Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1.0 - G Suite Refactor #94

Merged
merged 117 commits into from
Jan 17, 2019
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
117 commits
Select commit Hold shift + click to select a range
af62340
Add v1.0.0 migration document
adrienthebo Dec 20, 2018
a89d266
Work on unifying migration instructions.
morgante Jan 3, 2019
0f84b77
Add some troubleshooting notes... temporarily borked
morgante Jan 3, 2019
aee71c2
Unify instructions
morgante Jan 3, 2019
e178be6
Update upgrading_to_project_factory_v1.0.md
morgante Jan 3, 2019
7fa06ff
adding gke shared vpc functionality and some cleanup
Jul 31, 2018
56322b2
first pass at making gsuite optional
Aug 23, 2018
aa6d2e5
first run at making the gsuite provider optional
Aug 29, 2018
4a3b236
changing example
Aug 29, 2018
759a96c
cleanup
Aug 29, 2018
74c95f4
removing unecessary dependencies
Sep 5, 2018
183bf5f
+using module outputs instead of re-adding resource +deleting comment…
Sep 6, 2018
b0fec4e
+using module outputs instead of re-adding resource +deleting comment…
Sep 6, 2018
d2e097d
removing gsuite from simple project example
Sep 7, 2018
12a7385
getting up to date with master v2
Sep 7, 2018
e51e572
Update main.tf
cpearring Sep 12, 2018
1862dad
Update variables.tf
cpearring Sep 12, 2018
5b451fb
keeping up to date with master, adding in migrate.sh script as first …
Sep 14, 2018
488c9e7
removing set variables
Sep 19, 2018
6c413cb
Fix duplicate variable
morgante Sep 21, 2018
e65e55a
Fixups for moved modules and deleted variables
adrienthebo Sep 24, 2018
7aad8a2
terraform fmt and moving group email to locals
Oct 4, 2018
c200547
Fix reference to removed null_data_source with local
adrienthebo Oct 5, 2018
c7a5607
Synchronize args_missing logic
aaron-lane Nov 29, 2018
c017a0a
Use gsuite_enabled module in full fixture
aaron-lane Nov 29, 2018
98e6aab
Remove argument check from root, gsuite_enabled
aaron-lane Nov 30, 2018
3f92372
Remove unused locals from gsuite_enabled
aaron-lane Nov 30, 2018
b4f013a
Extract domain calculation logic to module
aaron-lane Nov 30, 2018
cc93cfc
Pass full var.domain to gsuite_enabled
aaron-lane Nov 30, 2018
7cbde2c
Remove argument check from core_project_factory
aaron-lane Nov 30, 2018
cdaff2f
Extract group identity logic to module
aaron-lane Nov 30, 2018
2b866b7
Refactor gsuite_enabled to use google_group
aaron-lane Dec 3, 2018
d38be7d
Ignore VS Code directory
aaron-lane Dec 3, 2018
cd4385d
Generate documentation
aaron-lane Dec 3, 2018
b66ecb8
Ignore pyenv directory
aaron-lane Dec 3, 2018
966a5d0
Print name of file in combine_docfiles.py
aaron-lane Dec 3, 2018
bb6fc1d
Add name generation to google_group
aaron-lane Dec 3, 2018
7f5cf8c
Move G Suite group role to gsuite_enabled
aaron-lane Dec 3, 2018
124bff3
Use google_group.email in gsuite_enabled
aaron-lane Dec 3, 2018
213a2c6
Refactor unnecessary local in gsuite_enabled
aaron-lane Dec 3, 2018
6b1e404
Remove G Suite from minimal fixture
aaron-lane Dec 3, 2018
67cf72c
Remove group_role from core_project_factory
aaron-lane Dec 3, 2018
e96a53f
Grant group serviceAccountUser in gsuite_enabled
aaron-lane Dec 3, 2018
6380d21
Move G Suite networkUser role to gsuite_enabled
aaron-lane Dec 3, 2018
ecbbc22
Move networkUser for VPC subnets to gsuite_enabled
aaron-lane Dec 3, 2018
60e1ad7
Move bucket admin for group to gsuite_enabled
aaron-lane Dec 3, 2018
4325f64
Remove obsolete code from core_project_factory
aaron-lane Dec 3, 2018
b92126c
Update generated documentation
aaron-lane Dec 3, 2018
d1c1c5c
Remove obsolete attributes use in gsuite_enabled
aaron-lane Dec 4, 2018
f7bc912
Fix multiline split of service_account_id
aaron-lane Dec 4, 2018
f675a37
Remove obsolete variables from root module
aaron-lane Dec 4, 2018
7e047c8
Update Read Mes of root, gsuite_enabled
aaron-lane Dec 7, 2018
cde56e0
Remove obsolete reference to group_email
aaron-lane Dec 12, 2018
5a133b3
Update generated documentation
aaron-lane Dec 12, 2018
26ffa95
Inline google_group to gsuite_enabled
aaron-lane Dec 13, 2018
40879df
Add scaffolding for python migration script
adrienthebo Sep 28, 2018
b9705d7
Implement GSuiteMigration class
adrienthebo Sep 29, 2018
97f4fe2
Only migrate resources into core_project_factory
adrienthebo Oct 1, 2018
405d3c8
Add boilerplate to migrate.py and tests
adrienthebo Oct 1, 2018
59f70ac
Prefer arrays over multiline strings for test fixtures
adrienthebo Dec 6, 2018
248bb69
Add test coverage for `Resource.from_path`
adrienthebo Dec 6, 2018
056f47b
Add validation and negative test case for `.from_path`
adrienthebo Dec 6, 2018
dbf879d
Remove extraneous resources and list comprehension filter
adrienthebo Dec 6, 2018
6ce03c7
Improve command hint to use new terraform state
adrienthebo Dec 13, 2018
227e4a5
Improve name of `group_by_module` function
adrienthebo Dec 13, 2018
174fef2
Extract function for computing per-module migration commands
adrienthebo Dec 13, 2018
2ecb092
Refactor migrations to better handle multiple destination modules
adrienthebo Dec 13, 2018
e7bbd27
Migrate resources with a count > 1
adrienthebo Dec 14, 2018
a2ce7ef
Remove obsolete migration script
aaron-lane Dec 17, 2018
bd01441
Update tests to reflect new migrations, clean up assertions
adrienthebo Dec 17, 2018
6bff8ee
Revert order of Read Me sample module arguments
aaron-lane Jan 4, 2019
af21297
Highlight how to include G Sutie in Read Me
aaron-lane Jan 4, 2019
5aebb40
Add group_name, group_role back to root module
aaron-lane Jan 4, 2019
c5f2043
Manage all non G Suite resources in core
aaron-lane Jan 7, 2019
1f37c10
Generate documentation
aaron-lane Jan 7, 2019
7e64a82
Restore G Suite group documentation in root module
aaron-lane Jan 7, 2019
7566ad8
Reimplement arguments check
aaron-lane Jan 7, 2019
c4081ca
Move missing arguments check to gsuite_group
aaron-lane Jan 7, 2019
acfad02
Make var.org_id required
aaron-lane Jan 7, 2019
2bbac4d
Remove reference to obsolete local.gsuite_group_id
aaron-lane Jan 8, 2019
ddeb8f0
Fix descriptions of group_email outputs
aaron-lane Jan 8, 2019
414d71a
Merge pull request #73 from terraform-google-modules/aaron-lane/gsuit…
morgante Jan 8, 2019
e545548
Add gsuite_group_role to migrations
aaron-lane Jan 9, 2019
6f5ffb6
Add service_account_grant_to_group to migrations
aaron-lane Jan 9, 2019
5f5336f
Merge pull request #95 from terraform-google-modules/aaron-lane/fix-m…
morgante Jan 9, 2019
191d9a6
Fix path to migrate.py in upgrade instructions
aaron-lane Jan 10, 2019
9f5daed
Restore migrate.py download instructions
morgante Jan 10, 2019
097860e
Add group_role_to_vpc_subnets to migration
aaron-lane Jan 10, 2019
7acfc29
Add lien to migration
aaron-lane Jan 10, 2019
7542083
Make migration script idempotent
adrienthebo Jan 10, 2019
b31fe64
Merge pull request #99 from terraform-google-modules/aaron-lane/fix-m…
morgante Jan 10, 2019
bb2b842
Merge pull request #100 from terraform-google-modules/adrienthebo/1.0…
morgante Jan 10, 2019
c2a5cd6
Minor updates to migration docs around preconditions and org_id
morgante Jan 11, 2019
4bff404
Add clean up steps
morgante Jan 11, 2019
0258e73
Merge pull request #103 from terraform-google-modules/morgantep/1.0/d…
morgante Jan 11, 2019
4ff2d26
Merge branch 'master' into 1.0-rc1
morgante Jan 11, 2019
f51a2ad
Incorporate changes from #91
morgante Jan 11, 2019
29e3a45
Update CHANGELOG
morgante Jan 11, 2019
ee2357d
Try to fix example
morgante Jan 11, 2019
803892d
Set default group-name
morgante Jan 11, 2019
89c4a13
Merge branch 'master' into 1.0-rc1
morgante Jan 11, 2019
6b2029d
Remove random_string suffix from fixture modules
aaron-lane Jan 14, 2019
3738754
Merge branch 'master' into 1.0-rc1
aaron-lane Jan 14, 2019
ab49539
Merge branch 'master' into 1.0-rc1
morgante Jan 15, 2019
ad6b467
Fix counts which can not be computed
aaron-lane Jan 16, 2019
c786760
Generate documentation
aaron-lane Jan 16, 2019
673f652
Remove interpolation from module source
aaron-lane Jan 16, 2019
6226158
Merge pull request #114 from terraform-google-modules/aaron-lane/fix-…
morgante Jan 16, 2019
50aa1d8
Only manage group if it is existent
aaron-lane Jan 16, 2019
c347a37
Remove redundant boolean logic
aaron-lane Jan 16, 2019
f142904
Merge pull request #115 from terraform-google-modules/aaron-lane/only…
aaron-lane Jan 16, 2019
d061ec4
Merge branch 'master' into 1.0-rc1
morgante Jan 16, 2019
beb050f
Capitalize Changed header in CHANGELOG
aaron-lane Jan 17, 2019
633ffc8
Remove brackets from 1.0.0 header in CHANGELOG
aaron-lane Jan 17, 2019
383b5cb
Pin module to 1.0 in README example
aaron-lane Jan 17, 2019
ae652cb
Target v1.0.0 in migration script download
aaron-lane Jan 17, 2019
574ca00
Pin gsuite_enabled module to 1.0 in README
aaron-lane Jan 17, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Extract domain calculation logic to module
This change removes a cyclic dependency between gsuite_enabled and
core_project_factory
  • Loading branch information
aaron-lane committed Jan 8, 2019
commit b4f013af815a6aeb94e8b378dfbc03ed2db98827
49 changes: 26 additions & 23 deletions modules/core_project_factory/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,25 +25,26 @@ resource "random_id" "random_project_id_suffix" {
Locals configuration
*****************************************/
locals {
project_id = "${google_project.project.project_id}"
project_number = "${google_project.project.number}"
project_org_id = "${var.folder_id != "" ? "" : var.org_id}"
project_folder_id = "${var.folder_id != "" ? var.folder_id : ""}"
temp_project_id = "${var.random_project_id ? format("%s-%s",var.name,random_id.random_project_id_suffix.hex) : var.name}"
domain = "${var.domain != "" ? var.domain : var.org_id != "" ? join("", data.google_organization.org.*.domain) : ""}"
args_missing = "${var.group_name != "" && var.org_id == "" && var.domain == "" ? 1 : 0}"
s_account_fmt = "${format("serviceAccount:%s", google_service_account.default_service_account.email)}"
api_s_account = "${format("%[email protected]", local.project_number)}"
api_s_account_fmt = "${format("serviceAccount:%s", local.api_s_account)}"
gke_shared_vpc_enabled = "${var.shared_vpc != "" && contains(var.activate_apis, "container.googleapis.com") ? "true" : "false"}"
gke_s_account = "${format("service-%[email protected]", local.project_number)}"
gke_s_account_fmt = "${local.gke_shared_vpc_enabled ? format("serviceAccount:%s", local.gke_s_account) : ""}"
project_bucket_name = "${var.bucket_name != "" ? var.bucket_name : format("%s-state", var.name)}"
create_bucket = "${var.bucket_project != "" ? "true" : "false"}"
app_engine_enabled = "${length(keys(var.app_engine)) > 0 ? true : false}"
shared_vpc_users = "${compact(list(local.s_account_fmt, local.group_fmt, local.api_s_account_fmt, local.gke_s_account_fmt))}"
shared_vpc_users_length = "${local.gke_shared_vpc_enabled ? 4 : 3}" # Workaround for https://github.com/hashicorp/terraform/issues/10857
final_group_email = "${var.group_email != "" ? var.group_email : (var.group_name != "" ? format("%s@%s", var.group_name, local.domain) : "")}"
project_id = "${google_project.project.project_id}"
project_number = "${google_project.project.number}"
project_org_id = "${var.folder_id != "" ? "" : var.org_id}"
project_folder_id = "${var.folder_id != "" ? var.folder_id : ""}"
temp_project_id = "${var.random_project_id ? format("%s-%s",var.name,random_id.random_project_id_suffix.hex) : var.name}"
args_missing = "${var.group_name != "" && var.org_id == "" && var.domain == "" ? 1 : 0}"
s_account_fmt = "${format("serviceAccount:%s", google_service_account.default_service_account.email)}"
api_s_account = "${format("%[email protected]", local.project_number)}"
api_s_account_fmt = "${format("serviceAccount:%s", local.api_s_account)}"
gke_shared_vpc_enabled = "${var.shared_vpc != "" && contains(var.activate_apis, "container.googleapis.com") ? "true" : "false"}"
gke_s_account = "${format("service-%[email protected]", local.project_number)}"
gke_s_account_fmt = "${local.gke_shared_vpc_enabled ? format("serviceAccount:%s", local.gke_s_account) : ""}"
project_bucket_name = "${var.bucket_name != "" ? var.bucket_name : format("%s-state", var.name)}"
create_bucket = "${var.bucket_project != "" ? "true" : "false"}"
app_engine_enabled = "${length(keys(var.app_engine)) > 0 ? true : false}"
shared_vpc_users = "${compact(list(local.s_account_fmt, local.group_fmt, local.api_s_account_fmt, local.gke_s_account_fmt))}"

# Workaround for https://github.com/hashicorp/terraform/issues/10857
shared_vpc_users_length = "${local.gke_shared_vpc_enabled ? 4 : 3}"
final_group_email = "${var.group_email != "" ? var.group_email : (var.group_name != "" ? format("%s@%s", var.group_name, module.google_organization.domain) : "")}"
group_fmt = "${local.final_group_email != "" ? format("group:%s", local.final_group_email) : ""}"

app_engine_config = {
Expand All @@ -57,12 +58,14 @@ resource "null_resource" "args_missing" {
"ERROR: Variable `group_name` was passed. Please provide either `org_id` or `domain` variables" = true
}

/******************************************
/*****************************************
Organization info retrieval
*****************************************/
data "google_organization" "org" {
count = "${var.org_id == "" ? 0 : 1}"
organization = "${var.org_id}"
module "google_organization" {
source = "../google_organization"

domain = "${var.domain}"
org_id = "${var.org_id}"
}

resource "null_resource" "preconditions" {
Expand Down
2 changes: 1 addition & 1 deletion modules/core_project_factory/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ output "project_number" {
}

output "domain" {
value = "${local.domain}"
value = "${module.google_organization.domain}"
description = "The organization's domain"
}

Expand Down
27 changes: 27 additions & 0 deletions modules/google_organization/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

locals {
domain = "${var.domain != "" ? var.domain : var.org_id != "" ? join("", data.google_organization.org.*.domain) : ""}"
}

/*****************************************
Organization info retrieval
*****************************************/
data "google_organization" "org" {
count = "${var.org_id == "" ? 0 : 1}"
organization = "${var.org_id}"
}
20 changes: 20 additions & 0 deletions modules/google_organization/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

output "domain" {
value = "${local.domain}"
description = "The organization's domain"
}
25 changes: 25 additions & 0 deletions modules/google_organization/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/**
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

variable "domain" {
description = "The domain name (optional if `org_id` is passed)"
default = ""
}

variable "org_id" {
description = "The organization id (optional if `domain` is passed)"
default = ""
}
24 changes: 20 additions & 4 deletions modules/gsuite_enabled/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,14 @@

locals {
api_s_account = "${module.project-factory.api_s_account}"
domain = "${module.project-factory.domain}"

// default group_name to ${project_name}-editors
group_name = "${var.group_name != "" ? var.group_name : format("%s-editors", var.name)}"
given_group_email = "${var.create_group == "false" ? format("%s@%s", var.group_name, local.domain) : ""}"
group_name = "${var.group_name != "" ? var.group_name : format("%s-editors", var.name)}"

given_group_email = "${
var.create_group == "false" ? format("%s@%s", var.group_name, module.google_organization.domain) : ""
}"

final_group_email = "${var.create_group == "true" ? element(coalescelist(gsuite_group.group.*.email, list("")), 0) : local.given_group_email}"
}

Expand All @@ -41,13 +44,26 @@ resource "gsuite_group_member" "service_account_sa_group_member" {
depends_on = ["module.project-factory"]
}

/*****************************************
Organization info retrieval
*****************************************/
module "google_organization" {
source = "../google_organization"

domain = "${var.domain}"
org_id = "${var.org_id}"
}

/******************************************
Gsuite Group Configuration
*****************************************/
resource "gsuite_group" "group" {
count = "${var.create_group ? 1 : 0}"

email = "${var.group_name != "" ? format("%s@%s", var.group_name, local.domain) : format("%s-editors@%s", var.name, local.domain)}"
email = "${var.group_name != "" ?
format("%s@%s", var.group_name, module.google_organization.domain) :
format("%s-editors@%s", var.name, module.google_organization.domain)}"

name = "${var.group_name != "" ? var.group_name : format("%s-editors",var.name)}"
description = "${var.name} project group"
}
Expand Down