Clean up terraform

[aablsk]

Describe request or inquiry

bring terraform example up to best practice standard

What purpose/environment will this feature serve?

[palladius]

I can't say I can move current code to "BPS" but I can do some incremental improvements.

1. Now working on a simple refactoring of your terraform.tfvars to a terraform.tfvars.dist so we can all change the project_id without having to EDIT committed stuff.
2. Next step is to move TFSTATE to GCS bucket (which can't be created with TF for circularity so it requires some shell script of sort).

I've addressed 1. in 67e24dd75b2580472fe64ecf0ad3e98b722963d6

[palladius]

Fixed the GCS TFSTATE in a script. Tell me if its too complicated.

e1fb170b360172e65edee785aef55d5e8ed0997b

[aablsk]

Some feedback I received: "set -eou pipefail" "You can do simpler. Set a working terraform template, leave commented the GCS bucket part for state. That stuff is optional, if not used then the state will be saved locally, which is ok." "Move the script to bin/ folder, if needed. This folder should be just terraform files and README.md, if possible." "gcloud auth application-default login" is not something I would recommend. Better use a service account, ..."

main.tf: "Break into parts by topics" "Add descriptions to vars" "BTW your life will be easier with Terraform if you create the service accounts that you want to use instead of using default SAs. This is the kind of stuff that manually is hard, but Terraform makes easy"

[aablsk]

Use https://github.com/GoogleCloudPlatform/terraform-google-secure-cicd/tree/main/examples/app_cicd as inspiration

Look into feedback from icoloma@

[aablsk]

First version of refactor is now available. Next step is to use the Cloud Foundation Toolkit components instead of plain terraform.