feat: create subfolders for business units in 4-projects step (#1039)

Co-authored-by: Grant Sorbo <[email protected]>
Co-authored-by: Daniel Andrade <[email protected]>

Author: 3 people

0-bootstrap/sa.tf

@@ -84,8 +84,7 @@ locals {
       "roles/dns.admin",
     ],
     "proj" = [
-      "roles/resourcemanager.folderViewer",
-      "roles/resourcemanager.folderIamAdmin",
+      "roles/resourcemanager.folderAdmin",
       "roles/artifactregistry.admin",
       "roles/compute.networkAdmin",
       "roles/compute.xpnAdmin",

4-projects/modules/base_env/README.md

@@ -7,6 +7,7 @@
 | business\_unit | The business (ex. business\_unit\_1). | `string` | n/a | yes |
 | env | The environment to prepare (ex. development). | `string` | n/a | yes |
 | firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls. | `bool` | `true` | no |
+| folder\_prefix | Name prefix to use for folders created. Should be the same in all steps. | `string` | `"fldr"` | no |
 | gcs\_bucket\_prefix | Name prefix to be used for GCS Bucket | `string` | `"bkt"` | no |
 | key\_name | Name to be used for KMS Key | `string` | `"crypto-key-example"` | no |
 | key\_rotation\_period | Rotation period in seconds to be used for KMS Key | `string` | `"7776000s"` | no |

4-projects/modules/base_env/business_unit_folder.tf

@@ -0,0 +1,24 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  env_business_unit_folder_name = "${var.folder_prefix}-${var.env}-${var.business_code}"
+}
+
+resource "google_folder" "env_business_unit" {
+  display_name = local.env_business_unit_folder_name
+  parent       = local.env_folder_name
+}

4-projects/modules/base_env/example_base_shared_vpc_project.tf

@@ -19,7 +19,7 @@ module "base_shared_vpc_project" {
 
   org_id                              = local.org_id
   billing_account                     = local.billing_account
-  folder_id                           = local.env_folder_name
+  folder_id                           = google_folder.env_business_unit.name
   environment                         = var.env
   vpc_type                            = "base"
   shared_vpc_host_project_id          = local.base_host_project_id

4-projects/modules/base_env/example_floating_project.tf

@@ -19,7 +19,7 @@ module "floating_project" {
 
   org_id          = local.org_id
   billing_account = local.billing_account
-  folder_id       = local.env_folder_name
+  folder_id       = google_folder.env_business_unit.name
   environment     = var.env
   project_budget  = var.project_budget
   project_prefix  = local.project_prefix

4-projects/modules/base_env/example_peering_project.tf

@@ -35,7 +35,7 @@ module "peering_project" {
 
   org_id          = local.org_id
   billing_account = local.billing_account
-  folder_id       = local.env_folder_name
+  folder_id       = google_folder.env_business_unit.name
   environment     = var.env
   project_budget  = var.project_budget
   project_prefix  = local.project_prefix

4-projects/modules/base_env/example_restricted_shared_vpc_project.tf

@@ -19,7 +19,7 @@ module "restricted_shared_vpc_project" {
 
   org_id                     = local.org_id
   billing_account            = local.billing_account
-  folder_id                  = local.env_folder_name
+  folder_id                  = google_folder.env_business_unit.name
   environment                = var.env
   vpc_type                   = "restricted"
   shared_vpc_host_project_id = local.restricted_host_project_id

4-projects/modules/base_env/example_storage_cmek.tf

@@ -19,7 +19,7 @@ module "env_secrets_project" {
 
   org_id          = local.org_id
   billing_account = local.billing_account
-  folder_id       = local.env_folder_name
+  folder_id       = google_folder.env_business_unit.name
   environment     = var.env
   project_budget  = var.project_budget
   project_suffix  = var.secrets_prj_suffix

4-projects/modules/base_env/variables.tf

@@ -152,3 +152,9 @@ variable "subnet_ip_range" {
   type        = string
   default     = null
 }
+
+variable "folder_prefix" {
+  description = "Name prefix to use for folders created. Should be the same in all steps."
+  type        = string
+  default     = "fldr"
+}

4-projects/modules/single_project/main.tf

@@ -51,7 +51,7 @@ module "project" {
   random_project_id        = true
   random_project_id_length = 4
   activate_apis            = distinct(concat(var.activate_apis, ["billingbudgets.googleapis.com"]))
-  name                     = "${var.project_prefix}-${var.business_code}-${local.env_code}-${var.project_suffix}"
+  name                     = "${var.project_prefix}-${local.env_code}-${var.business_code}${var.project_suffix}"
   org_id                   = var.org_id
   billing_account          = var.billing_account
   folder_id                = var.folder_id