tfxor
diff --git a/‎.terrahub.yml
Lines changed: 23 additions & 0 deletions b/‎.terrahub.yml
Lines changed: 23 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 202 additions & 2 deletions b/‎README.md
Lines changed: 202 additions & 2 deletions
diff --git a/‎project/.terrahub.yml
Lines changed: 7 additions & 0 deletions b/‎project/.terrahub.yml
Lines changed: 7 additions & 0 deletions
diff --git a/‎project/README.md
Lines changed: 35 additions & 0 deletions b/‎project/README.md
Lines changed: 35 additions & 0 deletions
diff --git a/‎project/main.tf
Lines changed: 15 additions & 0 deletions b/‎project/main.tf
Lines changed: 15 additions & 0 deletions
diff --git a/‎project/output.tf
Lines changed: 5 additions & 0 deletions b/‎project/output.tf
Lines changed: 5 additions & 0 deletions
diff --git a/‎project/provider.tf
Lines changed: 2 additions & 0 deletions b/‎project/provider.tf
Lines changed: 2 additions & 0 deletions
diff --git a/‎project/variables.tf
Lines changed: 52 additions & 0 deletions b/‎project/variables.tf
Lines changed: 52 additions & 0 deletions
diff --git a/‎project_iam_binding_compute_admin/.terrahub.yml
Lines changed: 9 additions & 0 deletions b/‎project_iam_binding_compute_admin/.terrahub.yml
Lines changed: 9 additions & 0 deletions
diff --git a/‎project_iam_binding_compute_admin/README.md
Lines changed: 19 additions & 0 deletions b/‎project_iam_binding_compute_admin/README.md
Lines changed: 19 additions & 0 deletions
@@ -0,0 +1,23 @@
+## project config
+project:
+  name: demo-terraform-google
+  code: f2754a99
+  provider: google
+  include:
+  - '.'
+  exclude:
+  - '**/.terraform/*'
+  - '**/node_modules/*'
+
+## terraform config
+terraform:
+  varFile:
+  - default.tfvars
+  var:
+    google_project_id: project-123456789012
+    google_region: us-central1
+    google_org_id: 123456789012
+    google_service_account_name: demo-team
+    google_billing_account: 123456-ABCDEF-ZYXWVU
+    google_location_id: us-central
+  version: 0.11.7
@@ -1,2 +1,202 @@
-# terraform-demo-google
-Terraform Demo using Google provider
+# Terraform Demo using Google provider
+
+## Login to Google Cloud
+
+Run the following command in terminal:
+```shell
+gcloud auth login
+```
+
+> NOTE: If you don't have Google Cloud CLI, check out
+[installation guide](https://cloud.google.com/sdk/install)
+
+## Setup Environment Variables (Will Be Used Later)
+
+Manual Setup (set values in double quotes and run the following command in terminal):
+```shell
+export GOOGLE_CLOUD_PROJECT=""            ## e.g. terrahub-123456
+export GOOGLE_APPLICATION_CREDENTIALS=""  ## e.g. ${HOME}/.config/gcloud/terraform.json
+export ORG_ID=""        ## e.g. 123456789012
+export BILLING_ID=""    ## e.g. 123456-ABCDEF-ZYXWVU
+export PROJECT_NAME=""  ## e.g. TerraHub
+export IAM_NAME=""      ## e.g. terraform
+export IAM_DESC=""      ## e.g. terraform service account
+```
+
+### Setup ORG_ID Programmatically
+
+Automated Setup (run the following command in terminal):
+```shell
+export ORG_ID="$(gcloud organizations list --format=json | jq '.[0].name[14:]')"
+```
+
+> NOTE: If you don't have JQ CLI, check out
+[installation guide](https://stedolan.github.io/jq/download/)
+
+### Setup BILLING_ID Programmatically
+
+Automated Setup (run the following command in terminal):
+```shell
+export BILLING_ID="$(gcloud beta billing accounts list --format=json | jq '.[0].name[16:]')"
+```
+
+> NOTE: If you don't have JQ CLI, check out
+[installation guide](https://stedolan.github.io/jq/download/)
+
+## Create Google Cloud Project & Billing
+
+Run the following command in terminal:
+```shell
+gcloud projects create ${GOOGLE_CLOUD_PROJECT} \
+  --name="${PROJECT_NAME}" \
+  --organization="${ORG_ID}" \
+  --set-as-default
+
+gcloud config set project ${GOOGLE_CLOUD_PROJECT}
+
+gcloud services enable cloudresourcemanager.googleapis.com
+gcloud services enable cloudbilling.googleapis.com
+gcloud services enable iam.googleapis.com
+gcloud services enable compute.googleapis.com
+
+gcloud beta billing projects link ${GOOGLE_CLOUD_PROJECT} \
+  --billing-account="${BILLING_ID}"
+```
+
+Your output should be similar to the one below:
+```
+```
+
+## Create Google Cloud IAM Service Account & Key
+
+Run the following command in terminal:
+```shell
+gcloud iam service-accounts create ${IAM_NAME} \
+  --display-name="${IAM_DESC}"
+
+gcloud iam service-accounts keys create ${GOOGLE_APPLICATION_CREDENTIALS} \
+  --iam-account="${IAM_NAME}@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com"
+```
+
+Your output should be similar to the one below:
+```
+```
+
+## Add IAM Policy Binding to Google Cloud Project
+
+Run the following command in terminal:
+```shell
+gcloud projects add-iam-policy-binding ${GOOGLE_CLOUD_PROJECT} \
+  --member="serviceAccount:${IAM_NAME}@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" \
+  --role="roles/editor"
+```
+
+Your output should be similar to the one below:
+```
+```
+
+## Add IAM Policy Binding to Google Cloud Organization
+
+Run the following command in terminal:
+```shell
+gcloud organizations add-iam-policy-binding ${ORG_ID} \
+  --member="serviceAccount:${IAM_NAME}@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" \
+  --role="roles/resourcemanager.projectCreator"
+
+gcloud organizations add-iam-policy-binding ${ORG_ID} \
+  --member="serviceAccount:${IAM_NAME}@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" \
+  --role="roles/billing.user"
+```
+
+Your output should be similar to the one below:
+```
+```
+
+## Create Terraform Configurations Using TerraHub
+
+Run the following commands in terminal:
+```shell
+terrahub --help | head -3
+```
+
+Your output should be similar to the one below:
+```
+Usage: terrahub [command] [options]
+
+terrahub@0.0.28 (built: 2018-10-11T12:33:57.775Z)
+```
+
+> NOTE: If you don't have TerraHub CLI, check out
+[installation guide](https://www.npmjs.com/package/terrahub)
+
+Run the following command in terminal:
+```shell
+mkdir demo-terraform-google
+cd demo-terraform-google
+terrahub project -n demo-terraform-google
+```
+
+Your output should be similar to the one below:
+```
+✅ Project successfully initialized
+```
+
+## Create TerraHub Components
+
+Run the following command in terminal:
+```shell
+terrahub component -t google_project -n project
+terrahub component -t google_service_account -n service_account -o ../project
+terrahub component -t google_service_account_key -n service_account_key -o ../service_account
+terrahub component -t google_project_iam_member -n project_iam_member -o ../project
+terrahub component -t google_project_iam_binding -n project_iam_policy_binding_storage_admin -o ../project_iam_member
+terrahub component -t google_project_iam_binding -n project_iam_policy_binding_compute_admin -o ../project_iam_member
+```
+
+Your output should be similar to the one below:
+```
+✅ Done
+```
+
+## Visualize TerraHub Components
+
+Run the following command in terminal:
+```shell
+terrahub graph
+```
+
+Your output should be similar to the one below:
+```
+Project: demo-terraform-google
+ └─ project [path: ./project]
+    ├─ project_iam_member [path: ./project_iam_member]
+    │  ├─ project_iam_binding_compute_admin [path: ./project_iam_binding_compute_admin]
+    │  └─ project_iam_binding_storage_admin [path: ./project_iam_binding_storage_admin]
+    └─ service_account [path: ./service_account]
+       └─ service_account_key [path: ./service_account_key]
+```
+
+## Update Project Config
+
+Run the following command in terminal:
+```shell
+terrahub configure -c terraform.var.google_org_id="${ORG_ID}"
+terrahub configure -c terraform.var.google_billing_account="${BILLING_ID}"
+terrahub configure -c terraform.var.google_project_id="${GOOGLE_CLOUD_PROJECT}"
+```
+
+Your output should be similar to the one below:
+```
+✅ Done
+```
+
+## Run TerraHub Automation
+
+Run the following command in terminal:
+```shell
+terrahub run -a -y
+```
+
+Your output should be similar to the one below:
+```
+```
@@ -0,0 +1,7 @@
+## local config
+component:
+  name: 'project'
+
+ci:
+  mapping:
+  - '.'
@@ -0,0 +1,35 @@
+# google_project
+
+Allows creation and management of a Google Cloud Platform project.
+
+Projects created with this resource must be associated with an Organization. See the Organization documentation for more details.
+
+The service account used to run Terraform when creating a google_project resource must have roles/resourcemanager.projectCreator. See the Access Control for Organizations Using IAM doc for more information.
+
+Note that prior to 0.8.5, google_project functioned like a data source, meaning any project referenced by it had to be created and managed outside Terraform. As of 0.8.5, google_project functions like any other Terraform resource, with Terraform creating and managing the project. To replicate the old behavior, either:
+
+- Use the project ID directly in whatever is referencing the project, using the google_project_iam_policy to replace the old policy_data property.
+- Use the import functionality to import your pre-existing project into Terraform, where it can be referenced and used just like always, keeping in mind that Terraform will attempt to undo any changes made outside Terraform.
+
+It's important to note that any project resources that were added to your Terraform config prior to 0.8.5 will continue to function as they always have, and will not be managed by Terraform. Only newly added projects are affected.
+
+## input variables
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+|google_project_name|The display name of the project.|string|project|No|
+|google_project_id|The project ID. Changing this forces a new project to be created.|string|project-f2754a99|No|
+|google_org_id|The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.|string||No|
+|google_project_folder_id|The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.|string||No|
+|google_billing_account|The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.|string||No|
+|google_project_skip_delete|If true, the Terraform resource can be deleted without deleting the Project via the Google API.|boolean|false|No|
+|google_project_auto_create_network|If true, the Terraform resource can be deleted without deleting the Project via the Google API.|boolean|false|No|
+|google_location_id|The location to serve the app from.|string|us-central|No|
+|custom_labels|Custom labels. A set of key/value label pairs to assign to the project.|map||No|
+|default_labels|Default labels. A set of key/value label pairs to assign to the project.|map|{"ThubName"= "project","ThubCode"= "f2754a99","ThubEnv"= "default","Description" = "Managed by TerraHub"}|No|
+
+## output parameters
+
+| Name | Description | Type |
+|------|-------------|:----:|
+|number|The numeric identifier of the project.|string|
@@ -0,0 +1,15 @@
+resource "google_project" "project" {
+  name                = "${var.google_project_name}"
+  project_id          = "${var.google_project_id}"
+  org_id              = "${var.google_org_id}"
+  folder_id           = "${var.google_project_folder_id}"
+  billing_account     = "${var.google_billing_account}"
+  #skip_delete         = "${var.google_project_skip_delete}"
+  auto_create_network = "${var.google_project_auto_create_network}"
+
+  #app_engine          = {
+  #  location_id = "${var.google_location_id}"
+  #}
+
+  labels              = "${merge(var.default_labels, var.custom_labels)}"
+}
@@ -0,0 +1,5 @@
+# Define list of variables to be output
+
+output "number" {
+  value = "${google_project.project.number}"
+}
@@ -0,0 +1,2 @@
+provider "google" {
+}
@@ -0,0 +1,52 @@
+# Define list of variables to be used in main.tf
+
+#############
+# top level #
+#############
+variable "google_project_name" {
+  description = "The display name of the project."
+}
+
+variable "google_project_id" {
+  description = "The project ID. Changing this forces a new project to be created."
+}
+
+variable "google_org_id" {
+  description = "The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization."
+}
+
+variable "google_project_folder_id" {
+  description = "The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder."
+}
+
+variable "google_billing_account" {
+  description = "The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details."
+}
+
+variable "google_project_skip_delete" {
+  description = "If true, the Terraform resource can be deleted without deleting the Project via the Google API."
+}
+
+variable "google_project_auto_create_network" {
+  description = "If true, the Terraform resource can be deleted without deleting the Project via the Google API."
+}
+
+variable "google_location_id" {
+  description = "The location to serve the app from."
+}
+
+##########
+# labels #
+##########
+variable "custom_labels" {
+  type        = "map" 
+  description = "Custom labels. A set of key/value label pairs to assign to the project."
+  default     = {}
+}
+
+variable "default_labels" {
+  type        = "map" 
+  description = "Default labels. A set of key/value label pairs to assign to the project."
+  default     = {}
+}
+
@@ -0,0 +1,9 @@
+## local config
+component:
+  name: 'project_iam_binding_compute_admin'
+  dependsOn:
+  - '../project_iam_member'
+
+ci:
+  mapping:
+  - '.'
@@ -0,0 +1,19 @@
+# google_project_iam_binding
+
+Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.
+
+Note: google_project_iam_binding resources can be used in conjunction with google_project_iam_member resources only if they do not grant privilege to the same role.
+
+## input variables
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+|google_project_id|The project ID. If not specified, uses the ID of the project configured with the provider.|string||Yes|
+|google_project_role|The project ID. If not specified, uses the ID of the project configured with the provider.|string|roles/viewer|No|
+|google_project_members|Identities that will be granted the privilege in role.|list|[]|No|
+
+## output parameters
+
+| Name | Description | Type |
+|------|-------------|:----:|
+|etag|The etag of the project's IAM policy.|string|