Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: terraform-google-modules/terraform-example-foundation
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.1.0
Choose a base ref
...
head repository: terraform-google-modules/terraform-example-foundation
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.0.0
Choose a head ref
11 contributors

Commits on Jun 13, 2020

  1. refactor: Add env module to hold repeatable baseline components. (#51)

    @morgante
    morgante authored Jun 13, 2020
    Copy the full SHA
    30accab View commit details

  2. refactor: move VPC host project into env module, add env folder (#53)

    @rjerrems
    rjerrems authored Jun 13, 2020
    Copy the full SHA
    bd4cc5b View commit details

Commits on Jun 16, 2020

  1. Added the org-wide secrets project to 1-org

    @langleyce
    langleyce committed Jun 16, 2020
    Copy the full SHA
    8316cde View commit details

  2. Adding dev environment to reflect latest guidance

    @langleyce
    langleyce committed Jun 16, 2020
    Copy the full SHA
    3bc82b8 View commit details

Commits on Jun 18, 2020

  1. Move secrets.tf to env_baseline module (#55)

    @bharathkkb
    bharathkkb authored Jun 18, 2020
    Copy the full SHA
    13c6873 View commit details

Commits on Jun 26, 2020

  1. Fixes secrets logs and linting (#58)

    @amandakarina
    amandakarina authored Jun 26, 2020
    Copy the full SHA
    a31b40a View commit details

Commits on Jul 1, 2020

  1. the creation of the base and restricted share vpc host projects under… 

    … the dev, nonprod and prod folders (#63)
    @daniel-cit
    daniel-cit authored Jul 1, 2020
    Copy the full SHA
    3c22bbe View commit details

Commits on Jul 6, 2020

  1. fix: Add missing provider configuration to allow impersonation for 2-… 

    …environments. (#67)
    @daniel-cit
    daniel-cit authored Jul 6, 2020
    Copy the full SHA
    a7b70c7 View commit details

  2. feat: Add restricted shared vpc (#60)

    @daniel-cit
    daniel-cit authored Jul 6, 2020
    Copy the full SHA
    b643771 View commit details

  3. refactor: Align standard shared vpc with restricted shared vpc (#57)

    @amandakarina
    amandakarina authored Jul 6, 2020
    Copy the full SHA
    6d43ce8 View commit details

Commits on Jul 7, 2020

  1. fix: Rename lint YAML to match trigger and add placeholder int tests (#… 

    …68)
    @rjerrems
    rjerrems authored Jul 7, 2020
    Copy the full SHA
    cf42b76 View commit details

  2. fix: example-foundation readme updates (#69) 

    * Readme updates after running through example foundation

* change readme for 1-org

* resolve lint errors
    @kadodson612
    kadodson612 authored Jul 7, 2020
    Copy the full SHA
    9e21da6 View commit details

  3. fix: create gcp-environments repo. (#73)

    @daniel-cit
    daniel-cit authored Jul 7, 2020
    Copy the full SHA
    52cdf73 View commit details

Commits on Jul 8, 2020

  1. Add private(base) shared VPC to each environment. (#72)

    @daniel-cit
    daniel-cit authored Jul 8, 2020
    Copy the full SHA
    8786d12 View commit details

Commits on Jul 9, 2020

  1. feat: Adds interconnect project (#71)

    @amandakarina
    amandakarina authored Jul 9, 2020
    Copy the full SHA
    9179a9a View commit details

  2. feat: Add intial structure for Jenkins bootstrap module (#76)

    @caleonardo
    caleonardo authored Jul 9, 2020
    Copy the full SHA
    57b79b1 View commit details

  3. feat: Adds SCC Alerting project and SCC Notifications (#66)

    @amandakarina
    amandakarina authored Jul 9, 2020
    Copy the full SHA
    1ff76aa View commit details

Commits on Jul 12, 2020

  1. feat: Add support for dedicated interconnect. (#74)

    @daniel-cit
    daniel-cit authored Jul 12, 2020
    Copy the full SHA
    6ce065d View commit details

Commits on Jul 13, 2020

  1. fix: Dedicated interconnect README.md (#80)

    @daniel-cit
    daniel-cit authored Jul 13, 2020
    Copy the full SHA
    7a4109d View commit details

  2. Adds integration test framework for e2e tests (#65) 

    * add framework

add scc notif name

add securitycenter api

add securitycenter roles

fix destroy

add cleaner script

set project in cleaner script

add networks

fix apis

rand suffix for managed zones

pr comments

* use bootstrap registry module

* comment

* fix bq region

* fix pf version
    @bharathkkb
    bharathkkb authored Jul 13, 2020
    Copy the full SHA
    e37c607 View commit details

Commits on Jul 15, 2020

  1. feat: Add DNS Hub and Spoke (#79)

    @daniel-cit
    daniel-cit authored Jul 15, 2020
    Copy the full SHA
    e71ffae View commit details

Commits on Jul 16, 2020

  1. fix: add lifecycleState ACTIVE to terraform projects data filter (#82)

    @daniel-cit
    daniel-cit authored Jul 16, 2020
    Copy the full SHA
    afb70ab View commit details

  2. fix: integration tests concurrency issues (#84)

    @bharathkkb
    bharathkkb authored Jul 16, 2020
    Copy the full SHA
    68c36bb View commit details

  3. feat: Add support High availability VPN (#75)

    @amandakarina
    amandakarina authored Jul 16, 2020
    Copy the full SHA
    51e8617 View commit details

  4. refactor: Add flags to enable network logs. (#85)

    @daniel-cit
    daniel-cit authored Jul 16, 2020
    Copy the full SHA
    bff1196 View commit details

Commits on Jul 17, 2020

  1. refactor: Changing cloud build configuration to mono-repo structure (#83 

    )

* refactor: Changing cloud build configuration to mono-repo structure

* fix formatting
    @rjerrems
    rjerrems authored Jul 17, 2020
    Copy the full SHA
    551d1ef View commit details

  2. refactor: Re-instate multi repos for Cloud Build (#88)

    @rjerrems
    rjerrems authored Jul 17, 2020
    Copy the full SHA
    9153709 View commit details

  3. refactor: folder structure for 1-org (#86)

    @rjerrems
    rjerrems authored Jul 17, 2020
    Copy the full SHA
    5b21183 View commit details

Commits on Jul 18, 2020

  1. refactor: Change folder structure and refactor projects (#81)

    @kwraith05
    kwraith05 authored Jul 18, 2020
    Copy the full SHA
    e7ef9c2 View commit details

  2. feat: bootstrap Jenkins agent with CFT dependencies (#78)

    @caleonardo
    caleonardo authored Jul 18, 2020
    Copy the full SHA
    124629d View commit details

  3. fix: add missing sinks and enable data access logs. (#94)

    @daniel-cit
    daniel-cit authored Jul 18, 2020
    Copy the full SHA
    8e13b7e View commit details

Commits on Jul 21, 2020

  1. fix: Update instructions for VPN usage (#96)

    @amandakarina
    amandakarina authored Jul 21, 2020
    Copy the full SHA
    a9a369c View commit details

  2. feat: Adds a commented call to the jenkins-agent submodule (#95)

    @caleonardo
    caleonardo authored Jul 21, 2020
    Copy the full SHA
    d8ef1fb View commit details

Commits on Jul 22, 2020

  1. refactor: flatten folder structure for environments (#99)

    @mikelaramie
    mikelaramie authored Jul 22, 2020
    Copy the full SHA
    245afe8 View commit details

  2. Add 1 org tests (#97) 

    * add outputs.tf to 1-org.

* add project, folder and scc notification tests.

* add org policy, services and sink tests

* fix rudy lint

* add output.tf to org test

* enable include children to sinks

* fix access transparency logs test

* minor fix in README.md

* fix access transparency test for folder sink.

* use lists to remove repetition in tests

* add folder org policy tests

* fix compute.disableSerialPortAccess org policy constraint

* fix test for folder org policy iam.allowedPolicyMemberDomains

* fix integration test text

* split tests in multiple controls and consider that tests run only inside a test folder
    @daniel-cit
    daniel-cit authored Jul 22, 2020
    Copy the full SHA
    cc22d2f View commit details

  3. Adds new integration tests for 2-envs and outputs (#98) 

    * Adds new integration tests for 3-envs and outputs

* Fixes linting

* Fixes prod env tests

* Fixes nonprod test

* Fix typo

* Adds each to check apis enabling

* Adds control for 2-envs

* Removes typo

* Fixes integration tests for envs

* Removes tfvars

* Removes unnecessary output
    @amandakarina
    amandakarina authored Jul 22, 2020
    Copy the full SHA
    c785550 View commit details

  4. refactor: upgrade bootstrap module version (#101)

    @rjerrems
    rjerrems authored Jul 22, 2020
    Copy the full SHA
    5073348 View commit details

Commits on Jul 23, 2020

  1. fix: google provider version in 0-bootstrap step (#102)

    @daniel-cit
    daniel-cit authored Jul 23, 2020
    Copy the full SHA
    e61dbe3 View commit details

  2. fix: add biling account viewer permissions to billing-data-users group ( 

    #105)
    @daniel-cit
    daniel-cit authored Jul 23, 2020
    Copy the full SHA
    735837b View commit details

Commits on Jul 24, 2020

  1. refactor: rename backends, add steps to automate updating (#106)

    @rjerrems
    rjerrems authored Jul 24, 2020
    Copy the full SHA
    9c11ad4 View commit details

  2. fix: align terraform-validator versions with cloudbuild bootstrap (#107)

    @rjerrems
    rjerrems authored Jul 24, 2020
    Copy the full SHA
    b2b9a17 View commit details

  3. feat: adds integration test for step 0-bootstrap (#108)

    @atos-cit
    atos-cit authored Jul 24, 2020
    Copy the full SHA
    8ec32fd View commit details

Commits on Jul 26, 2020

  1. feat: add support for projects with restricted shared vpc and service… 

    … perimeter (#93)
    @kwraith05
    kwraith05 authored Jul 26, 2020
    Copy the full SHA
    e566980 View commit details

  2. feat: add tf-wrapper script for re-use between build tools (#100)

    @mikelaramie
    mikelaramie authored Jul 26, 2020
    Copy the full SHA
    e1d65c8 View commit details

  3. fix: readmes for cloud build with wrapper script and add missing symb… 

    …olic link (#111)
    @daniel-cit
    daniel-cit authored Jul 26, 2020
    Copy the full SHA
    c6b6e8d View commit details

  4. refactor: consolidate logging filters and add more sink destinations (#… 

    …112)
    @daniel-cit
    daniel-cit authored Jul 26, 2020
    Copy the full SHA
    8689312 View commit details

  5. refactor: explicitly provide values for 4-projects (#121)

    @bharathkkb
    bharathkkb authored Jul 26, 2020
    Copy the full SHA
    6fa24bd View commit details

Commits on Jul 27, 2020

  1. fix: DNS hub default regions and org id for tfvars (#140) 

    * make default region variables fro DNS hub consistent with the other environments

* add org_id to terraform.example.tfvars
    @daniel-cit
    daniel-cit authored Jul 27, 2020
    Copy the full SHA
    9c98dd4 View commit details

  2. fix: 2-environments symbolic link (#134)

    @amandakarina
    amandakarina authored Jul 27, 2020
    Copy the full SHA
    e6eb130 View commit details

Commits on Jul 28, 2020

  1. refactor: add folders and tidy up naming/structure for 4-projects (#131)

    @rjerrems
    rjerrems authored Jul 28, 2020
    Copy the full SHA
    c8bb59e View commit details
Showing with 13,328 additions and 2,346 deletions.
  1. +38 −8 .gitignore
  2. +106 −0 .kitchen.yml
  3. +61 −0 0-bootstrap/.gitignore
  4. +290 −0 0-bootstrap/README-Jenkins.md
  5. +25 −7 0-bootstrap/README.md
  6. +1 −1 0-bootstrap/backend.tf.example
  7. +132 −17 0-bootstrap/main.tf
  8. +159 −0 0-bootstrap/modules/jenkins-agent/README.md
  9. +84 −0 0-bootstrap/modules/jenkins-agent/files/jenkins_gce_startup_script.sh
  10. +259 −0 0-bootstrap/modules/jenkins-agent/main.tf
  11. +48 −0 0-bootstrap/modules/jenkins-agent/outputs.tf
  12. +193 −0 0-bootstrap/modules/jenkins-agent/variables.tf
  13. +24 −0 0-bootstrap/modules/jenkins-agent/versions.tf
  14. +37 −0 0-bootstrap/outputs.tf
  15. +16 −0 0-bootstrap/terraform.example.tfvars
  16. +48 −0 0-bootstrap/variables.tf
  17. +61 −0 1-org/.gitignore
  18. +57 −34 1-org/README.md
  19. +59 −0 1-org/envs/shared/README.md
  20. +1 −1 3-projects/backend.tf.example → 1-org/envs/shared/backend.tf
  21. +4 −12 {3-projects → 1-org/envs/shared}/folders.tf
  22. +10 −16 1-org/{ → envs/shared}/iam.tf
  23. +121 −0 1-org/envs/shared/log_sinks.tf
  24. +10 −1 1-org/{ → envs/shared}/org_policy.tf
  25. +85 −0 1-org/envs/shared/outputs.tf
  26. +205 −0 1-org/envs/shared/projects.tf
  27. +49 −0 1-org/envs/shared/providers.tf
  28. +54 −0 1-org/envs/shared/scc_notification.tf
  29. +5 −3 1-org/{ → envs/shared}/terraform.example.tfvars
  30. +207 −0 1-org/envs/shared/variables.tf
  31. 0 1-org/{ → envs/shared}/versions.tf
  32. +0 −48 1-org/folders.tf
  33. +0 −105 1-org/log_sinks.tf
  34. +0 −143 1-org/projects.tf
  35. +61 −0 2-environments/.gitignore
  36. +81 −0 2-environments/README.md
  37. +22 −0 2-environments/envs/development/README.md
  38. +5 −3 3-projects/modules/project_subnet/output.tf → 2-environments/envs/development/backend.tf
  39. +28 −0 2-environments/envs/development/main.tf
  40. +40 −0 2-environments/envs/development/outputs.tf
  41. +49 −0 2-environments/envs/development/providers.tf
  42. +1 −0 2-environments/envs/development/terraform.tfvars
  43. +3 −41 {1-org → 2-environments/envs/development}/variables.tf
  44. +22 −0 2-environments/envs/non-production/README.md
  45. +5 −5 3-projects/modules/folder_environments/output.tf → 2-environments/envs/non-production/backend.tf
  46. +28 −0 2-environments/envs/non-production/main.tf
  47. +40 −0 2-environments/envs/non-production/outputs.tf
  48. +49 −0 2-environments/envs/non-production/providers.tf
  49. +1 −0 2-environments/envs/non-production/terraform.tfvars
  50. +41 −0 2-environments/envs/non-production/variables.tf
  51. +24 −0 2-environments/envs/production/README.md
  52. +22 −0 2-environments/envs/production/backend.tf
  53. +9 −14 3-projects/modules/standard_projects/data.tf → 2-environments/envs/production/main.tf
  54. +40 −0 2-environments/envs/production/outputs.tf
  55. +49 −0 2-environments/envs/production/providers.tf
  56. +1 −0 2-environments/envs/production/terraform.tfvars
  57. +9 −16 {3-projects → 2-environments/envs/production}/variables.tf
  58. +37 −0 2-environments/modules/env_baseline/README.md
  59. +33 −0 2-environments/modules/env_baseline/folders.tf
  60. +7 −6 3-projects/modules/single_project/data.tf → 2-environments/modules/env_baseline/iam.tf
  61. +19 −0 2-environments/modules/env_baseline/main.tf
  62. +50 −0 2-environments/modules/env_baseline/monitoring.tf
  63. +89 −0 2-environments/modules/env_baseline/networking.tf
  64. +40 −0 2-environments/modules/env_baseline/outputs.tf
  65. +48 −0 2-environments/modules/env_baseline/secrets.tf
  66. +128 −0 2-environments/modules/env_baseline/variables.tf
  67. +3 −8 {3-projects → 2-environments}/terraform.example.tfvars
  68. +0 −63 2-networks/README.md
  69. +0 −98 2-networks/main.tf
  70. +0 −32 2-networks/modules/standard_shared_vpc/README.md
  71. +0 −73 2-networks/modules/standard_shared_vpc/firewall.tf
  72. +0 −113 2-networks/modules/standard_shared_vpc/main.tf
  73. +0 −76 2-networks/modules/standard_shared_vpc/variables.tf
  74. +0 −93 2-networks/outputs.tf
  75. +61 −0 3-networks/.gitignore
  76. +130 −0 3-networks/README.md
  77. +17 −0 3-networks/access_context.auto.example.tfvars
  78. +28 −0 3-networks/common.auto.example.tfvars
  79. +50 −0 3-networks/envs/development/README.md
  80. +1 −0 3-networks/envs/development/access_context.auto.tfvars
  81. +22 −0 3-networks/envs/development/backend.tf
  82. +1 −0 3-networks/envs/development/common.auto.tfvars
  83. +99 −0 3-networks/envs/development/interconnect.tf.example
  84. +146 −0 3-networks/envs/development/main.tf
  85. +103 −0 3-networks/envs/development/outputs.tf
  86. +49 −0 3-networks/envs/development/providers.tf
  87. +69 −0 3-networks/envs/development/variables.tf
  88. 0 {2-networks/modules/standard_shared_vpc → 3-networks/envs/development}/versions.tf
  89. +106 −0 3-networks/envs/development/vpn.tf.example
  90. +50 −0 3-networks/envs/non-production/README.md
  91. +1 −0 3-networks/envs/non-production/access_context.auto.tfvars
  92. +22 −0 3-networks/envs/non-production/backend.tf
  93. +1 −0 3-networks/envs/non-production/common.auto.tfvars
  94. +99 −0 3-networks/envs/non-production/interconnect.tf.example
  95. +149 −0 3-networks/envs/non-production/main.tf
  96. +103 −0 3-networks/envs/non-production/outputs.tf
  97. +49 −0 3-networks/envs/non-production/providers.tf
  98. +69 −0 3-networks/envs/non-production/variables.tf
  99. 0 {2-networks → 3-networks/envs/non-production}/versions.tf
  100. +105 −0 3-networks/envs/non-production/vpn.tf.example
  101. +50 −0 3-networks/envs/production/README.md
  102. +1 −0 3-networks/envs/production/access_context.auto.tfvars
  103. +1 −2 2-networks/backend.tf.example → 3-networks/envs/production/backend.tf
  104. +1 −0 3-networks/envs/production/common.auto.tfvars
  105. +99 −0 3-networks/envs/production/interconnect.tf.example
  106. +146 −0 3-networks/envs/production/main.tf
  107. +103 −0 3-networks/envs/production/outputs.tf
  108. +49 −0 3-networks/envs/production/providers.tf
  109. +69 −0 3-networks/envs/production/variables.tf
  110. 0 {3-projects → 3-networks/envs/production}/versions.tf
  111. +105 −0 3-networks/envs/production/vpn.tf.example
  112. +32 −0 3-networks/envs/shared/README.md
  113. +22 −0 3-networks/envs/shared/backend.tf
  114. +1 −0 3-networks/envs/shared/common.auto.tfvars
  115. +57 −0 3-networks/envs/shared/interconnect.tf.example
  116. +160 −0 3-networks/envs/shared/main.tf
  117. +20 −0 3-networks/envs/shared/outputs.tf
  118. +49 −0 3-networks/envs/shared/providers.tf
  119. +1 −0 3-networks/envs/shared/shared.auto.tfvars
  120. +69 −0 3-networks/envs/shared/variables.tf
  121. +19 −0 3-networks/envs/shared/versions.tf
  122. +46 −0 3-networks/modules/base_shared_vpc/README.md
  123. 0 {2-networks/modules/standard_shared_vpc → 3-networks/modules/base_shared_vpc}/data.tf
  124. +44 −5 {2-networks/modules/standard_shared_vpc → 3-networks/modules/base_shared_vpc}/dns.tf
  125. +138 −0 3-networks/modules/base_shared_vpc/firewall.tf
  126. +150 −0 3-networks/modules/base_shared_vpc/main.tf
  127. +90 −0 3-networks/modules/base_shared_vpc/nat.tf
  128. +19 −0 {2-networks/modules/standard_shared_vpc → 3-networks/modules/base_shared_vpc}/outputs.tf
  129. +133 −0 3-networks/modules/base_shared_vpc/variables.tf
  130. +19 −0 3-networks/modules/base_shared_vpc/versions.tf
  131. +62 −0 3-networks/modules/dedicated_interconnect/README.md
  132. +125 −0 3-networks/modules/dedicated_interconnect/main.tf
  133. +55 −0 3-networks/modules/dedicated_interconnect/outputs.tf
  134. +163 −0 3-networks/modules/dedicated_interconnect/variables.tf
  135. +49 −0 3-networks/modules/restricted_shared_vpc/README.md
  136. +31 −0 3-networks/modules/restricted_shared_vpc/data.tf
  137. +136 −0 3-networks/modules/restricted_shared_vpc/dns.tf
  138. +137 −0 3-networks/modules/restricted_shared_vpc/firewall.tf
  139. +152 −0 3-networks/modules/restricted_shared_vpc/main.tf
  140. +89 −0 3-networks/modules/restricted_shared_vpc/nat.tf
  141. +80 −0 3-networks/modules/restricted_shared_vpc/outputs.tf
  142. +56 −0 3-networks/modules/restricted_shared_vpc/service_control.tf
  143. +147 −0 3-networks/modules/restricted_shared_vpc/variables.tf
  144. +19 −0 3-networks/modules/restricted_shared_vpc/versions.tf
  145. +56 −0 3-networks/modules/vpn-ha/README.md
  146. +224 −0 3-networks/modules/vpn-ha/main.tf
  147. +171 −0 3-networks/modules/vpn-ha/variables.tf
  148. +17 −0 3-networks/shared.auto.example.tfvars
  149. +0 −54 3-projects/README.md
  150. +0 −45 3-projects/example_single_project_optional.tf
  151. +0 −54 3-projects/example_standard_project_optional.tf
  152. +0 −16 3-projects/modules/folder_environments/README.md
  153. +0 −117 3-projects/modules/private_dns/README.md
  154. +0 −82 3-projects/modules/private_dns/main.tf
  155. +0 −54 3-projects/modules/private_dns/variables.tf
  156. +0 −146 3-projects/modules/project_subnet/README.md
  157. +0 −65 3-projects/modules/project_subnet/main.tf
  158. +0 −72 3-projects/modules/project_subnet/variables.tf
  159. +0 −16 3-projects/modules/single_project/README.md
  160. +0 −72 3-projects/modules/single_project/main.tf
  161. +0 −100 3-projects/modules/single_project/variables.tf
  162. +0 −16 3-projects/modules/standard_projects/README.md
  163. +0 −122 3-projects/modules/standard_projects/main.tf
  164. +0 −115 3-projects/modules/standard_projects/variables.tf
  165. +61 −0 4-projects/.gitignore
  166. +96 −0 4-projects/README.md
  167. +14 −0 4-projects/business_unit_1/development/README.md
  168. +22 −0 4-projects/business_unit_1/development/backend.tf
  169. +1 −0 4-projects/business_unit_1/development/common.auto.tfvars
  170. +1 −0 4-projects/business_unit_1/development/development.auto.tfvars
  171. +35 −0 4-projects/business_unit_1/development/example_base_shared_vpc_project.tf
  172. +33 −0 4-projects/business_unit_1/development/example_floating_project.tf
  173. +38 −0 4-projects/business_unit_1/development/example_restricted_shared_vpc_project.tf
  174. +3 −7 ...jects/modules/folder_environments/variables.tf → 4-projects/business_unit_1/development/folder.tf
  175. 0 {3-projects → 4-projects/business_unit_1/development}/providers.tf
  176. +52 −0 4-projects/business_unit_1/development/variables.tf
  177. +14 −0 4-projects/business_unit_1/non-production/README.md
  178. +22 −0 4-projects/business_unit_1/non-production/backend.tf
  179. +1 −0 4-projects/business_unit_1/non-production/common.auto.tfvars
  180. +34 −0 4-projects/business_unit_1/non-production/example_base_shared_vpc_project.tf
  181. +33 −0 4-projects/business_unit_1/non-production/example_floating_project.tf
  182. +39 −0 4-projects/business_unit_1/non-production/example_restricted_shared_vpc_project.tf
  183. +21 −0 4-projects/business_unit_1/non-production/folder.tf
  184. +1 −0 4-projects/business_unit_1/non-production/non-production.auto.tfvars
  185. +0 −1 {2-networks → 4-projects/business_unit_1/non-production}/providers.tf
  186. +52 −0 4-projects/business_unit_1/non-production/variables.tf
  187. +15 −0 4-projects/business_unit_1/production/README.md
  188. +22 −0 4-projects/business_unit_1/production/backend.tf
  189. +1 −0 4-projects/business_unit_1/production/common.auto.tfvars
  190. +34 −0 4-projects/business_unit_1/production/example_base_shared_vpc_project.tf
  191. +12 −10 .../example_standard_projects.tf → 4-projects/business_unit_1/production/example_floating_project.tf
  192. +39 −0 4-projects/business_unit_1/production/example_restricted_shared_vpc_project.tf
  193. +21 −0 4-projects/business_unit_1/production/folder.tf
  194. +1 −0 4-projects/business_unit_1/production/production.auto.tfvars
  195. +0 −1 {1-org → 4-projects/business_unit_1/production}/providers.tf
  196. +58 −0 4-projects/business_unit_1/production/variables.tf
  197. +14 −0 4-projects/business_unit_2/development/README.md
  198. +22 −0 4-projects/business_unit_2/development/backend.tf
  199. +1 −0 4-projects/business_unit_2/development/common.auto.tfvars
  200. +1 −0 4-projects/business_unit_2/development/development.auto.tfvars
  201. +34 −0 4-projects/business_unit_2/development/example_base_shared_vpc_project.tf
  202. +33 −0 4-projects/business_unit_2/development/example_floating_project.tf
  203. +38 −0 4-projects/business_unit_2/development/example_restricted_shared_vpc_project.tf
  204. +21 −0 4-projects/business_unit_2/development/folder.tf
  205. +48 −0 4-projects/business_unit_2/development/providers.tf
  206. +52 −0 4-projects/business_unit_2/development/variables.tf
  207. +14 −0 4-projects/business_unit_2/non-production/README.md
  208. +22 −0 4-projects/business_unit_2/non-production/backend.tf
  209. +1 −0 4-projects/business_unit_2/non-production/common.auto.tfvars
  210. +34 −0 4-projects/business_unit_2/non-production/example_base_shared_vpc_project.tf
  211. +35 −0 4-projects/business_unit_2/non-production/example_floating_project.tf
  212. +38 −0 4-projects/business_unit_2/non-production/example_restricted_shared_vpc_project.tf
  213. +21 −0 4-projects/business_unit_2/non-production/folder.tf
  214. +1 −0 4-projects/business_unit_2/non-production/non-production.auto.tfvars
  215. +48 −0 4-projects/business_unit_2/non-production/providers.tf
  216. +52 −0 4-projects/business_unit_2/non-production/variables.tf
  217. +14 −0 4-projects/business_unit_2/production/README.md
  218. +22 −0 4-projects/business_unit_2/production/backend.tf
  219. +1 −0 4-projects/business_unit_2/production/common.auto.tfvars
  220. +34 −0 4-projects/business_unit_2/production/example_base_shared_vpc_project.tf
  221. +13 −9 ...cts/example_single_project.tf → 4-projects/business_unit_2/production/example_floating_project.tf
  222. +38 −0 4-projects/business_unit_2/production/example_restricted_shared_vpc_project.tf
  223. +20 −0 4-projects/business_unit_2/production/folder.tf
  224. +1 −0 4-projects/business_unit_2/production/production.auto.tfvars
  225. +48 −0 4-projects/business_unit_2/production/providers.tf
  226. +52 −0 4-projects/business_unit_2/production/variables.tf
  227. +6 −3 2-networks/terraform.example.tfvars → 4-projects/common.auto.example.tfvars
  228. +17 −0 4-projects/development.auto.example.tfvars
  229. +26 −0 4-projects/modules/single_project/README.md
  230. +26 −0 4-projects/modules/single_project/data.tf
  231. +53 −0 4-projects/modules/single_project/main.tf
  232. +120 −0 4-projects/modules/single_project/variables.tf
  233. +17 −0 4-projects/non-production.auto.example.tfvars
  234. +17 −0 4-projects/production.auto.example.tfvars
  235. +1 −1 CODEOWNERS
  236. +20 −0 ERRATA.md
  237. +48 −0 Makefile
  238. +187 −72 README.md
  239. +110 −0 build/Jenkinsfile
  240. +42 −17 build/cloudbuild-tf-apply.yaml
  241. +18 −14 build/cloudbuild-tf-plan.yaml
  242. +138 −0 build/int.cloudbuild.yaml
  243. 0 build/{cloudbuild.lint.yaml → lint.cloudbuild.yaml}
  244. +182 −0 build/tf-wrapper.sh
  245. +25 −0 test/clean_org.sh
  246. +25 −0 test/export_sc.sh
  247. +25 −0 test/fixtures/bootstrap/main.tf
  248. +45 −0 test/fixtures/bootstrap/outputs.tf
  249. +37 −0 test/fixtures/bootstrap/variables.tf
  250. +26 −0 test/fixtures/dns_hub/main.tf
  251. +20 −0 test/fixtures/dns_hub/outputs.tf
  252. +35 −0 test/fixtures/dns_hub/variables.tf
  253. +42 −0 test/fixtures/envs/main.tf
  254. +95 −0 test/fixtures/envs/outputs.tf
  255. +35 −0 test/fixtures/envs/variables.tf
  256. +48 −0 test/fixtures/networks/main.tf
  257. +45 −0 test/fixtures/networks/outputs.tf
  258. +39 −0 test/fixtures/networks/variables.tf
  259. +34 −0 test/fixtures/org/main.tf
  260. +85 −0 test/fixtures/org/outputs.tf
  261. +18 −12 3-projects/modules/folder_environments/main.tf → test/fixtures/org/variables.tf
  262. +77 −0 test/fixtures/projects/main.tf
  263. +56 −0 test/fixtures/projects/variables.tf
  264. +80 −0 test/integration/bootstrap/controls/gcloud_cloudbuild.rb
  265. +82 −0 test/integration/bootstrap/controls/gcp_bootstrap.rb
  266. +41 −0 test/integration/bootstrap/controls/gcp_cloudbuild.rb
  267. +24 −0 test/integration/bootstrap/inspec.yml
  268. +52 −0 test/integration/dns_hub/controls/gcloud_dns_hub.rb
  269. +119 −0 test/integration/dns_hub/controls/gcp_dns_hub.rb
  270. +9 −0 test/integration/dns_hub/inspec.yml
  271. +104 −0 test/integration/envs/controls/development.rb
  272. +103 −0 test/integration/envs/controls/non-production.rb
  273. +104 −0 test/integration/envs/controls/production.rb
  274. +53 −0 test/integration/envs/inspec.yml
  275. +13 −0 test/integration/networks/controls/networks.rb
  276. +4 −0 test/integration/networks/inspec.yml
  277. +89 −0 test/integration/org/controls/gcloud_policy.rb
  278. +40 −0 test/integration/org/controls/gcloud_scc.rb
  279. +101 −0 test/integration/org/controls/gcp_logging.rb
  280. +154 −0 test/integration/org/controls/gcp_projects.rb
  281. +51 −0 test/integration/org/inspec.yml
  282. +13 −0 test/integration/projects/controls/projects.rb
  283. +4 −0 test/integration/projects/inspec.yml
  284. +64 −0 test/setup/iam.tf
  285. +52 −0 test/setup/main.tf
  286. +50 −0 test/setup/outputs.tf
  287. +8 −9 {2-networks → test/setup}/variables.tf
46 changes: 38 additions & 8 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,29 @@
# OSX leaves these everywhere on SMB shares
._*

# Created by https://www.gitignore.io/api/terraform
# Edit at https://www.gitignore.io/?templates=terraform
# OSX trash
.DS_Store

# Python
*.pyc

# Emacs save files
*~
\#*\#
.\#*

# Vim-related files
[._]*.s[a-w][a-z]
[._]s[a-w][a-z]
*.un~
Session.vim
.netrwhist

# IntelliJ IDEA files:
.idea/

### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore

### Terraform ###
# Local .terraform directories
**/.terraform/*

@@ -26,11 +47,20 @@ override.tf.json
*_override.tf
*_override.tf.json
.idea/
.vscode/
# Kitchen files
**/inspec.lock
**.gem
**/.kitchen
**/.kitchen.local.yml
**/Gemfile.lock

test/fixtures/shared/terraform.tfvars

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
test/integration/gcloud/config.sh
test/integration/tmp

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
credentials.json

# End of https://www.gitignore.io/api/terraform
# File to populate env vars used by Docker test runs
.envrc
106 changes: 106 additions & 0 deletions .kitchen.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
driver:
name: terraform
command_timeout: 2700

provisioner:
name: terraform

verifier:
name: terraform

platforms:
- name: default

suites:
- name: bootstrap
driver:
root_module_directory: test/fixtures/bootstrap/
verifier:
color: false
systems:
- name: inspec-gcp
backend: gcp
controls:
- gcp_bootstrap
- gcp_cloudbuild
- name: local
backend: local
controls:
- gcloud_cloudbuild
- name: org
driver:
root_module_directory: test/fixtures/org/
verifier:
color: false
systems:
- name: inspec-gcp
backend: gcp
controls:
- gcp_logging
- gcp_projects
- name: local
backend: local
controls:
- gcloud_scc
- gcloud_policy
- name: envs
driver:
root_module_directory: test/fixtures/envs/
verifier:
color: false
systems:
- name: inspec-gcp
backend: gcp
controls:
- development
- non-production
- production
- name: dns_hub
driver:
root_module_directory: test/fixtures/dns_hub/
verifier:
color: false
systems:
- name: inspec-gcp
backend: gcp
controls:
- gcp_dns_hub
- name: local
backend: local
controls:
- gcloud_dns_hub
- name: networks
driver:
root_module_directory: test/fixtures/networks/
verifier:
color: false
systems:
- name: networks
backend: local
controls:
- networks
- name: projects
driver:
root_module_directory: test/fixtures/projects/
verifier:
color: false
systems:
- name: projects
backend: local
controls:
- projects
61 changes: 61 additions & 0 deletions 0-bootstrap/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# OSX leaves these everywhere on SMB shares
._*

# OSX trash
.DS_Store

# Python
*.pyc

# Emacs save files
*~
\#*\#
.\#*

# Vim-related files
[._]*.s[a-w][a-z]
[._]s[a-w][a-z]
*.un~
Session.vim
.netrwhist

# IntelliJ IDEA files:
.idea/

### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore

# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.*

# Crash log files
crash.log

# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
.idea/
.vscode/
# Kitchen files
**/inspec.lock
**.gem
**/.kitchen
**/.kitchen.local.yml
**/Gemfile.lock

credentials.json

# File to populate env vars used by Docker test runs
.envrc
Loading