Commit 995e7666 authored by Adam Robinson's avatar Adam Robinson
Browse files

add environments and division

parent 5918acbe
locals {
short_mcomm = lower(replace(split("@", var.mcomm_group_email)[0],".","-"))
division_folder_ids = {
dev = {
//its = ""
}
test = {
its = "folders/100600555387"
campus = "folders/549439339393"
michigan_medicine = "folders/783942636538"
hipaa = "folders/607376512236"
}
prod = {
its = "folders/666809107084"
campus = "folders/1013928641872"
michigan_medicine = "folders/332243639992"
hipaa = "folders/293380204207"
}
}
master_billing_account_id = {
//dev = ""
test = "015023-FF6053-5F797A"
prod = "015023-FF6053-5F797A"
}
database_function_url = {
//dev = ""
//test = ""
prod = "https://us-central1-gcp-at-um-db.cloudfunctions.net/customer_db"
}
}
resource "google_folder" "customer_folder" {
display_name = local.short_mcomm
parent = var.division_folder_ids[var.division]
parent = local.division_folder_ids[var.environment][var.division]
}
data "google_iam_policy" "customer_folder_policy" {
......@@ -102,7 +129,7 @@ resource "google_storage_bucket_iam_policy" "customer_bucket_policy" {
}
data "google_service_account_id_token" "customer_db_token" {
target_audience = "https://us-central1-gcp-at-um-db.cloudfunctions.net/customer_db"
target_audience = local.database_function_url[var.environment]
}
resource "null_resource" "customer_database" {
......@@ -113,7 +140,7 @@ resource "null_resource" "customer_database" {
}
provisioner "local-exec" {
command = "curl https://us-central1-gcp-at-um-db.cloudfunctions.net/customer_db -H \"Authorization: Bearer ${data.google_service_account_id_token.customer_db_token.id_token}\" -H \"Content-Type: application/json\" -d '{\"kind\": \"billing\", \"billingAccountId\": \"asdf\"}'"
command = "curl ${local.database_function_url[var.environment]} -H \"Authorization: Bearer ${data.google_service_account_id_token.customer_db_token.id_token}\" -H \"Content-Type: application/json\" -d '{\"kind\": \"billing\", \"billingAccountId\": \"asdf\"}'"
}
}
......@@ -121,7 +148,7 @@ resource "null_resource" "customer_database" {
# resource "google_billing_subaccount" "customer_subaccount" {
# display_name = "${local.short_mcomm}"
# master_billing_account = var.master_billing_account_id
# master_billing_account = local.master_billing_account_id[var.environment]
# rename_on_destroy = true
# }
......
variable "requestor" {
variable "requestor" {
type = string
description = "The person that made the initial request for the GCP Customer Folder"
}
......@@ -18,14 +18,25 @@ variable "billing_contact" {
description = "A contact to use for billing questions about the GCP Billing Subaccount"
}
variable "division_folder_ids" {
type = map(string)
description = "The folder ID of the top level folder of the service"
variable "environment" {
type = string
description = "The environment the customer folder will be created in. Defaults to \"prod\""
default = "prod"
validation {
condition = var.environment == "dev" || var.environment == "test" || var.environment == "prod"
error_message = "The environment value must be one of \"dev\",\"test\", or \"prod\"."
}
}
variable "division" {
type = string
description = "Must be one of \"campus\",\"its\", or \"michigan_medicine\""
description = "Must be one of \"campus\",\"its\", \"michigan_medicine\", or \"hipaa\""
validation {
condition = var.division == "campus" || var.division == "its" || var.division == "michigan_medicine" || var.division == "hipaa"
error_message = "The division value must be one of \"campus\",\"its\", \"michigan_medicine\", or \"hipaa\"."
}
}
variable "customer_bucket_project_id" {
......@@ -38,11 +49,6 @@ variable "customer_service_account_project_id" {
description = "The project that will contain customer Terraform service accounts"
}
variable "master_billing_account_id" {
type = string
description = "The ID of the master billing account"
}
variable "provisioning_service_account_email" {
type = string
description = "The email of the service account used to provision customers"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment