Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LZ Delete: full terraform destroy option for some or all of 1-5 folders including 0-bootstrap gcloud infrastructure - dev/org reuse #403

Closed
fmichaelobrien opened this issue Apr 24, 2024 · 2 comments
Closed

LZ Delete: full terraform destroy option for some or all of 1-5 folders including 0-bootstrap gcloud infrastructure - dev/org reuse #403

fmichaelobrien opened this issue Apr 24, 2024 · 2 comments
Assignees
@obriensystems
Labels
delete developer-experience Stale tef

Comments

@fmichaelobrien
Copy link
Contributor

fmichaelobrien commented Apr 24, 2024
edited by obriensystems
Loading

There are some use cases where the entire landing zone or one of the multi-tenant folder must be deleted.
Most of these use cases are developer workflows where we repeatedly create/delete resources - more towards full integration testing.

This procedure is also required as part of a CI/CD full integration test - where the organization is reused.

Use Cases:
UC1 - triaging/fixing failed deployments will require more than one LZ per org - like in terraform-google-modules/terraform-example-foundation#1170
@obriensystems
Copy link
Collaborator

obriensystems commented Apr 27, 2024
edited
Loading

For example one of my first deployments of the TEF failed on 1-org because of a statefile diff between 1.3.10 and 1.7.5 - my subsequent deployment in another org was done with 1.3.10 throughout.
I will be reusing the first org to test out ADO changed in #399

reverse

  199  mkdir tef-olapp
  200  cd tef-olapp/
  201  mkdir github
  202  cd github/
  203  mkdir _CloudLandingZone-main
  204  git clone https://github.com/CloudLandingZone/terraform-example-foundation.git
  205  cd terraform-example-foundation/0-bootstrap/
  206  mv terraform.example.tfvars terraform.tfvars
  207  gcloud config set project tef-olapp
  208  BOOT_PROJECT_ID=tef-olapp
  209  ORG_ID=$(gcloud projects get-ancestors $BOOT_PROJECT_ID --format='get(id)' | tail -1)
  210  echo $ORG_ID
  211  BILLING_FORMAT="--format=value(billingAccountName)"
  212  BILLING_ID=$(gcloud billing projects describe $BOOT_PROJECT_ID $BILLING_FORMAT | sed 's/.*\///')
  213  echo $BILLING_ID
  214  terraform --version
  218  git config init.defaultBranch
  219  git config --global init.defaultBranch master
  220  git config --global init.defaultBranch main
  222  git config --global init.defaultBranch master
  223  git branch -b main
  224  git branch
  225  git checkout -b main
  228  git config init.defaultBranch
  229  git config --global init.defaultBranch main
  230  git config init.defaultBranch
  232  terraform init
  233  terraform plan -input=false -out bootstrap.tfplan
  234  gcloud beta terraform vet
  235  export VET_PROJECT_ID=A-VALID-PROJECT-ID
  236  export VET_PROJECT_ID=tef-olapp
  237  terraform show -json bootstrap.tfplan > bootstrap.json
  238  gcloud beta terraform vet bootstrap.json --policy-library="../policy-library" --project ${VET_PROJECT_ID}
  240  sudo apt-get install google-cloud-sdk-terraform-tools
  241  gcloud beta terraform vet bootstrap.json --policy-library="../policy-library" --project ${VET_PROJECT_ID}
  243  gcloud config set project tef-olapp
  244  cd tef-olapp/github/terraform-example-foundation/0-bootstrap/
  246  gcloud services get
  247  gcloud services enable cloudresourcemanager.googleapis.com
  248  gcloud services enable cloudidentity.googleapis.com
  249  gcloud services list | grep NAME
  250  gcloud services enable cloudapis.googleapis.com
  251  gcloud services enable servicemanagement.googleapis.com
  252  gcloud services enable serviceusage.googleapis.com
  253  gcloud services enable storage-api.googleapis.com
  254  gcloud services enable storage.googleapis.com
  255  gcloud services list | grep NAME
  256  terraform apply bootstrap.tfplan
  257  gcloud services enable cloudbilling.googleapis.com
  258  terraform apply bootstrap.tfplan
  259  terraform init
  260  terraform plan -input=false -out bootstrap.tfplan
  261  terraform apply bootstrap.tfplan
  262  gcloud services enable iam.googleapis.com
  263  terraform init
  264  terraform plan -input=false -out bootstrap.tfplan
  265  terraform apply bootstrap.tfplan
  266  gcloud config set project tef-olapp
  267  cd tef-olapp/github/terraform-example-foundation/0-bootstrap/
  268  gcloud services enable cloudkms.googleapis.com
  269  terraform init
  270  terraform plan -input=false -out bootstrap.tfplan
  271  terraform apply bootstrap.tfplan
  272  gcloud services enable servicenetworking.googleapis.com
  273  gcloud services list
  274  gcloud services list | grep NAME
  275  gcloud services enable cloudbuild..googleapis.com
  276  gcloud services enable cloudbuild.googleapis.com
  277  gcloud services enable appengine.googleapis.com
  278  gcloud services enable pubsub.googleapis.com
  279  gcloud services enable securitycenter.googleapis.com
  280  gcloud services enable accesscontextmanager.googleapis.com
  281  gcloud services enable billingbudgets.googleapis.com
  282  gcloud services enable essentialcontacts.googleapis.com
  283  gcloud services enable assuredworkloads.googleapis.com
  284  gcloud services enable cloudasset.googleapis.com
  285  terraform init
  286  terraform apply bootstrap.tfplan
  287  terraform plan -input=false -out bootstrap.tfplan
  288  terraform apply bootstrap.tfplan
  289  gcloud config set project tef-olapp
  290  cd tef-olapp/github/terraform-example-foundation/
  292  cd 1-org/
  294  cd ..
  295  cd 0-bootstrap/
  296  terraform output
  297  export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
  298  export projects_step_sa=$(terraform output -raw projects_step_terraform_service_account_email)
  299  export projects_gcs_bucket_tfstate=$(terraform output -raw projects_gcs_bucket_tfstate)
  300  echo "network step service account = ${network_step_sa}"
  301  echo "projects step service account = ${projects_step_sa}"
  302  echo "projects gcs bucket tfstate = ${projects_gcs_bucket_tfstate}"
  303  gcloud config set project tef-olapp
  304  cd tef-olapp/github/terraform-example-foundation/
  305  cd 0-bootstrap/
  306  export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
  307  export projects_step_sa=$(terraform output -raw projects_step_terraform_service_account_email)
  308  export projects_gcs_bucket_tfstate=$(terraform output -raw projects_gcs_bucket_tfstate)
  309  echo "network step service account = ${network_step_sa}"
  310  echo "projects step service account = ${projects_step_sa}"
  311  echo "projects gcs bucket tfstate = ${projects_gcs_bucket_tfstate}"
  312  export cloudbuild_project_id=$(terraform output -raw cloudbuild_project_id)
  313  echo "cloud build project ID = ${cloudbuild_project_id}"
  314  export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
  315  export projects_step_sa=$(terraform output -raw projects_step_terraform_service_account_email)
  316  export projects_gcs_bucket_tfstate=$(terraform output -raw projects_gcs_bucket_tfstate)
  317  echo "network step service account = ${network_step_sa}"
  318  echo "projects step service account = ${projects_step_sa}"
  319  echo "projects gcs bucket tfstate = ${projects_gcs_bucket_tfstate}"
  320  export cloudbuild_project_id=$(terraform output -raw cloudbuild_project_id)
  321  echo "cloud build project ID = ${cloudbuild_project_id}"
  322  export backend_bucket=$(terraform output -raw gcs_bucket_tfstate)
  323  echo "backend_bucket = ${backend_bucket}"
  324  terraform init
  325  export backend_bucket=$(terraform output -raw gcs_bucket_tfstate)
  326  echo "backend_bucket = ${backend_bucket}"
  327  export backend_bucket_projects=$(terraform output -raw projects_gcs_bucket_tfstate)
  328  echo "backend_bucket_projects = ${backend_bucket_projects}"
  329  cp backend.tf.example backend.tf
  330  cd ..
  331  for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_ME/${backend_bucket}/" $i; done
  332  for i in `find . -name 'backend.tf'`; do sed -i'' -e "s/UPDATE_PROJECTS_BACKEND/${backend_bucket_projects}/" $i; done
  333  cd 0-bootstrap
  334  cat backend.tf
  335  terraform init
  336  terraform plan
  337  cd ../..
  338  echo ${cloudbuild_project_id}
  339  gcloud source repos clone gcp-policies --project=${cloudbuild_project_id}
  340  cd gcp-policies/
  341  git checkout -b main
  342  cp -RT ../terraform-example-foundation/policy-library/ .
  344  git add .
  345  git commit -m 'Initialize policy library repo'

  347  git config --global user.name "Michael OBrien"
  348  git commit -m 'Initialize policy library repo'
  349  git push --set-upstream origin main
  350  cd ..
  351  gcloud source repos clone gcp-bootstrap --project=${cloudbuild_project_id}
  352  cd gcp-bootstrap
  353  git checkout -b plan
  354  mkdir -p envs/shared
  355  cp -RT ../terraform-example-foundation/0-bootstrap/ ./envs/shared
  357  cp ../terraform-example-foundation/build/cloudbuild-tf-* .
  358  cp ../terraform-example-foundation/build/tf-wrapper.sh .
  359  chmod 755 ./tf-wrapper.sh
  360  git add .
  361  git commit -m 'Initialize bootstrap repo'
  362  git push --set-upstream origin plan
  363  cd ..
  364  export CLOUD_BUILD_PROJECT_ID=$(terraform -chdir="terraform-example-foundation/0-bootstrap/" output -raw cloudbuild_project_id)
  365  echo ${CLOUD_BUILD_PROJECT_ID}
  366  gcloud source repos clone gcp-org --project=${CLOUD_BUILD_PROJECT_ID}
  368  cd gcp-org
  369  git checkout -b plan
  370  cp -RT ../terraform-example-foundation/1-org/ .
  371  cp ../terraform-example-foundation/build/cloudbuild-tf-* .
  372  cp ../terraform-example-foundation/build/tf-wrapper.sh .
  373  chmod 755 ./tf-wrapper.sh
  374  mv ./envs/shared/terraform.example.tfvars ./envs/shared/terraform.tfvars
  375  export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
  376  gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
  377  export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
  378  echo $ORGANIZATION_ID 
  379  gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
  384  export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
  385  echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}"
  386  export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
  387  gcloud config set project tef-olapp
  388  cd tef-olapp/github/terraform-example-foundation/1-org/
  391  export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
  392  export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
  393  gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
  395  cd ..
  397  cd gcp-org/
  398  export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
  399  echo ORGANIZATION_ID
  400  echo $ORGANIZATION_ID
  401  gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
  402  export ACCESS_CONTEXT_MANAGER_ID=$(gcloud access-context-manager policies list --organization ${ORGANIZATION_ID} --format="value(name)")
  403  echo "access_context_manager_policy_id = ${ACCESS_CONTEXT_MANAGER_ID}"
  404  gcloud access-context-manager policies list --organization ${ORGANIZATION_ID}
  405  export backend_bucket=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw gcs_bucket_tfstate)
  406  echo "remote_state_bucket = ${backend_bucket}"
  407  sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./envs/shared/terraform.tfvars
  408  if [ ! -z "${ACCESS_CONTEXT_MANAGER_ID}" ]; then sed -i'' -e "s=//create_access_context_manager_access_policy=create_access_context_manager_access_policy=" ./envs/shared/terraform.tfvars; fi
  411  git add .
  413  git commit -m 'Initialize org repo'
  414  git push --set-upstream origin plan
  415  git checkout -b production
  416  git push origin production
  417  terraform --version
  419  tfswitch
  420  terraform --version

@obriensystems obriensystems self-assigned this Apr 27, 2024
@obriensystems obriensystems mentioned this issue Apr 29, 2024
Closed
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the Stale label Aug 12, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@obriensystems obriensystems

Labels
delete developer-experience Stale tef
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@obriensystems @fmichaelobrien