Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.0 - G Suite Refactor #94

Merged
merged 117 commits into from
Jan 17, 2019
Merged

1.0 - G Suite Refactor #94

merged 117 commits into from
Jan 17, 2019

Conversation

morgante
Copy link
Contributor

@morgante morgante commented Jan 8, 2019
edited
Loading

This PR is to track the final merge of the G Suite refactor and release.

Fixes/changes should be done as PRs against 1.0-rc1.

adrienthebo and others added 30 commits January 8, 2019 12:49
@adrienthebo @morgante
Add v1.0.0 migration document
af62340
@morgante
Work on unifying migration instructions.
a89d266
@morgante
Add some troubleshooting notes... temporarily borked
0f84b77
@morgante
Unify instructions
aee71c2
@morgante
Update upgrading_to_project_factory_v1.0.md
e178be6
@aaron-lane
adding gke shared vpc functionality and some cleanup
7fa06ff
@aaron-lane
first pass at making gsuite optional
56322b2
@aaron-lane
first run at making the gsuite provider optional
aa6d2e5
@aaron-lane
changing example
4a3b236
@aaron-lane
cleanup
759a96c
@aaron-lane
removing unecessary dependencies
74c95f4
@aaron-lane
+using module outputs instead of re-adding resource +deleting comment…
183bf5f 
…ed code
@aaron-lane
+using module outputs instead of re-adding resource +deleting comment…
b0fec4e 
…ed code
@aaron-lane
removing gsuite from simple project example
d2e097d
@aaron-lane
getting up to date with master v2
12a7385
@cpearring @aaron-lane
Update main.tf
e51e572
@cpearring @aaron-lane
Update variables.tf
1862dad
@aaron-lane
keeping up to date with master, adding in migrate.sh script as first …
5b451fb 
…pass on migrating from v1 project factory
@aaron-lane
removing set variables
488c9e7
@morgante @aaron-lane
Fix duplicate variable
6c413cb
@adrienthebo @aaron-lane
Fixups for moved modules and deleted variables
e65e55a
@aaron-lane
terraform fmt and moving group email to locals
7aad8a2
@adrienthebo @aaron-lane
Fix reference to removed null_data_source with local
c200547 
A refactor that removed null_data_sources in favor of local variables
didn't update all of the locations where the old value was used; this
commit fixes up the omission.
@aaron-lane
Synchronize args_missing logic
c7a5607
@aaron-lane
Use gsuite_enabled module in full fixture
c017a0a
@aaron-lane
Remove argument check from root, gsuite_enabled
98e6aab 
root and gsuite_enabled do not utilize var.org_id and var.domain in a
manner which requires them to both exist.
@aaron-lane
Remove unused locals from gsuite_enabled
3f92372
@aaron-lane
Extract domain calculation logic to module
b4f013a 
This change removes a cyclic dependency between gsuite_enabled and
core_project_factory
@aaron-lane
Pass full var.domain to gsuite_enabled
cc93cfc
@aaron-lane
Remove argument check from core_project_factory
7cbde2c
@morgante
Copy link
Contributor Author

It looks like attempting to merge in master somehow broke this. The issue is somewhere in here: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/94/files/bb2b84289d32555a2e1976a89f4ae66dc38da526..4ff2d26bc1a6c4ac47a4e3c4326421bbba217b9b

morgante and others added 5 commits January 11, 2019 18:45
@morgante
Set default group-name
803892d
@morgante
Merge branch 'master' into 1.0-rc1
89c4a13
@aaron-lane
Remove random_string suffix from fixture modules
6b2029d 
The interpolation of random_string was causing an issue for counts based
off of outputs from gsuite_group modules. It's not clear why this is
happening. The tests can not be run concurrently at this point so the
there is no need to avoid naming collisions any way.
@aaron-lane
Merge branch 'master' into 1.0-rc1
3738754
@morgante
Merge branch 'master' into 1.0-rc1
ab49539
@morgante
Copy link
Contributor Author

Sadly it looks like this is still breaking CI:

       Error: Error running plan: 5 error(s) occurred:
       
       * module.project-factory.module.project-factory.google_service_account_iam_member.service_account_grant_to_group: google_service_account_iam_member.service_account_grant_to_group: value of 'count' cannot be computed
       * google_service_account_iam_member.additive_service_account_grant_to_group: google_service_account_iam_member.additive_service_account_grant_to_group: value of 'count' cannot be computed
       * module.project-factory.module.project-factory.google_compute_subnetwork_iam_member.group_role_to_vpc_subnets: google_compute_subnetwork_iam_member.group_role_to_vpc_subnets: value of 'count' cannot be computed
       * module.project-factory.module.project-factory.google_storage_bucket_iam_member.group_storage_admin_on_project_bucket: google_storage_bucket_iam_member.group_storage_admin_on_project_bucket: value of 'count' cannot be computed
       * module.project-factory.module.project-factory.google_project_iam_member.gsuite_group_role: google_project_iam_member.gsuite_group_role: value of 'count' cannot be computed

@morgante
Copy link
Contributor Author

It looks like we still don't have the group logic quite right. We need parity with the current project factory.

To be specific, if I am using the non-G Suite project factory, I have two options:

  1. Pass in a group_name and it will be granted all the appropriate roles (ex.

    terraform-google-project-factory/modules/core_project_factory/main.tf

    Line 203 in ab49539

    resource "google_service_account_iam_member" "service_account_grant_to_group" {
    )
  2. Don't pass in a group_name and no roles will be added

For the G Suite version, there are 4 options:

  1. Pass in a group_name and create_group = false => grant the roles to the group
  2. Pass in a group_name and create_group = true => create the given group name and grant it the required roles
  3. Don't pass in a group_name and create_group = true => creates a group named project_name-editors and grants it the required roles.
  4. Don't pass in a group_name and create_group = false -> no group roles granted

aaron-lane and others added 4 commits January 16, 2019 00:28
@aaron-lane
Fix counts which can not be computed
ad6b467 
`gsuite_group` does not need to be included in `core_project_factory`
since the only relevant output is `email`.

The `manage_group` variable on `core_project_factory` removes the need
to check the value of the `group_name` variable which was causing
an issue during graph resolution.

The `count` of the `additive_service_account_grant_to_group` in the
`full` fixture is removed because the `group_email` output will always
be defined in that fixture.
@aaron-lane
Generate documentation
c786760
@aaron-lane
Remove interpolation from module source
673f652
@morgante
Merge pull request #114 from terraform-google-modules/aaron-lane/fix-…
6226158 
…count-computation

Fix count computation
@morgante morgante mentioned this pull request Jan 16, 2019
Open
@morgante morgante merged commit 150865a into master Jan 17, 2019
@adrienthebo adrienthebo deleted the 1.0-rc1 branch January 23, 2019 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaron-lane aaron-lane aaron-lane approved these changes

@adrienthebo adrienthebo adrienthebo approved these changes

Assignees

@aaron-lane aaron-lane

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@morgante @aaron-lane @sosimon @jeffmccune @brandonjbjelland @adrienthebo @cpearring