├── .gitattributes ├── .github ├── conventional-commit-lint.yaml ├── release-please.yml ├── renovate.json ├── trusted-contribution.yml └── workflows │ ├── go-lint.yaml │ ├── go-test.yaml │ ├── lint.yaml │ └── stale.yml ├── .gitignore ├── 0-bootstrap ├── .gitignore ├── Dockerfile ├── README-GitHub.md ├── README-GitLab.md ├── README-Jenkins.md ├── README-Terraform-Cloud.md ├── README.md ├── backend.tf.cloud.example ├── backend.tf.example ├── backend.tf.local ├── builders │ ├── cb │ │ ├── Dockerfile │ │ ├── backend.tf │ │ ├── cb.tf │ │ ├── outputs.tf │ │ └── terraform.cb.tfvars │ ├── github │ │ ├── backend.tf │ │ ├── github.tf │ │ ├── github.tf.example │ │ ├── outputs.tf │ │ └── terraform.github.tfvars │ ├── gitlab │ │ ├── backend.tf │ │ ├── gitlab.tf │ │ ├── gitlab.tf.example │ │ ├── outputs.tf │ │ └── terraform.gitlab.tfvars │ ├── jenkins │ │ ├── backend.tf │ │ ├── jenkins.tf │ │ ├── jenkins.tf.example │ │ ├── outputs.tf │ │ └── terraform.jenkins.tfvars │ ├── tf.cloud │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── outputs.tf │ │ ├── terraform.tf_cloud.tfvars │ │ ├── terraform_cloud.tf │ │ └── terraform_cloud.tf.example │ └── tf.local │ │ ├── backend.tf │ │ ├── backend.tf.example │ │ ├── outputs.tf │ │ ├── terraform.local.tfvars │ │ └── terraform_local.tf ├── cb.tf.example ├── content.sh ├── files │ └── private_key_example.png ├── github.tf.example ├── gitlab.tf.example ├── groups.tf ├── jenkins.tf.example ├── main.tf ├── modules │ ├── cb-private-pool │ │ ├── README.md │ │ ├── main.tf │ │ ├── network.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ ├── versions.tf │ │ └── vpn_ha.tf │ ├── gitlab-oidc │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── jenkins-agent │ │ ├── README.md │ │ ├── files │ │ │ └── jenkins_gce_startup_script.sh │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ ├── versions.tf │ │ └── vpn_ha.tf │ ├── parent-iam-member │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── parent-iam-remove-role │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── tfc-agent-gke │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── onprem.md ├── outputs.tf.example ├── outputs.tf.local ├── prep.sh ├── provider.tf ├── sa.tf ├── scripts │ ├── git_create_branches_helper.sh │ └── push-to-repo.sh ├── terraform-local.tf.example ├── terraform.example.tfvars ├── terraform_cloud.tf.example ├── variables.tf └── versions.tf ├── 1-org ├── .gitignore ├── README.md ├── envs │ └── shared │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── cai_monitoring.tf │ │ ├── essential_contacts.tf │ │ ├── folders.tf │ │ ├── iam.tf │ │ ├── log_sinks.tf │ │ ├── org_policy.tf │ │ ├── outputs.tf │ │ ├── projects.tf │ │ ├── providers.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── scc_notification.tf │ │ ├── tags.tf │ │ ├── terraform.example.tfvars │ │ ├── terraform.mod.tfvars │ │ ├── variables.tf │ │ └── versions.tf └── modules │ ├── cai-monitoring │ ├── README.md │ ├── function-source │ │ ├── index.js │ │ ├── package-lock.json │ │ └── package.json │ ├── iam.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf │ ├── centralized-logging │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf │ └── network │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 2-environments ├── .gitignore ├── README.md ├── envs │ ├── development │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ ├── identity │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ ├── management │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ ├── nonproduction │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ └── production │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── terraform.tfvars │ │ └── variables.tf ├── modules │ ├── env_baseline │ │ ├── README.md │ │ ├── assured_workload.tf │ │ ├── folders.tf │ │ ├── iam.tf │ │ ├── kms.tf │ │ ├── monitoring.tf │ │ ├── outputs.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── secrets.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── env_enabled │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf ├── terraform.example.tfvars ├── terraform.mod.tfvars └── terraform.tfvars ├── 3-networks-dual-svpc ├── .gitignore ├── README.md ├── access_context.auto.example.tfvars ├── access_context.auto.mod.tfvars ├── access_context.auto.tfvars ├── common.auto.example.tfvars ├── common.auto.mod.tfvars ├── common.auto.tfvars ├── envs │ ├── development │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── nonproduction │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── production │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── shared │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── dns-hub.tf │ │ ├── hierarchical_firewall.tf │ │ ├── interconnect.tf.example │ │ ├── outputs.tf │ │ ├── partner_interconnect.auto.tfvars.example │ │ ├── partner_interconnect.tf.example │ │ ├── providers.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── shared.auto.tfvars │ │ ├── variables.tf │ │ └── versions.tf ├── modules │ ├── base_env │ │ ├── README.md │ │ ├── interconnect.tf.example │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── partner_interconnect.tf.example │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── variables.tf │ │ ├── versions.tf │ │ └── vpn.tf.example │ ├── base_shared_vpc │ │ ├── README.md │ │ ├── dns.tf │ │ ├── firewall.tf │ │ ├── main.tf │ │ ├── nat.tf │ │ ├── outputs.tf │ │ ├── private_service_connect.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── dedicated_interconnect │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── hierarchical_firewall_policy │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── partner_interconnect │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── restricted_shared_vpc │ │ ├── README.md │ │ ├── dns.tf │ │ ├── firewall.tf │ │ ├── main.tf │ │ ├── nat.tf │ │ ├── outputs.tf │ │ ├── private_service_connect.tf │ │ ├── service_control.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── vpn-ha │ │ ├── README.md │ │ ├── main.tf │ │ └── variables.tf ├── shared.auto.example.tfvars ├── shared.auto.mod.tfvars └── shared.auto.tfvars ├── 3-networks-hub-and-spoke ├── .gitignore ├── README.md ├── access_context.auto.example.tfvars ├── access_context.auto.mod.tfvars ├── access_context.auto.tfvars ├── common.auto.example.tfvars ├── common.auto.mod.tfvars ├── common.auto.tfvars ├── envs │ ├── development │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── identity │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── management │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── nonproduction │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── production │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── shared │ │ ├── README.md │ │ ├── access_context.auto.tfvars │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── dns-hub.tf │ │ ├── hierarchical_firewall.tf │ │ ├── interconnect.auto.tfvars.example │ │ ├── interconnect.tf.example │ │ ├── main.tf │ │ ├── net-hubs-transitivity.tf │ │ ├── net-hubs.tf │ │ ├── outputs.tf │ │ ├── partner_interconnect.auto.tfvars.example │ │ ├── partner_interconnect.tf.example │ │ ├── providers.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── shared.auto.tfvars │ │ ├── variables.tf │ │ └── versions.tf ├── modules │ ├── base_env │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── variables.tf │ │ ├── versions.tf │ │ └── vpn.tf.example │ ├── base_shared_vpc │ │ ├── README.md │ │ ├── dns.tf │ │ ├── firewall.tf │ │ ├── main.tf │ │ ├── nat.tf │ │ ├── outputs.tf │ │ ├── private_service_connect.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── dedicated_interconnect │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── env_enabled │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── hierarchical_firewall_policy │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── nhas_config │ │ ├── dns_hub_config │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ └── variables.tf │ │ ├── net_hub_config │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ └── variables.tf │ │ └── vpc_config │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ └── variables.tf │ ├── partner_interconnect │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── restricted_shared_vpc │ │ ├── README.md │ │ ├── dns.tf │ │ ├── firewall.tf │ │ ├── main.tf │ │ ├── nat.tf │ │ ├── outputs.tf │ │ ├── private_service_connect.tf │ │ ├── service_control.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── transitivity │ │ ├── README.md │ │ ├── assets │ │ │ └── gw.yaml │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── vpn-ha │ │ ├── README.md │ │ ├── main.tf │ │ └── variables.tf ├── shared.auto.example.tfvars ├── shared.auto.mod.tfvars ├── shared.auto.tfvars ├── vpc_config.yaml ├── vpc_config_tef_scheme.yaml └── vpc_config_yaml.md ├── 4-projects ├── .gitignore ├── README.md ├── business_unit_1 │ ├── development │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── development.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── nonproduction │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── non-production.auto.tfvars │ │ ├── outputs.tf │ │ └── variables.tf │ ├── production │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── production.auto.tfvars │ │ └── variables.tf │ └── shared │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── example_infra_pipeline.tf │ │ ├── outputs.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── shared.auto.tfvars │ │ └── variables.tf ├── business_unit_2 │ ├── development │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── development.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── nonproduction │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── non-production.auto.tfvars │ │ ├── outputs.tf │ │ └── variables.tf │ ├── production │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── production.auto.tfvars │ │ └── variables.tf │ └── shared │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── example_infra_pipeline.tf │ │ ├── outputs.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── shared.auto.tfvars │ │ └── variables.tf ├── business_units │ ├── development │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── development.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── identity │ │ ├── README.md │ │ ├── backend.tf │ │ ├── common.auto.tfvars │ │ ├── identity.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── management │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── management.auto.tfvars │ │ ├── outputs.tf │ │ └── variables.tf │ ├── nonproduction │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── nonproduction.auto.tfvars │ │ ├── outputs.tf │ │ └── variables.tf │ ├── production │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── production.auto.tfvars │ │ └── variables.tf │ └── shared │ │ ├── README.md │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── common.auto.tfvars │ │ ├── infra_pipeline.tf.example │ │ ├── outputs.tf │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── shared.auto.tfvars │ │ └── variables.tf ├── common.auto.example.tfvars ├── common.auto.mod.tfvars ├── common.auto.tfvars ├── development.auto.example.tfvars ├── development.auto.mod.tfvars ├── development.auto.tfvars ├── identity.auto.mod.tfvars ├── identity.auto.tfvars ├── management.auto.mod.tfvars ├── management.auto.tfvars ├── modules │ ├── base_env │ │ ├── README.md │ │ ├── base_shared_vpc_project.tf │ │ ├── base_shared_vpc_project.tf.example │ │ ├── business_unit_folder.tf │ │ ├── business_unit_folder.tf.example │ │ ├── example_base_shared_vpc_project.tf │ │ ├── example_floating_project.tf │ │ ├── example_peering_project.tf │ │ ├── example_restricted_shared_vpc_project.tf │ │ ├── example_storage_cmek.tf │ │ ├── floating_project.tf │ │ ├── floating_project.tf.example │ │ ├── outputs.tf │ │ ├── peering_project.tf │ │ ├── peering_project.tf.example │ │ ├── remote.tf │ │ ├── remote.tf.cloud.example │ │ ├── restricted_shared_vpc_project.tf │ │ ├── restricted_shared_vpc_project.tf.example │ │ ├── storage_cmek.tf.example │ │ ├── variables.tf │ │ └── versions.tf │ ├── bu_folder │ │ ├── business_unit_folder.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── env_enabled │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── infra_pipelines │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── peering_net │ │ ├── main.tf │ │ └── variables.tf │ ├── prj_config │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── single_project │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── nonproduction.auto.example.tfvars ├── nonproduction.auto.mod.tfvars ├── nonproduction.auto.tfvars ├── prj_config.yaml ├── prj_config_tef_scheme.yaml ├── production.auto.example.tfvars ├── production.auto.mod.tfvars ├── production.auto.tfvars ├── shared.auto.example.tfvars ├── shared.auto.mod.tfvars └── shared.auto.tfvars ├── 5-app-infra ├── .gitignore ├── README.md ├── business_unit_1 │ ├── development │ │ ├── README.md │ │ ├── backend.tf │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── nonproduction │ │ ├── README.md │ │ ├── backend.tf │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── production │ │ ├── README.md │ │ ├── backend.tf │ │ ├── common.auto.tfvars │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── common.auto.example.tfvars ├── common.auto.mod.tfvars └── modules │ └── env_base │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 6-org-policies ├── .gitignore ├── common │ ├── backend.tf │ ├── org_policy_common.tf │ ├── providers.tf │ ├── remote.tf │ ├── terraform.mod.tfvars │ ├── variables.tf │ └── versions.tf ├── development │ ├── backend.tf │ ├── org_policy_dev_shared.tf │ ├── providers.tf │ ├── remote.tf │ ├── terraform.mod.tfvars │ ├── variables.tf │ └── versions.tf ├── identity │ ├── backend.tf │ ├── org_policy_identity.tf │ ├── providers.tf │ ├── remote.tf │ ├── terraform.mod.tfvars │ ├── variables.tf │ └── versions.tf ├── management │ ├── backend.tf │ ├── org_policy_mgmt.tf │ ├── providers.tf │ ├── remote.tf │ ├── terraform.mod.tfvars │ ├── variables.tf │ └── versions.tf ├── nonproduction │ ├── backend.tf │ ├── org_policy_nonprod.tf │ ├── providers.tf │ ├── remote.tf │ ├── terraform.mod.tfvars │ ├── variables.tf │ └── versions.tf ├── production │ ├── backend.tf │ ├── org_policy_prod.tf │ ├── providers.tf │ ├── remote.tf │ ├── terraform.mod.tfvars │ ├── variables.tf │ └── versions.tf └── readme.md ├── 7-fortigate ├── .gitignore ├── README.md ├── helpers │ └── update_state_bucket.sh ├── prepare.sh └── shared │ ├── .gitignore │ ├── active │ ├── backend.tpl │ ├── loadbalance.tf │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── passive │ ├── pbr.tf │ ├── shared.auto.mod.tfvars │ └── vars.tf ├── CHANGELOG.md ├── CODEOWNERS ├── CONTRIBUTING.MD ├── CONTRIBUTING.md ├── ERRATA.md ├── LICENSE ├── Makefile ├── README.md ├── automation-scripts ├── 0-bootstrap │ └── 0-bootstrap.sh ├── 1-org │ └── 1-org.sh ├── 2-environments │ └── 2-environments.sh ├── 3-networks-hub-and-spoke │ └── 3-networks-hub-and-spoke.sh ├── 4-projects │ └── 4-projects.sh ├── 6-org-policies │ └── 6-org-policies.sh ├── 7-fortigate │ └── 7-fortigate.sh └── whole.sh ├── azure-pipelines ├── bootstrap_stage │ └── bootstrap.yaml ├── environments_stage │ └── environments.yaml ├── fortigate_stage │ └── fortigate.yaml ├── localize_terraform_modules │ └── localize_tf.yaml ├── network_hub_spoke_stage │ └── network_hub_spoke.yaml ├── org_stage │ └── org.yaml ├── orgpolicies_stage │ └── orgpolicies.yaml ├── pipeline copy.drawio.png ├── pipeline.drawio ├── pipeline.yaml ├── projects_stage │ └── projects.yaml └── templates │ ├── enable-services.yaml │ └── securefile-template.yaml ├── build ├── Jenkinsfile ├── cloudbuild-tf-apply.yaml ├── cloudbuild-tf-plan.yaml ├── github-tf-apply.yaml ├── github-tf-pull-request.yaml ├── gitlab-ci.yml ├── int.cloudbuild.yaml ├── lint.cloudbuild.yaml ├── run_gcp_auth.sh ├── tf-wrapper-mod.sh └── tf-wrapper.sh ├── cloudbuild.yaml ├── comment_out_module_versionss.py ├── docs ├── FAQ.md ├── GLOSSARY.md ├── TROUBLESHOOTING.md ├── ado-pipeline-documentation.md ├── change_resource_hierarchy.md ├── document-de-conception-technique.md ├── documentation-du-pipeline-ado.md ├── images │ ├── ado-clone.png │ ├── ado-jobs.png │ ├── ado-library.png │ ├── ado-run-stages.png │ ├── ado-run.png │ ├── architecture-with-appliance.svg │ ├── deployment-flowchart.svg │ ├── efb-key-decisions.svg │ ├── example-deployment-branching.svg │ ├── example-dns-setup.svg │ ├── example-hub-spoke.svg │ ├── example-identity-structure.svg │ ├── example-logging-structure.svg │ ├── example-org-structure.svg │ ├── resource-structure.png │ └── traffic-flow-appliance.svg ├── technical-design-document.md ├── upgrading_to_v2.0.md ├── upgrading_to_v3.0.md ├── upgrading_to_v4.0.md ├── vpc_config_yaml.en.md └── vpc_config_yaml.fr.md ├── fix_tfvars_symlinks.py ├── go.work ├── helpers └── foundation-deployer │ ├── README.md │ ├── gcp │ ├── gcp.go │ ├── gcp_test.go │ └── testdata │ │ ├── failure_build.json │ │ ├── queued_build.json │ │ ├── success_build.json │ │ └── working_build.json │ ├── global.tfvars.example │ ├── go.mod │ ├── go.sum │ ├── main.go │ ├── msg │ └── msg.go │ ├── stages │ ├── apply.go │ ├── data.go │ ├── destroy.go │ ├── validate.go │ └── vet.go │ ├── steps │ ├── steps.go │ ├── steps_test.go │ └── testdata │ │ └── existing.json │ └── utils │ ├── files.go │ ├── files_test.go │ ├── git.go │ ├── git_test.go │ ├── logger.go │ ├── tfvars.go │ └── tfvars_test.go ├── localize_terraform_modules.py ├── policy-library ├── lib │ ├── constraints.rego │ ├── util.rego │ └── util_test.rego └── policies │ ├── constraints │ ├── appengine_versions.yaml │ ├── bigquery_world_readable.yaml │ ├── dnssec_prevent_rsasha1_ksk.yaml │ ├── dnssec_prevent_rsasha1_zsk.yaml │ ├── gke_allow_only_private_cluster.yaml │ ├── gke_allowed_node_sa_scope.yaml │ ├── gke_container_optimized_os.yaml │ ├── gke_dashboard_disable.yaml │ ├── gke_disable_default_service_account.yaml │ ├── gke_disable_legacy_endpoints.yaml │ ├── gke_enable_alias_ip_ranges.yaml │ ├── gke_legacy_abac.yaml │ ├── gke_master_authorized_networks_enabled.yaml │ ├── gke_node_pool_auto_repair.yaml │ ├── gke_node_pool_auto_upgrade.yaml │ ├── gke_restrict_client_auth_methods.yaml │ ├── gke_restrict_pod_traffic.yaml │ ├── iam_deny_public.yaml │ ├── network_enable_flow_logs.yaml │ ├── network_enable_private_google_access.yaml │ ├── restrict_fw_rules_rdp_world_open.yaml │ ├── restrict_fw_rules_ssh_world_open.yaml │ ├── restrict_fw_rules_world_open.yaml │ ├── serviceusage_allow_basic_apis.yaml │ ├── sql_public_ip.yaml │ ├── sql_ssl.yaml │ ├── storage_bucket_policy_only.yaml │ └── storage_denylist_public.yaml │ └── templates │ ├── gcp_allowed_resource_types.yaml │ ├── gcp_always_violates_v1.yaml │ ├── gcp_app_service_versions.yaml │ ├── gcp_appengine_location_v1.yaml │ ├── gcp_bigquery_cmek_encryption_v1.yaml │ ├── gcp_bigquery_dataset_world_readable_v1.yaml │ ├── gcp_bigquery_table_retention_v1.yaml │ ├── gcp_bq_dataset_location_v1.yaml │ ├── gcp_cmek_rotation_v1.yaml │ ├── gcp_cmek_settings_v1.yaml │ ├── gcp_compute_allowed_networks.yaml │ ├── gcp_compute_disk_resource_policies_v1.yaml │ ├── gcp_compute_external_ip_address.yaml │ ├── gcp_compute_ip_forward.yaml │ ├── gcp_compute_zone_v1.yaml │ ├── gcp_dataproc_location_v1.yaml │ ├── gcp_dnssec_prevent_rsasha1_v1.yaml │ ├── gcp_dnssec_v1.yaml │ ├── gcp_enforce_labels_v1.yaml │ ├── gcp_enforce_naming_v1.yaml │ ├── gcp_gke_allowed_node_sa_v1.yaml │ ├── gcp_gke_cluster_location.yaml │ ├── gcp_gke_cluster_version_v1.yaml │ ├── gcp_gke_container_optimized_os.yaml │ ├── gcp_gke_dashboard_v1.yaml │ ├── gcp_gke_disable_default_service_account_v1.yaml │ ├── gcp_gke_disable_legacy_endpoints_v1.yaml │ ├── gcp_gke_enable_alias_ip_ranges.yaml │ ├── gcp_gke_enable_private_endpoint.yaml │ ├── gcp_gke_enable_shielded_nodes_v1.yaml │ ├── gcp_gke_enable_stackdriver_kubernetes_engine_monitoring_v1.yaml │ ├── gcp_gke_enable_stackdriver_logging_v1.yaml │ ├── gcp_gke_enable_stackdriver_monitoring_v1.yaml │ ├── gcp_gke_enable_workload_identity_v1.yaml │ ├── gcp_gke_legacy_abac_v1.yaml │ ├── gcp_gke_master_authorized_networks_enabled_v1.yaml │ ├── gcp_gke_node_auto_repair_v1.yaml │ ├── gcp_gke_node_auto_upgrade_v1.yaml │ ├── gcp_gke_private_cluster_v1.yaml │ ├── gcp_gke_restrict_client_auth_methods_v1.yaml │ ├── gcp_gke_restrict_pod_traffic_v1.yaml │ ├── gcp_glb_external_ip_access_constraint_v1.yaml │ ├── gcp_iam_allow_ban_roles_v1.yaml │ ├── gcp_iam_allowed_bindings.yaml │ ├── gcp_iam_allowed_policy_member_domains.yaml │ ├── gcp_iam_audit_log.yaml │ ├── gcp_iam_custom_role_permissions_v1.yaml │ ├── gcp_iam_required_bindings_v1.yaml │ ├── gcp_iam_restrict_service_account_creation_v1.yaml │ ├── gcp_iam_restrict_service_account_key_age_v1.yaml │ ├── gcp_iam_restrict_service_account_key_type_v1.yaml │ ├── gcp_lb_forwarding_rules.yaml │ ├── gcp_network_enable_firewall_logs_v1.yaml │ ├── gcp_network_enable_flow_logs_v1.yaml │ ├── gcp_network_enable_private_google_access_v1.yaml │ ├── gcp_network_restrict_default_v1.yaml │ ├── gcp_network_routing_v1.yaml │ ├── gcp_resource_value_pattern_v1.yaml │ ├── gcp_restricted_firewall_rules_v1.yaml │ ├── gcp_serviceusage_allowed_services_v1.yaml │ ├── gcp_spanner_location_v1.yaml │ ├── gcp_sql_allowed_authorized_networks_v1.yaml │ ├── gcp_sql_backup_v1.yaml │ ├── gcp_sql_instance_type_v1.yaml │ ├── gcp_sql_location_v1.yaml │ ├── gcp_sql_maintenance_window_v1.yaml │ ├── gcp_sql_public_ip_v1.yaml │ ├── gcp_sql_ssl_v1.yaml │ ├── gcp_sql_world_readable_v1.yaml │ ├── gcp_storage_bucket_policy_only_v1.yaml │ ├── gcp_storage_bucket_retention_v1.yaml │ ├── gcp_storage_bucket_world_readable_v1.yaml │ ├── gcp_storage_cmek_encryption_v1.yaml │ ├── gcp_storage_location_v1.yaml │ ├── gcp_storage_logging_v1.yaml │ ├── gcp_vpc_sc_allowed_regions.yaml │ ├── gcp_vpc_sc_ensure_access_levels_v1.yaml │ ├── gcp_vpc_sc_ensure_project_v1.yaml │ ├── gcp_vpc_sc_ensure_services_v1.yaml │ ├── gcp_vpc_sc_ip_range_v1.yaml │ └── gcp_vpc_sc_project_perimeter.yaml ├── scripts ├── set-tfc-backend-and-remote.sh └── validate-requirements.sh └── test ├── clean_org.sh ├── disable_tf_files.sh ├── integration ├── app-infra │ └── app_infra_test.go ├── bootstrap │ └── bootstrap_test.go ├── envs │ └── envs_test.go ├── go.mod ├── go.sum ├── networks │ └── networks_test.go ├── org │ └── org_test.go ├── projects-shared │ └── projects_shared_test.go ├── projects │ └── projects_test.go ├── shared │ └── shared_test.go └── testutils │ ├── api.go │ ├── gcp.go │ ├── retry.go │ ├── strings.go │ └── transforms.go ├── restore_tf_files.sh └── setup ├── iam.tf ├── main.tf ├── outputs.tf └── variables.tf /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text eol=lf 3 | 4 | 5 | *.txt text 6 | *.c text 7 | *.h text 8 | 9 | # Denote all files that are truly binary and should not be modified. 10 | *.png binary 11 | *.jpg binary 12 | *.pdf binary -------------------------------------------------------------------------------- /.github/conventional-commit-lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2023 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/github 17 | 18 | enabled: true 19 | always_check_pr_title: true 20 | -------------------------------------------------------------------------------- /.github/release-please.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | releaseType: terraform-module 16 | handleGHRelease: true 17 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"], 4 | "rebaseWhen": "conflicted" 5 | } 6 | -------------------------------------------------------------------------------- /.github/trusted-contribution.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/github 17 | 18 | annotations: 19 | - type: comment 20 | text: "/gcbrun" 21 | trustedContributors: 22 | - release-please[bot] 23 | - renovate[bot] 24 | - renovate-bot 25 | - forking-renovate[bot] 26 | - dependabot[bot] 27 | -------------------------------------------------------------------------------- /0-bootstrap/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "0-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /0-bootstrap/backend.tf.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/backend.tf.local: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/builders/cb/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/builders/github/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/builders/gitlab/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/builders/jenkins/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/builders/tf.cloud/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "0-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /0-bootstrap/builders/tf.cloud/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "0-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /0-bootstrap/builders/tf.local/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/builders/tf.local/backend.tf.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/content.sh: -------------------------------------------------------------------------------- 1 | content="variable \"gcp_credentials_file\" { 2 | description = \"Path to the Google Cloud Platform service account key file\" 3 | type = string 4 | }" 5 | echo "$content" >> variables.tf 6 | -------------------------------------------------------------------------------- /0-bootstrap/files/private_key_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/b4fd858409a36e23fcfed6acd295fba3ca0095a3/0-bootstrap/files/private_key_example.png -------------------------------------------------------------------------------- /0-bootstrap/modules/cb-private-pool/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.77" 27 | } 28 | random = { 29 | source = "hashicorp/random" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /0-bootstrap/modules/gitlab-oidc/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "pool_name" { 18 | description = "Pool name" 19 | value = google_iam_workload_identity_pool.main.name 20 | } 21 | 22 | output "provider_name" { 23 | description = "Provider name" 24 | value = google_iam_workload_identity_pool_provider.main.name 25 | } 26 | -------------------------------------------------------------------------------- /0-bootstrap/modules/gitlab-oidc/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 3.64, < 6" 24 | } 25 | } 26 | 27 | } 28 | -------------------------------------------------------------------------------- /0-bootstrap/modules/jenkins-agent/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 3.50" 24 | } 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.50" 28 | } 29 | random = { 30 | source = "hashicorp/random" 31 | } 32 | template = { 33 | source = "hashicorp/template" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /0-bootstrap/modules/parent-iam-member/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.77" 27 | } 28 | random = { 29 | source = "hashicorp/random" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /0-bootstrap/modules/parent-iam-remove-role/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77" 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /1-org/envs/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /1-org/envs/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "1-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /1-org/envs/shared/folders.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Top level folders 19 | *****************************************/ 20 | 21 | resource "google_folder" "common" { 22 | display_name = "${local.folder_prefix}-common" 23 | parent = local.parent 24 | } 25 | 26 | resource "google_folder" "network" { 27 | display_name = "${local.folder_prefix}-network" 28 | parent = local.parent 29 | } 30 | -------------------------------------------------------------------------------- /1-org/envs/shared/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /1-org/modules/cai-monitoring/function-source/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "caiMonitoring", 3 | "version": "1.0.0", 4 | "description": "A Cloud Function that receives events from a Pub/Sub Subscription fed by a Cloud Asset Inventory IAM event feed, and then notify if the IAM Policy grants roles from a predefined set to a new member.", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "ISC", 11 | "dependencies": { 12 | "@google-cloud/security-center": "8.1.0", 13 | "uuid4": "2.0.3", 14 | "moment": "2.30.1" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /1-org/modules/cai-monitoring/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.77" 27 | } 28 | random = { 29 | source = "hashicorp/random" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /1-org/modules/centralized-logging/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | 20 | required_providers { 21 | terracurl = { 22 | source = "devops-rob/terracurl" 23 | version = "1.2.1" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /1-org/modules/network/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /2-environments/envs/development/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | 7 | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | env\_folder | Environment folder created under parent. | 14 | | env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). | 15 | | env\_secrets\_project\_id | Project for environment related secrets. | 16 | | monitoring\_project\_id | Project for monitoring infra. | 17 | 18 | 19 | -------------------------------------------------------------------------------- /2-environments/envs/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /2-environments/envs/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/development/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "env" { 18 | source = "../../modules/env_baseline" 19 | 20 | env = "development" 21 | environment_code = "d" 22 | remote_state_bucket = var.remote_state_bucket 23 | tfc_org_name = var.tfc_org_name 24 | } 25 | -------------------------------------------------------------------------------- /2-environments/envs/development/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /2-environments/envs/development/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | } 21 | 22 | variable "tfc_org_name" { 23 | description = "Name of the TFC organization" 24 | type = string 25 | default = "" 26 | } 27 | -------------------------------------------------------------------------------- /2-environments/envs/identity/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | 7 | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | env\_folder | Environment folder created under parent. | 14 | | env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). | 15 | | env\_secrets\_project\_id | Project for environment related secrets. | 16 | | monitoring\_project\_id | Project for monitoring infra. | 17 | 18 | 19 | -------------------------------------------------------------------------------- /2-environments/envs/identity/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/identity" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /2-environments/envs/identity/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/identity/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /2-environments/envs/identity/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | } 21 | 22 | variable "tfc_org_name" { 23 | description = "Name of the TFC organization" 24 | type = string 25 | default = "" 26 | } 27 | -------------------------------------------------------------------------------- /2-environments/envs/management/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | 7 | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | env\_folder | Environment folder created under parent. | 14 | | env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). | 15 | | env\_secrets\_project\_id | Project for environment related secrets. | 16 | | monitoring\_project\_id | Project for monitoring infra. | 17 | 18 | 19 | -------------------------------------------------------------------------------- /2-environments/envs/management/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/management" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /2-environments/envs/management/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/management/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /2-environments/envs/management/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | } 21 | 22 | variable "tfc_org_name" { 23 | description = "Name of the TFC organization" 24 | type = string 25 | default = "" 26 | } 27 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | 7 | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | env\_folder | Environment folder created under parent. | 14 | | env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). | 15 | | env\_secrets\_project\_id | Project for environment related secrets. | 16 | | monitoring\_project\_id | Project for monitoring infra. | 17 | 18 | 19 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "env" { 18 | source = "../../modules/env_baseline" 19 | 20 | env = "nonproduction" 21 | environment_code = "n" 22 | remote_state_bucket = var.remote_state_bucket 23 | tfc_org_name = var.tfc_org_name 24 | } 25 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | } 21 | 22 | variable "tfc_org_name" { 23 | description = "Name of the TFC organization" 24 | type = string 25 | default = "" 26 | } 27 | -------------------------------------------------------------------------------- /2-environments/envs/production/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | 7 | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | assured\_workload\_id | Assured Workload ID. | 14 | | assured\_workload\_resources | Resources associated with the Assured Workload. | 15 | | env\_folder | Environment folder created under parent. | 16 | | env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). | 17 | | env\_secrets\_project\_id | Project for environment related secrets. | 18 | | monitoring\_project\_id | Project for monitoring infra. | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /2-environments/envs/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /2-environments/envs/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/production/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /2-environments/envs/production/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | } 21 | 22 | variable "tfc_org_name" { 23 | description = "Name of the TFC organization" 24 | type = string 25 | default = "" 26 | } 27 | 28 | -------------------------------------------------------------------------------- /2-environments/modules/env_baseline/iam.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Monitoring - IAM 19 | *****************************************/ 20 | 21 | resource "google_project_iam_member" "monitoring_viewer" { 22 | project = module.monitoring_project.project_id 23 | role = "roles/monitoring.viewer" 24 | member = "group:${local.required_groups["monitoring_workspace_users"]}" 25 | } 26 | -------------------------------------------------------------------------------- /2-environments/modules/env_enabled/main.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | locals { 5 | restricted_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.restricted_enabled,false) 6 | management_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.management_enabled,false) 7 | identity_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.identity_enabled,false) 8 | } 9 | 10 | data "terraform_remote_state" "bootstrap" { 11 | backend = "gcs" 12 | 13 | config = { 14 | bucket = var.remote_state_bucket 15 | prefix = "terraform/bootstrap/state" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /2-environments/modules/env_enabled/outputs.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | output "restricted_enabled" { 6 | description = "True if deployment of restricted environments enabled" 7 | value = local.restricted_enabled 8 | } 9 | 10 | output "management_enabled" { 11 | description = "True if deployment of management environments enabled" 12 | value = local.management_enabled 13 | } 14 | 15 | output "identity_enabled" { 16 | description = "True if deployment of identity environments enabled" 17 | value = local.identity_enabled 18 | } -------------------------------------------------------------------------------- /2-environments/modules/env_enabled/variables.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | variable "remote_state_bucket" { 6 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 7 | type = string 8 | } 9 | -------------------------------------------------------------------------------- /2-environments/terraform.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | # check this group is in actual use 18 | monitoring_workspace_users = "gcp-monitoring-admins@example.com" 19 | 20 | remote_state_bucket = "REMOTE_STATE_BUCKET" 21 | -------------------------------------------------------------------------------- /2-environments/terraform.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | remote_state_bucket = "REMOTE_STATE_BUCKET" 19 | -------------------------------------------------------------------------------- /2-environments/terraform.tfvars: -------------------------------------------------------------------------------- 1 | terraform.mod.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/access_context.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | access_context_manager_policy_id = ACCESS_CONTEXT_MANAGER_ID 18 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/access_context.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | access_context_manager_policy_id = ACCESS_CONTEXT_MANAGER_ID 18 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | access_context.auto.mod.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/common.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // The DNS name of peering managed zone. Must end with a period. 18 | domain = "example.com." 19 | 20 | // Update the following line and add you email in the perimeter_additional_members list. 21 | // You must be in this list to be able to view/access resources in the project protected by the VPC service controls. 22 | 23 | perimeter_additional_members = ["user:YOUR-USER-EMAIL@example.com"] 24 | 25 | remote_state_bucket = "REMOTE_STATE_BUCKET" 26 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | common.auto.mod.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/development/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/development/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/development/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/nonproduction/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/nonproduction/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/nonproduction/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/production/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/production/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/production/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/envs/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "dns_hub_project_id" { 18 | value = local.dns_hub_project_id 19 | description = "The DNS hub project ID" 20 | } 21 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/partner_interconnect.auto.tfvars.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | enable_partner_interconnect = true 18 | preactivate_partner_interconnect = true 19 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /3-networks-dual-svpc/envs/shared/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/modules/hierarchical_firewall_policy/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | associations | Resources to associate the policy to | `list(string)` | n/a | yes | 7 | | name | Hierarchical policy name | `string` | n/a | yes | 8 | | parent | Where the firewall policy will be created (can be organizations/{organization\_id} or folders/{folder\_id}) | `string` | n/a | yes | 9 | | rules | Firewall rules to add to the policy | 
map(object({
    description             = string
    direction               = string
    action                  = string
    priority                = number
    ranges                  = list(string)
    ports                   = map(list(string))
    target_service_accounts = list(string)
    target_resources        = list(string)
    logging                 = bool
  }))
| `{}` | no | 10 | 11 | ## Outputs 12 | 13 | | Name | Description | 14 | |------|-------------| 15 | | id | n/a | 16 | 17 | 18 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/modules/hierarchical_firewall_policy/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "id" { 18 | value = google_compute_organization_security_policy.policy.id 19 | } 20 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/shared.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // List of IPv4 address of target name servers for the forwarding zone configuration. 18 | // See https://cloud.google.com/dns/docs/overview#dns-forwarding-zones 19 | target_name_server_addresses = [ 20 | { 21 | ipv4_address = "192.168.0.1", 22 | forwarding_path = "default" 23 | }, 24 | { 25 | ipv4_address = "192.168.0.2", 26 | forwarding_path = "default" 27 | } 28 | ] 29 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/shared.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // List of IPv4 address of target name servers for the forwarding zone configuration. 18 | // See https://cloud.google.com/dns/docs/overview#dns-forwarding-zones 19 | target_name_server_addresses = [ 20 | { 21 | ipv4_address = "192.168.0.1", 22 | forwarding_path = "default" 23 | }, 24 | { 25 | ipv4_address = "192.168.0.2", 26 | forwarding_path = "default" 27 | } 28 | ] 29 | -------------------------------------------------------------------------------- /3-networks-dual-svpc/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | shared.auto.mod.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/access_context.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | access_context_manager_policy_id = ACCESS_CONTEXT_MANAGER_ID 18 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/access_context.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | access_context_manager_policy_id = ACCESS_CONTEXT_MANAGER_ID 18 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | access_context.auto.mod.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/common.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // The DNS name of peering managed zone. Must end with a period. 18 | domain = "DOMAIN." 19 | 20 | // Update the following line and add you email in the perimeter_additional_members list. 21 | // You must be in this list to be able to view/access resources in the project protected by the VPC service controls. 22 | 23 | perimeter_additional_members = [PERIMETER_USER] 24 | 25 | remote_state_bucket = "REMOTE_STATE_BUCKET" 26 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | common.auto.mod.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/development/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/development/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/development/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/identity/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/identity/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/identity" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/identity/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/identity/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/identity/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/identity/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/management/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/management/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/management" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/management/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/management/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/management/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/management/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/nonproduction/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/nonproduction/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/nonproduction/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/production/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/production/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/production/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/envs/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/interconnect.auto.tfvars.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | enable_dedicated_interconnect = true 18 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/partner_interconnect.auto.tfvars.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | enable_partner_interconnect = true 18 | preactivate_partner_interconnect = true 19 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/envs/shared/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/env_enabled/main.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | locals { 5 | restricted_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.restricted_enabled,false) 6 | management_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.management_enabled,false) 7 | identity_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.identity_enabled,false) 8 | } 9 | 10 | data "terraform_remote_state" "bootstrap" { 11 | backend = "gcs" 12 | 13 | config = { 14 | bucket = var.remote_state_bucket 15 | prefix = "terraform/bootstrap/state" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/env_enabled/outputs.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | output "restricted_enabled" { 6 | description = "True if deployment of restricted environments enabled" 7 | value = local.restricted_enabled 8 | } 9 | 10 | output "management_enabled" { 11 | description = "True if deployment of management environments enabled" 12 | value = local.management_enabled 13 | } 14 | 15 | output "identity_enabled" { 16 | description = "True if deployment of identity environments enabled" 17 | value = local.identity_enabled 18 | } -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/env_enabled/variables.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | variable "remote_state_bucket" { 6 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 7 | type = string 8 | } 9 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/hierarchical_firewall_policy/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "id" { 18 | value = google_compute_organization_security_policy.policy.id 19 | } 20 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/nhas_config/dns_hub_config/outputs.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | output "dns_hub_config" { 6 | description = "dns_hub_configt" 7 | value = local.dns_hub_config 8 | } 9 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/nhas_config/net_hub_config/outputs.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | output "net_hub_config" { 6 | description = "net_hub_configt" 7 | value = local.net_hub_config 8 | } 9 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/nhas_config/vpc_config/outputs.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | output "spoke_config" { 6 | description = "spoke_config" 7 | value = local.spoke_config 8 | } 9 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/modules/transitivity/assets/gw.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | # Copyright 2022 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # https://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | write_files: 18 | - path: /etc/sysctl.conf 19 | permissions: "0644" 20 | owner: root 21 | content: | 22 | net.ipv4.ip_forward = 1 23 | net.ipv6.conf.all.forwarding = 1 24 | net.ipv4.conf.all.accept_redirects = 0 25 | net.ipv4.conf.all.send_redirects = 0 26 | runcmd: 27 | - sysctl -p 28 | %{ for command in commands ~} 29 | - '${command}' 30 | %{ endfor ~} 31 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/shared.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // List of IPv4 address of target name servers for the forwarding zone configuration. 18 | // See https://cloud.google.com/dns/docs/overview#dns-forwarding-zones 19 | target_name_server_addresses = [ 20 | { 21 | ipv4_address = "192.168.0.1", 22 | forwarding_path = "default" 23 | }, 24 | { 25 | ipv4_address = "192.168.0.2", 26 | forwarding_path = "default" 27 | } 28 | ] 29 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/shared.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /*************/ 18 | -------------------------------------------------------------------------------- /3-networks-hub-and-spoke/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | shared.auto.mod.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_1/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/development/development.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../development.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_1/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/nonproduction/non-production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../non-production.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_1/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/production/production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../production.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_1/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_1/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_1/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_2/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu2-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/development/development.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../development.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_2/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu2-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/nonproduction/non-production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../non-production.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_2/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu2-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/production/production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../production.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_unit_2/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu2-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_unit_2/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_unit_2/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_units/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_units/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_units/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/development/development.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../development.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/identity/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_units/identity" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_units/identity/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/identity/identity.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../identity.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/management/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_units/management" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_units/management/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_units/management/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/management/management.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../management.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_units/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_units/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_units/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/nonproduction/nonproduction.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../nonproduction.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_units/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_units/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_units/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/production/production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../production.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/business_units/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/business_units/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-bu1-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/business_units/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/business_units/shared/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /4-projects/business_units/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /4-projects/common.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /4-projects/common.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /4-projects/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | common.auto.mod.tfvars -------------------------------------------------------------------------------- /4-projects/development.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | -------------------------------------------------------------------------------- /4-projects/development.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "northamerica-northeast2" 18 | location_gcs = "northamerica-northeast2" 19 | -------------------------------------------------------------------------------- /4-projects/development.auto.tfvars: -------------------------------------------------------------------------------- 1 | development.auto.mod.tfvars -------------------------------------------------------------------------------- /4-projects/identity.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "northamerica-northeast2" 18 | location_gcs = "northamerica-northeast2" 19 | -------------------------------------------------------------------------------- /4-projects/identity.auto.tfvars: -------------------------------------------------------------------------------- 1 | identity.auto.mod.tfvars -------------------------------------------------------------------------------- /4-projects/management.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "northamerica-northeast2" 18 | location_gcs = "northamerica-northeast2" 19 | -------------------------------------------------------------------------------- /4-projects/management.auto.tfvars: -------------------------------------------------------------------------------- 1 | management.auto.mod.tfvars -------------------------------------------------------------------------------- /4-projects/modules/base_env/business_unit_folder.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | env_business_unit_folder_name = "${var.folder_prefix}-${var.env}-${var.business_code}" 19 | } 20 | 21 | resource "google_folder" "env_business_unit" { 22 | display_name = local.env_business_unit_folder_name 23 | parent = local.env_folder_name 24 | } 25 | -------------------------------------------------------------------------------- /4-projects/modules/base_env/business_unit_folder.tf.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | locals { 17 | env_business_unit_folder_name = "${var.folder_prefix}-${var.env}-${var.business_code}" 18 | } 19 | 20 | resource "google_folder" "env_business_unit" { 21 | display_name = local.env_business_unit_folder_name 22 | parent = local.env_folder_name 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/modules/base_env/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | random = { 21 | source = "hashicorp/random" 22 | version = ">= 3.3" 23 | } 24 | } 25 | 26 | provider_meta "google" { 27 | module_name = "blueprints/terraform/terraform-example-foundation:projects/v4.0.0" 28 | } 29 | 30 | provider_meta "google-beta" { 31 | module_name = "blueprints/terraform/terraform-example-foundation:projects/v4.0.0" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /4-projects/modules/bu_folder/outputs.tf: -------------------------------------------------------------------------------- 1 | output "folder_id" { 2 | description = "Folder id id." 3 | value = google_folder.env_business_unit.name 4 | } 5 | 6 | output "business_code" { 7 | description = "business_code" 8 | value = var.business_code 9 | 10 | } 11 | 12 | output "business_unit" { 13 | description = "business_unit" 14 | value = var.business_unit 15 | } 16 | -------------------------------------------------------------------------------- /4-projects/modules/bu_folder/variables.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "env" { 3 | description = "environment" 4 | type = string 5 | } 6 | 7 | //variable "bu_config" { 8 | // description = "business unit config" 9 | // type = any 10 | // 11 | //} 12 | variable "business_code" { 13 | description = "business_code" 14 | type = string 15 | 16 | } 17 | 18 | variable "business_unit" { 19 | description = "business_unit" 20 | type = string 21 | } 22 | 23 | 24 | variable "folder_prefix" { 25 | description = "folder_prefix" 26 | type = string 27 | } 28 | 29 | variable "remote_state_bucket" { 30 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 31 | type = string 32 | } 33 | -------------------------------------------------------------------------------- /4-projects/modules/env_enabled/main.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | locals { 5 | restricted_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.restricted_enabled,false) 6 | management_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.management_enabled,false) 7 | identity_enabled = try(data.terraform_remote_state.bootstrap.outputs.common_config.identity_enabled,false) 8 | } 9 | 10 | data "terraform_remote_state" "bootstrap" { 11 | backend = "gcs" 12 | 13 | config = { 14 | bucket = var.remote_state_bucket 15 | prefix = "terraform/bootstrap/state" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /4-projects/modules/env_enabled/outputs.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | output "restricted_enabled" { 6 | description = "True if deployment of restricted environments enabled" 7 | value = local.restricted_enabled 8 | } 9 | 10 | output "management_enabled" { 11 | description = "True if deployment of management environments enabled" 12 | value = local.management_enabled 13 | } 14 | 15 | output "identity_enabled" { 16 | description = "True if deployment of identity environments enabled" 17 | value = local.identity_enabled 18 | } -------------------------------------------------------------------------------- /4-projects/modules/env_enabled/variables.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | variable "remote_state_bucket" { 6 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 7 | type = string 8 | } 9 | -------------------------------------------------------------------------------- /4-projects/modules/prj_config/outputs.tf: -------------------------------------------------------------------------------- 1 | /********* 2 | * Copyleft none 3 | ********/ 4 | 5 | output "bu_config" { 6 | description = "sl_basspoke_confige_subnets_split" 7 | value = local.bu_config 8 | } 9 | 10 | output "sl_base_subnets_by_srvprj" { 11 | description = "sl_base_subnets_by_srvprj" 12 | value = local.sl_base_subnets_by_srvprj 13 | } 14 | 15 | output "sl_restricted_subnets_by_srvprj" { 16 | description = "sl_restricted_subnets_by_srvprj" 17 | value = local.sl_restricted_subnets_by_srvprj 18 | } 19 | 20 | output "billing_account" { 21 | description = "billing_account" 22 | value = local.billing_account 23 | } -------------------------------------------------------------------------------- /4-projects/modules/prj_config/variables.tf: -------------------------------------------------------------------------------- 1 | variable "env" { 2 | description = "environment name" 3 | type = string 4 | } 5 | 6 | variable "config_file" { 7 | description = "config file" 8 | type = string 9 | } 10 | variable "remote_state_bucket" { 11 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 12 | type = string 13 | } 14 | 15 | -------------------------------------------------------------------------------- /4-projects/nonproduction.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | -------------------------------------------------------------------------------- /4-projects/nonproduction.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "northamerica-northeast2" 18 | location_gcs = "northamerica-northeast2" 19 | -------------------------------------------------------------------------------- /4-projects/nonproduction.auto.tfvars: -------------------------------------------------------------------------------- 1 | nonproduction.auto.mod.tfvars -------------------------------------------------------------------------------- /4-projects/production.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | -------------------------------------------------------------------------------- /4-projects/production.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "northamerica-northeast2" 18 | location_gcs = "northamerica-northeast2" 19 | -------------------------------------------------------------------------------- /4-projects/production.auto.tfvars: -------------------------------------------------------------------------------- 1 | production.auto.mod.tfvars -------------------------------------------------------------------------------- /4-projects/shared.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | # We suggest you to use the same region from the 0-bootstrap step 18 | default_region = "us-central1" 19 | -------------------------------------------------------------------------------- /4-projects/shared.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | # We suggest you to use the same region from the 0-bootstrap step 18 | default_region = "northamerica-northeast2" 19 | -------------------------------------------------------------------------------- /4-projects/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | shared.auto.mod.tfvars -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/development/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | instance\_region | The region where compute instance will be created. A subnetwork must exists in the instance region. | `string` | n/a | yes | 7 | | remote\_state\_bucket | Backend bucket to load remote state information from previous steps. | `string` | n/a | yes | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | available\_zones | List of available zones in region | 14 | | instances\_details | List of details for compute instances | 15 | | instances\_names | List of names for compute instances | 16 | | instances\_self\_links | List of self-links for compute instances | 17 | | instances\_zones | List of zone for compute instances | 18 | | project\_id | Project where compute instance was created | 19 | | region | Region where compute instance was created | 20 | 21 | 22 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/business_unit_1/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/development/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "instance_region" { 18 | description = "The region where compute instance will be created. A subnetwork must exists in the instance region." 19 | type = string 20 | } 21 | 22 | variable "remote_state_bucket" { 23 | description = "Backend bucket to load remote state information from previous steps." 24 | type = string 25 | } 26 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/nonproduction/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | instance\_region | The region where compute instance will be created. A subnetwork must exists in the instance region. | `string` | n/a | yes | 7 | | remote\_state\_bucket | Backend bucket to load remote state information from previous steps. | `string` | n/a | yes | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | available\_zones | List of available zones in region | 14 | | instances\_details | List of details for compute instances | 15 | | instances\_names | List of names for compute instances | 16 | | instances\_self\_links | List of self-links for compute instances | 17 | | instances\_zones | List of zone for compute instances | 18 | | project\_id | Project where compute instance was created | 19 | | region | Region where compute instance was created | 20 | 21 | 22 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/business_unit_1/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/nonproduction/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "instance_region" { 18 | description = "The region where compute instance will be created. A subnetwork must exists in the instance region." 19 | type = string 20 | } 21 | 22 | variable "remote_state_bucket" { 23 | description = "Backend bucket to load remote state information from previous steps." 24 | type = string 25 | } 26 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/production/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | instance\_region | The region where compute instance will be created. A subnetwork must exists in the instance region. | `string` | n/a | yes | 7 | | remote\_state\_bucket | Backend bucket to load remote state information from previous steps. | `string` | n/a | yes | 8 | 9 | ## Outputs 10 | 11 | | Name | Description | 12 | |------|-------------| 13 | | available\_zones | List of available zones in region | 14 | | instances\_details | List of details for compute instances | 15 | | instances\_names | List of names for compute instances | 16 | | instances\_self\_links | List of self-links for compute instances | 17 | | instances\_zones | List of zone for compute instances | 18 | | project\_id | Project where compute instance was created | 19 | | region | Region where compute instance was created | 20 | 21 | 22 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/business_unit_1/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /5-app-infra/business_unit_1/production/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "instance_region" { 18 | description = "The region where compute instance will be created. A subnetwork must exists in the instance region." 19 | type = string 20 | } 21 | 22 | variable "remote_state_bucket" { 23 | description = "Backend bucket to load remote state information from previous steps." 24 | type = string 25 | } 26 | -------------------------------------------------------------------------------- /5-app-infra/common.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | instance_region = "us-central1" // should be one of the regions used to create network on step 3-networks 18 | 19 | remote_state_bucket = "REMOTE_STATE_BUCKET" 20 | -------------------------------------------------------------------------------- /5-app-infra/common.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | instance_region = "northamerica-northeast2" // should be one of the regions used to create network on step 3-networks 18 | 19 | remote_state_bucket = "REMOTE_STATE_BUCKET" 20 | -------------------------------------------------------------------------------- /6-org-policies/common/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org-policy/common/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /6-org-policies/common/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /6-org-policies/common/terraform.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /6-org-policies/common/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | default = "" 21 | } 22 | -------------------------------------------------------------------------------- /6-org-policies/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org-policy/dev/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /6-org-policies/development/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /6-org-policies/development/terraform.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /6-org-policies/development/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | default = "" 21 | } 22 | -------------------------------------------------------------------------------- /6-org-policies/identity/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org-policy/identity/state" 21 | } 22 | } 23 | 24 | -------------------------------------------------------------------------------- /6-org-policies/identity/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /6-org-policies/identity/terraform.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /6-org-policies/identity/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | default = "" 21 | } 22 | -------------------------------------------------------------------------------- /6-org-policies/management/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org-policy/mgmt/state" 21 | } 22 | } 23 | 24 | -------------------------------------------------------------------------------- /6-org-policies/management/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /6-org-policies/management/terraform.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /6-org-policies/management/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | default = "" 21 | } 22 | -------------------------------------------------------------------------------- /6-org-policies/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org-policy/nonprod/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /6-org-policies/nonproduction/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /6-org-policies/nonproduction/terraform.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /6-org-policies/nonproduction/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | default = "" 21 | } 22 | -------------------------------------------------------------------------------- /6-org-policies/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org-policy/prod/state" 21 | } 22 | } 23 | 24 | -------------------------------------------------------------------------------- /6-org-policies/production/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /6-org-policies/production/terraform.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /6-org-policies/production/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "remote_state_bucket" { 18 | description = "Backend bucket to load Terraform Remote State Data from previous steps." 19 | type = string 20 | default = "" 21 | } 22 | -------------------------------------------------------------------------------- /7-fortigate/README.md: -------------------------------------------------------------------------------- 1 | # How to install Fortigate 2 | 3 | 1. Symlink two Fortigate license files into this directory. Name the symlinks license1.lic and license2.lic. 4 | 1. ln -s /path/to/mylicense1.lic ./license1.lic 5 | 2. ln -s /path/to/mylicense2.lic ./license2.lic 6 | 2. Run the prepare.sh script from the 7-fortigate directory. 7 | 1. ./prepare.sh prep 8 | 3. In testing, I used the sa-terraform-org (note "org") to apply my terraform. 9 | 4. From the "shared" directory, perform the usual terraform init, plan, apply sequence. 10 | 11 | ## Behind the scenes 12 | 13 | If you look into the prepare.sh script you will see that it does the following: 14 | - Activates any shell script helpers (chmod 755) 15 | - Identifies the location of the existing tf state bucket 16 | - Confirms that two Fortigate licenses are present 17 | -------------------------------------------------------------------------------- /7-fortigate/shared/.gitignore: -------------------------------------------------------------------------------- 1 | # Generated files 2 | shared.auto.tfvars 3 | backend.tf 4 | -------------------------------------------------------------------------------- /7-fortigate/shared/backend.tpl: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "REMOTE_STATE_BUCKET" 20 | prefix = "terraform/fortigate/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /7-fortigate/shared/output.tf: -------------------------------------------------------------------------------- 1 | # 2 | # Output 3 | # 4 | output "External-Load-Balancer-Public-IP-Address" { 5 | value = google_compute_address.static.address 6 | } 7 | 8 | output "Internal-Load-Balancer-Public-IP-Address" { 9 | value = google_compute_address.internal_address.address 10 | } 11 | 12 | output "FortiGate-HA-Active-MGMT-IP" { 13 | value = google_compute_instance_from_template.active_fgt_instance.network_interface 14 | } 15 | 16 | output "FortiGate-HA-Passive-MGMT-IP" { 17 | value = google_compute_instance_from_template.passive_fgt_instance.network_interface 18 | } 19 | 20 | output "FortiGate-Username" { 21 | value = "admin" 22 | } 23 | 24 | output "FortiGate-Password" { 25 | value = google_compute_instance_from_template.active_fgt_instance.instance_id 26 | } 27 | -------------------------------------------------------------------------------- /7-fortigate/shared/shared.auto.mod.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # NOTE: This file is automatically generated from values at: 2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/org/locals.tf 3 | 4 | * @terraform-google-modules/cft-admins @rjerrems @gtsorbo @eeaton 5 | 6 | # NOTE: GitHub CODEOWNERS locations: 7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection 8 | 9 | CODEOWNERS @terraform-google-modules/cft-admins 10 | .github/CODEOWNERS @terraform-google-modules/cft-admins 11 | docs/CODEOWNERS @terraform-google-modules/cft-admins 12 | 13 | -------------------------------------------------------------------------------- /automation-scripts/7-fortigate/7-fortigate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xe 3 | 4 | if [ -f "./env.tar.gz" ]; then 5 | ls -la 6 | rm -rf -- $(ls | grep -v env.tar.gz) 7 | ls -la 8 | tar -zxf env.tar.gz 9 | ls -la 10 | rm -f env.tar.gz 11 | fi 12 | 13 | base_dir=$(pwd) 14 | cd $base_dir/7-fortigate 15 | 16 | ls 17 | 18 | ls ./shared 19 | 20 | export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=$(terraform -chdir="../0-bootstrap/" output -raw organization_step_terraform_service_account_email) 21 | echo ${GOOGLE_IMPERSONATE_SERVICE_ACCOUNT} 22 | set +e 23 | chmod 755 ./prepare.sh 24 | ./prepare.sh clean 25 | 26 | pwd 27 | cd ../0-bootstrap/ && terraform output 28 | cd $base_dir/7-fortigate 29 | file ./shared/*.lic 30 | 31 | sh -x ./prepare.sh prep 32 | pwd 33 | 34 | cd ./shared 35 | 36 | ls 37 | terraform init 38 | 39 | # Run Terraform plan and apply 40 | terraform plan -input=false -out fortigate.tfplan 41 | set -xe 42 | terraform apply fortigate.tfplan 43 | 44 | unset GOOGLE_IMPERSONATE_SERVICE_ACCOUNT 45 | set +e 46 | 47 | rm -rf ./shared/.terraform 48 | cd .. 49 | ls -la 50 | -------------------------------------------------------------------------------- /azure-pipelines/localize_terraform_modules/localize_tf.yaml: -------------------------------------------------------------------------------- 1 | trigger: 2 | - none 3 | 4 | pool: 5 | vmImage: 'ubuntu-latest' 6 | 7 | stages: 8 | - stage: Prepare 9 | displayName: 'Prepare Environment' 10 | jobs: 11 | - job: SetupPython 12 | displayName: 'Setup Python Environment' 13 | steps: 14 | - script: | 15 | sudo apt-get update 16 | sudo apt-get install -y python3-pip 17 | displayName: 'Install Python' 18 | 19 | - job: RunScript 20 | displayName: 'Run Python Script' 21 | dependsOn: SetupPython 22 | condition: succeeded() 23 | steps: 24 | - script: | 25 | python3 localize_terraform_modules.py 26 | displayName: 'Execute Python Script' 27 | -------------------------------------------------------------------------------- /docs/images/ado-clone.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/b4fd858409a36e23fcfed6acd295fba3ca0095a3/docs/images/ado-clone.png -------------------------------------------------------------------------------- /docs/images/ado-jobs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/b4fd858409a36e23fcfed6acd295fba3ca0095a3/docs/images/ado-jobs.png -------------------------------------------------------------------------------- /docs/images/ado-library.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/b4fd858409a36e23fcfed6acd295fba3ca0095a3/docs/images/ado-library.png -------------------------------------------------------------------------------- /docs/images/ado-run-stages.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/b4fd858409a36e23fcfed6acd295fba3ca0095a3/docs/images/ado-run-stages.png -------------------------------------------------------------------------------- /docs/images/ado-run.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/b4fd858409a36e23fcfed6acd295fba3ca0095a3/docs/images/ado-run.png -------------------------------------------------------------------------------- /docs/images/resource-structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/b4fd858409a36e23fcfed6acd295fba3ca0095a3/docs/images/resource-structure.png -------------------------------------------------------------------------------- /go.work: -------------------------------------------------------------------------------- 1 | go 1.21.0 2 | 3 | use ( 4 | ./test/integration 5 | ./helpers/foundation-deployer 6 | ) 7 | -------------------------------------------------------------------------------- /helpers/foundation-deployer/steps/testdata/existing.json: -------------------------------------------------------------------------------- 1 | { 2 | "file": "./testdata/existing.json", 3 | "steps": { 4 | "test": { 5 | "name": "test", 6 | "status": "COMPLETED", 7 | "error": "" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/gke_allow_only_private_cluster.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPGKEPrivateClusterConstraintV1 17 | metadata: 18 | name: allow_only_private_cluster 19 | annotations: 20 | benchmark: GKE_HARDENING_GUIDELINE 21 | bundles.validator.forsetisecurity.org/scorecard-v1: security 22 | description: Verifies all GKE clusters are Private Clusters. 23 | spec: 24 | severity: high 25 | parameters: {} 26 | -------------------------------------------------------------------------------- /test/integration/testutils/strings.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package testutils 16 | 17 | import ( 18 | "strings" 19 | ) 20 | 21 | func GetLastSplitElement(value string, sep string) string { 22 | splitted := strings.Split(value, sep) 23 | return splitted[len(splitted)-1] 24 | } 25 | -------------------------------------------------------------------------------- /test/integration/testutils/transforms.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package testutils 16 | 17 | import ( 18 | "github.com/tidwall/gjson" 19 | ) 20 | 21 | // getResultFieldStrSlice parses a field of a results list into a string slice 22 | func GetResultFieldStrSlice(rs []gjson.Result, field string) []string { 23 | s := make([]string, 0) 24 | for _, r := range rs { 25 | s = append(s, r.Get(field).String()) 26 | } 27 | return s 28 | } 29 | --------------------------------------------------------------------------------