Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit 45be8e5a authored by Kenny Moore's avatar Kenny Moore
Browse files

Merge branch 'update_tf_0.14' into 'master'

Create billing subaccounts with Terraform

See merge request !2
parents 5eb663b8 3069b26c
......@@ -37,7 +37,7 @@ module "audit" {
count = var.division == "hipaa" ? 1: 0
source = "./modules/terraform-google-gcp-at-um-customer-audit/"
division = var.division
billing_id = var.billing_account_id # REPLACE once billing resource pull request complete
billing_id = google_billing_subaccount.customer_subaccount.billing_account_id
folder_id = google_folder.customer_folder.id
mcomm_group_email = var.mcomm_group_email
database_function_url = local.database_function_url[var.environment]
......@@ -172,31 +172,31 @@ resource "null_resource" "customer_database" {
// Need to make a customer Git repo
# resource "google_billing_subaccount" "customer_subaccount" {
# display_name = "${local.short_mcomm}"
# master_billing_account = local.master_billing_account_id[var.environment]
# rename_on_destroy = true
# }
# resource "google_billing_account_iam_policy" "customer_billing_account_policy" {
# billing_account_id = google_billing_subaccount.customer_subaccount.billing_account_id
# policy_data = data.google_iam_policy.customer_billing_account_policy.policy_data
# }
# data "google_iam_policy" "customer_billing_account_policy" {
# binding {
# role = "roles/billing.user"
# members = [
# "user:${google_service_account.customer_service_account.name}",
# ]
# }
# binding {
# role = "organizations/715302536254/roles/UM_billingUser"
# members = [
# "group:${var.mcomm_group_email}",
# ]
# }
# }
resource "google_billing_subaccount" "customer_subaccount" {
display_name = "${local.short_mcomm}"
master_billing_account = local.master_billing_account_id[var.environment]
deletion_policy = "RENAME_ON_DESTROY"
}
resource "google_billing_account_iam_policy" "customer_billing_account_policy" {
billing_account_id = google_billing_subaccount.customer_subaccount.billing_account_id
policy_data = data.google_iam_policy.customer_billing_account_policy.policy_data
}
data "google_iam_policy" "customer_billing_account_policy" {
binding {
role = "roles/billing.user"
members = [
"user:${google_service_account.customer_service_account.name}",
]
}
binding {
role = "organizations/715302536254/roles/UM_billingUser"
members = [
"group:${var.mcomm_group_email}",
]
}
}
terraform {
required_providers {
google = {
source = "hashicorp/google"
}
null = {
source = "hashicorp/null"
}
random = {
source = "hashicorp/random"
}
}
required_version = ">= 0.13"
}
......@@ -16,4 +16,4 @@ output "terraform_state_bucket" {
output "folder_id" {
value = google_folder.customer_folder.id
description = "The Folder ID of the customer folder."
}
\ No newline at end of file
}
......@@ -78,4 +78,4 @@ variable "customer_is_shared_vpc_admin" {
type = bool
description = "Should the customer be given Shared VPC Admin permission to the customer folder. Defaults to false."
default = false
}
\ No newline at end of file
}
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 3.52.0"
}
null = {
source = "hashicorp/null"
}
random = {
source = "hashicorp/random"
}
}
required_version = ">= 0.13"
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment