Closed fmichaelobrien closed 1 month ago
For example one of my first deployments of the TEF failed on 1-org because of a statefile diff between 1.3.10 and 1.7.5 - my subsequent deployment in another org was done with 1.3.10 throughout. I will be reusing the first org to test out ADO changed in #399
reverse
199 mkdir tef-olapp
200 cd tef-olapp/
201 mkdir github
202 cd github/
203 mkdir _CloudLandingZone-main
204 git clone https://github.com/CloudLandingZone/terraform-example-foundation.git
205 cd terraform-example-foundation/0-bootstrap/
206 mv terraform.example.tfvars terraform.tfvars
207 gcloud config set project tef-olapp
208 BOOT_PROJECT_ID=tef-olapp
209 ORG_ID=$(gcloud projects get-ancestors $BOOT_PROJECT_ID --format='get(id)' | tail -1)
210 echo $ORG_ID
211 BILLING_FORMAT="--format=value(billingAccountName)"
212 BILLING_ID=$(gcloud billing projects describe $BOOT_PROJECT_ID $BILLING_FORMAT | sed 's/.*\///')
213 echo $BILLING_ID
214 terraform --version
218 git config init.defaultBranch
219 git config --global init.defaultBranch master
220 git config --global init.defaultBranch main
222 git config --global init.defaultBranch master
223 git branch -b main
224 git branch
225 git checkout -b main
228 git config init.defaultBranch
229 git config --global init.defaultBranch main
230 git config init.defaultBranch
232 terraform init
233 terraform plan -input=false -out bootstrap.tfplan
234 gcloud beta terraform vet
235 export VET_PROJECT_ID=A-VALID-PROJECT-ID
236 export VET_PROJECT_ID=tef-olapp
237 terraform show -json bootstrap.tfplan > bootstrap.json
238 gcloud beta terraform vet bootstrap.json --policy-library="../policy-library" --project ${VET_PROJECT_ID}
240 sudo apt-get install google-cloud-sdk-terraform-tools
241 gcloud beta terraform vet bootstrap.json --policy-library="../policy-library" --project ${VET_PROJECT_ID}
243 gcloud config set project tef-olapp
244 cd tef-olapp/github/terraform-example-foundation/0-bootstrap/
246 gcloud services get
247 gcloud services enable cloudresourcemanager.googleapis.com
248 gcloud services enable cloudidentity.googleapis.com
249 gcloud services list | grep NAME
250 gcloud services enable cloudapis.googleapis.com
251 gcloud services enable servicemanagement.googleapis.com
252 gcloud services enable serviceusage.googleapis.com
253 gcloud services enable storage-api.googleapis.com
254 gcloud services enable storage.googleapis.com
255 gcloud services list | grep NAME
256 terraform apply bootstrap.tfplan
257 gcloud services enable cloudbilling.googleapis.com
258 terraform apply bootstrap.tfplan
259 terraform init
260 terraform plan -input=false -out bootstrap.tfplan
261 terraform apply bootstrap.tfplan
262 gcloud services enable iam.googleapis.com
263 terraform init
264 terraform plan -input=false -out bootstrap.tfplan
265 terraform apply bootstrap.tfplan
266 gcloud config set project tef-olapp
267 cd tef-olapp/github/terraform-example-foundation/0-bootstrap/
268 gcloud services enable cloudkms.googleapis.com
269 terraform init
270 terraform plan -input=false -out bootstrap.tfplan
271 terraform apply bootstrap.tfplan
272 gcloud services enable servicenetworking.googleapis.com
273 gcloud services list
274 gcloud services list | grep NAME
275 gcloud services enable cloudbuild..googleapis.com
276 gcloud services enable cloudbuild.googleapis.com
277 gcloud services enable appengine.googleapis.com
278 gcloud services enable pubsub.googleapis.com
279 gcloud services enable securitycenter.googleapis.com
280 gcloud services enable accesscontextmanager.googleapis.com
281 gcloud services enable billingbudgets.googleapis.com
282 gcloud services enable essentialcontacts.googleapis.com
283 gcloud services enable assuredworkloads.googleapis.com
284 gcloud services enable cloudasset.googleapis.com
285 terraform init
286 terraform apply bootstrap.tfplan
287 terraform plan -input=false -out bootstrap.tfplan
288 terraform apply bootstrap.tfplan
289 gcloud config set project tef-olapp
290 cd tef-olapp/github/terraform-example-foundation/
292 cd 1-org/
294 cd ..
295 cd 0-bootstrap/
296 terraform output
297 export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
298 export projects_step_sa=$(terraform output -raw projects_step_terraform_service_account_email)
299 export projects_gcs_bucket_tfstate=$(terraform output -raw projects_gcs_bucket_tfstate)
300 echo "network step service account = ${network_step_sa}"
301 echo "projects step service account = ${projects_step_sa}"
302 echo "projects gcs bucket tfstate = ${projects_gcs_bucket_tfstate}"
303 gcloud config set project tef-olapp
304 cd tef-olapp/github/terraform-example-foundation/
305 cd 0-bootstrap/
306 export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
307 export projects_step_sa=$(terraform output -raw projects_step_terraform_service_account_email)
308 export projects_gcs_bucket_tfstate=$(terraform output -raw projects_gcs_bucket_tfstate)
309 echo "network step service account = ${network_step_sa}"
310 echo "projects step service account = ${projects_step_sa}"
311 echo "projects gcs bucket tfstate = ${projects_gcs_bucket_tfstate}"
312 export cloudbuild_project_id=$(terraform output -raw cloudbuild_project_id)
313 echo "cloud build project ID = ${cloudbuild_project_id}"
314 export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
315 export projects_step_sa=$(terraform output -raw projects_step_terraform_service_account_email)
316 export projects_gcs_bucket_tfstate=$(terraform output -raw projects_gcs_bucket_tfstate)
317 echo "network step service account = ${network_step_sa}"
318 echo "projects step service account = ${projects_step_sa}"
319 echo "projects gcs bucket tfstate = ${projects_gcs_bucket_tfstate}"
320 export cloudbuild_project_id=$(terraform output -raw cloudbuild_project_id)
321 echo "cloud build project ID = ${cloudbuild_project_id}"
322 export backend_bucket=$(terraform output -raw gcs_bucket_tfstate)
323 echo "backend_bucket = ${backend_bucket}"
324 terraform init
325 export backend_bucket=$(terraform output -raw gcs_bucket_tfstate)
326 echo "backend_bucket = ${backend_bucket}"
327 export backend_bucket_projects=$(terraform output -raw projects_gcs_bucket_tfstate)
328 echo "backend_bucket_projects = ${backend_bucket_projects}"
329 cp backend.tf.example backend.tf
330 cd ..
331 for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done
332 for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_PROJECTS_BACKEND/${backend_bucket_projects}/" $i; done
333 cd 0-bootstrap
334 cat backend.tf
335 terraform init
336 terraform plan
337 cd ../..
338 echo ${cloudbuild_project_id}
339 gcloud source repos clone gcp-policies --project=${cloudbuild_project_id}
340 cd gcp-policies/
341 git checkout -b main
342 cp -RT ../terraform-example-foundation/policy-library/ .
344 git add .
345 git commit -m 'Initialize policy library repo'
347 git config --global user.name "Michael OBrien"
348 git commit -m 'Initialize policy library repo'
349 git push --set-upstream origin main
350 cd ..
351 gcloud source repos clone gcp-bootstrap --project=${cloudbuild_project_id}
352 cd gcp-bootstrap
353 git checkout -b plan
354 mkdir -p envs/shared
355 cp -RT ../terraform-example-foundation/0-bootstrap/ ./envs/shared
357 cp ../terraform-example-foundation/build/cloudbuild-tf-* .
358 cp ../terraform-example-foundation/build/tf-wrapper.sh .
359 chmod 755 ./tf-wrapper.sh
360 git add .
361 git commit -m 'Initialize bootstrap repo'
362 git push --set-upstream origin plan
363 cd ..
364 export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="terraform-example-foundation/0-bootstrap/" output -raw cloudbuild_project_id)
365 echo ${CLOUD_BUILD_PROJECT_ID}
366 gcloud source repos clone gcp-org --project=${CLOUD_BUILD_PROJECT_ID}
368 cd gcp-org
369 git checkout -b plan
370 cp -RT ../terraform-example-foundation/1-org/ .
371 cp ../terraform-example-foundation/build/cloudbuild-tf-* .
372 cp ../terraform-example-foundation/build/tf-wrapper.sh .
373 chmod 755 ./tf-wrapper.sh
374 mv ./envs/shared/terraform.example.tfvars ./envs/shared/terraform.tfvars
375 export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
376 gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
377 export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
378 echo $ORGANIZATION_ID
379 gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
384 export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
385 echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}"
386 export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
387 gcloud config set project tef-olapp
388 cd tef-olapp/github/terraform-example-foundation/1-org/
391 export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
392 export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
393 gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
395 cd ..
397 cd gcp-org/
398 export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
399 echo ORGANIZATION_ID
400 echo $ORGANIZATION_ID
401 gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
402 export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
403 echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}"
404 gcloud access-context-manager policies list --organization ${ORGANIZATION_ID}
405 export backend_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw gcs_bucket_tfstate)
406 echo "remote_state_bucket = ${backend_bucket}"
407 sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars
408 if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i'' -e "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi
411 git add .
413 git commit -m 'Initialize org repo'
414 git push --set-upstream origin plan
415 git checkout -b production
416 git push origin production
417 terraform --version
419 tfswitch
420 terraform --version
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
There are some use cases where the entire landing zone or one of the multi-tenant folder must be deleted. Most of these use cases are developer workflows where we repeatedly create/delete resources - more towards full integration testing.
This procedure is also required as part of a CI/CD full integration test - where the organization is reused.
Use Cases: UC1 - triaging/fixing failed deployments will require more than one LZ per org - like in https://github.com/terraform-google-modules/terraform-example-foundation/issues/1170