Commit 45be8e5a authored by Kenny Moore's avatar Kenny Moore
Browse files

Merge branch 'update_tf_0.14' into 'master'

Create billing subaccounts with Terraform

See merge request !2
parents 5eb663b8 3069b26c
......@@ -37,7 +37,7 @@ module "audit" {
count = var.division == "hipaa" ? 1: 0
source = "./modules/terraform-google-gcp-at-um-customer-audit/"
division = var.division
billing_id = var.billing_account_id # REPLACE once billing resource pull request complete
billing_id = google_billing_subaccount.customer_subaccount.billing_account_id
folder_id = google_folder.customer_folder.id
mcomm_group_email = var.mcomm_group_email
database_function_url = local.database_function_url[var.environment]
......@@ -172,31 +172,31 @@ resource "null_resource" "customer_database" {
// Need to make a customer Git repo
# resource "google_billing_subaccount" "customer_subaccount" {
# display_name = "${local.short_mcomm}"
# master_billing_account = local.master_billing_account_id[var.environment]
# rename_on_destroy = true
# }
# resource "google_billing_account_iam_policy" "customer_billing_account_policy" {
# billing_account_id = google_billing_subaccount.customer_subaccount.billing_account_id
# policy_data = data.google_iam_policy.customer_billing_account_policy.policy_data
# }
# data "google_iam_policy" "customer_billing_account_policy" {
# binding {
# role = "roles/billing.user"
# members = [
# "user:${google_service_account.customer_service_account.name}",
# ]
# }
# binding {
# role = "organizations/715302536254/roles/UM_billingUser"
# members = [
# "group:${var.mcomm_group_email}",
# ]
# }
# }
resource "google_billing_subaccount" "customer_subaccount" {
display_name = "${local.short_mcomm}"
master_billing_account = local.master_billing_account_id[var.environment]
deletion_policy = "RENAME_ON_DESTROY"
}
resource "google_billing_account_iam_policy" "customer_billing_account_policy" {
billing_account_id = google_billing_subaccount.customer_subaccount.billing_account_id
policy_data = data.google_iam_policy.customer_billing_account_policy.policy_data
}
data "google_iam_policy" "customer_billing_account_policy" {
binding {
role = "roles/billing.user"
members = [
"user:${google_service_account.customer_service_account.name}",
]
}
binding {
role = "organizations/715302536254/roles/UM_billingUser"
members = [
"group:${var.mcomm_group_email}",
]
}
}
terraform {
required_providers {
google = {
source = "hashicorp/google"
}
null = {
source = "hashicorp/null"
}
random = {
source = "hashicorp/random"
}
}
required_version = ">= 0.13"
}
......@@ -16,4 +16,4 @@ output "terraform_state_bucket" {
output "folder_id" {
value = google_folder.customer_folder.id
description = "The Folder ID of the customer folder."
}
\ No newline at end of file
}
......@@ -78,4 +78,4 @@ variable "customer_is_shared_vpc_admin" {
type = bool
description = "Should the customer be given Shared VPC Admin permission to the customer folder. Defaults to false."
default = false
}
\ No newline at end of file
}
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 3.52.0"
}
null = {
source = "hashicorp/null"
}
random = {
source = "hashicorp/random"
}
}
required_version = ">= 0.13"
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment