From 72fb7d43e856a6f2aa233f3e65eeacd77107a89a Mon Sep 17 00:00:00 2001
From: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Date: Fri, 8 Mar 2024 17:56:34 +0100
Subject: [PATCH 1/6] fix(gcp): shared vpc setup

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
---
 terraform/gcp/root/projects.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/terraform/gcp/root/projects.tf b/terraform/gcp/root/projects.tf
index 39389a2fb..6c08c58f8 100644
--- a/terraform/gcp/root/projects.tf
+++ b/terraform/gcp/root/projects.tf
@@ -21,9 +21,11 @@ module "network" {
   name              = format("%s-network", var.organization_name)
   random_project_id = true
   org_id            = data.google_organization.this.id
-  billing_account   = var.billing_account
   folder_id         = module.folders.folders_map["Shared"].id
+  billing_account   = var.billing_account
+  # budget_amount     = 10
 
+  enable_shared_vpc_host_project = true
   default_service_account        = "deprivilege"
   default_network_tier           = var.default_network_tier
 

From 8ecfa622de5692e60aeb34b957500f6af648e801 Mon Sep 17 00:00:00 2001
From: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Date: Fri, 8 Mar 2024 18:05:15 +0100
Subject: [PATCH 2/6] fix(github): clean auth

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
---
 .github/workflows/tf-deploy-gcp.yml   | 3 ++-
 .github/workflows/tf-validate-gcp.yml | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tf-deploy-gcp.yml b/.github/workflows/tf-deploy-gcp.yml
index 7e6133b0e..1c7311109 100644
--- a/.github/workflows/tf-deploy-gcp.yml
+++ b/.github/workflows/tf-deploy-gcp.yml
@@ -32,7 +32,8 @@ on: # yamllint disable-line rule:truthy
 
 permissions:
   contents: read
-
+  id-token: 'write'
+  
 jobs:
   gcp_vpc:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/tf-validate-gcp.yml b/.github/workflows/tf-validate-gcp.yml
index 3f5f30c59..485a0a56a 100644
--- a/.github/workflows/tf-validate-gcp.yml
+++ b/.github/workflows/tf-validate-gcp.yml
@@ -51,7 +51,7 @@ jobs:
     - uses: google-github-actions/auth@v2.1.2
       with:
         project_id: portefaix-network-8f80
-        workload_identity_provider: 'projects/${{ secrets.GCP_PRJ_NETWORK_ID }}/locations/global/workloadIdentityPools/portefaix-gha-network/providers/portefaix-gha-network'
+        workload_identity_provider: 'projects/portefaix-network-8f80/locations/global/workloadIdentityPools/portefaix-gha-network/providers/portefaix-gha-network'
         service_account: terraform-network@portefaix-network-8f80.iam.gserviceaccount.com
 
     - name: Terraform validate

From d883476325fafd4a12242eda52663f018966b14f Mon Sep 17 00:00:00 2001
From: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Date: Fri, 8 Mar 2024 18:12:07 +0100
Subject: [PATCH 3/6] fix(github): clean gcp projects

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
---
 .github/workflows/tf-validate-gcp.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tf-validate-gcp.yml b/.github/workflows/tf-validate-gcp.yml
index 485a0a56a..62f949685 100644
--- a/.github/workflows/tf-validate-gcp.yml
+++ b/.github/workflows/tf-validate-gcp.yml
@@ -50,9 +50,9 @@ jobs:
 
     - uses: google-github-actions/auth@v2.1.2
       with:
-        project_id: portefaix-network-8f80
-        workload_identity_provider: 'projects/portefaix-network-8f80/locations/global/workloadIdentityPools/portefaix-gha-network/providers/portefaix-gha-network'
-        service_account: terraform-network@portefaix-network-8f80.iam.gserviceaccount.com
+        project_id: portefaix-bootstrap
+        workload_identity_provider: 'projects/portefaix-bootstrap/locations/global/workloadIdentityPools/portefaix-gha-bootstrap/providers/portefaix-gha-bootstrap'
+        service_account: terraform-boostrap@portefaix-bootstrap.iam.gserviceaccount.com
 
     - name: Terraform validate
       run: |

From 57e414fc5ceb3b97a115b9e3bf38176989c9e129 Mon Sep 17 00:00:00 2001
From: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Date: Fri, 8 Mar 2024 18:13:15 +0100
Subject: [PATCH 4/6] fix(github): typo

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
---
 .github/workflows/tf-validate-gcp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tf-validate-gcp.yml b/.github/workflows/tf-validate-gcp.yml
index 62f949685..783f22d8d 100644
--- a/.github/workflows/tf-validate-gcp.yml
+++ b/.github/workflows/tf-validate-gcp.yml
@@ -52,7 +52,7 @@ jobs:
       with:
         project_id: portefaix-bootstrap
         workload_identity_provider: 'projects/portefaix-bootstrap/locations/global/workloadIdentityPools/portefaix-gha-bootstrap/providers/portefaix-gha-bootstrap'
-        service_account: terraform-boostrap@portefaix-bootstrap.iam.gserviceaccount.com
+        service_account: portefaix-boostrap@portefaix-bootstrap.iam.gserviceaccount.com
 
     - name: Terraform validate
       run: |

From e64376c46c8a40ea14406289c079f591bc10a269 Mon Sep 17 00:00:00 2001
From: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Date: Fri, 8 Mar 2024 18:20:24 +0100
Subject: [PATCH 5/6] fix(gcp): id

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
---
 .github/workflows/tf-validate-gcp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tf-validate-gcp.yml b/.github/workflows/tf-validate-gcp.yml
index 783f22d8d..b28de17d8 100644
--- a/.github/workflows/tf-validate-gcp.yml
+++ b/.github/workflows/tf-validate-gcp.yml
@@ -51,7 +51,7 @@ jobs:
     - uses: google-github-actions/auth@v2.1.2
       with:
         project_id: portefaix-bootstrap
-        workload_identity_provider: 'projects/portefaix-bootstrap/locations/global/workloadIdentityPools/portefaix-gha-bootstrap/providers/portefaix-gha-bootstrap'
+        workload_identity_provider: 'projects/1081501690701/locations/global/workloadIdentityPools/portefaix-gha-bootstrap/providers/portefaix-gha-bootstrap'
         service_account: portefaix-boostrap@portefaix-bootstrap.iam.gserviceaccount.com
 
     - name: Terraform validate

From 3798df764d258aca0137dca80708675a7da76cd6 Mon Sep 17 00:00:00 2001
From: Nicolas Lamirault <nicolas.lamirault@gmail.com>
Date: Fri, 8 Mar 2024 18:25:46 +0100
Subject: [PATCH 6/6] feat(terraform): exclude some directories

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
---
 hack/scripts/terraform-validate.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hack/scripts/terraform-validate.sh b/hack/scripts/terraform-validate.sh
index 4f5a9d029..dcfe8a538 100755
--- a/hack/scripts/terraform-validate.sh
+++ b/hack/scripts/terraform-validate.sh
@@ -88,13 +88,14 @@ function tf_validate() {
 
 function check_infra() {
     local dir=$1
+    local exclude=$2
 
     if [ ! -d "${dir}" ]; then
         echo_fail "Invalid directory: ${dir}"
         exit 1
     fi
     # Do not validate module: https://github.com/hashicorp/terraform/issues/28490
-    for tf_file in $(find "${dir}" -name "main.tf" | grep -v ".terraform" | grep -v modules | sort -u); do
+    for tf_file in $(find "${dir}" -name "main.tf" | grep -v ".terraform" | grep -v modules | grep -v -E "root|oidc" | sort -u); do
         tf_dir=${tf_file%/*}
         tf_validate "${tf_dir}"
     done