Ask: Document process for common tasks

[jburos]

TL;DR

I'm relatively new to devops and trying to learn from this example. The doc is great (and very useful) for setting up the environment, but once it's set up I am at a loss re: how to accomplish a common task. I'm thinking along the lines of a "runbook" for using this setup.

Some examples:

• Create a new project
• Grant a user permissions in an existing project
• Grant a user permissions to administrate gcp-projects repo
• Modify constraints on a project
• Reviewing access logs
• etc.

Terraform Resources

No response

Detailed design

Some other considerations:

1. Common maintenance tasks
    - For example, for my JS apps, I have a scheduled maintenance task to  periodically update the code to the latest versions. Is there an analog for terraform & related modules? I find the APIs do change over time.

Additional information

If this exists already and I have missed it, apologies. A link to examples would be appreciated.

[eeaton]

Thanks for the feedback. It's a fair point that the amount of understanding needed to operate the blueprint is non-trivial, spanning GCP features, and devops practices, and some of the specific design choices of this blueprint. I'll add this to the backlog to try to better document in the next major release.

If you haven't seen it already, the accompanying guide https://cloud.google.com/architecture/security-foundations/deployment-methodology has some high-level explanation of how to customize and make future changes to the code in our recommended DevOps flow. Doesn't address some of the tasks you mention, but it might be a good place to start.

[jburos]

Thank you sincerely, this and the link are both helpful.