fix: Fix of the new group structure (#1174)

terraform-google-modules · Mar 29, 2024 · dd6c09c · dd6c09c
1 parent a72d12f
commit dd6c09c
Show file tree

Hide file tree

Showing 10 changed files with 10 additions and 40 deletions.
diff --git a/0-bootstrap/outputs.tf b/0-bootstrap/outputs.tf
@@ -65,12 +65,12 @@ output "common_config" {
 
 output "required_groups" {
   description = "List of Google Groups created that are required by the Example Foundation steps."
-  value       = var.groups.create_required_groups == true ? module.required_group : tomap(var.groups.required_groups)
+  value       = var.groups.create_required_groups == false ? tomap(var.groups.required_groups) : tomap({ for key, value in module.required_group : key => value.id })
 }
 
 output "optional_groups" {
   description = "List of Google Groups created that are optional to the Example Foundation steps."
-  value       = var.groups.create_optional_groups == true ? module.optional_group : tomap(var.groups.optional_groups)
+  value       = var.groups.create_optional_groups == false ? tomap(var.groups.optional_groups) : tomap({ for key, value in module.optional_group : key => value.id })
 }
 
 /* ----------------------------------------

diff --git a/0-bootstrap/terraform.example.tfvars b/0-bootstrap/terraform.example.tfvars
@@ -25,13 +25,13 @@ groups = {
   # create_optional_groups = false # Change to true to create the optional_groups
   # billing_project        = "REPLACE_ME"  # Fill to create required or optional groups
   required_groups = {
-    group_org_admins     = "REPLACE_ME" # example "gcp-organization-admins@example.com"
-    group_billing_admins = "REPLACE_ME" # example "gcp-billing-admins@example.com"
+    group_org_admins           = "REPLACE_ME" # example "gcp-organization-admins@example.com"
+    group_billing_admins       = "REPLACE_ME" # example "gcp-billing-admins@example.com"
+    billing_data_users         = "REPLACE_ME" # example "gcp-billing-data@example.com"
+    audit_data_users           = "REPLACE_ME" # example "gcp-audit-data@example.com"
+    monitoring_workspace_users = "REPLACE_ME" # example "gcp-monitoring-workspace@example.com"
   }
   # optional_groups = {
-  #   billing_data_users         = "" #"billing_data_users_local_test@example.com"
-  #   audit_data_users           = "" #"audit_data_users_local_test@example.com"
-  #   monitoring_workspace_users = "" #"monitoring_workspace_users_local_test@example.com"
   #   gcp_security_reviewer      = "" #"gcp_security_reviewer_local_test@example.com"
   #   gcp_network_viewer         = "" #"gcp_network_viewer_local_test@example.com"
   #   gcp_scc_admin              = "" #"gcp_scc_admin_local_test@example.com"

diff --git a/2-environments/envs/development/README.md b/2-environments/envs/development/README.md
@@ -3,7 +3,6 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| monitoring\_workspace\_users | Google Workspace or Cloud Identity group that have access to Monitoring Workspaces. | `string` | n/a | yes |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 

diff --git a/2-environments/envs/development/variables.tf b/2-environments/envs/development/variables.tf
@@ -14,11 +14,6 @@
  * limitations under the License.
  */
 
-variable "monitoring_workspace_users" {
-  description = "Google Workspace or Cloud Identity group that have access to Monitoring Workspaces."
-  type        = string
-}
-
 variable "remote_state_bucket" {
   description = "Backend bucket to load Terraform Remote State Data from previous steps."
   type        = string

diff --git a/2-environments/envs/non-production/README.md b/2-environments/envs/non-production/README.md
@@ -3,7 +3,6 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| monitoring\_workspace\_users | Google Workspace or Cloud Identity group that have access to Monitoring Workspaces. | `string` | n/a | yes |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 

diff --git a/2-environments/envs/non-production/variables.tf b/2-environments/envs/non-production/variables.tf
@@ -14,11 +14,6 @@
  * limitations under the License.
  */
 
-variable "monitoring_workspace_users" {
-  description = "Google Workspace or Cloud Identity group that have access to Monitoring Workspaces."
-  type        = string
-}
-
 variable "remote_state_bucket" {
   description = "Backend bucket to load Terraform Remote State Data from previous steps."
   type        = string

diff --git a/2-environments/envs/production/README.md b/2-environments/envs/production/README.md
@@ -3,7 +3,6 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| monitoring\_workspace\_users | Google Workspace or Cloud Identity group that have access to Monitoring Workspaces. | `string` | n/a | yes |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 

diff --git a/2-environments/envs/production/variables.tf b/2-environments/envs/production/variables.tf
@@ -14,11 +14,6 @@
  * limitations under the License.
  */
 
-variable "monitoring_workspace_users" {
-  description = "Google Workspace or Cloud Identity group that have access to Monitoring Workspaces."
-  type        = string
-}
-
 variable "remote_state_bucket" {
   description = "Backend bucket to load Terraform Remote State Data from previous steps."
   type        = string

diff --git a/test/integration/envs/envs_test.go b/test/integration/envs/envs_test.go
@@ -22,6 +22,7 @@ import (
 	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
 	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
 	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils"
+	"github.com/gruntwork-io/terratest/modules/terraform"
 	"github.com/stretchr/testify/assert"
 
 	"github.com/terraform-google-modules/terraform-example-foundation/test/integration/testutils"
@@ -38,11 +39,9 @@ func TestEnvs(t *testing.T) {
 	utils.SetEnv(t, "GOOGLE_IMPERSONATE_SERVICE_ACCOUNT", terraformSA)
 
 	backend_bucket := bootstrap.GetStringOutput("gcs_bucket_tfstate")
-	monitoringWorkspaceUsers := bootstrap.GetTFSetupStringOutput("monitoring_workspace_users")
 
 	vars := map[string]interface{}{
-		"remote_state_bucket":        backend_bucket,
-		"monitoring_workspace_users": monitoringWorkspaceUsers,
+		"remote_state_bucket": backend_bucket,
 	}
 
 	backendConfig := map[string]interface{}{
@@ -87,6 +86,7 @@ func TestEnvs(t *testing.T) {
 					}
 					assert.Subset([]string{envName}, fldrTagValue, fmt.Sprintf("tag value should be %s for %s env folder", envName, envName))
 
+					monitoringWorkspaceUsers := terraform.OutputMap(t, bootstrap.GetTFOptions(), "required_groups")["monitoring_workspace_users"]
 					for _, projectEnvOutput := range []struct {
 						projectOutput string
 						role          string

diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf
@@ -44,18 +44,6 @@ output "group_email" {
   value = var.group_email
 }
 
-output "audit_data_users" {
-  value = var.group_email
-}
-
-output "billing_data_users" {
-  value = var.group_email
-}
-
-output "monitoring_workspace_users" {
-  value = var.group_email
-}
-
 output "groups" {
   value = {
     required_groups = {