/4-projects/business_unit_2/development/providers.tf similarity index 100% rename from 4-projects/business_unit_2/dev/providers.tf rename to 4-projects/business_unit_2/development/providers.tf diff --git a/4-projects/business_unit_2/dev/variables.tf b/4-projects/business_unit_2/development/variables.tf similarity index 100% rename from 4-projects/business_unit_2/dev/variables.tf rename to 4-projects/business_unit_2/development/variables.tf diff --git a/4-projects/business_unit_2/nonprod/README.md b/4-projects/business_unit_2/non-production/README.md similarity index 100% rename from 4-projects/business_unit_2/nonprod/README.md rename to 4-projects/business_unit_2/non-production/README.md diff --git a/4-projects/business_unit_2/non-production/backend.tf b/4-projects/business_unit_2/non-production/backend.tf new file mode 100644 index 000000000..558be47f7 --- /dev/null +++ b/4-projects/business_unit_2/non-production/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/projects/business_unit_2/non-production" + } +} diff --git a/4-projects/business_unit_2/nonprod/common.auto.tfvars b/4-projects/business_unit_2/non-production/common.auto.tfvars similarity index 100% rename from 4-projects/business_unit_2/nonprod/common.auto.tfvars rename to 4-projects/business_unit_2/non-production/common.auto.tfvars diff --git a/4-projects/business_unit_2/prod/example_base_shared_vpc_project.tf b/4-projects/business_unit_2/non-production/example_base_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_2/prod/example_base_shared_vpc_project.tf rename to 4-projects/business_unit_2/non-production/example_base_shared_vpc_project.tf index d004d3c59..75f95b346 100644 --- a/4-projects/business_unit_2/prod/example_base_shared_vpc_project.tf +++ b/4-projects/business_unit_2/non-production/example_base_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "base_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "prod" + environment = "non-production" vpc_type = "base" # Metadata diff --git a/4-projects/business_unit_2/dev/example_floating_project.tf b/4-projects/business_unit_2/non-production/example_floating_project.tf similarity index 96% rename from 4-projects/business_unit_2/dev/example_floating_project.tf rename to 4-projects/business_unit_2/non-production/example_floating_project.tf index a3c30e784..388de701f 100644 --- a/4-projects/business_unit_2/dev/example_floating_project.tf +++ b/4-projects/business_unit_2/non-production/example_floating_project.tf @@ -14,6 +14,8 @@ * limitations under the License. */ + + module "example_floating_project" { source = "../../modules/single_project" impersonate_service_account = var.terraform_service_account @@ -21,7 +23,7 @@ module "example_floating_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "dev" + environment = "non-production" # Metadata project_prefix = "sample-floating" diff --git a/4-projects/business_unit_2/dev/example_restricted_shared_vpc_project.tf b/4-projects/business_unit_2/non-production/example_restricted_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_2/dev/example_restricted_shared_vpc_project.tf rename to 4-projects/business_unit_2/non-production/example_restricted_shared_vpc_project.tf index 7d5d158fd..8d98c5c40 100644 --- a/4-projects/business_unit_2/dev/example_restricted_shared_vpc_project.tf +++ b/4-projects/business_unit_2/non-production/example_restricted_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "dev" + environment = "non-production" vpc_type = "restricted" activate_apis = ["accesscontextmanager.googleapis.com"] diff --git a/4-projects/business_unit_2/non-production/folder.tf b/4-projects/business_unit_2/non-production/folder.tf new file mode 100644 index 000000000..3575b7368 --- /dev/null +++ b/4-projects/business_unit_2/non-production/folder.tf @@ -0,0 +1,21 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +data "google_active_folder" "env" { + display_name = "fldr-non-production" + parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" +} + diff --git a/4-projects/business_unit_2/nonprod/nonprod.auto.tfvars b/4-projects/business_unit_2/non-production/nonprod.auto.tfvars similarity index 100% rename from 4-projects/business_unit_2/nonprod/nonprod.auto.tfvars rename to 4-projects/business_unit_2/non-production/nonprod.auto.tfvars diff --git a/4-projects/business_unit_2/nonprod/providers.tf b/4-projects/business_unit_2/non-production/providers.tf similarity index 100% rename from 4-projects/business_unit_2/nonprod/providers.tf rename to 4-projects/business_unit_2/non-production/providers.tf diff --git a/4-projects/business_unit_2/nonprod/variables.tf b/4-projects/business_unit_2/non-production/variables.tf similarity index 100% rename from 4-projects/business_unit_2/nonprod/variables.tf rename to 4-projects/business_unit_2/non-production/variables.tf diff --git a/4-projects/business_unit_2/nonprod/backend.tf b/4-projects/business_unit_2/nonprod/backend.tf deleted file mode 100644 index eab5805dc..000000000 --- a/4-projects/business_unit_2/nonprod/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/projects/business_unit_2/nonprod" - } -} diff --git a/4-projects/business_unit_2/nonprod/folder.tf b/4-projects/business_unit_2/nonprod/folder.tf deleted file mode 100644 index 7a33011cf..000000000 --- a/4-projects/business_unit_2/nonprod/folder.tf +++ /dev/null @@ -1,21 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -data "google_active_folder" "env" { - display_name = "nonprod" - parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" -} - diff --git a/4-projects/business_unit_2/prod/backend.tf b/4-projects/business_unit_2/prod/backend.tf deleted file mode 100644 index 2fbac33e2..000000000 --- a/4-projects/business_unit_2/prod/backend.tf +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - backend "gcs" { - bucket = "UPDATE_ME" - prefix = "terraform/projects/business_unit_2/prod" - } -} diff --git a/4-projects/business_unit_2/prod/folder.tf b/4-projects/business_unit_2/prod/folder.tf deleted file mode 100644 index 28f753b92..000000000 --- a/4-projects/business_unit_2/prod/folder.tf +++ /dev/null @@ -1,20 +0,0 @@ -/** - * Copyright 2020 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -data "google_active_folder" "env" { - display_name = "prod" - parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" -} diff --git a/4-projects/business_unit_2/prod/README.md b/4-projects/business_unit_2/production/README.md similarity index 100% rename from 4-projects/business_unit_2/prod/README.md rename to 4-projects/business_unit_2/production/README.md diff --git a/4-projects/business_unit_2/production/backend.tf b/4-projects/business_unit_2/production/backend.tf new file mode 100644 index 000000000..b454b5868 --- /dev/null +++ b/4-projects/business_unit_2/production/backend.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "UPDATE_ME" + prefix = "terraform/projects/business_unit_2/production" + } +} diff --git a/4-projects/business_unit_2/prod/common.auto.tfvars b/4-projects/business_unit_2/production/common.auto.tfvars similarity index 100% rename from 4-projects/business_unit_2/prod/common.auto.tfvars rename to 4-projects/business_unit_2/production/common.auto.tfvars diff --git a/4-projects/business_unit_2/nonprod/example_base_shared_vpc_project.tf b/4-projects/business_unit_2/production/example_base_shared_vpc_project.tf similarity index 96% rename from 4-projects/business_unit_2/nonprod/example_base_shared_vpc_project.tf rename to 4-projects/business_unit_2/production/example_base_shared_vpc_project.tf index 205f4a09f..bdc81be55 100644 --- a/4-projects/business_unit_2/nonprod/example_base_shared_vpc_project.tf +++ b/4-projects/business_unit_2/production/example_base_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "base_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "nonprod" + environment = "production" vpc_type = "base" # Metadata diff --git a/4-projects/business_unit_2/prod/example_floating_project.tf b/4-projects/business_unit_2/production/example_floating_project.tf similarity index 96% rename from 4-projects/business_unit_2/prod/example_floating_project.tf rename to 4-projects/business_unit_2/production/example_floating_project.tf index f011b0bcb..4a1506f7b 100644 --- a/4-projects/business_unit_2/prod/example_floating_project.tf +++ b/4-projects/business_unit_2/production/example_floating_project.tf @@ -23,7 +23,7 @@ module "floating_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "prod" + environment = "production" # Metadata project_prefix = "sample-floating" diff --git a/4-projects/business_unit_2/nonprod/example_restricted_shared_vpc_project.tf b/4-projects/business_unit_2/production/example_restricted_shared_vpc_project.tf similarity index 97% rename from 4-projects/business_unit_2/nonprod/example_restricted_shared_vpc_project.tf rename to 4-projects/business_unit_2/production/example_restricted_shared_vpc_project.tf index 5090c5520..1023c4880 100644 --- a/4-projects/business_unit_2/nonprod/example_restricted_shared_vpc_project.tf +++ b/4-projects/business_unit_2/production/example_restricted_shared_vpc_project.tf @@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" { billing_account = var.billing_account folder_id = data.google_active_folder.env.name skip_gcloud_download = var.skip_gcloud_download - environment = "nonprod" + environment = "production" vpc_type = "restricted" activate_apis = ["accesscontextmanager.googleapis.com"] diff --git a/4-projects/business_unit_1/nonprod/folder.tf b/4-projects/business_unit_2/production/folder.tf similarity index 95% rename from 4-projects/business_unit_1/nonprod/folder.tf rename to 4-projects/business_unit_2/production/folder.tf index 7a33011cf..a00248685 100644 --- a/4-projects/business_unit_1/nonprod/folder.tf +++ b/4-projects/business_unit_2/production/folder.tf @@ -15,7 +15,6 @@ */ data "google_active_folder" "env" { - display_name = "nonprod" + display_name = "fldr-production" parent = var.parent_folder != "" ? "folders/${var.parent_folder}" : "organizations/${var.org_id}" } - diff --git a/4-projects/business_unit_2/prod/prod.auto.tfvars b/4-projects/business_unit_2/production/prod.auto.tfvars similarity index 100% rename from 4-projects/business_unit_2/prod/prod.auto.tfvars rename to 4-projects/business_unit_2/production/prod.auto.tfvars diff --git a/4-projects/business_unit_2/prod/providers.tf b/4-projects/business_unit_2/production/providers.tf similarity index 100% rename from 4-projects/business_unit_2/prod/providers.tf rename to 4-projects/business_unit_2/production/providers.tf diff --git a/4-projects/business_unit_2/prod/variables.tf b/4-projects/business_unit_2/production/variables.tf similarity index 100% rename from 4-projects/business_unit_2/prod/variables.tf rename to 4-projects/business_unit_2/production/variables.tf diff --git a/4-projects/dev.auto.example.tfvars b/4-projects/development.auto.example.tfvars similarity index 100% rename from 4-projects/dev.auto.example.tfvars rename to 4-projects/development.auto.example.tfvars diff --git a/4-projects/nonprod.auto.example.tfvars b/4-projects/non-production.auto.example.tfvars similarity index 100% rename from 4-projects/nonprod.auto.example.tfvars rename to 4-projects/non-production.auto.example.tfvars diff --git a/4-projects/prod.auto.example.tfvars b/4-projects/production.auto.example.tfvars similarity index 100% rename from 4-projects/prod.auto.example.tfvars rename to 4-projects/production.auto.example.tfvars diff --git a/README.md b/README.md index 5edc05bd6..9e4777921 100644 --- a/README.md +++ b/README.md @@ -230,11 +230,11 @@ example-organization ``` ### Branching strategy -There are three main named branches - `dev`, `nonprod` and `prod` that reflect the corresponding environments. These branches should be [protected](https://docs.github.com/en/github/administering-a-repository/about-protected-branches). When the CI pipeline (Jenkins/CloudBuild) runs on a particular named branch (say for instance `dev`), only the corresponding environment (`dev`) is applied. An exception is the `shared` environment which is only applied when triggered on the `prod` branch. This is because any changes in the `shared` environment may affect resources in other environments and can have adverse effects if not validated correctly. +There are three main named branches - `development`, `non-production` and `production` that reflect the corresponding environments. These branches should be [protected](https://docs.github.com/en/github/administering-a-repository/about-protected-branches). When the CI pipeline (Jenkins/CloudBuild) runs on a particular named branch (say for instance `development`), only the corresponding environment (`development`) is applied. An exception is the `shared` environment which is only applied when triggered on the `production` branch. This is because any changes in the `shared` environment may affect resources in other environments and can have adverse effects if not validated correctly. -Development happens on feature/bugfix branches (which can be named `feature/new-foo`, `bugfix/fix-bar` etc) and when complete, a [pull request (PR)](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests) or [merge request (MR)](https://docs.gitlab.com/ee/user/project/merge_requests/) can be opened targeting the `dev` branch. This will trigger the CI pipeline to perform a plan and validate against all environments (`dev`, `nonprod`, `shared` and `prod`). Once code review is complete and changes are validated, this branch can be merged into `dev`. This will trigger a CI pipeline that applies the latest changes in the `dev` branch on the `dev` environment. +Development happens on feature/bugfix branches (which can be named `feature/new-foo`, `bugfix/fix-bar` etc) and when complete, a [pull request (PR)](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests) or [merge request (MR)](https://docs.gitlab.com/ee/user/project/merge_requests/) can be opened targeting the `development` branch. This will trigger the CI pipeline to perform a plan and validate against all environments (`development`, `non-production`, `shared` and `production`). Once code review is complete and changes are validated, this branch can be merged into `development`. This will trigger a CI pipeline that applies the latest changes in the `development` branch on the `development` environment. -Once validated in `dev`, changes can be promoted to `nonprod` by opening a PR/MR targeting the `nonprod` branch and merging them. Similarly changes can be promoted from `nonprod` to `prod`. +Once validated in `development`, changes can be promoted to `non-production` by opening a PR/MR targeting the `non-production` branch and merging them. Similarly changes can be promoted from `non-production` to `production`. ## Contributing diff --git a/build/Jenkinsfile b/build/Jenkinsfile index cb28f11cc..c34c85e3c 100644 --- a/build/Jenkinsfile +++ b/build/Jenkinsfile @@ -24,9 +24,9 @@ pipeline { when { not { anyOf { - branch 'dev' - branch 'prod' - branch 'nonprod' + branch 'development' + branch 'production' + branch 'non-production' } } } @@ -39,9 +39,9 @@ pipeline { stage('TF init') { when { anyOf { - branch 'dev' - branch 'prod' - branch 'nonprod' + branch 'development' + branch 'production' + branch 'non-production' } } steps { @@ -53,9 +53,9 @@ pipeline { stage('TF plan') { when { anyOf { - branch 'dev' - branch 'prod' - branch 'nonprod' + branch 'development' + branch 'production' + branch 'non-production' } } steps { @@ -67,9 +67,9 @@ pipeline { stage('TF validate') { when { anyOf { - branch 'dev' - branch 'prod' - branch 'nonprod' + branch 'development' + branch 'production' + branch 'non-production' } } steps { @@ -81,9 +81,9 @@ pipeline { // stage('TF wait for approval') { // when { // anyOf { - // branch 'dev' - // branch 'prod' - // branch 'nonprod' + // branch 'development' + // branch 'production' + // branch 'non-production' // } // } // steps { @@ -95,9 +95,9 @@ pipeline { stage('TF apply') { when { anyOf { - branch 'dev' - branch 'prod' - branch 'nonprod' + branch 'development' + branch 'production' + branch 'non-production' } } steps { diff --git a/build/tf-wrapper.sh b/build/tf-wrapper.sh index 677a43c03..b8fa2e058 100755 --- a/build/tf-wrapper.sh +++ b/build/tf-wrapper.sh @@ -21,7 +21,7 @@ branch=$2 policyrepo=$3 base_dir=$(pwd) tmp_plan="${base_dir}/tmp_plan" #if you change this, update build triggers -environments_regex="^(dev|nonprod|prod|shared)$" +environments_regex="^(development|non-production|production|shared)$" ## Terraform apply for single environment. tf_apply() { @@ -137,8 +137,8 @@ single_action_runner() { # sort -r is added to ensure shared is first if it exists. find "$component_path" -mindepth 1 -maxdepth 1 -type d | sort -r | while read -r env_path ; do env="$(basename "$env_path")" - # perform action only if folder matches branch OR folder is shared & branch is prod. - if [[ "$env" == "$branch" ]] || [[ "$env" == "shared" && "$branch" == "prod" ]]; then + # perform action only if folder matches branch OR folder is shared & branch is production. + if [[ "$env" == "$branch" ]] || [[ "$env" == "shared" && "$branch" == "production" ]]; then case "$action" in apply ) tf_apply "$env_path" "$env" "$component" diff --git a/test/fixtures/envs/main.tf b/test/fixtures/envs/main.tf index 90335f5f3..502d1be16 100644 --- a/test/fixtures/envs/main.tf +++ b/test/fixtures/envs/main.tf @@ -14,8 +14,8 @@ * limitations under the License. */ -module "dev" { - source = "../../../2-environments/envs/dev" +module "development" { + source = "../../../2-environments/envs/development" org_id = var.org_id billing_account = var.billing_account monitoring_workspace_users = var.group_email @@ -23,8 +23,8 @@ module "dev" { terraform_service_account = var.terraform_sa_email } -module "nonprod" { - source = "../../../2-environments/envs/nonprod" +module "non-production" { + source = "../../../2-environments/envs/non-production" org_id = var.org_id billing_account = var.billing_account monitoring_workspace_users = var.group_email @@ -32,8 +32,8 @@ module "nonprod" { terraform_service_account = var.terraform_sa_email } -module "prod" { - source = "../../../2-environments/envs/prod" +module "production" { + source = "../../../2-environments/envs/production" org_id = var.org_id billing_account = var.billing_account monitoring_workspace_users = var.group_email diff --git a/test/fixtures/envs/outputs.tf b/test/fixtures/envs/outputs.tf index 5ee614742..ff75bc5ee 100644 --- a/test/fixtures/envs/outputs.tf +++ b/test/fixtures/envs/outputs.tf @@ -21,75 +21,75 @@ output "monitoring_group" { output "dev_env_folder" { description = "Development environment folder created under parent." - value = module.dev.env_folder + value = module.development.env_folder } output "dev_monitoring_project_id" { description = "Development project for monitoring infra." - value = module.dev.monitoring_project_id + value = module.development.monitoring_project_id } output "dev_base_shared_vpc_project_id" { description = "Development project for monitoring infra." - value = module.dev.base_shared_vpc_project_id + value = module.development.base_shared_vpc_project_id } output "dev_restricted_shared_vpc_project_id" { description = "Development project for monitoring infra." - value = module.dev.restricted_shared_vpc_project_id + value = module.development.restricted_shared_vpc_project_id } output "dev_env_secrets_project_id" { description = "Development project for monitoring infra." - value = module.dev.env_secrets_project_id + value = module.development.env_secrets_project_id } output "nonprod_env_folder" { description = "Non-production environment folder created under parent." - value = module.nonprod.env_folder + value = module.non-production.env_folder } output "nonprod_monitoring_project_id" { description = "Non-production project for monitoring infra." - value = module.nonprod.monitoring_project_id + value = module.non-production.monitoring_project_id } output "nonprod_base_shared_vpc_project_id" { description = "Non-production project for monitoring infra." - value = module.nonprod.base_shared_vpc_project_id + value = module.non-production.base_shared_vpc_project_id } output "nonprod_restricted_shared_vpc_project_id" { description = "Non-production project for monitoring infra." - value = module.nonprod.restricted_shared_vpc_project_id + value = module.non-production.restricted_shared_vpc_project_id } output "nonprod_env_secrets_project_id" { description = "Non-production project for monitoring infra." - value = module.nonprod.env_secrets_project_id + value = module.non-production.env_secrets_project_id } output "prod_env_folder" { description = "Production environment folder created under parent." - value = module.prod.env_folder + value = module.production.env_folder } output "prod_monitoring_project_id" { description = "Production project for monitoring infra." - value = module.prod.monitoring_project_id + value = module.production.monitoring_project_id } output "prod_base_shared_vpc_project_id" { description = "Production project for monitoring infra." - value = module.prod.base_shared_vpc_project_id + value = module.production.base_shared_vpc_project_id } output "prod_restricted_shared_vpc_project_id" { description = "Production project for monitoring infra." - value = module.prod.restricted_shared_vpc_project_id + value = module.production.restricted_shared_vpc_project_id } output "prod_env_secrets_project_id" { description = "Production project for monitoring infra." - value = module.prod.env_secrets_project_id + value = module.production.env_secrets_project_id } diff --git a/test/fixtures/networks/main.tf b/test/fixtures/networks/main.tf index 3e8574ecb..5dc090705 100644 --- a/test/fixtures/networks/main.tf +++ b/test/fixtures/networks/main.tf @@ -14,8 +14,8 @@ * limitations under the License. */ -module "dev" { - source = "../../../3-networks/envs/dev" +module "development" { + source = "../../../3-networks/envs/development" org_id = var.org_id access_context_manager_policy_id = var.policy_id default_region2 = "us-central1" @@ -25,8 +25,8 @@ module "dev" { parent_folder = var.parent_folder } -module "nonprod" { - source = "../../../3-networks/envs/nonprod" +module "non-production" { + source = "../../../3-networks/envs/non-production" org_id = var.org_id access_context_manager_policy_id = var.policy_id default_region2 = "us-central1" @@ -36,8 +36,8 @@ module "nonprod" { parent_folder = var.parent_folder } -module "prod" { - source = "../../../3-networks/envs/prod" +module "production" { + source = "../../../3-networks/envs/production" org_id = var.org_id access_context_manager_policy_id = var.policy_id default_region2 = "us-central1" diff --git a/test/fixtures/networks/outputs.tf b/test/fixtures/networks/outputs.tf index 61f5d4647..0b76d4aa7 100644 --- a/test/fixtures/networks/outputs.tf +++ b/test/fixtures/networks/outputs.tf @@ -15,31 +15,31 @@ */ output "dev_restricted_access_level_name" { - description = "Dev access context manager access level name" - value = module.dev.restricted_access_level_name + description = "development access context manager access level name" + value = module.development.restricted_access_level_name } output "dev_restricted_service_perimeter_name" { - description = "Dev access context manager service perimeter name" - value = module.dev.restricted_service_perimeter_name + description = "development access context manager service perimeter name" + value = module.development.restricted_service_perimeter_name } output "nonprod_restricted_access_level_name" { - description = "Nonprod access context manager access level name" - value = module.nonprod.restricted_access_level_name + description = "non-production access context manager access level name" + value = module.non-production.restricted_access_level_name } output "nonprod_restricted_service_perimeter_name" { - description = "Nonprod access context manager service perimeter name" - value = module.nonprod.restricted_service_perimeter_name + description = "non-production access context manager service perimeter name" + value = module.non-production.restricted_service_perimeter_name } output "prod_restricted_access_level_name" { - description = "Prod access context manager access level name" - value = module.prod.restricted_access_level_name + description = "production access context manager access level name" + value = module.production.restricted_access_level_name } output "prod_restricted_service_perimeter_name" { - description = "Prod access context manager service perimeter name" - value = module.prod.restricted_service_perimeter_name + description = "production access context manager service perimeter name" + value = module.production.restricted_service_perimeter_name } diff --git a/test/fixtures/projects/main.tf b/test/fixtures/projects/main.tf index 72b032adc..7f8c1ff02 100644 --- a/test/fixtures/projects/main.tf +++ b/test/fixtures/projects/main.tf @@ -15,7 +15,7 @@ */ module "projects_bu1_dev" { - source = "../../../4-projects/business_unit_1/dev" + source = "../../../4-projects/business_unit_1//development" terraform_service_account = var.terraform_sa_email org_id = var.org_id billing_account = var.billing_account @@ -25,7 +25,7 @@ module "projects_bu1_dev" { } module "projects_bu1_nonprod" { - source = "../../../4-projects/business_unit_1/nonprod" + source = "../../../4-projects/business_unit_1//non-production" terraform_service_account = var.terraform_sa_email org_id = var.org_id billing_account = var.billing_account @@ -36,7 +36,7 @@ module "projects_bu1_nonprod" { module "projects_bu1_prod" { - source = "../../../4-projects/business_unit_1/prod" + source = "../../../4-projects/business_unit_1/production" terraform_service_account = var.terraform_sa_email org_id = var.org_id billing_account = var.billing_account @@ -46,7 +46,7 @@ module "projects_bu1_prod" { } module "projects_bu2_dev" { - source = "../../../4-projects/business_unit_2/dev" + source = "../../../4-projects/business_unit_2/development" terraform_service_account = var.terraform_sa_email org_id = var.org_id billing_account = var.billing_account @@ -56,7 +56,7 @@ module "projects_bu2_dev" { } module "projects_bu2_nonprod" { - source = "../../../4-projects/business_unit_2/nonprod" + source = "../../../4-projects/business_unit_2/non-production" terraform_service_account = var.terraform_sa_email org_id = var.org_id billing_account = var.billing_account @@ -67,7 +67,7 @@ module "projects_bu2_nonprod" { module "projects_bu2_prod" { - source = "../../../4-projects/business_unit_2/prod" + source = "../../../4-projects/business_unit_2/production" terraform_service_account = var.terraform_sa_email org_id = var.org_id billing_account = var.billing_account diff --git a/test/fixtures/projects/variables.tf b/test/fixtures/projects/variables.tf index 16b8bd886..a5deee9df 100644 --- a/test/fixtures/projects/variables.tf +++ b/test/fixtures/projects/variables.tf @@ -41,16 +41,16 @@ variable "parent_folder" { } variable "dev_restricted_service_perimeter_name" { - description = "Dev access context manager service perimeter name" + description = "development access context manager service perimeter name" type = string } variable "nonprod_restricted_service_perimeter_name" { - description = "Nonprod access context manager service perimeter name" + description = "non-production access context manager service perimeter name" type = string } variable "prod_restricted_service_perimeter_name" { - description = "Prod access context manager service perimeter name" + description = "production access context manager service perimeter name" type = string } diff --git a/test/integration/bootstrap/controls/gcloud_cloudbuild.rb b/test/integration/bootstrap/controls/gcloud_cloudbuild.rb index 6f61fe33c..52ff0c454 100644 --- a/test/integration/bootstrap/controls/gcloud_cloudbuild.rb +++ b/test/integration/bootstrap/controls/gcloud_cloudbuild.rb @@ -13,8 +13,8 @@ # limitations under the License. cloudbuild_project_id = attribute('cloudbuild_project_id') -apply_branches_regex = '(dev|nonprod|prod)' -plan_branches_regex = '[^dev|nonprod|prod]' +apply_branches_regex = '(development|non-production|production)' +plan_branches_regex = '[^development|non-production|production]' cloud_source_repos = [ 'gcp-bootstrap', 'gcp-org', diff --git a/test/integration/envs/controls/dev.rb b/test/integration/envs/controls/development.rb similarity index 96% rename from test/integration/envs/controls/dev.rb rename to test/integration/envs/controls/development.rb index 48542c3d0..79cd5086f 100644 --- a/test/integration/envs/controls/dev.rb +++ b/test/integration/envs/controls/development.rb @@ -27,12 +27,12 @@ 'logging.googleapis.com'] secret_project_apis = ['secretmanager.googleapis.com', 'logging.googleapis.com'] -control 'dev' do - title 'gcp step 2-envs test dev' +control 'development' do + title 'gcp step 2-envs test development' describe google_resourcemanager_folder(name: dev_env_folder) do it { should exist } - its('display_name') { should eq 'dev' } + its('display_name') { should eq 'fldr-development' } end describe google_project(project: dev_monitoring_project_id) do diff --git a/test/integration/envs/controls/nonprod.rb b/test/integration/envs/controls/non-production.rb similarity index 96% rename from test/integration/envs/controls/nonprod.rb rename to test/integration/envs/controls/non-production.rb index d7fa2d18e..ebd4c4cf6 100644 --- a/test/integration/envs/controls/nonprod.rb +++ b/test/integration/envs/controls/non-production.rb @@ -27,11 +27,11 @@ 'logging.googleapis.com'] secret_project_apis = ['secretmanager.googleapis.com', 'logging.googleapis.com'] -control 'nonprod' do - title 'gcp step 2-envs test nonprod' +control 'non-production' do + title 'gcp step 2-envs test non-production' describe google_resourcemanager_folder(name: nonprod_env_folder) do it { should exist } - its('display_name') { should eq 'nonprod' } + its('display_name') { should eq 'fldr-non-production' } end describe google_project(project: nonprod_monitoring_project_id) do diff --git a/test/integration/envs/controls/prod.rb b/test/integration/envs/controls/production.rb similarity index 96% rename from test/integration/envs/controls/prod.rb rename to test/integration/envs/controls/production.rb index 505459339..8d54e846e 100644 --- a/test/integration/envs/controls/prod.rb +++ b/test/integration/envs/controls/production.rb @@ -27,12 +27,12 @@ 'logging.googleapis.com'] secret_project_apis = ['secretmanager.googleapis.com', 'logging.googleapis.com'] -control 'prod' do - title 'gcp step 2-envs test prod' +control 'production' do + title 'gcp step 2-envs test production' describe google_resourcemanager_folder(name: prod_env_folder) do it { should exist } - its('display_name') { should eq 'prod' } + its('display_name') { should eq 'fldr-production' } end describe google_project(project: prod_monitoring_project_id) do diff --git a/test/integration/org/controls/gcp_projects.rb b/test/integration/org/controls/gcp_projects.rb index 3bb25e4df..9256ea877 100644 --- a/test/integration/org/controls/gcp_projects.rb +++ b/test/integration/org/controls/gcp_projects.rb @@ -49,7 +49,7 @@ describe google_resourcemanager_folder(name: common_folder_name) do it { should exist } - its('display_name') { should eq 'common' } + its('display_name') { should eq 'fldr-common' } end describe google_project(project: org_audit_logs_project_id) do