Terraform module for creating a project in GCP. The requiered and default input variables are consistent with oranizational needs at Brown University. Basic features:
- Based in Google's project factory
- Requires project to reside inside a folder
- Enables monitoring and logging
This module depends on you having GCP credentials of some kind. The module looks for a credential file in JSON format. You should export the following:
GOOGLE_APPLICATION_CREDENTIALS=/path/to/file.json
This folder defines a Terraform module, which you can use in your
code by adding a module configuration and setting its source parameter to URL of this folder. See the examples folder for guidance
| Name | Version |
|---|---|
| terraform | >= 1.9.0 |
| 5.38.0 |
No providers.
| Name | Source | Version |
|---|---|---|
| project | terraform-google-modules/project-factory/google | ~> 15.0 |
| projects_iam_bindings | terraform-google-modules/iam/google//modules/projects_iam | 7.7.1 |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| activate_apis | The APIs to activate on the project | list(string) |
n/a | yes |
| auto_create_network | Auto create default network. | bool |
false |
no |
| billing_account | The billing account to use | string |
n/a | yes |
| default_service_account | Project default service account setting: can be one of delete, depriviledge, or keep. | string |
"delete" |
no |
| disable_dependent_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | bool |
true |
no |
| folder_id | The existing folder to use for the project | string |
n/a | yes |
| labels | Map of labels for project. | map(string) |
{ |
no |
| org_id | Organization id. | string |
"brown.edu" |
no |
| project_id | Make project_id a user-settable parameter | string |
"" |
no |
| project_name | The human readable name for the project factory | string |
n/a | yes |
| Name | Description |
|---|---|
| activate_apis | Activate APIs |
| enabled_apis | Active Google APIS |
| folder_id | Folder ID |
| members | Members |
| org_id | Organization ID |
| project_id | Project ID |
| project_name | Project Name |
| roles | Roles |
| service_account_display_name | Name of service account |
| service_account_email | Email for service account |
Use GitLab Flow.
- Create feature branches for features and fixes from default branch
- Merge only from PR with review
- After merging to default branch a release is drafted using a github action. Check the draft and publish if you and tests are happy
We recommend using asdf to manage your versions of Terraform.
brew install asdf
You can also install the latest version of terraform version via brew.
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
You should make sure that pre-commit hooks are installed to run the formater, linter, etc. Install and configure terraform pre-commit hooks as follows:
brew install pre-commit
Install the pre-commit hook globally
DIR=~/.git-template
git config --global init.templateDir ${DIR}
pre-commit init-templatedir -t pre-commit ${DIR}
To run the hooks specified in .pre-commit-config.yaml:
pre-commit run -a
This is only needed if running tests locally. The google-cloud-sdk is included in the Brewfile so it should now be installed
This repo includes a env.sh file that where you set the path to the google credentials file, then use
source env.sh
and
deactivate
to set and uset the GOOGLE_APPLICATION_CREDENTIALS variable.
The tests can be run locally with terraform test after running terraform init. You will need to supply org_id, folder_id, and billing_account variables through terraform.tfvars file. Please see terraform.tfvars.example file for an example.
This project has three workflows enabled:
-
PR labeler: When openning a PR to defaukt branch, a label is given assigned automatically accourding to the name of your feature branch. The labeler follows the follows rules in pr-labeler.yml
-
Realease Drafter: When merging to master, a release is drafted using the Release-Drafter Action
-
terraform testruns on PR, merge to main and releases.