Skip to content

BrownUniversity/terraform-gcp-project

Repository files navigation

terraform-gcp-project

kitchen-tests

Terraform module for creating a project in GCP. The requiered and default input variables are consistent with oranizational needs at Brown University. Basic features:

  • Based in Google's project factory
  • Requires project to reside inside a folder
  • Enables monitoring and logging

Contents:

Getting Started

This module depends on you having GCP credentials of some kind. The module looks for a credential file in JSON format. You should export the following:

GOOGLE_APPLICATION_CREDENTIALS=/path/to/file.json

How to use this module

This folder defines a Terraform module, which you can use in your code by adding a module configuration and setting its source parameter to URL of this folder. See the examples folder for guidance

Requirements

Name Version
terraform >= 1.10.0
google 6.15.0

Providers

No providers.

Modules

Name Source Version
project terraform-google-modules/project-factory/google ~> 17.1
projects_iam_bindings terraform-google-modules/iam/google//modules/projects_iam 8.0.0

Resources

No resources.

Inputs

Name Description Type Default Required
activate_apis The APIs to activate on the project list(string) n/a yes
auto_create_network Auto create default network. bool false no
billing_account The billing account to use string n/a yes
default_service_account Project default service account setting: can be one of delete, depriviledge, or keep. string "delete" no
deletion_policy Deletion policy for project. string "DELETE" no
disable_dependent_services Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. bool true no
folder_id The existing folder to use for the project string n/a yes
labels Map of labels for project. map(string)
{
"environment": "automation",
"managed_by": "terraform"
}
no
org_id Organization id. string "brown.edu" no
project_id Make project_id a user-settable parameter string "" no
project_name The human readable name for the project factory string n/a yes

Outputs

Name Description
activate_apis Activate APIs
enabled_apis Active Google APIS
folder_id Folder ID
members Members
org_id Organization ID
project_id Project ID
project_name Project Name
roles Roles
service_account_display_name Name of service account
service_account_email Email for service account

Local Development

Merging Policy

Use GitLab Flow.

  • Create feature branches for features and fixes from default branch
  • Merge only from PR with review
  • After merging to default branch a release is drafted using a github action. Check the draft and publish if you and tests are happy

Version managers

We recommend using asdf to manage your versions of Terraform.

brew install asdf

Terraform

You can also install the latest version of terraform version via brew.

brew tap hashicorp/tap
brew install hashicorp/tap/terraform

Pre-commit hooks

You should make sure that pre-commit hooks are installed to run the formater, linter, etc. Install and configure terraform pre-commit hooks as follows:

brew install pre-commit

Install the pre-commit hook globally

DIR=~/.git-template
git config --global init.templateDir ${DIR}
pre-commit init-templatedir -t pre-commit ${DIR}

To run the hooks specified in .pre-commit-config.yaml:

pre-commit run -a

GCloud

This is only needed if running tests locally. The google-cloud-sdk is included in the Brewfile so it should now be installed This repo includes a env.sh file that where you set the path to the google credentials file, then use

source env.sh

and

deactivate

to set and uset the GOOGLE_APPLICATION_CREDENTIALS variable.

Testing

The tests can be run locally with terraform test after running terraform init. You will need to supply org_id, folder_id, and billing_account variables through terraform.tfvars file. Please see terraform.tfvars.example file for an example.

CI

This project has three workflows enabled:

  1. PR labeler: When openning a PR to defaukt branch, a label is given assigned automatically accourding to the name of your feature branch. The labeler follows the follows rules in pr-labeler.yml

  2. Realease Drafter: When merging to master, a release is drafted using the Release-Drafter Action

  3. terraform test runs on PR, merge to main and releases.