Skip to content

Commit 7211d87

Browse files
authored
chore(monitoring): remove unused monitoring project (terraform-google-modules#1200)
1 parent da407aa commit 7211d87

File tree

25 files changed

+34
-166
lines changed

25 files changed

+34
-166
lines changed

0-bootstrap/README.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ stages.</td>
1515
</tr>
1616
<tr>
1717
<td><a href="../1-org">1-org</a></td>
18-
<td>Sets up top-level shared folders, monitoring and networking projects, and
18+
<td>Sets up top-level shared folders, networking projects, and
1919
organization-level logging, and sets baseline security settings through
2020
organizational policy.</td>
2121
</tr>
@@ -311,7 +311,7 @@ Each step has instructions for this change.
311311
| default\_region\_gcs | Case-Sensitive default region to create gcs resources where applicable. | `string` | `"US"` | no |
312312
| default\_region\_kms | Secondary default region to create kms resources where applicable. | `string` | `"us"` | no |
313313
| folder\_prefix | Name prefix to use for folders created. Should be the same in all steps. | `string` | `"fldr"` | no |
314-
| groups | Contain the details of the Groups to be created. | <pre>object({<br> create_required_groups = optional(bool, false)<br> create_optional_groups = optional(bool, false)<br> billing_project = optional(string, null)<br> required_groups = object({<br> group_org_admins = string<br> group_billing_admins = string<br> billing_data_users = string<br> audit_data_users = string<br> monitoring_workspace_users = string<br> })<br> optional_groups = optional(object({<br> gcp_security_reviewer = optional(string, "")<br> gcp_network_viewer = optional(string, "")<br> gcp_scc_admin = optional(string, "")<br> gcp_global_secrets_admin = optional(string, "")<br> gcp_kms_admin = optional(string, "")<br> }), {})<br> })</pre> | n/a | yes |
314+
| groups | Contain the details of the Groups to be created. | <pre>object({<br> create_required_groups = optional(bool, false)<br> create_optional_groups = optional(bool, false)<br> billing_project = optional(string, null)<br> required_groups = object({<br> group_org_admins = string<br> group_billing_admins = string<br> billing_data_users = string<br> audit_data_users = string<br> })<br> optional_groups = optional(object({<br> gcp_security_reviewer = optional(string, "")<br> gcp_network_viewer = optional(string, "")<br> gcp_scc_admin = optional(string, "")<br> gcp_global_secrets_admin = optional(string, "")<br> gcp_kms_admin = optional(string, "")<br> }), {})<br> })</pre> | n/a | yes |
315315
| initial\_group\_config | Define the group configuration when it is initialized. Valid values are: WITH\_INITIAL\_OWNER, EMPTY and INITIAL\_GROUP\_CONFIG\_UNSPECIFIED. | `string` | `"WITH_INITIAL_OWNER"` | no |
316316
| org\_id | GCP Organization ID | `string` | n/a | yes |
317317
| org\_policy\_admin\_role | Additional Org Policy Admin role for admin group. You can use this for testing purposes. | `bool` | `false` | no |

0-bootstrap/terraform.example.tfvars

+4-5
Original file line numberDiff line numberDiff line change
@@ -25,11 +25,10 @@ groups = {
2525
# create_optional_groups = false # Change to true to create the optional_groups
2626
# billing_project = "REPLACE_ME" # Fill to create required or optional groups
2727
required_groups = {
28-
group_org_admins = "REPLACE_ME" # example "gcp-organization-admins@example.com"
29-
group_billing_admins = "REPLACE_ME" # example "gcp-billing-admins@example.com"
30-
billing_data_users = "REPLACE_ME" # example "gcp-billing-data@example.com"
31-
audit_data_users = "REPLACE_ME" # example "gcp-audit-data@example.com"
32-
monitoring_workspace_users = "REPLACE_ME" # example "gcp-monitoring-workspace@example.com"
28+
group_org_admins = "REPLACE_ME" # example "gcp-organization-admins@example.com"
29+
group_billing_admins = "REPLACE_ME" # example "gcp-billing-admins@example.com"
30+
billing_data_users = "REPLACE_ME" # example "gcp-billing-data@example.com"
31+
audit_data_users = "REPLACE_ME" # example "gcp-audit-data@example.com"
3332
}
3433
# optional_groups = {
3534
# gcp_security_reviewer = "" #"gcp_security_reviewer_local_test@example.com"

0-bootstrap/variables.tf

+4-10
Original file line numberDiff line numberDiff line change
@@ -100,11 +100,10 @@ variable "groups" {
100100
create_optional_groups = optional(bool, false)
101101
billing_project = optional(string, null)
102102
required_groups = object({
103-
group_org_admins = string
104-
group_billing_admins = string
105-
billing_data_users = string
106-
audit_data_users = string
107-
monitoring_workspace_users = string
103+
group_org_admins = string
104+
group_billing_admins = string
105+
billing_data_users = string
106+
audit_data_users = string
108107
})
109108
optional_groups = optional(object({
110109
gcp_security_reviewer = optional(string, "")
@@ -139,11 +138,6 @@ variable "groups" {
139138
condition = var.groups.required_groups.audit_data_users != ""
140139
error_message = "The group audit_data_users is invalid, it must be a valid email"
141140
}
142-
143-
validation {
144-
condition = var.groups.required_groups.monitoring_workspace_users != ""
145-
error_message = "The group monitoring_workspace_users is invalid, it must be a valid email"
146-
}
147141
}
148142

149143
variable "initial_group_config" {

1-org/README.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ stages.</td>
1515
</tr>
1616
<tr>
1717
<td>1-org (this file)</td>
18-
<td>Sets up top-level shared folders, monitoring and networking projects, and
18+
<td>Sets up top-level shared folders, networking projects, and
1919
organization-level logging, and sets baseline security settings through
2020
organizational policy.</td>
2121
</tr>
@@ -55,7 +55,7 @@ For an overview of the architecture and the parts, see the
5555

5656
## Purpose
5757

58-
The purpose of this step is to set up top-level shared folders, monitoring and networking projects, organization-level logging, and baseline security settings through organizational policies.
58+
The purpose of this step is to set up top-level shared folders, networking projects, organization-level logging, and baseline security settings through organizational policies.
5959

6060
## Prerequisites
6161

2-environments/README.md

+1-3
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ stages.</td>
1515
</tr>
1616
<tr>
1717
<td><a href="../1-org">1-org</a></td>
18-
<td>Sets up top level shared folders, monitoring and networking projects, and
18+
<td>Sets up top level shared folders, networking projects, and
1919
organization-level logging, and sets baseline security settings through
2020
organizational policy.</td>
2121
</tr>
@@ -61,8 +61,6 @@ The purpose of this step is to setup development, nonproduction, and production
6161

6262
1. 0-bootstrap executed successfully.
6363
1. 1-org executed successfully.
64-
1. Cloud Identity / Google Workspace group for monitoring admins.
65-
1. Membership in the monitoring admins group for user running Terraform.
6664

6765
### Troubleshooting
6866

2-environments/envs/development/README.md

-1
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,5 @@
1313
| env\_folder | Environment folder created under parent. |
1414
| env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). |
1515
| env\_secrets\_project\_id | Project for environment related secrets. |
16-
| monitoring\_project\_id | Project for monitoring infra. |
1716

1817
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

2-environments/envs/development/outputs.tf

-5
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,6 @@ output "env_folder" {
1919
value = module.env.env_folder
2020
}
2121

22-
output "monitoring_project_id" {
23-
description = "Project for monitoring infra."
24-
value = module.env.monitoring_project_id
25-
}
26-
2722
output "env_secrets_project_id" {
2823
description = "Project for environment related secrets."
2924
value = module.env.env_secrets_project_id

2-environments/envs/nonproduction/README.md

-1
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,5 @@
1313
| env\_folder | Environment folder created under parent. |
1414
| env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). |
1515
| env\_secrets\_project\_id | Project for environment related secrets. |
16-
| monitoring\_project\_id | Project for monitoring infra. |
1716

1817
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

2-environments/envs/nonproduction/outputs.tf

-5
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,6 @@ output "env_folder" {
1919
value = module.env.env_folder
2020
}
2121

22-
output "monitoring_project_id" {
23-
description = "Project for monitoring infra."
24-
value = module.env.monitoring_project_id
25-
}
26-
2722
output "env_secrets_project_id" {
2823
description = "Project for environment related secrets."
2924
value = module.env.env_secrets_project_id

2-environments/envs/production/README.md

-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@
1515
| env\_folder | Environment folder created under parent. |
1616
| env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). |
1717
| env\_secrets\_project\_id | Project for environment related secrets. |
18-
| monitoring\_project\_id | Project for monitoring infra. |
1918

2019
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
2120

2-environments/envs/production/outputs.tf

-5
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,6 @@ output "env_folder" {
1919
value = module.env.env_folder
2020
}
2121

22-
output "monitoring_project_id" {
23-
description = "Project for monitoring infra."
24-
value = module.env.monitoring_project_id
25-
}
26-
2722
output "env_secrets_project_id" {
2823
description = "Project for environment related secrets."
2924
value = module.env.env_secrets_project_id

2-environments/modules/env_baseline/README.md

-1
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,5 @@
1919
| env\_folder | Environment folder created under parent. |
2020
| env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). |
2121
| env\_secrets\_project\_id | Project for environment secrets. |
22-
| monitoring\_project\_id | Project for monitoring infra. |
2322

2423
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

2-environments/modules/env_baseline/iam.tf

-25
This file was deleted.

2-environments/modules/env_baseline/monitoring.tf

-53
This file was deleted.

2-environments/modules/env_baseline/outputs.tf

-5
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,6 @@ output "env_folder" {
1919
value = google_folder.env.name
2020
}
2121

22-
output "monitoring_project_id" {
23-
description = "Project for monitoring infra."
24-
value = module.monitoring_project.project_id
25-
}
26-
2722
output "env_secrets_project_id" {
2823
description = "Project for environment secrets."
2924
value = module.env_secrets.project_id

2-environments/terraform.example.tfvars

-2
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,4 @@
1414
* limitations under the License.
1515
*/
1616

17-
monitoring_workspace_users = "gcp-monitoring-admins@example.com"
18-
1917
remote_state_bucket = "REMOTE_STATE_BUCKET"

3-networks-dual-svpc/README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ stages.</td>
1515
</tr>
1616
<tr>
1717
<td><a href="../1-org">1-org</a></td>
18-
<td>Sets up top level shared folders, monitoring and networking projects, and
18+
<td>Sets up top level shared folders, networking projects, and
1919
organization-level logging, and sets baseline security settings through
2020
organizational policy.</td>
2121
</tr>

3-networks-hub-and-spoke/README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ stages.</td>
1515
</tr>
1616
<tr>
1717
<td><a href="../1-org">1-org</a></td>
18-
<td>Sets up top level shared folders, monitoring and networking projects, and
18+
<td>Sets up top level shared folders, networking projects, and
1919
organization-level logging, and sets baseline security settings through
2020
organizational policy.</td>
2121
</tr>

4-projects/README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ stages.</td>
1515
</tr>
1616
<tr>
1717
<td><a href="../1-org">1-org</a></td>
18-
<td>Sets up top level shared folders, monitoring and networking projects, and
18+
<td>Sets up top level shared folders, networking projects, and
1919
organization-level logging, and sets baseline security settings through
2020
organizational policy.</td>
2121
</tr>

5-app-infra/README.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ stages.</td>
1515
</tr>
1616
<tr>
1717
<td><a href="../1-org">1-org</a></td>
18-
<td>Sets up top-level shared folders, monitoring and networking projects,
18+
<td>Sets up top-level shared folders, networking projects,
1919
organization-level logging, and baseline security settings through
2020
organizational policies.</td>
2121
</tr>

README.md

+1-13
Original file line numberDiff line numberDiff line change
@@ -126,31 +126,22 @@ This stage only creates the projects and enables the correct APIs, the following
126126

127127
### [2. environments](./2-environments/)
128128

129-
The purpose of this stage is to set up the environments folders used for projects that contain monitoring and secrets projects.
129+
The purpose of this stage is to set up the environments folders that contain shared projects for each environemnt.
130130
This will create the following folder and project structure:
131131

132132
```
133133
example-organization
134134
└── fldr-development
135-
├── prj-d-monitoring
136135
├── prj-p-kms
137136
└── prj-d-secrets
138137
└── fldr-nonproduction
139-
├── prj-n-monitoring
140138
├── prj-n-kms
141139
└── prj-n-secrets
142140
└── fldr-production
143-
├── prj-p-monitoring
144141
├── prj-p-kms
145142
└── prj-p-secrets
146143
```
147144

148-
#### Monitoring
149-
150-
Under the environment folder, a project is created per environment (`development`, `nonproduction`, and `production`), which is intended to be used as a [Cloud Monitoring workspace](https://cloud.google.com/monitoring/workspaces) for all projects in that environment.
151-
Please note that creating the [workspace and linking projects](https://cloud.google.com/monitoring/workspaces/create) can currently only be completed through the Cloud Console.
152-
If you have strong IAM requirements for these monitoring workspaces, it is worth considering creating these at a more granular level, such as per business unit or per application.
153-
154145
#### KMS
155146

156147
Under the environment folder, a project is created per environment (`development`, `nonproduction`, and `production`), which is intended to be used by [Cloud Key Management](https://cloud.google.com/security-key-management) for KMS resources shared by the environment.
@@ -275,7 +266,6 @@ example-organization
275266
├── prj-p-shared-base
276267
└── prj-p-shared-restricted
277268
└── fldr-development
278-
├── prj-d-monitoring
279269
├── prj-d-kms
280270
└── prj-d-secrets
281271
└── fldr-development-bu1
@@ -291,7 +281,6 @@ example-organization
291281
├── prj-d-bu2-sample-restrict
292282
└── prj-d-bu2-sample-peering
293283
└── fldr-nonproduction
294-
├── prj-n-monitoring
295284
├── prj-n-kms
296285
└── prj-n-secrets
297286
└── fldr-nonproduction-bu1
@@ -307,7 +296,6 @@ example-organization
307296
├── prj-n-bu2-sample-restrict
308297
└── prj-n-bu2-sample-peering
309298
└── fldr-production
310-
├── prj-p-monitoring
311299
├── prj-p-kms
312300
└── prj-p-secrets
313301
└── fldr-production-bu1

helpers/foundation-deployer/global.tfvars.example

-1
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,6 @@ groups = {
6969
group_billing_admins = "REPLACE_ME" # "gcp-billing-admins@example.com"
7070
billing_data_users = "REPLACE_ME" #"billing_data_users_local_test@example.com"
7171
audit_data_users = "REPLACE_ME" #"audit_data_users_local_test@example.com"
72-
monitoring_workspace_users = "REPLACE_ME" #"monitoring_workspace_users_local_test@example.com"
7372
}
7473
optional_groups = {
7574
gcp_security_reviewer = "" #"gcp_security_reviewer_local_test@example.com"

helpers/foundation-deployer/stages/data.go

+4-5
Original file line numberDiff line numberDiff line change
@@ -96,11 +96,10 @@ type ServerAddress struct {
9696
}
9797

9898
type RequiredGroups struct {
99-
GroupOrgAdmins string `cty:"group_org_admins"`
100-
GroupBillingAdmins string `cty:"group_billing_admins"`
101-
BillingDataUsers string `cty:"billing_data_users"`
102-
AuditDataUsers string `cty:"audit_data_users"`
103-
MonitoringWorkspaceUsers string `cty:"monitoring_workspace_users"`
99+
GroupOrgAdmins string `cty:"group_org_admins"`
100+
GroupBillingAdmins string `cty:"group_billing_admins"`
101+
BillingDataUsers string `cty:"billing_data_users"`
102+
AuditDataUsers string `cty:"audit_data_users"`
104103
}
105104

106105
type OptionalGroups struct {

0 commit comments

Comments
 (0)