fix: Add roles and service enablements to bootstrap project

[obriensystems]

Overview

This PR is an initial canary PR that addresses a couple minor service enablement and IAM role requirements during the 0-bootstrap and 1-org subsections that occurred on a clean GCP organization when following the readme instructions deploying the landing zone. We as a team would like to also determine the formal process ( #1179 ) around PR submission as we add more ER or Bug PRs while we bring up the as-is TEF deployment for future additional functionality

see testing in https://github.com/terraform-google-modules/terraform-example-foundation/issues/1133 specifically

https://github.com/terraform-google-modules/terraform-example-foundation/issues/1136 https://github.com/terraform-google-modules/terraform-example-foundation/issues/1139 https://github.com/terraform-google-modules/terraform-example-foundation/issues/1140 https://github.com/terraform-google-modules/terraform-example-foundation/issues/1142 https://github.com/terraform-google-modules/terraform-example-foundation/issues/1143 https://github.com/terraform-google-modules/terraform-example-foundation/issues/1161

Guidance

This first PR is a preliminary fix for service enablements and roles required during bootstrap of the TEF deployment. Later in #1144 the readme instructions will be added to a bootstrap.sh script

[fmichaelobrien]

Going through PR approval procedures to the readme in https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/CONTRIBUTING.md

specifically how to request review time from the https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/CODEOWNERS

reference: #1179

[fmichaelobrien]

Merge in group creation fixes in https://github.com/CloudLandingZone/terraform-example-foundation/compare/gh1133-bootstrap-1136...terraform-google-modules%3Aterraform-example-foundation%3Amaster from #1174 via https://github.com/terraform-google-modules/terraform-example-foundation/commit/dd6c09ccc73dc13abf989c511caf73094ecf5d11 to https://github.com/CloudLandingZone/terraform-example-foundation/tree/gh1133-bootstrap-1136

[fmichaelobrien]

Team, let me know what else needs to be provided in this initial PR to get it merged.

I am working on behalf of 2 Canadian Government organizations (one Federal, one Provincial) wishing to directly use and contribute to the TEF as a default GCP LZ

[fmichaelobrien]

Lint ran - fixing whitespace issues in another commit https://github.com/terraform-google-modules/terraform-example-foundation/actions/runs/8557468090/job/23449822771?pr=1175

./0-bootstrap/README.md:91:     ``` 
./0-bootstrap/README.md:99:     ```  
Error: Trailing whitespace found in the lines above.
Error: The following tests have failed: check_whitespace

[fmichaelobrien]

stale bot timer restart - https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/.github/workflows/stale.yml#L21

[obriensystems]

I'll raise in a separate PR but 3-networks-hub-and-spoke also needs the compute.orgSecurityPolicyAdmin or User or more recently compute.orgFirewallPolicyAdmin IAM role on the super admin to be able to view Hierarchical Firewall Policies created under the common branch

https://cloud.google.com/firewall/docs/firewall-policies#iam https://cloud.google.com/compute/docs/access/iam#compute.orgFirewallPolicyAdmin

As well as compute api on bootstrap project in step 11 of 3-networks-hub-and-spoke

michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ gcloud services enable compute.googleapis.com
Operation "operations/acf.p2-438381210056-2415ed08-fad8-4333-8c8e-1017881efb60" finished successfully.

tested entire 3-networks-hub-and-spoke with these changes including the hierarchical firewall policy retry rename procedure

[eeaton]

Thanks for the submission, for the additional roles are LGTM. Can you re-sync the branch?

[obriensystems]

sounds good, there are additional sections in the gitlab, github, jenkins build variants that i will separately test/pr later. i will rebase this branch for the CB/CSR default..

[fmichaelobrien]

main branch merged - waiting on "lint" task report...

[fmichaelobrien]

Thank you TEF team - we really appreciate this initial PR!!! We will be moving over select changes from our fork over the next 4-8 weeks that benefit the wider TEF community.