Skip to content

Commit

Permalink
fix: Documentation fixes (#327)
Browse files Browse the repository at this point in the history 
* Fix typos

* Update READMEs to end paragraphs with period
  • Loading branch information
@juliocc @bharathkkb
juliocc authored and bharathkkb committed Mar 31, 2021
1 parent 5184514 commit ce610d0
Show file tree
Hide file tree
Showing 7 changed files with 96 additions and 97 deletions.
2 changes: 1 addition & 1 deletion 0-bootstrap/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ Currently, the bucket information is replaced in the state backends as a part of
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| billing\_account | The ID of the billing account to associate projects with. | `string` | n/a | yes |
| cloud\_source\_repos | List of Cloud Source Reposiories created during bootrstap project build stage | `list(string)` | <pre>[<br> "gcp-org",<br> "gcp-environments",<br> "gcp-networks",<br> "gcp-projects",<br> "gcp-policies"<br>]</pre> | no |
| cloud\_source\_repos | List of Cloud Source Repositories created during bootstrap project build stage | `list(string)` | <pre>[<br> "gcp-org",<br> "gcp-environments",<br> "gcp-networks",<br> "gcp-projects",<br> "gcp-policies"<br>]</pre> | no |
| default\_region | Default region to create resources where applicable. | `string` | `"us-central1"` | no |
| folder\_prefix | Name prefix to use for folders created. | `string` | `"fldr"` | no |
| group\_billing\_admins | Google Group for GCP Billing Administrators | `string` | n/a | yes |
Expand Down
2 changes: 1 addition & 1 deletion 0-bootstrap/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ variable "folder_prefix" {
default = "fldr"
}
variable "cloud_source_repos" {
description = "List of Cloud Source Reposiories created during bootrstap project build stage"
description = "List of Cloud Source Repositories created during bootstrap project build stage"
type = list(string)
default = ["gcp-org", "gcp-environments", "gcp-networks", "gcp-projects", "gcp-policies"]
}
Expand Down
24 changes: 12 additions & 12 deletions 1-org/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ The purpose of this step is to set up top level shared folders, monitoring & net
## Prerequisites

1. 0-bootstrap executed successfully.
2. Cloud Identity / Google Workspace group for security admins
3. Membership in the security admins group for user running terraform
2. Cloud Identity / Google Workspace group for security admins.
3. Membership in the security admins group for user running terraform.

## Usage

Expand All @@ -30,27 +30,27 @@ If those limitations do not apply to your workload/environment you can choose to
1. Clone repo `gcloud source repos clone gcp-policies --project=YOUR_CLOUD_BUILD_PROJECT_ID`.
1. Navigate into the repo `cd gcp-policies`.
1. Copy contents of policy-library to new repo `cp -RT ../terraform-example-foundation/policy-library/ .` (modify accordingly based on your current directory).
1. Commit changes with `git add .` and `git commit -m 'Your message'`
1. Commit changes with `git add .` and `git commit -m 'Your message'`.
1. Push your master branch to the new repo `git push --set-upstream origin master`.
1. Navigate out of the repo `cd ..`.
1. Clone repo `gcloud source repos clone gcp-org --project=YOUR_CLOUD_BUILD_PROJECT_ID` (this is from terraform output from the previous section, 0-bootstrap).
1. Navigate into the repo `cd gcp-org` and change to a non production branch `git checkout -b plan`
1. Navigate into the repo `cd gcp-org` and change to a non production branch `git checkout -b plan`.
1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/1-org/ .` (modify accordingly based on your current directory).
1. Copy cloud build configuration files for terraform `cp ../terraform-example-foundation/build/cloudbuild-tf-* . ` (modify accordingly based on your current directory).
1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory).
1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`.
1. Check if your organization already has a Access Context Manager Policy `gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)"`.
1. Rename `./envs/shared/terraform.example.tfvars` to `./envs/shared/terraform.tfvars` and update the file with values from your environment and bootstrap (you can re-run `terraform output` in the 0-bootstrap directory to find these values). Make sure that `default_region` is set to a valid [BigQuery dataset region](https://cloud.google.com/bigquery/docs/locations). Also if the previous step showed a numeric value, make sure to un-comment the variable `create_access_context_manager_access_policy = false`.
1. Commit changes with `git add .` and `git commit -m 'Your message'`
1. Commit changes with `git add .` and `git commit -m 'Your message'`.
1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan).
1. Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`.
1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID

### Setup to run via Jenkins

1. Clone the repo you created manually in bootstrap: `git clone <YOUR_NEW_REPO-1-org>`
1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-1-org` and change to a non production branch `git checkout -b plan`
1. Clone the repo you created manually in bootstrap: `git clone <YOUR_NEW_REPO-1-org>`.
1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-1-org` and change to a non production branch `git checkout -b plan`.
1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/1-org/ .` (modify accordingly based on your current directory).
1. Copy contents of policy-library to new repo `cp -RT ../terraform-example-foundation/policy-library/ ./policy-library` (modify accordingly based on your current directory).
1. Copy the Jenkinsfile script `cp ../terraform-example-foundation/build/Jenkinsfile .` to the root of your new repository (modify accordingly based on your current directory).
Expand All @@ -68,7 +68,7 @@ If those limitations do not apply to your workload/environment you can choose to
1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan.
- Assuming you configured an automatic trigger in your Jenkins Master (see [Jenkins sub-module README](../0-bootstrap/modules/jenkins-agent)), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see [Jenkins website](http://www.jenkins.io) for more details.
1. Review the plan output in your Master's web UI.
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`.
1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI).

1. You can now move to the instructions in the step [2-environments](../2-environments/README.md).
Expand All @@ -89,9 +89,9 @@ When using Cloud Build or Jenkins as your CI/CD tool each environment correspond

To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in you `PATH`.

1. Run `./tf-wrapper.sh init production`
1. Run `./tf-wrapper.sh init production`.
1. Run `./tf-wrapper.sh plan production` and review output.
1. Run `./tf-wrapper.sh validate production $(pwd)/../policy-library <YOUR_CLOUD_BUILD_PROJECT_ID>` and check for violations.
1. Run `./tf-wrapper.sh apply production`
1. Run `./tf-wrapper.sh apply production`.

If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan production` before run `./tf-wrapper.sh apply production`
If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan production` before run `./tf-wrapper.sh apply production`.
42 changes: 21 additions & 21 deletions 2-environments/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,30 +7,30 @@ The purpose of this step is to set up development, non-production and production
1. 0-bootstrap executed successfully.
1. 1-org executed successfully.
1. Cloud Identity / Google Workspace group for monitoring admins.
1. Membership in the monitoring admins group for user running terraform
1. Membership in the monitoring admins group for user running terraform.

## Usage

### Setup to run via Cloud Build
1. Clone repo `gcloud source repos clone gcp-environments --project=YOUR_CLOUD_BUILD_PROJECT_ID`
1. Change freshly cloned repo and change to non master branch `git checkout -b plan`
1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/2-environments/ .` (modify accordingly based on your current directory)
1. Clone repo `gcloud source repos clone gcp-environments --project=YOUR_CLOUD_BUILD_PROJECT_ID`.
1. Change freshly cloned repo and change to non master branch `git checkout -b plan`.
1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/2-environments/ .` (modify accordingly based on your current directory).
1. Copy cloud build configuration files for terraform `cp ../terraform-example-foundation/build/cloudbuild-tf-* . ` (modify accordingly based on your current directory).
1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory).
1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`.
1. Rename `terraform.example.tfvars` to `terraform.tfvars` and update the file with values from your environment and bootstrap (you can re-run `terraform output` in the 0-bootstrap directory to find these values).
1. Commit changes with `git add .` and `git commit -m 'Your message'`
1. Commit changes with `git add .` and `git commit -m 'Your message'`.
1. Push your plan branch to trigger a plan for all environments `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan).
1. Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
1. Merge changes to development with `git checkout -b development` and `git push origin development`
1. Merge changes to development with `git checkout -b development` and `git push origin development`.
1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production`
1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production`.
1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`.
1. Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID

### Setup to run via Jenkins
1. Clone the repo you created manually in bootstrap: `git clone <YOUR_NEW_REPO-2-environments>`
1. Clone the repo you created manually in bootstrap: `git clone <YOUR_NEW_REPO-2-environments>`.
1. Navigate into the repo `cd YOUR_NEW_REPO_CLONE-2-environments` and change to a non production branch `git checkout -b plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan).
1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/2-environments/ .` (modify accordingly based on your current directory).
1. Copy the Jenkinsfile script `cp ../terraform-example-foundation/build/Jenkinsfile .` to the root of your new repository (modify accordingly based on your current directory).
Expand All @@ -43,23 +43,23 @@ The purpose of this step is to set up development, non-production and production
1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory).
1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`.
1. Rename `terraform.example.tfvars` to `terraform.tfvars` and update the file with values from your environment and bootstrap (you can re-run `terraform output` in the 0-bootstrap directory to find these values).
1. Commit changes with `git add .` and `git commit -m 'Your message'`
1. Commit changes with `git add .` and `git commit -m 'Your message'`.
1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan.
- Assuming you configured an automatic trigger in your Jenkins Master (see [Jenkins sub-module README](../0-bootstrap/modules/jenkins-agent)), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see [Jenkins website](http://www.jenkins.io) for more details.
1. Review the plan output in your Master's web UI.
1. Merge changes to development with `git checkout -b development` and `git push origin development`
1. Merge changes to development with `git checkout -b development` and `git push origin development`.
1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI).
1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production`
1. Merge changes to non-production with `git checkout -b non-production` and `git push origin non-production`.
1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI).
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`
1. Merge changes to production branch with `git checkout -b production` and `git push origin production`.
1. Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI).

1. You can now move to the instructions in the step [3-networks](../3-networks/README.md).

### Run terraform locally
1. Change into 2-environments folder.
1. Run `cp ../build/tf-wrapper.sh .`
1. Run `chmod 755 ./tf-wrapper.sh`
1. Run `chmod 755 ./tf-wrapper.sh`.
1. Rename terraform.example.tfvars to terraform.tfvars and update the file with values from your environment and bootstrap.
1. Update backend.tf with your bucket from bootstrap. You can run
```for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME/<YOUR-BUCKET-NAME>/' $i; done```.
Expand All @@ -70,17 +70,17 @@ When using Cloud Build or Jenkins as your CI/CD tool each environment correspond

To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in you `PATH`.

1. Run `./tf-wrapper.sh init development`
1. Run `./tf-wrapper.sh init development`.
1. Run `./tf-wrapper.sh plan development` and review output.
1. Run `./tf-wrapper.sh validate development $(pwd)/../policy-library <YOUR_CLOUD_BUILD_PROJECT_ID>` and check for violations.
1. Run `./tf-wrapper.sh apply development`
1. Run `./tf-wrapper.sh init non-production`
1. Run `./tf-wrapper.sh apply development`.
1. Run `./tf-wrapper.sh init non-production`.
1. Run `./tf-wrapper.sh plan non-production` and review output.
1. Run `./tf-wrapper.sh validate non-production $(pwd)/../policy-library <YOUR_CLOUD_BUILD_PROJECT_ID>` and check for violations.
1. Run `./tf-wrapper.sh apply non-production`
1. Run `./tf-wrapper.sh init production`
1. Run `./tf-wrapper.sh apply non-production`.
1. Run `./tf-wrapper.sh init production`.
1. Run `./tf-wrapper.sh plan production` and review output.
1. Run `./tf-wrapper.sh validate production $(pwd)/../policy-library <YOUR_CLOUD_BUILD_PROJECT_ID>` and check for violations.
1. Run `./tf-wrapper.sh apply production`
1. Run `./tf-wrapper.sh apply production`.

If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan <env>` before run `./tf-wrapper.sh apply <env>`
If you received any errors or made any changes to the Terraform config or `terraform.tfvars` you must re-run `./tf-wrapper.sh plan <env>` before run `./tf-wrapper.sh apply <env>`.

0 comments on commit ce610d0

Please sign in to comment.