diff --git a/README.md b/README.md index 34ad0e1..ad746eb 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ gcloud config set project ${PROJECT_ID} and then authenticate to generate [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials) that can be leveraged by Terraform ```shell gcloud auth application-default login -gcloud auth application-default set-quota-project ${PROJECT_ID} ``` Clone this directory locally and, we'll also set an environment variable to it's root directory, for easy navigation: diff --git a/infrastructure/org-policies.tf b/infrastructure/org-policies.tf deleted file mode 100644 index c3ed946..0000000 --- a/infrastructure/org-policies.tf +++ /dev/null @@ -1,69 +0,0 @@ -# Optionally apply these Org Policies, as specified in terraform.tfvars file - -module "gcp_org_policy_v2_requireShieldedVm" { - source = "terraform-google-modules/org-policy/google//modules/org_policy_v2" - version = "~> 5.2.0" - - count = var.apply_org_policies == true ? 1 : 0 - policy_root = "project" - policy_root_id = var.project - rules = [{ - enforcement = false - allow = [] - deny = [] - conditions = [] - }] - constraint = "compute.requireShieldedVm" - policy_type = "boolean" -} - -module "gcp_org_policy_v2_disableServiceAccountKeyCreation" { - source = "terraform-google-modules/org-policy/google//modules/org_policy_v2" - version = "~> 5.2.0" - - count = var.apply_org_policies == true ? 1 : 0 - policy_root = "project" - policy_root_id = var.project - rules = [{ - enforcement = false - allow = [] - deny = [] - conditions = [] - }] - constraint = "iam.disableServiceAccountKeyCreation" - policy_type = "boolean" -} - -module "gcp_org_policy_v2_vmCanIpForward" { - source = "terraform-google-modules/org-policy/google//modules/org_policy_v2" - version = "~> 5.2.0" - - count = var.apply_org_policies == true ? 1 : 0 - policy_root = "project" - policy_root_id = var.project - rules = [{ - enforcement = false - allow = [] - deny = [] - conditions = [] - }] - constraint = "compute.vmCanIpForward" - policy_type = "list" -} - -module "gcp_org_policy_v2_vmExternalIpAccess" { - source = "terraform-google-modules/org-policy/google//modules/org_policy_v2" - version = "~> 5.2.0" - - count = var.apply_org_policies == true ? 1 : 0 - policy_root = "project" - policy_root_id = var.project - rules = [{ - enforcement = false - allow = [] - deny = [] - conditions = [] - }] - constraint = "compute.vmExternalIpAccess" - policy_type = "list" -} diff --git a/infrastructure/providers.tf b/infrastructure/providers.tf index 838553d..19ef39a 100644 --- a/infrastructure/providers.tf +++ b/infrastructure/providers.tf @@ -14,7 +14,6 @@ provider "google" { project = var.project - user_project_override = true } data "google_client_config" "provider" {} diff --git a/infrastructure/terraform.tfvars.sample b/infrastructure/terraform.tfvars.sample index 7b488b5..57b6d00 100644 --- a/infrastructure/terraform.tfvars.sample +++ b/infrastructure/terraform.tfvars.sample @@ -17,7 +17,6 @@ project = "PROJECT_ID" resource_env_label = "demo-global-game" -apply_org_policies = false # Cloud Deploy Configuration platform_directory = "../platform" # Relative to Terraform directory @@ -88,7 +87,6 @@ gcp_project_services = [ "servicenetworking.googleapis.com", "servicecontrol.googleapis.com", "run.googleapis.com", - "orgpolicy.googleapis.com", "redis.googleapis.com", "run.googleapis.com", "iap.googleapis.com" diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 41c14e9..d913948 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -12,13 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -### Organziation Variables ### - -variable "apply_org_policies" { - type = bool - description = "Boolean used to determine whether GCP Org Policies are applied" -} - ### Project Variables ### variable "project" { diff --git a/platform/agones/skaffold.yaml b/platform/agones/skaffold.yaml old mode 100755 new mode 100644