fmichaelobrien commented 2 years ago

using branch fmichaelobrien-pr-113 to review https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/pull/113

fmichaelobrien-macbookpro:pbmm-on-gcp-onboarding fmichaelobrien$ git fetch git@github.com:wrnu/pbmm-on-gcp-onboarding fix-naming-standard-module
remote: Enumerating objects: 15, done.
remote: Counting objects: 100% (15/15), done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 15 (delta 0), reused 8 (delta 0), pack-reused 0
Unpacking objects: 100% (15/15), 3.72 KiB | 181.00 KiB/s, done.
From github.com:wrnu/pbmm-on-gcp-onboarding
 * branch            fix-naming-standard-module -> FETCH_HEAD

 On branch fmichaelobrien-pr-113
Changes not staged for commit:
  (use "git add/rm <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
    deleted:    modules/naming-standard/configs/resource_naming_patterns.yaml
    modified:   modules/naming-standard/configs/storage/stg.tpl
    modified:   modules/naming-standard/configs/vpc/route.tpl
    modified:   modules/naming-standard/modules/common/gc_prefix/locals.tf
    modified:   modules/naming-standard/modules/common/name_generator/locals.tf
    deleted:    modules/naming-standard/modules/common/name_generator/main.tf

https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/commits/fmichaelobrien-pr-113

clone in shell

root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding$ git status
On branch main
Your branch is up to date with 'origin/main'.

nothing to commit, working tree clean
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding$ git checkout fmichaelobrien-pr-113
Branch 'fmichaelobrien-pr-113' set up to track remote branch 'fmichaelobrien-pr-113' from 'origin'.
Switched to a new branch 'fmichaelobrien-pr-113'
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding$ cat modules/naming-standard/configs/storage/stg.tpl
${gc_governance_prefix}${user_defined_string}

create landing-zone folder
create landing-zone-stg-cndev project
org: 959133349631
folder: 801543527825
project: landing-zone-stg-cndev

root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding$ gcloud config set project landing-zone-stg-cndev
Updated property [core/project].
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding (landing-zone-stg-cndev)$

2 billing accounts - derived the first OK as it was the one associated with the project
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding (landing-zone-stg-cndev)$ gcloud alpha billing projects describe landing-zone-stg-cndev '--format=value(billingAccountName)'

root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding (landing-zone-stg-cndev)$ ./writeids.sh -c fill -f 801543527825
Derived organization_id: 959133349631
Derived billing_id: 011691-49FFF5-903E43
replacing IDs: billing: 011691-49FFF5-903E43 organization: 959133349631 folder: 801543527825 from placeholders
environments/bootstrap/bootstrap.auto.tfvars pass - fill:true
environments/bootstrap/organization-config.auto.tfvars pass - fill:true
environments/common/common.auto.tfvars pass - fill:true
environments/nonprod/nonp-network.auto.tfvars pass - fill:true
environments/common/perimeter-network.auto.tfvars pass - fill:true
environments/prod/prod-network.auto.tfvars pass - fill:true

root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding (landing-zone-stg-cndev)$ git status
On branch fmichaelobrien-pr-113
Your branch is up to date with 'origin/fmichaelobrien-pr-113'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   environments/bootstrap/bootstrap.auto.tfvars
        modified:   environments/bootstrap/organization-config.auto.tfvars
        modified:   environments/common/common.auto.tfvars
        modified:   environments/common/perimeter-network.auto.tfvars
        modified:   environments/nonprod/nonp-network.auto.tfvars
        modified:   environments/prod/prod-network.auto.tfvars

manual mods

bootstrap.auto.tfvars

bootstrap = {
  userDefinedString           = "cndev" # REQUIRED EDIT Appended to project name/id ##needs to be lower case and min. 3 charaters
  additionalUserDefinedString = "sbx"
    terraformDeploymentAccount  = "terraform0627" # REQUIRED EDIT Name of a service account to be created (alphanumeric before the at sign) used to deploy the terraform code
  bootstrapEmail              = "user:root@cloudnuage.dev" # REQUIRED EDIT In the form of 'user:user@email.com
  region                      = "northamerica-northeast1" # REQUIRED EDIT Region name. northamerica-northeast1
  cloud_source_repo_name      = "cndevlzd" # REQUIRED EDIT CSR used as a mirror for code
        name = "cndevlzcom" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
    nonprod = {
      name = "cndevlznpd" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
    prod = {
      name = "cndevlzprd" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only

organization-config.auto.tfvars
organization_config = {
  default_region  = "northamerica-northeast1" # REQUIRED EDIT Cloudbuild Region
  department_code = "Cn" # REQUIRED EDIT Two Characters. Capitol and then lowercase 
  owner           = "cnd" # REQUIRED EDIT Used in naming standard
contacts = {
    "root@cloudnuage.dev" = ["ALL"] # REQUIRED EDIT Essential Contacts for notifications. Must be in the form EMAIL -> [NOTIFICATION_TYPES]

access_context_manager = { # REQUIRED OBJECT. VPC Service Controls object. 
  user_defined_string = "cnacm" # Optional EDIT.
audit = {                                  # REQUIRED OBJECT. Must include an audit object.

  additional_user_defined_string = "cnd"  
        bucket_name          = "auditcn"                     # REQUIRED EDIT. Must be globally unique, used for the audit bucket
      sink_name            = "cndcomsink1"                     # REQUIRED EDIT. Must be unique across organization
      bucket_viewer        = "user:root@cloudnuage.dev" # REQUIRED EDIT. 
guardrails = {
  user_defined_string = "guardrails04" # Optional EDIT. Must be unique. Defines the guardrails project form department_codeEnvironmente-owner-user_defined_string

perimeter-network.auto.tfvars
      network_name                           = "cnhaper" # REQUIRED EDIT - example: depthaper
      network_name                           = "cnmgmtper" # REQUIRED EDIT - example: deptmgmtper

 nonp-network.auto.tfvars
nonprod_host_net = {
  user_defined_string            = "cndev" # REQUIRED EDIT Used to create project name - must be globally unique in aggregate
  additional_user_defined_string = "np" # check total 61 char limit with this addition

full diff

root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding (landing-zone-stg-cndev)$ cat 20220627b_diff.txt
diff --git a/environments/bootstrap/bootstrap.auto.tfvars b/environments/bootstrap/bootstrap.auto.tfvars
index d0319bb..8a335be 100644
--- a/environments/bootstrap/bootstrap.auto.tfvars
+++ b/environments/bootstrap/bootstrap.auto.tfvars
@@ -12,16 +12,16 @@
 #

 bootstrap = {
-  userDefinedString           = "" # REQUIRED EDIT Appended to project name/id ##needs to be lower case and min. 3 charaters
-  additionalUserDefinedString = "" # OPTIONAL EDIT Additional appended string
-  billingAccount              = "REPLACE_WITH_BILLING_ID" # REQUIRED EDIT Billing Account in the format of ######-######-######
+  userDefinedString           = "cndev" # REQUIRED EDIT Appended to project name/id ##needs to be lower case and min. 3 charaters
+  additionalUserDefinedString = "sbx" # OPTIONAL EDIT Additional appended string
+  billingAccount              = "011691-49FFF5-903E43" # REQUIRED EDIT Billing Account in the format of ######-######-######
   # switch out root_node depending on whether you are running directly off the organization or a folder
-  #parent                      = "organizations/REPLACE_ORGANIZATION_ID" # REQUIRED EDIT Node in format "organizations/#############" or "folders/#############"
-  parent                      = "folders/REPLACE_FOLDER_ID" # REQUIRED EDIT Node in format "organizations/#############" or "folders/#############"
-  terraformDeploymentAccount  = "" # REQUIRED EDIT Name of a service account to be created (alphanumeric before the at sign) used to deploy the terraform code
-  bootstrapEmail              = "user:" # REQUIRED EDIT In the form of 'user:user@email.com
+  #parent                      = "organizations/959133349631" # REQUIRED EDIT Node in format "organizations/#############" or "folders/#############"
+  parent                      = "folders/801543527825" # REQUIRED EDIT Node in format "organizations/#############" or "folders/#############"
+  terraformDeploymentAccount  = "terraform0627" # REQUIRED EDIT Name of a service account to be created (alphanumeric before the at sign) used to deploy the terraform code
+  bootstrapEmail              = "user:root@cloudnuage.dev" # REQUIRED EDIT In the form of 'user:user@email.com
   region                      = "northamerica-northeast1" # REQUIRED EDIT Region name. northamerica-northeast1
-  cloud_source_repo_name      = "" # REQUIRED EDIT CSR used as a mirror for code
+  cloud_source_repo_name      = "cndevlzd" # REQUIRED EDIT CSR used as a mirror for code
   projectServices = [
     "cloudbilling.googleapis.com",
     "serviceusage.googleapis.com",
@@ -34,21 +34,21 @@ bootstrap = {
   ]
   tfstate_buckets = {
     common = {
-      name = "" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
+      name = "cndevlzcom" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
       labels = {
       }
       storage_class = "STANDARD"
       force_destroy = true
     },
     nonprod = {
-      name = "" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
+      name = "cndevlznpd" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
       labels = {
       }
       force_destroy = true
       storage_class = "STANDARD"
     },
     prod = {
-      name = "" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
+      name = "cndevlzprd" # REQUIRED EDIT Must be globally unique, lower case letters and numbers only
       labels = {
       }
       force_destroy = true
@@ -58,10 +58,10 @@ bootstrap = {
 }
 # Cloud Build
 cloud_build_admins = [
-  "user:user@google.com", # REQUIRED EDIT user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
+  "user:root@cloudnuage.dev", # REQUIRED EDIT user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
 ]
 group_build_viewers = [
-  "user:user@google.com", # REQUIRED EDIT user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
+  "user:root@cloudnuage.dev", # REQUIRED EDIT user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
 ]

 #cloud_build_user_defined_string = ""
diff --git a/environments/bootstrap/organization-config.auto.tfvars b/environments/bootstrap/organization-config.auto.tfvars
index 53c855d..f2ac3c5 100644
--- a/environments/bootstrap/organization-config.auto.tfvars
+++ b/environments/bootstrap/organization-config.auto.tfvars
@@ -5,20 +5,20 @@
 */

 organization_config = {
-  org_id          = "REPLACE_ORGANIZATION_ID" # REQUIRED EDIT Numeric portion only '#############'"
-  default_region  = "" # REQUIRED EDIT Cloudbuild Region
-  department_code = "" # REQUIRED EDIT Two Characters. Capitol and then lowercase
-  owner           = "" # REQUIRED EDIT Used in naming standard
+  org_id          = "959133349631" # REQUIRED EDIT Numeric portion only '#############'"
+  default_region  = "northamerica-northeast1" # REQUIRED EDIT Cloudbuild Region
+  department_code = "Cn" # REQUIRED EDIT Two Characters. Capitol and then lowercase
+  owner           = "cnd" # REQUIRED EDIT Used in naming standard
   environment     = "P" # REQUIRED EDIT S-Sandbox P-Production Q-Quality D-development
   location        = "northamerica-northeast1" # REQUIRED EDIT Location used for resources. Currently northamerica-northeast1 is available
   labels          = {} # REQUIRED EDIT Object used for resource labels
   # switch out root_node depending on whether you are running directly off the organization or a folder
-  #root_node       = "organizations/REPLACE_ORGANIZATION_ID" # REQUIRED EDIT format "organizations/#############" or "folders/#############"
-  root_node       = "folders/REPLACE_FOLDER_ID" # REQUIRED EDIT format "organizations/#############" or "folders/#############"
+  #root_node       = "organizations/959133349631" # REQUIRED EDIT format "organizations/#############" or "folders/#############"
+  root_node       = "folders/801543527825" # REQUIRED EDIT format "organizations/#############" or "folders/#############"

   contacts = {
-    "user@email.com" = ["ALL"] # REQUIRED EDIT Essential Contacts for notifications. Must be in the form EMAIL -> [NOTIFICATION_TYPES]
+    "root@cloudnuage.dev" = ["ALL"] # REQUIRED EDIT Essential Contacts for notifications. Must be in the form EMAIL -> [NOTIFICATION_TYPES]
   }
-  billing_account = "REPLACE_WITH_BILLING_ID" # REQUIRED EDIT Format of ######-######-######
+  billing_account = "011691-49FFF5-903E43" # REQUIRED EDIT Format of ######-######-######
 }

diff --git a/environments/common/common.auto.tfvars b/environments/common/common.auto.tfvars
index 0275028..da5d831 100644
--- a/environments/common/common.auto.tfvars
+++ b/environments/common/common.auto.tfvars
@@ -18,8 +18,8 @@ org_policies = {
 }
 folders = {
    # switch out parent depending on whether you are running directly off the organization or a folder
-  #parent = "organizations/REPLACE_ORGANIZATION_ID" #REQUIRED Edit, format "organizations/#############" or "folders/#############"
-  parent = "folders/REPLACE_FOLDER_ID" #REQUIRED Edit, format "organizations/#############" or "folders/#############"
+  #parent = "organizations/959133349631" #REQUIRED Edit, format "organizations/#############" or "folders/#############"
+  parent = "folders/801543527825" #REQUIRED Edit, format "organizations/#############" or "folders/#############"
   names  = ["Infrastructure", "Sandbox", "Workloads", "Audit and Security", "Automation", "Shared Services"] # Production, NonProduction and Platform are included in the module
   subfolders_1 = {
     SharedInfrastructure = "Infrastructure"
@@ -40,34 +40,34 @@ folders = {
 access_context_manager = { # REQUIRED OBJECT. VPC Service Controls object.
   policy_name         = "" # OPTIONAL EDIT. If null, will be generated by module. Only used when creating new policy.
   policy_id           = "" # OPTIONAL EDIT. Only used when previously existing. Includes subsequent runs
-  user_defined_string = "acm" # Optional EDIT.
+  user_defined_string = "cnacm" # Optional EDIT.
   access_level        = {} # leave empty for testing
 }

 audit = {                                  # REQUIRED OBJECT. Must include an audit object.
   user_defined_string            = "audit" # REQUIRED EDIT. Must be globally unique, used for the audit project
-  additional_user_defined_string = ""      # OPTIONAL EDIT. Optionally append a value to the end of the user defined string.
-  billing_account                = "REPLACE_WITH_BILLING_ID"      # REQUIRED EDIT. Define the audit billing account
+  additional_user_defined_string = "cnd"      # OPTIONAL EDIT. Optionally append a value to the end of the user defined string.
+  billing_account                = "011691-49FFF5-903E43"      # REQUIRED EDIT. Define the audit billing account
   audit_streams = {
     prod = {
-      bucket_name          = ""                     # REQUIRED EDIT. Must be globally unique, used for the audit bucket
+      bucket_name          = "auditcn"                     # REQUIRED EDIT. Must be globally unique, used for the audit bucket
       is_locked            = false                  # OPTIONAL EDIT. Required value as it cannot be left null.
       bucket_force_destroy = true                   # OPTIONAL EDIT. Required value as it cannot be left null.
       bucket_storage_class = "STANDARD"             # OPTIONAL EDIT. Required value as it cannot be left null.
       labels               = {}                     # OPTIONAL EDIT.
-      sink_name            = ""                     # REQUIRED EDIT. Must be unique across organization
+      sink_name            = "cndcomsink1"                     # REQUIRED EDIT. Must be unique across organization
       description          = "Org Sink"             # OPTIONAL EDIT. Required value as it cannot be left null.
       filter               = "severity >= WARNING"  # OPTIONAL EDIT. Required value as it cannot be left null.
       retention_period     = 1                      # OPTIONAL EDIT. Required value as it cannot be left null.
-      bucket_viewer        = "user:user@google.com" # REQUIRED EDIT.
+      bucket_viewer        = "user:root@cloudnuage.dev" # REQUIRED EDIT.
     }
   }
   audit_lables = {}
 }

-audit_project_iam = [ #REQUIRED EDIT. At leave one object is required. The member cannot be the same for multiple objects.
+audit_project_iam = [ #REQUIRED EDIT. At least one object is required. The member cannot be the same for multiple objects.
   {
-    member = "user:group@test.domain.net" #REQUIRED EDIT
+    member = "user:root@cloudnuage.dev" #REQUIRED EDIT
     #project = module.project.project_id  #(will be added during deployment using local var)
     roles = [
       "roles/viewer",
@@ -85,7 +85,7 @@ audit_project_iam = [ #REQUIRED EDIT. At leave one object is required. The membe

 folder_iam = [
   {
-    member = "group:group@test.domain.net" # REQUIRED EDIT. user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
+    member = "user:root@cloudnuage.dev" # REQUIRED EDIT. user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
     #folder = module.core-folders.folders_map_1_level["Audit"].id #(will be added during deployment using local var)
     audit_folder_name = "Audit" # REQUIRED EDIT. Name of the Audit folder previously defined.
     roles = [
@@ -97,8 +97,8 @@ folder_iam = [

 organization_iam = [
   {
-    member       = "group:group@test.domain.net" # REQUIRED EDIT. user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
-    organization = "REPLACE_ORGANIZATION_ID" #Insert your Ord ID here, format ############
+    member       = "user:root@cloudnuage.dev" # REQUIRED EDIT. user:user@google.com, group:users@google.com,serviceAccount:robot@PROJECT.iam.gserviceaccount.com
+    organization = "959133349631" #Insert your Ord ID here, format ############
     roles = [
       "roles/viewer",
     ]
@@ -106,8 +106,8 @@ organization_iam = [
 ]

 guardrails = {
-  user_defined_string = "guardrails" # Optional EDIT. Must be unique. Defines the guardrails project
-  billing_account     = "REPLACE_WITH_BILLING_ID" # REQUIRED EDIT. Billing Account in the format of ######-######-######
+  user_defined_string = "guardrails04" # Optional EDIT. Must be unique. Defines the guardrails project form department_codeEnvironmente-owner-user_defined_string
+  billing_account     = "011691-49FFF5-903E43" # REQUIRED EDIT. Billing Account in the format of ######-######-######
   org_id_scan_list = [     # REQUIRED EDIT. Organization Id list for service account to have cloud asset viewer permission
   ]
   org_client = false #Set to true if deploying remote client landing zone.  Otherwise set to false if deploying for core organization landing zone.
diff --git a/environments/common/perimeter-network.auto.tfvars b/environments/common/perimeter-network.auto.tfvars
index 26d857a..84df05a 100644
--- a/environments/common/perimeter-network.auto.tfvars
+++ b/environments/common/perimeter-network.auto.tfvars
@@ -5,14 +5,14 @@
 */

 public_perimeter_net = {
-  user_defined_string            = "prd" # must be globally unique
-  additional_user_defined_string = "perim" # check 61 char aggregate limit
-  billing_account                = "REPLACE_WITH_BILLING_ID" #####-#####-#####
+  user_defined_string            = "prd" # REQUIRED EDIT must contribute to being globally unique
+  additional_user_defined_string = "perim" # OPTIONAL EDIT check 61 char aggregate limit
+  billing_account                = "011691-49FFF5-903E43" #####-#####-#####
   services                       = ["logging.googleapis.com"]
   labels                         = {}
   networks = [
     {
-      network_name                           = "pubperimvpc" #Optional Edit
+      network_name                           = "cnpubpervpc" # Optional Edit
       description                            = "The Public Perimeter VPC"
       routing_mode                           = "GLOBAL"
       shared_vpc_host                        = false
@@ -22,8 +22,8 @@ public_perimeter_net = {
       peer_network                           = "" # Production VPC Name
       subnets = [
         {
-          subnet_name           = "public"
-          subnet_ip             = "10.10.0.0/26" #Recommended Edit
+          subnet_name           = "publiccn" # Optional edit
+          subnet_ip             = "10.10.0.0/26" # Recommended Edit
           subnet_region         = "northamerica-northeast1"
           subnet_private_access = true
           subnet_flow_logs      = true
@@ -41,13 +41,13 @@ public_perimeter_net = {
   ]
 }
 private_perimeter_net = {
-  user_defined_string            = "prod" # must be globally unique
-  additional_user_defined_string = "perim" # check 61 char aggregate limit
-  billing_account                = "REPLACE_WITH_BILLING_ID" #####-#####-#####
+  user_defined_string            = "cnprd" # must be globally unique
+  additional_user_defined_string = "priper" # check 61 char aggregate limit
+  billing_account                = "011691-49FFF5-903E43" #####-#####-#####
   services                       = ["logging.googleapis.com"]
   networks = [
     {
-      network_name                           = "privperimvpc" #Optional Edit
+      network_name                           = "privpervpc" #Optional Edit
       description                            = "The Private Perimeter VPC"
       routing_mode                           = "GLOBAL"
       shared_vpc_host                        = false
@@ -57,7 +57,7 @@ private_perimeter_net = {
       peer_network                           = "" # Production VPC Name
       subnets = [
         {
-          subnet_name           = "private"
+          subnet_name           = "privcn"
           subnet_ip             = "10.10.0.64/26" #Recommended Edit
           subnet_region         = "northamerica-northeast1"
           subnet_private_access = true
@@ -78,11 +78,11 @@ private_perimeter_net = {
 ha_perimeter_net = {
   user_defined_string            = "prod" # must be globally unique
   additional_user_defined_string = "perim" # check 61 char agreggate limit
-  billing_account                = "REPLACE_WITH_BILLING_ID" #####-#####-#####
+  billing_account                = "011691-49FFF5-903E43" #####-#####-#####
   services                       = ["logging.googleapis.com"]
   networks = [
     {
-      network_name                           = "<ha-perimeter-vpc-name>"
+      network_name                           = "cnhaper" # REQUIRED EDIT - example: depthaper
       description                            = "The Perimeter VPC"
       routing_mode                           = "GLOBAL"
       shared_vpc_host                        = false
@@ -114,11 +114,11 @@ ha_perimeter_net = {
 management_perimeter_net = {
   user_defined_string            = "prod" # must be globally unique
   additional_user_defined_string = "perim" # check 61 char aggregate limit
-  billing_account                = "REPLACE_WITH_BILLING_ID" #####-#####-#####
+  billing_account                = "011691-49FFF5-903E43" #####-#####-#####
   services                       = ["logging.googleapis.com"]
   networks = [
     {
-      network_name                           = "<management-perimeter-vpc-name>"
+      network_name                           = "cnmgmtper" # REQUIRED EDIT - example: deptmgmtper
       description                            = "The Perimeter VPC"
       routing_mode                           = "GLOBAL"
       shared_vpc_host                        = false
@@ -128,7 +128,7 @@ management_perimeter_net = {
       peer_network                           = "" # Production VPC Name
       subnets = [
         {
-          subnet_name           = "management"
+          subnet_name           = "cnmanagement"
           subnet_ip             = "10.10.0.192/26"
           subnet_region         = "northamerica-northeast1"
           subnet_private_access = true
diff --git a/environments/nonprod/nonp-network.auto.tfvars b/environments/nonprod/nonp-network.auto.tfvars
index 92cc432..05697c6 100644
--- a/environments/nonprod/nonp-network.auto.tfvars
+++ b/environments/nonprod/nonp-network.auto.tfvars
@@ -5,13 +5,27 @@
 */

 nonprod_host_net = {
-  user_defined_string            = "" # Used to create project name - must be globally unique in aggregate
-  additional_user_defined_string = "" # check total 61 char limit with this addition
-  billing_account                = "REPLACE_WITH_BILLING_ID" #"######-######-######"
-  services                       = ["logging.googleapis.com" , "dns.googleapis.com"]
+  user_defined_string            = "cndev" # REQUIRED EDIT Used to create project name - must be globally unique in aggregate
+  additional_user_defined_string = "np" # check total 61 char limit with this addition
+  billing_account                = "011691-49FFF5-903E43" #"######-######-######"
+  #services                       = ["logging.googleapis.com" , "dns.googleapis.com"]
+  # 20220627
+  services                       = [
+                                    "logging.googleapis.com",
+                                    "dns.googleapis.com",
+                                    "cloudbuild.googleapis.com",
+                                    "dataflow.googleapis.com",
+                                    "cloudfunctions.googleapis.com",
+                                    "compute.googleapis.com",
+                                    "pubsub.googleapis.com",
+                                    "bigquery.googleapis.com",
+                                    "servicenetworking.googleapis.com",
+                                    "networkmanagement.googleapis.com",
+                                    "sqladmin.googleapis.com"
+                                    ]
   networks = [
     {
-      network_name                           = "nonprod-sharedvpc"
+      network_name                           = "nprod-sharedvpc"
       description                            = "The Non-Production Shared VPC"
       routing_mode                           = "GLOBAL"
       shared_vpc_host                        = true
@@ -24,7 +38,7 @@ nonprod_host_net = {
       mtu                                    = 0
       subnets = [
         {
-          subnet_name           = "subnet01"
+          subnet_name           = "nprodsubnet01"
           subnet_ip             = "10.10.20.0/24"
           subnet_region         = "northamerica-northeast1"
           subnet_private_access = true
diff --git a/environments/prod/prod-network.auto.tfvars b/environments/prod/prod-network.auto.tfvars
index 42deadd..ee76307 100644
--- a/environments/prod/prod-network.auto.tfvars
+++ b/environments/prod/prod-network.auto.tfvars
@@ -5,13 +5,13 @@
 */

 prod_host_net = {
-  user_defined_string            = "prod" # Must be globally unique. Used to create project name
-  additional_user_defined_string = "host1"
-  billing_account                = "REPLACE_WITH_BILLING_ID" ######-######-###### # required
+  user_defined_string            = "cnprod" # Must be globally unique. Used to create project name
+  additional_user_defined_string = "host2"
+  billing_account                = "011691-49FFF5-903E43" ######-######-###### # required
   services                       = ["logging.googleapis.com"]
   networks = [
     {
-      network_name                           = "prod-sharedvpc"
+      network_name                           = "prod-shvpc"
       description                            = "The Production Shared VPC"
       routing_mode                           = "GLOBAL"
       shared_vpc_host                        = true
@@ -20,15 +20,16 @@ prod_host_net = {
       peer_project                           = ""
       peer_network                           = ""
       export_peer_custom_routes              = false
-      export_local_custom_routes             = false
-      mtu                                    = 0
+      #export_peer_custom_routes              = true # in obs
+      export_local_custom_routes             = false # commented in obs
+      mtu                                    = 0 # commented in obs
       subnets = [
         {
           subnet_name           = "subnet01"
           subnet_ip             = "10.10.20.0/24"
           subnet_region         = "northamerica-northeast1"
           subnet_private_access = true
-          description           = "This subnet has a description"
+          description           = "This subnet used by the shared infrastructure project"
           log_config = {
             aggregation_interval = "INTERVAL_5_SEC"
             flow_sampling        = 0.5

        modified:   environments/bootstrap/bootstrap.auto.tfvars
        modified:   environments/bootstrap/organization-config.auto.tfvars
        modified:   environments/common/common.auto.tfvars
        modified:   environments/common/perimeter-network.auto.tfvars
        modified:   environments/nonprod/nonp-network.auto.tfvars
        modified:   environments/prod/prod-network.auto.tfvars

see https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/27

root user has folder admin, org admin, owner only

no service account token creator

running 0836


root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ ./bootstrap.sh run
User: root@cloudnuage.dev
Domain: cloudnuage.dev
Is this is user and domain of the organization you want to deploy to? (y/n)
>  y

Saved the plan to: launchpad.2022-06-28.1206.plan

To perform exactly these actions, run the following command to apply: terraform apply "launchpad.2022-06-28.1206.plan" Please confirm that you have reviewed the plan and wish to apply it. Type 'yes' to proceed

INFO - Applying Terraform plan module.landing_zone_bootstrap.module.project.google_project.project: Creating... module.landing_zone_bootstrap.module.project.google_project.project: Still creating... [10s elapsed]

module.landing_zone_bootstrap.module.project.google_project.project: Still creating... [2m50s elapsed] module.landing_zone_bootstrap.module.project.google_project.project: Creation complete after 2m50s [id=projects/cnpe-cnd-cndev-sbx]

843 INFO - Committing code to CSR Specify your git config email

Writing objects: 100% (597/597), 2.55 MiB | 8.79 MiB/s, done. Total 597 (delta 225), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (225/225) To https://source.developers.google.com/p/cnpe-cnd-cndev-sbx/r/cndevlzd

[new branch] main -> main INFO - Code pushed to CSR root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$

Check CSR and Cloud Build - it is normal that all fail except the docker build job - dependencies were not met - all jobs ran at the same time.
<img width="1435" alt="Screen Shot 2022-06-28 at 8 47 22 AM" src="https://user-images.githubusercontent.com/94715080/176182119-1f7a78ef-6dfc-4a8b-be97-e8fbf183747b.png">

# push bootstrap, common, non-prod, prod CSR changes to kick in builds

oot_@cloudshell:~/cloudshellopen/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git add ../common/common.auto.tfvars root@cloudshell:~/cloudshellopen/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git commit -m "push initial cloud builds - common" [main b8677a6] push initial cloud builds - common 1 file changed, 1 insertion(+) root@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git push csr main

fmichaelobrien commented 2 years ago

Test changes later for additional services on nonprod check prod also

 #services                       = ["logging.googleapis.com" , "dns.googleapis.com"]
  services                       = [
                                    "logging.googleapis.com",
                                    "dns.googleapis.com", 
                                    "cloudbuild.googleapis.com",
                                    "dataflow.googleapis.com",
                                    "cloudfunctions.googleapis.com",
                                    "compute.googleapis.com",
                                    "pubsub.googleapis.com",
                                    "bigquery.googleapis.com",
                                    "servicenetworking.googleapis.com",
                                    "networkmanagement.googleapis.com",
                                    "sqladmin.googleapis.com"
                                    ]

fmichaelobrien commented 2 years ago

Expected billing quota 5 hit on common - switching to 2nd billing account for now

https://console.cloud.google.com/cloud-build/builds;region=global/e36684be-10b4-40cb-8c48-e89b8aa17ed0?project=cnpe-cnd-cndev-sbx&supportedpurview=project

Step #3 - "tf apply": │ Error: Error setting billing account "011691-49FFF5-903E43" for project "projects/cnpe-cnd-audit-cnd": googleapi: Error 400: Precondition check failed.
Step #3 - "tf apply": │ Details:
Step #3 - "tf apply": │ [
Step #3 - "tf apply": │   {
Step #3 - "tf apply": │     "@type": "type.googleapis.com/google.rpc.QuotaFailure",
Step #3 - "tf apply": │     "violations": [
Step #3 - "tf apply": │       {
Step #3 - "tf apply": │         "description": "Cloud billing quota exceeded: https://support.google.com/code/contact/billing_quota_increase",
Step #3 - "tf apply": │         "subject": "billingAccounts/011691-49FFF5-903E43"

https://support.google.com/code/contact/billing_quota_increase

3 min as expected

d if you select "paid services"

continuing... https://console.cloud.google.com/cloud-build/builds;region=global/2ed8bc68-3fe6-4ad4-8fcd-00a276759b9a?project=cnpe-cnd-cndev-sbx&supportedpurview=project

Step #2 - "tf plan": Plan: 23 to add, 1 to change, 2 to destroy.

Step #3 - "tf apply": │ Error: error creating project cnpe-cnd-audit-cnd (CnPe-cnd-audit-cnd): googleapi: Error 409: Requested entity already exists, alreadyExists. If you received a 403 error, make sure you have the `roles/resourcemanager.projectCreator` permission

flipping name for audit
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git diff
diff --git a/environments/common/common.auto.tfvars b/environments/common/common.auto.tfvars
index 0cf9362..325293c 100644
--- a/environments/common/common.auto.tfvars
+++ b/environments/common/common.auto.tfvars
@@ -47,7 +47,7 @@ access_context_manager = { # REQUIRED OBJECT. VPC Service Controls object.

 audit = {                                  # REQUIRED OBJECT. Must include an audit object.
   user_defined_string            = "audit" # REQUIRED EDIT. Must be globally unique, used for the audit project
-  additional_user_defined_string = "cnd"      # OPTIONAL EDIT. Optionally append a value to the end of the user defined string.
+  additional_user_defined_string = "cne"      # OPTIONAL EDIT. Optionally append a value to the end of the user defined string.

fixed - common OK

running non-prod and prod using diff

root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git diff
diff --git a/environments/nonprod/nonp-network.auto.tfvars b/environments/nonprod/nonp-network.auto.tfvars
index 05697c6..c65b37d 100644
--- a/environments/nonprod/nonp-network.auto.tfvars
+++ b/environments/nonprod/nonp-network.auto.tfvars
@@ -4,6 +4,7 @@
  * subject to your agreement with Google.
 */

+
 nonprod_host_net = {

https://console.cloud.google.com/cloud-build/builds;region=global/c326476e-ba9f-44e9-9a72-e12828c682ff?project=cnpe-cnd-cndev-sbx&supportedpurview=project

deploy prod

root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git push csr main
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 4 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 493 bytes | 493.00 KiB/s, done.
Total 5 (delta 3), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (3/3)
To https://source.developers.google.com/p/cnpe-cnd-cndev-sbx/r/cndevlzd
   a5eb87f..12e0c17  main -> main
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git diff
diff --git a/environments/prod/prod-network.auto.tfvars b/environments/prod/prod-network.auto.tfvars
index ee76307..a20c069 100644
--- a/environments/prod/prod-network.auto.tfvars
+++ b/environments/prod/prod-network.auto.tfvars
@@ -4,6 +4,7 @@
  * subject to your agreement with Google.
 */

+
 prod_host_net = {
   user_defined_string            = "cnprod" # Must be globally unique. Used to create project name
   additional_user_defined_string = "host2"
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git status
On branch main
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   ../prod/prod-network.auto.tfvars

no changes added to commit (use "git add" and/or "git commit -a")
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git add ../prod/prod-network.auto.tfvars
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git commit -m "push prod change for trigger"
[main 6c81699] push prod change for trigger
 1 file changed, 1 insertion(+)
root_@cloudshell:~/cloudshell_open/pbmm-on-gcp-onboarding/environments/bootstrap (landing-zone-stg-cndev)$ git push csr main
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 4 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 416 bytes | 416.00 KiB/s, done.
Total 5 (delta 4), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (4/4)
To https://source.developers.google.com/p/cnpe-cnd-cndev-sbx/r/cndevlzd
   12e0c17..6c81699  main -> main

fmichaelobrien commented 2 years ago

merged https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/pull/113

GoogleCloudPlatform / pbmm-on-gcp-onboarding

review/deploy naming standard changes in PR 113 #97

clone in shell

manual mods

running 0836

fixed - common OK

running non-prod and prod using diff

deploy prod