Merge pull request #1035 from portefaix/fix/gcp-orga

fix(gcp): shared vpc setup
portefaix · Mar 8, 2024 · 9e8dcbb · 9e8dcbb
2 parents 4e9aa77 + 3798df7
commit 9e8dcbb
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 6 deletions.
diff --git a/.github/workflows/tf-deploy-gcp.yml b/.github/workflows/tf-deploy-gcp.yml
@@ -32,7 +32,8 @@ on: # yamllint disable-line rule:truthy
 
 permissions:
   contents: read
-
+  id-token: 'write'
+
 jobs:
   gcp_vpc:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/tf-validate-gcp.yml b/.github/workflows/tf-validate-gcp.yml
@@ -50,9 +50,9 @@ jobs:
 
     - uses: google-github-actions/[email protected]
       with:
-        project_id: portefaix-network-8f80
-        workload_identity_provider: 'projects/${{ secrets.GCP_PRJ_NETWORK_ID }}/locations/global/workloadIdentityPools/portefaix-gha-network/providers/portefaix-gha-network'
-        service_account: terraform-network@portefaix-network-8f80.iam.gserviceaccount.com
+        project_id: portefaix-bootstrap
+        workload_identity_provider: 'projects/1081501690701/locations/global/workloadIdentityPools/portefaix-gha-bootstrap/providers/portefaix-gha-bootstrap'
+        service_account: portefaix-boostrap@portefaix-bootstrap.iam.gserviceaccount.com
 
     - name: Terraform validate
       run: |

diff --git a/hack/scripts/terraform-validate.sh b/hack/scripts/terraform-validate.sh
@@ -88,13 +88,14 @@ function tf_validate() {
 
 function check_infra() {
     local dir=$1
+    local exclude=$2
 
     if [ ! -d "${dir}" ]; then
         echo_fail "Invalid directory: ${dir}"
         exit 1
     fi
     # Do not validate module: https://github.com/hashicorp/terraform/issues/28490
-    for tf_file in $(find "${dir}" -name "main.tf" | grep -v ".terraform" | grep -v modules | sort -u); do
+    for tf_file in $(find "${dir}" -name "main.tf" | grep -v ".terraform" | grep -v modules | grep -v -E "root|oidc" | sort -u); do
         tf_dir=${tf_file%/*}
         tf_validate "${tf_dir}"
     done

diff --git a/terraform/gcp/root/projects.tf b/terraform/gcp/root/projects.tf
@@ -21,9 +21,11 @@ module "network" {
   name              = format("%s-network", var.organization_name)
   random_project_id = true
   org_id            = data.google_organization.this.id
-  billing_account   = var.billing_account
   folder_id         = module.folders.folders_map["Shared"].id
+  billing_account   = var.billing_account
+  # budget_amount     = 10
 
+  enable_shared_vpc_host_project = true
   default_service_account        = "deprivilege"
   default_network_tier           = var.default_network_tier