fix: update bucket naming to comply with guide definition (#904)

Co-authored-by: Bharath KKB <[email protected]>

Author: daniel-cit

0-bootstrap/README.md

@@ -308,6 +308,7 @@ Each step has instructions for this change.
 | csr\_repos | List of Cloud Source Repos created by the module, linked to Cloud Build triggers. |
 | environment\_step\_terraform\_service\_account\_email | Environment Step Terraform Account |
 | gcs\_bucket\_cloudbuild\_artifacts | Bucket used to store Cloud/Build artifacts in CloudBuild project. |
+| gcs\_bucket\_cloudbuild\_logs | Bucket used to store Cloud/Build logs in CloudBuild project. |
 | gcs\_bucket\_tfstate | Bucket used for storing terraform state for Foundations Pipelines in Seed Project. |
 | group\_billing\_admins | Google Group for GCP Billing Administrators. |
 | group\_org\_admins | Google Group for GCP Organization Administrators. |

0-bootstrap/cb.tf

@@ -69,15 +69,15 @@ module "gcp_projects_state_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
   version = "~> 3.2"
 
-  name          = "bkt-b-gcp-projects-tfstate-${module.seed_bootstrap.seed_project_id}"
+  name          = "${var.bucket_prefix}-${module.seed_bootstrap.seed_project_id}-gcp-projects-tfstate"
   project_id    = module.seed_bootstrap.seed_project_id
   location      = var.default_region
   force_destroy = var.bucket_force_destroy
 }
 
 module "tf_source" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_source"
-  version = "~> 6.3"
+  version = "~> 6.4"
 
   org_id                = var.org_id
   folder_id             = google_folder.bootstrap.id
@@ -144,7 +144,7 @@ module "tf_private_pool" {
 
 module "tf_cloud_builder" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_builder"
-  version = "~> 6.3"
+  version = "~> 6.4"
 
   project_id                   = module.tf_source.cloudbuild_project_id
   dockerfile_repo_uri          = module.tf_source.csr_repos[local.cloudbuilder_repo].url
@@ -155,6 +155,7 @@ module "tf_cloud_builder" {
   trigger_location             = var.default_region
   enable_worker_pool           = true
   worker_pool_id               = module.tf_private_pool.private_worker_pool_id
+  bucket_name                  = "${var.bucket_prefix}-${module.tf_source.cloudbuild_project_id}-tf-cloudbuilder-build-logs"
 }
 
 module "bootstrap_csr_repo" {
@@ -193,7 +194,7 @@ module "build_terraform_image" {
 
 module "tf_workspace" {
   source   = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
-  version  = "~> 6.3"
+  version  = "~> 6.4"
   for_each = local.granular_sa
 
   project_id                = module.tf_source.cloudbuild_project_id
@@ -202,6 +203,8 @@ module "tf_workspace" {
   enable_worker_pool        = true
   worker_pool_id            = module.tf_private_pool.private_worker_pool_id
   state_bucket_self_link    = local.cb_config[each.key].state_bucket
+  log_bucket_name           = "${var.bucket_prefix}-${module.tf_source.cloudbuild_project_id}-${local.cb_config[each.key].source}-build-logs"
+  artifacts_bucket_name     = "${var.bucket_prefix}-${module.tf_source.cloudbuild_project_id}-${local.cb_config[each.key].source}-build-artifacts"
   cloudbuild_plan_filename  = "cloudbuild-tf-plan.yaml"
   cloudbuild_apply_filename = "cloudbuild-tf-apply.yaml"
   tf_repo_uri               = module.tf_source.csr_repos[local.cb_config[each.key].source].url

0-bootstrap/main.tf

@@ -50,7 +50,7 @@ module "seed_bootstrap" {
   org_id                         = var.org_id
   folder_id                      = google_folder.bootstrap.id
   project_id                     = "${var.project_prefix}-b-seed"
-  state_bucket_name              = "${var.bucket_prefix}-b-tfstate"
+  state_bucket_name              = "${var.bucket_prefix}-${var.project_prefix}-b-seed-tfstate"
   force_destroy                  = var.bucket_force_destroy
   billing_account                = var.billing_account
   group_org_admins               = local.group_org_admins

0-bootstrap/outputs.tf

@@ -97,6 +97,11 @@ output "gcs_bucket_cloudbuild_artifacts" {
   value       = { for key, value in module.tf_workspace : key => replace(value.artifacts_bucket, local.bucket_self_link_prefix, "") }
 }
 
+output "gcs_bucket_cloudbuild_logs" {
+  description = "Bucket used to store Cloud/Build logs in CloudBuild project."
+  value       = { for key, value in module.tf_workspace : key => replace(value.logs_bucket, local.bucket_self_link_prefix, "") }
+}
+
 output "projects_gcs_bucket_tfstate" {
   description = "Bucket used for storing terraform state for stage 4-projects foundations pipelines in seed project."
   value       = module.gcp_projects_state_bucket.bucket.name

4-projects/business_unit_1/shared/README.md

@@ -16,6 +16,7 @@
 | cloudbuild\_project\_id | n/a |
 | default\_region | Default region to create resources where applicable. |
 | enable\_cloudbuild\_deploy | Enable infra deployment using Cloud Build. |
+| log\_buckets | GCS Buckets to store Cloud Build logs |
 | plan\_triggers\_id | CB plan triggers |
 | repos | CSRs to store source code |
 | state\_buckets | GCS Buckets to store TF state |

4-projects/business_unit_1/shared/outputs.tf

@@ -43,6 +43,11 @@ output "state_buckets" {
   value       = try(module.infra_pipelines[0].state_buckets, {})
 }
 
+output "log_buckets" {
+  description = "GCS Buckets to store Cloud Build logs"
+  value       = try(module.infra_pipelines[0].log_buckets, {})
+}
+
 output "plan_triggers_id" {
   description = "CB plan triggers"
   value       = try(module.infra_pipelines[0].plan_triggers_id, [])

4-projects/business_unit_2/shared/README.md

@@ -16,6 +16,7 @@
 | cloudbuild\_project\_id | n/a |
 | default\_region | Default region to create resources where applicable. |
 | enable\_cloudbuild\_deploy | Enable infra deployment using Cloud Build. |
+| log\_buckets | GCS Buckets to store Cloud Build logs |
 | plan\_triggers\_id | CB plan triggers |
 | repos | CSRs to store source code |
 | state\_buckets | GCS Buckets to store TF state |

4-projects/business_unit_2/shared/outputs.tf

@@ -43,6 +43,11 @@ output "state_buckets" {
   value       = try(module.infra_pipelines[0].state_buckets, {})
 }
 
+output "log_buckets" {
+  description = "GCS Buckets to store Cloud Build logs"
+  value       = try(module.infra_pipelines[0].log_buckets, {})
+}
+
 output "plan_triggers_id" {
   description = "CB plan triggers"
   value       = try(module.infra_pipelines[0].plan_triggers_id, [])

4-projects/modules/base_env/README.md

@@ -7,7 +7,7 @@
 | business\_unit | The business (ex. business\_unit\_1). | `string` | n/a | yes |
 | env | The environment to prepare (ex. development). | `string` | n/a | yes |
 | firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls. | `bool` | `true` | no |
-| gcs\_bucket\_prefix | Name prefix to be used for GCS Bucket | `string` | `"cmek-encrypted-bucket"` | no |
+| gcs\_bucket\_prefix | Name prefix to be used for GCS Bucket | `string` | `"bkt"` | no |
 | key\_name | Name to be used for KMS Key | `string` | `"crypto-key-example"` | no |
 | key\_rotation\_period | Rotation period in seconds to be used for KMS Key | `string` | `"7776000s"` | no |
 | keyring\_name | Name to be used for KMS Keyring | `string` | `"sample-keyring"` | no |

4-projects/modules/base_env/example_storage_cmek.tf

@@ -69,7 +69,7 @@ module "gcs_buckets" {
   version            = "~> 3.0"
   project_id         = module.base_shared_vpc_project.project_id
   location           = var.location_gcs
-  name               = "${var.gcs_bucket_prefix}-${lower(var.location_gcs)}-${random_string.bucket_name.result}"
+  name               = "${var.gcs_bucket_prefix}-${module.base_shared_vpc_project.project_id}-${lower(var.location_gcs)}-cmek-encrypted-${random_string.bucket_name.result}"
   bucket_policy_only = true
   encryption = {
     default_kms_key_name = module.kms.keys[var.key_name]