From f8fdf9d1054fbda4f2de3a8e71a97d0f11980acd Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 15:41:50 -0300 Subject: [PATCH 1/9] Moves preconditions script from inside of the module to helpers dir --- .../scripts => helpers}/preconditions/preconditions.py | 0 .../scripts => helpers}/preconditions/requirements.txt | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {modules/core_project_factory/scripts => helpers}/preconditions/preconditions.py (100%) rename {modules/core_project_factory/scripts => helpers}/preconditions/requirements.txt (100%) diff --git a/modules/core_project_factory/scripts/preconditions/preconditions.py b/helpers/preconditions/preconditions.py similarity index 100% rename from modules/core_project_factory/scripts/preconditions/preconditions.py rename to helpers/preconditions/preconditions.py diff --git a/modules/core_project_factory/scripts/preconditions/requirements.txt b/helpers/preconditions/requirements.txt similarity index 100% rename from modules/core_project_factory/scripts/preconditions/requirements.txt rename to helpers/preconditions/requirements.txt From b89eba804f59e6bd14bea0c6f4210b429b61ebbb Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 15:42:22 -0300 Subject: [PATCH 2/9] Adds documentation how to run preconditions script --- docs/running_preconditions_script.md | 78 ++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 docs/running_preconditions_script.md diff --git a/docs/running_preconditions_script.md b/docs/running_preconditions_script.md new file mode 100644 index 00000000..ac7611f6 --- /dev/null +++ b/docs/running_preconditions_script.md @@ -0,0 +1,78 @@ +# Running preconditions script +This module provides a helper script in order to check if the SEED (project where the GCP Service Account was created) met the requirements to satisfy a project creation needs. For example, check billing account permissions or if certain service API is enabled or not. + + +# VirtualEnv (Optional) +We recommend running the script inside of a [Python virtual environment](https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/) to avoid installing extra packages in your Python default environment. + +After installing virtual env by following the link above, create a new Python environment by running: +``` +$ python3 -m venv /tmp/preconditions +``` +or +``` +$ python2 -m virtualenv /tmp/preconditions +``` + +Finally, activate it: +``` +$ source /tmp/preconditions/bin/activate +``` + +# How to +Do the following steps in order to run preconditions script: + +1) Install Python dependencies + ``` + $ pip install -r helpers/preconditions/requirements.txt + ``` +

Note: If you are not running from virtualenv add the suffix --user on each command line

+1) Execute script + ``` + $ GOOGLE_CLOUD_PROJECT=my-seed-project python helpers/preconditions/preconditions.py --billing_account [REDACTED] --org_id [REDACTED] --folder_id [REDACTED] + [ + { + "type": "Required APIs on service account project", + "name": "projects/my-seed-project", + "satisfied": [ + "iam.googleapis.com" + ], + "unsatisfied": [ + "admin.googleapis.com", + "cloudresourcemanager.googleapis.com", + "cloudbilling.googleapis.com" + ] + }, + { + "type": "Service account permissions on billing account", + "name": "billingAccounts/[REDACTED]", + "satisfied": [ + "billing.resourceAssociations.create" + ], + "unsatisfied": [] + }, + { + "type": "Service account permissions on parent folder", + "name": "folders/[REDACTED]", + "satisfied": [ + "resourcemanager.projects.create" + ], + "unsatisfied": [] + }, + { + "type": "Service account permissions on organization", + "name": "organizations/[REDACTED]", + "satisfied": [], + "unsatisfied": [] + } + ] + ``` + Check #1 (Required APIs on service account project) => It is missing to enable admin, cloudresourcemanager and cloudbilling services APIs in the my-seed-project. + + Check #2 (Service account permissions on billing accoun) => The permission required to associate projects with billing accounts is okay. + + Check #3 (Service account permissions on parent folder) => The permission to create new projects into the folder specified is granted. + + Check #4 (Service account permissions on organization) => No permission required since we are creating the project under the folder instead of the organisation. If no folder is specified it would be step three and require projects.create permission. + + You can add one last check by setting --shared-vpc parameter. \ No newline at end of file From bc2b7cc985685d1062d54a54e987171412f9417b Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 17:44:25 -0300 Subject: [PATCH 3/9] Removes null_resource and tests for preconditions script --- modules/core_project_factory/locals.tf | 31 ---- modules/core_project_factory/main.tf | 26 --- .../preconditions/test_preconditions.py | 153 ------------------ 3 files changed, 210 deletions(-) delete mode 100644 modules/core_project_factory/locals.tf delete mode 100755 test/scripts/preconditions/test_preconditions.py diff --git a/modules/core_project_factory/locals.tf b/modules/core_project_factory/locals.tf deleted file mode 100644 index ec208bb6..00000000 --- a/modules/core_project_factory/locals.tf +++ /dev/null @@ -1,31 +0,0 @@ -/** - * Copyright 2019 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - root_path = abspath(path.root) - preconditions_path = join("/", [local.root_path, path.module, "scripts", "preconditions"]) - pip_requirements_absolute_path = join("/", [local.preconditions_path, "requirements.txt"]) - preconditions_py_absolute_path = join("/", [local.preconditions_path, "preconditions.py"]) - attributes = { - billing_account = var.billing_account - org_id = var.org_id - credentials_path = var.credentials_path - impersonate_service_account = var.impersonate_service_account - folder_id = var.folder_id - shared_vpc = var.shared_vpc - } - preconditions_command = "${var.python_interpreter_path} ${local.preconditions_py_absolute_path} %{for key, value in local.attributes}--${key}=\"${value}\" %{endfor}" -} diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index ee15c2e9..f649c620 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -59,30 +59,6 @@ locals { shared_vpc_users_length = 3 } -resource "null_resource" "preconditions" { - triggers = { - credentials_path = var.credentials_path - billing_account = var.billing_account - org_id = var.org_id - folder_id = var.folder_id - shared_vpc = var.shared_vpc - } - - provisioner "local-exec" { - command = local.pip_requirements_absolute_path - interpreter = [var.pip_executable_path, "install", "-r"] - on_failure = continue - } - - provisioner "local-exec" { - command = local.preconditions_command - on_failure = continue - environment = { - GRACEFUL_IMPORTERROR = "true" - } - } -} - /******************************************* Project creation *******************************************/ @@ -95,8 +71,6 @@ resource "google_project" "main" { auto_create_network = var.auto_create_network labels = var.labels - - depends_on = [null_resource.preconditions] } /****************************************** diff --git a/test/scripts/preconditions/test_preconditions.py b/test/scripts/preconditions/test_preconditions.py deleted file mode 100755 index a8098c2d..00000000 --- a/test/scripts/preconditions/test_preconditions.py +++ /dev/null @@ -1,153 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os -import sys -import unittest -sys.path.append( - os.path.abspath( - os.path.join( - os.path.dirname(__file__), - '../../../modules/core_project_factory/scripts/preconditions'))) - -import preconditions # noqa: E402 - - -class TestRequirements(unittest.TestCase): - def setUp(self): - self.required = [ - "admin.googleapis.com", - "appengine.googleapis.com", - "cloudbilling.googleapis.com", - "cloudresourcemanager.googleapis.com", - "iam.googleapis.com", - ] - self.required.sort() - - def test_is_satisfied(self): - req = preconditions.Requirements( - "seed project APIs", - "projects/test-host-e503", - self.required, - [ - "admin.googleapis.com", - "appengine.googleapis.com", - "cloudbilling.googleapis.com", - "cloudresourcemanager.googleapis.com", - "iam.googleapis.com", - ], - ) - - self.assertTrue(req.is_satisfied()) - - satisfied = req.satisfied() - satisfied.sort() - - self.assertEqual(self.required, satisfied) - - def test_extra_is_satisfied(self): - req = preconditions.Requirements( - "seed project APIs", - "projects/test-host-e503", - self.required, - [ - "iam.googleapis.com", - "admin.googleapis.com", - "cloudbilling.googleapis.com", - "cloudresourcemanager.googleapis.com", - "compute.googleapis.com", - "container.googleapis.com", - "appengine.googleapis.com", - ], - ) - - self.assertTrue(req.is_satisfied()) - - satisfied = req.satisfied() - satisfied.sort() - - self.assertEqual(self.required, satisfied) - - def test_is_not_satisfied(self): - req = preconditions.Requirements( - "seed project APIs", - "projects/test-host-e503", - self.required, - [ - "iam.googleapis.com", - "admin.googleapis.com", - "appengine.googleapis.com", - ], - ) - - self.assertFalse(req.is_satisfied()) - - def test_empty_required(self): - req = preconditions.Requirements( - "seed project APIs", - "projects/test-host-e503", - [], # Empty list of required permissions - [], - ) - - self.assertTrue(req.is_satisfied()) - - -class TestOrgPermissions(unittest.TestCase): - def test_base_permissions(self): - org_perms = preconditions.OrgPermissions("1234567890") - self.assertEqual(org_perms.permissions, []) - - def test_shared_vpc_permissions(self): - org_perms = preconditions.OrgPermissions("1234567890", shared_vpc=True) - self.assertEqual( - org_perms.permissions, - [ - "compute.subnetworks.setIamPolicy", - "compute.organizations.enableXpnResource", - ] - ) - - def test_parent_permissions(self): - org_perms = preconditions.OrgPermissions("1234567890", parent=True) - self.assertEqual( - org_perms.permissions, - [ - "resourcemanager.projects.create" - ] - ) - - -class TestFolderPermissions(unittest.TestCase): - def test_base_permissions(self): - folder_perms = preconditions.FolderPermissions("1234567890") - self.assertEqual(folder_perms.permissions, []) - - def test_parent_permissions(self): - folder_perms = preconditions.FolderPermissions( - "1234567890", - parent=True - ) - self.assertEqual( - folder_perms.permissions, - [ - "resourcemanager.projects.create", - ] - ) - - -if __name__ == "__main__": - unittest.main() From 3cad1b7b67346d8b3a94432bdf66f01a15622f52 Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 17:45:36 -0300 Subject: [PATCH 4/9] Updates README.md and adds new line at the end of the file running_preconditions_script.md --- README.md | 4 ++-- docs/running_preconditions_script.md | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7f7e23ff..9da0fac1 100644 --- a/README.md +++ b/README.md @@ -322,7 +322,7 @@ The precondition checker script can be directly invoked before running the project factory: ```sh -./modules/core_project_factory/scripts/preconditions/preconditions.py \ +./helpers/preconditions/preconditions.py \ --credentials_path "./credentials.json" \ --billing_account 000000-000000-000000 \ --org_id 000000000000 \ @@ -353,7 +353,7 @@ binary here: - https://releases.hashicorp.com/terraform/ [gsuite-enabled-module]: modules/gsuite_enabled/README.md -[preconditions-checker-script]: modules/core_project_factory/scripts/preconditions/preconditions.py +[preconditions-checker-script]: helpers/preconditions/preconditions.py [terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta [terraform-provider-gsuite]: https://github.com/DeviaVir/terraform-provider-gsuite diff --git a/docs/running_preconditions_script.md b/docs/running_preconditions_script.md index ac7611f6..4c818e6f 100644 --- a/docs/running_preconditions_script.md +++ b/docs/running_preconditions_script.md @@ -75,4 +75,5 @@ Do the following steps in order to run preconditions script: Check #4 (Service account permissions on organization) => No permission required since we are creating the project under the folder instead of the organisation. If no folder is specified it would be step three and require projects.create permission. - You can add one last check by setting --shared-vpc parameter. \ No newline at end of file + You can add one last check by setting --shared-vpc parameter. + From 447b145e55cb2878b1045fd68f106ac8a291714a Mon Sep 17 00:00:00 2001 From: Thiago Nache Carvalho Date: Wed, 14 Oct 2020 18:07:36 -0300 Subject: [PATCH 5/9] Update docs/running_preconditions_script.md Co-authored-by: Morgante Pell --- docs/running_preconditions_script.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/running_preconditions_script.md b/docs/running_preconditions_script.md index 4c818e6f..3028e6a7 100644 --- a/docs/running_preconditions_script.md +++ b/docs/running_preconditions_script.md @@ -75,5 +75,4 @@ Do the following steps in order to run preconditions script: Check #4 (Service account permissions on organization) => No permission required since we are creating the project under the folder instead of the organisation. If no folder is specified it would be step three and require projects.create permission. - You can add one last check by setting --shared-vpc parameter. - + You can add one last check by setting the `--shared-vpc` parameter. From 7d6a28b32a4edada328c1378ba8fab6847234a9e Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 18:08:25 -0300 Subject: [PATCH 6/9] Revert "Removes null_resource and tests for preconditions script" This reverts commit bc2b7cc985685d1062d54a54e987171412f9417b. --- modules/core_project_factory/locals.tf | 31 ++++ modules/core_project_factory/main.tf | 26 +++ .../preconditions/test_preconditions.py | 153 ++++++++++++++++++ 3 files changed, 210 insertions(+) create mode 100644 modules/core_project_factory/locals.tf create mode 100755 test/scripts/preconditions/test_preconditions.py diff --git a/modules/core_project_factory/locals.tf b/modules/core_project_factory/locals.tf new file mode 100644 index 00000000..ec208bb6 --- /dev/null +++ b/modules/core_project_factory/locals.tf @@ -0,0 +1,31 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + root_path = abspath(path.root) + preconditions_path = join("/", [local.root_path, path.module, "scripts", "preconditions"]) + pip_requirements_absolute_path = join("/", [local.preconditions_path, "requirements.txt"]) + preconditions_py_absolute_path = join("/", [local.preconditions_path, "preconditions.py"]) + attributes = { + billing_account = var.billing_account + org_id = var.org_id + credentials_path = var.credentials_path + impersonate_service_account = var.impersonate_service_account + folder_id = var.folder_id + shared_vpc = var.shared_vpc + } + preconditions_command = "${var.python_interpreter_path} ${local.preconditions_py_absolute_path} %{for key, value in local.attributes}--${key}=\"${value}\" %{endfor}" +} diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index f649c620..ee15c2e9 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -59,6 +59,30 @@ locals { shared_vpc_users_length = 3 } +resource "null_resource" "preconditions" { + triggers = { + credentials_path = var.credentials_path + billing_account = var.billing_account + org_id = var.org_id + folder_id = var.folder_id + shared_vpc = var.shared_vpc + } + + provisioner "local-exec" { + command = local.pip_requirements_absolute_path + interpreter = [var.pip_executable_path, "install", "-r"] + on_failure = continue + } + + provisioner "local-exec" { + command = local.preconditions_command + on_failure = continue + environment = { + GRACEFUL_IMPORTERROR = "true" + } + } +} + /******************************************* Project creation *******************************************/ @@ -71,6 +95,8 @@ resource "google_project" "main" { auto_create_network = var.auto_create_network labels = var.labels + + depends_on = [null_resource.preconditions] } /****************************************** diff --git a/test/scripts/preconditions/test_preconditions.py b/test/scripts/preconditions/test_preconditions.py new file mode 100755 index 00000000..a8098c2d --- /dev/null +++ b/test/scripts/preconditions/test_preconditions.py @@ -0,0 +1,153 @@ +#!/usr/bin/env python3 + +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +import sys +import unittest +sys.path.append( + os.path.abspath( + os.path.join( + os.path.dirname(__file__), + '../../../modules/core_project_factory/scripts/preconditions'))) + +import preconditions # noqa: E402 + + +class TestRequirements(unittest.TestCase): + def setUp(self): + self.required = [ + "admin.googleapis.com", + "appengine.googleapis.com", + "cloudbilling.googleapis.com", + "cloudresourcemanager.googleapis.com", + "iam.googleapis.com", + ] + self.required.sort() + + def test_is_satisfied(self): + req = preconditions.Requirements( + "seed project APIs", + "projects/test-host-e503", + self.required, + [ + "admin.googleapis.com", + "appengine.googleapis.com", + "cloudbilling.googleapis.com", + "cloudresourcemanager.googleapis.com", + "iam.googleapis.com", + ], + ) + + self.assertTrue(req.is_satisfied()) + + satisfied = req.satisfied() + satisfied.sort() + + self.assertEqual(self.required, satisfied) + + def test_extra_is_satisfied(self): + req = preconditions.Requirements( + "seed project APIs", + "projects/test-host-e503", + self.required, + [ + "iam.googleapis.com", + "admin.googleapis.com", + "cloudbilling.googleapis.com", + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "container.googleapis.com", + "appengine.googleapis.com", + ], + ) + + self.assertTrue(req.is_satisfied()) + + satisfied = req.satisfied() + satisfied.sort() + + self.assertEqual(self.required, satisfied) + + def test_is_not_satisfied(self): + req = preconditions.Requirements( + "seed project APIs", + "projects/test-host-e503", + self.required, + [ + "iam.googleapis.com", + "admin.googleapis.com", + "appengine.googleapis.com", + ], + ) + + self.assertFalse(req.is_satisfied()) + + def test_empty_required(self): + req = preconditions.Requirements( + "seed project APIs", + "projects/test-host-e503", + [], # Empty list of required permissions + [], + ) + + self.assertTrue(req.is_satisfied()) + + +class TestOrgPermissions(unittest.TestCase): + def test_base_permissions(self): + org_perms = preconditions.OrgPermissions("1234567890") + self.assertEqual(org_perms.permissions, []) + + def test_shared_vpc_permissions(self): + org_perms = preconditions.OrgPermissions("1234567890", shared_vpc=True) + self.assertEqual( + org_perms.permissions, + [ + "compute.subnetworks.setIamPolicy", + "compute.organizations.enableXpnResource", + ] + ) + + def test_parent_permissions(self): + org_perms = preconditions.OrgPermissions("1234567890", parent=True) + self.assertEqual( + org_perms.permissions, + [ + "resourcemanager.projects.create" + ] + ) + + +class TestFolderPermissions(unittest.TestCase): + def test_base_permissions(self): + folder_perms = preconditions.FolderPermissions("1234567890") + self.assertEqual(folder_perms.permissions, []) + + def test_parent_permissions(self): + folder_perms = preconditions.FolderPermissions( + "1234567890", + parent=True + ) + self.assertEqual( + folder_perms.permissions, + [ + "resourcemanager.projects.create", + ] + ) + + +if __name__ == "__main__": + unittest.main() From 6736db91262e880e799d18e39ce2fd0857dd3431 Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 18:20:57 -0300 Subject: [PATCH 7/9] Removes locals and null_resource --- modules/core_project_factory/locals.tf | 31 -------------------------- modules/core_project_factory/main.tf | 26 --------------------- 2 files changed, 57 deletions(-) delete mode 100644 modules/core_project_factory/locals.tf diff --git a/modules/core_project_factory/locals.tf b/modules/core_project_factory/locals.tf deleted file mode 100644 index ec208bb6..00000000 --- a/modules/core_project_factory/locals.tf +++ /dev/null @@ -1,31 +0,0 @@ -/** - * Copyright 2019 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - root_path = abspath(path.root) - preconditions_path = join("/", [local.root_path, path.module, "scripts", "preconditions"]) - pip_requirements_absolute_path = join("/", [local.preconditions_path, "requirements.txt"]) - preconditions_py_absolute_path = join("/", [local.preconditions_path, "preconditions.py"]) - attributes = { - billing_account = var.billing_account - org_id = var.org_id - credentials_path = var.credentials_path - impersonate_service_account = var.impersonate_service_account - folder_id = var.folder_id - shared_vpc = var.shared_vpc - } - preconditions_command = "${var.python_interpreter_path} ${local.preconditions_py_absolute_path} %{for key, value in local.attributes}--${key}=\"${value}\" %{endfor}" -} diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index ee15c2e9..f649c620 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -59,30 +59,6 @@ locals { shared_vpc_users_length = 3 } -resource "null_resource" "preconditions" { - triggers = { - credentials_path = var.credentials_path - billing_account = var.billing_account - org_id = var.org_id - folder_id = var.folder_id - shared_vpc = var.shared_vpc - } - - provisioner "local-exec" { - command = local.pip_requirements_absolute_path - interpreter = [var.pip_executable_path, "install", "-r"] - on_failure = continue - } - - provisioner "local-exec" { - command = local.preconditions_command - on_failure = continue - environment = { - GRACEFUL_IMPORTERROR = "true" - } - } -} - /******************************************* Project creation *******************************************/ @@ -95,8 +71,6 @@ resource "google_project" "main" { auto_create_network = var.auto_create_network labels = var.labels - - depends_on = [null_resource.preconditions] } /****************************************** From 443bbce5e2a114a5fe2ab3239a785fa1415e66d4 Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 18:21:40 -0300 Subject: [PATCH 8/9] Removes variables python_interpreter_path and pip_executable_path --- README.md | 2 -- main.tf | 2 -- modules/core_project_factory/variables.tf | 12 ------------ modules/gsuite_enabled/README.md | 1 - modules/gsuite_enabled/main.tf | 1 - modules/gsuite_enabled/variables.tf | 6 ------ modules/shared_vpc/main.tf | 1 - modules/shared_vpc/variables.tf | 6 ------ variables.tf | 12 ------------ 9 files changed, 43 deletions(-) diff --git a/README.md b/README.md index 9da0fac1..7fa7321a 100644 --- a/README.md +++ b/README.md @@ -135,9 +135,7 @@ determining that location is as follows: | lien | Add a lien on the project to prevent accidental deletion | bool | `"false"` | no | | name | The name for the project | string | n/a | yes | | org\_id | The organization ID. | string | n/a | yes | -| pip\_executable\_path | Pip executable path for precondition requirements.txt install. | string | `"pip3"` | no | | project\_id | The ID to give the project. If not provided, the `name` will be used. | string | `""` | no | -| python\_interpreter\_path | Python interpreter path for precondition check script. | string | `"python3"` | no | | random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | bool | `"false"` | no | | sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `""` | no | | shared\_vpc | The ID of the host project which hosts the shared VPC | string | `""` | no | diff --git a/main.tf b/main.tf index 2727ba1a..1c30c8bb 100644 --- a/main.tf +++ b/main.tf @@ -58,8 +58,6 @@ module "project-factory" { disable_services_on_destroy = var.disable_services_on_destroy default_service_account = var.default_service_account disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path - pip_executable_path = var.pip_executable_path use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var skip_gcloud_download = var.skip_gcloud_download vpc_service_control_attach_enabled = var.vpc_service_control_attach_enabled diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf index cc5ff9e8..d4cdf4fd 100644 --- a/modules/core_project_factory/variables.tf +++ b/modules/core_project_factory/variables.tf @@ -193,18 +193,6 @@ variable "enable_shared_vpc_host_project" { default = false } -variable "python_interpreter_path" { - description = "Python interpreter path for precondition check script." - type = string - default = "python3" -} - -variable "pip_executable_path" { - description = "Pip executable path for precondition requirements.txt install." - type = string - default = "pip3" -} - variable "use_tf_google_credentials_env_var" { description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." type = bool diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md index 30b80614..a4a14269 100644 --- a/modules/gsuite_enabled/README.md +++ b/modules/gsuite_enabled/README.md @@ -86,7 +86,6 @@ The roles granted are specifically: | name | The name for the project | string | n/a | yes | | org\_id | The organization ID. | string | n/a | yes | | project\_id | The ID to give the project. If not provided, the `name` will be used. | string | `""` | no | -| python\_interpreter\_path | Python interpreter path for precondition check script. | string | `"python3"` | no | | random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | string | `"false"` | no | | sa\_group | A G Suite group to place the default Service Account for the project in | string | `""` | no | | sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `""` | no | diff --git a/modules/gsuite_enabled/main.tf b/modules/gsuite_enabled/main.tf index 50f2fb14..057e54e6 100644 --- a/modules/gsuite_enabled/main.tf +++ b/modules/gsuite_enabled/main.tf @@ -99,7 +99,6 @@ module "project-factory" { disable_services_on_destroy = var.disable_services_on_destroy default_service_account = var.default_service_account disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var skip_gcloud_download = var.skip_gcloud_download } diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf index d87b60c6..bad6d881 100644 --- a/modules/gsuite_enabled/variables.tf +++ b/modules/gsuite_enabled/variables.tf @@ -183,12 +183,6 @@ variable "enable_shared_vpc_host_project" { default = false } -variable "python_interpreter_path" { - description = "Python interpreter path for precondition check script." - type = string - default = "python3" -} - variable "budget_amount" { description = "The amount to use for a budget alert" type = number diff --git a/modules/shared_vpc/main.tf b/modules/shared_vpc/main.tf index 25b4f6b9..6a917ef4 100755 --- a/modules/shared_vpc/main.tf +++ b/modules/shared_vpc/main.tf @@ -56,7 +56,6 @@ module "project-factory" { disable_services_on_destroy = var.disable_services_on_destroy default_service_account = var.default_service_account disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var skip_gcloud_download = var.skip_gcloud_download } diff --git a/modules/shared_vpc/variables.tf b/modules/shared_vpc/variables.tf index 274b8d2f..dbf8a85e 100755 --- a/modules/shared_vpc/variables.tf +++ b/modules/shared_vpc/variables.tf @@ -177,12 +177,6 @@ variable "shared_vpc_enabled" { default = false } -variable "python_interpreter_path" { - description = "Python interpreter path for precondition check script." - type = string - default = "python3" -} - variable "budget_amount" { description = "The amount to use for a budget alert" type = number diff --git a/variables.tf b/variables.tf index 405a1f1f..603470f7 100644 --- a/variables.tf +++ b/variables.tf @@ -188,18 +188,6 @@ variable "disable_dependent_services" { type = bool } -variable "python_interpreter_path" { - description = "Python interpreter path for precondition check script." - type = string - default = "python3" -} - -variable "pip_executable_path" { - description = "Pip executable path for precondition requirements.txt install." - type = string - default = "pip3" -} - variable "use_tf_google_credentials_env_var" { description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." type = bool From 387ac822109cf9e5f86b0051c9077bfb7580dc52 Mon Sep 17 00:00:00 2001 From: Thiago Carvalho Date: Wed, 14 Oct 2020 18:22:09 -0300 Subject: [PATCH 9/9] Updates preconditions script path on tests --- test/scripts/preconditions/test_preconditions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scripts/preconditions/test_preconditions.py b/test/scripts/preconditions/test_preconditions.py index a8098c2d..d5ebd88c 100755 --- a/test/scripts/preconditions/test_preconditions.py +++ b/test/scripts/preconditions/test_preconditions.py @@ -21,7 +21,7 @@ os.path.abspath( os.path.join( os.path.dirname(__file__), - '../../../modules/core_project_factory/scripts/preconditions'))) + '../../../helpers/preconditions'))) import preconditions # noqa: E402