chore: upgrade module version to allow terraform Google provider v6

terraform-google-modules · Nov 4, 2024 · 3e4302d · 3e4302d
1 parent ebaf7dd
commit 3e4302d
Show file tree

Hide file tree

Showing 27 changed files with 64 additions and 13 deletions.
diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md
@@ -367,6 +367,7 @@ Each step has instructions for this change.
 | org\_id | GCP Organization ID | `string` | n/a | yes |
 | org\_policy\_admin\_role | Additional Org Policy Admin role for admin group. You can use this for testing purposes. | `bool` | `false` | no |
 | parent\_folder | Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. | `string` | `""` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_prefix | Name prefix to use for projects created. Should be the same in all steps. Max size is 3 characters. | `string` | `"prj"` | no |
 
 ## Outputs

diff --git a/0-bootstrap/modules/jenkins-agent/README.md b/0-bootstrap/modules/jenkins-agent/README.md
@@ -68,6 +68,7 @@ module "jenkins_bootstrap" {
 | on\_prem\_vpn\_public\_ip\_address | The public IP Address of the Jenkins Controller. | `string` | n/a | yes |
 | on\_prem\_vpn\_public\_ip\_address2 | The secondpublic IP Address of the Jenkins Controller. | `string` | n/a | yes |
 | org\_id | GCP Organization ID | `string` | n/a | yes |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_labels | Labels to apply to the project. | `map(string)` | `{}` | no |
 | project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
 | router\_asn | BGP ASN for cloud routes. | `number` | `"64515"` | no |

diff --git a/1-org/envs/shared/README.md b/1-org/envs/shared/README.md
@@ -18,6 +18,7 @@
 | log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked             = bool<br>    retention_period_days = number<br>  })</pre> | `null` | no |
 | log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
 | project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    dns_hub_budget_amount                       = optional(number, 1000)<br>    dns_hub_alert_spent_percents                = optional(list(number), [1.2])<br>    dns_hub_alert_pubsub_topic                  = optional(string, null)<br>    dns_hub_budget_alert_spend_basis            = optional(string, "FORECASTED_SPEND")<br>    base_net_hub_budget_amount                  = optional(number, 1000)<br>    base_net_hub_alert_spent_percents           = optional(list(number), [1.2])<br>    base_net_hub_alert_pubsub_topic             = optional(string, null)<br>    base_net_hub_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    base_network_budget_amount                  = optional(number, 1000)<br>    base_network_alert_spent_percents           = optional(list(number), [1.2])<br>    base_network_alert_pubsub_topic             = optional(string, null)<br>    base_network_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_net_hub_budget_amount            = optional(number, 1000)<br>    restricted_net_hub_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_net_hub_alert_pubsub_topic       = optional(string, null)<br>    restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    restricted_network_budget_amount            = optional(number, 1000)<br>    restricted_network_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_network_alert_pubsub_topic       = optional(string, null)<br>    restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    interconnect_budget_amount                  = optional(number, 1000)<br>    interconnect_alert_spent_percents           = optional(list(number), [1.2])<br>    interconnect_alert_pubsub_topic             = optional(string, null)<br>    interconnect_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    org_secrets_budget_amount                   = optional(number, 1000)<br>    org_secrets_alert_spent_percents            = optional(list(number), [1.2])<br>    org_secrets_alert_pubsub_topic              = optional(string, null)<br>    org_secrets_budget_alert_spend_basis        = optional(string, "FORECASTED_SPEND")<br>    org_billing_export_budget_amount            = optional(number, 1000)<br>    org_billing_export_alert_spent_percents     = optional(list(number), [1.2])<br>    org_billing_export_alert_pubsub_topic       = optional(string, null)<br>    org_billing_export_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    org_audit_logs_budget_amount                = optional(number, 1000)<br>    org_audit_logs_alert_spent_percents         = optional(list(number), [1.2])<br>    org_audit_logs_alert_pubsub_topic           = optional(string, null)<br>    org_audit_logs_budget_alert_spend_basis     = optional(string, "FORECASTED_SPEND")<br>    common_kms_budget_amount                    = optional(number, 1000)<br>    common_kms_alert_spent_percents             = optional(list(number), [1.2])<br>    common_kms_alert_pubsub_topic               = optional(string, null)<br>    common_kms_budget_alert_spend_basis         = optional(string, "FORECASTED_SPEND")<br>    scc_notifications_budget_amount             = optional(number, 1000)<br>    scc_notifications_alert_spent_percents      = optional(list(number), [1.2])<br>    scc_notifications_alert_pubsub_topic        = optional(string, null)<br>    scc_notifications_budget_alert_spend_basis  = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
 | scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe <scc_notification_name> --organization=org_id` to check if it already exists. | `string` | n/a | yes |

diff --git a/1-org/modules/cai-monitoring/main.tf b/1-org/modules/cai-monitoring/main.tf
@@ -121,7 +121,7 @@ resource "google_cloud_asset_organization_feed" "organization_feed" {
 
 module "pubsub_cai_feed" {
   source  = "terraform-google-modules/pubsub/google"
-  version = "~> 6.0"
+  version = "~> 7.0"
 
   topic              = "top-cai-monitoring-${random_id.suffix.hex}-event"
   project_id         = var.project_id

diff --git a/1-org/modules/centralized-logging/main.tf b/1-org/modules/centralized-logging/main.tf
@@ -83,7 +83,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   for_each = local.log_exports
 
@@ -98,7 +98,7 @@ module "log_export" {
 
 module "log_export_billing" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   for_each = var.enable_billing_account_sink ? local.destination_resource_name : {}
 
@@ -123,7 +123,7 @@ resource "time_sleep" "wait_sa_iam_membership" {
 
 module "destination_project" {
   source  = "terraform-google-modules/log-export/google//modules/project"
-  version = "~> 8.0"
+  version = "~> 10.0"
   count   = var.project_options != null ? 1 : 0
 
   project_id               = var.logging_destination_project_id
@@ -151,7 +151,7 @@ resource "google_project_iam_member" "project_sink_member" {
 
 module "internal_project_log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 10.0"
   count   = var.project_options != null ? 1 : 0
 
   destination_uri        = "logging.googleapis.com/projects/${var.logging_destination_project_id}/locations/${var.project_options.location}/buckets/${coalesce(var.project_options.log_bucket_id, "AggregatedLogs")}"
@@ -164,7 +164,7 @@ module "internal_project_log_export" {
 
 module "destination_aggregated_logs" {
   source  = "terraform-google-modules/log-export/google//modules/logbucket"
-  version = "~> 8.0"
+  version = "~> 10.0"
   count   = var.project_options != null ? 1 : 0
 
   project_id                    = var.logging_destination_project_id
@@ -238,7 +238,7 @@ resource "google_project_iam_member" "project_sink_member_billing" {
 #----------------------#
 module "destination_storage" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   count = var.storage_options != null ? 1 : 0
 
@@ -289,7 +289,7 @@ resource "google_storage_bucket_iam_member" "storage_sink_member_billing" {
 #----------------------#
 module "destination_pubsub" {
   source  = "terraform-google-modules/log-export/google//modules/pubsub"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   count = var.pubsub_options != null ? 1 : 0
 

diff --git a/2-environments/envs/development/README.md b/2-environments/envs/development/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 

diff --git a/2-environments/envs/development/main.tf b/2-environments/envs/development/main.tf
@@ -21,4 +21,6 @@ module "env" {
   environment_code    = "d"
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
+
+  project_deletion_policy = var.project_deletion_policy
 }
diff --git a/2-environments/envs/development/variables.tf b/2-environments/envs/development/variables.tf
@@ -24,3 +24,9 @@ variable "tfc_org_name" {
   type        = string
   default     = ""
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/2-environments/envs/nonproduction/README.md b/2-environments/envs/nonproduction/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 

diff --git a/2-environments/envs/nonproduction/main.tf b/2-environments/envs/nonproduction/main.tf
@@ -21,4 +21,6 @@ module "env" {
   environment_code    = "n"
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
+
+  project_deletion_policy = var.project_deletion_policy
 }
diff --git a/2-environments/envs/nonproduction/variables.tf b/2-environments/envs/nonproduction/variables.tf
@@ -24,3 +24,9 @@ variable "tfc_org_name" {
   type        = string
   default     = ""
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/2-environments/envs/production/README.md b/2-environments/envs/production/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 

diff --git a/2-environments/envs/production/main.tf b/2-environments/envs/production/main.tf
@@ -22,6 +22,8 @@ module "env" {
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
 
+  project_deletion_policy = var.project_deletion_policy
+
   assured_workload_configuration = {
     enabled           = false
     location          = "us-central1"

diff --git a/2-environments/envs/production/variables.tf b/2-environments/envs/production/variables.tf
@@ -25,3 +25,9 @@ variable "tfc_org_name" {
   default     = ""
 }
 
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
+
diff --git a/2-environments/modules/env_baseline/README.md b/2-environments/modules/env_baseline/README.md
@@ -7,6 +7,7 @@
 | env | The environment to prepare (ex. development) | `string` | n/a | yes |
 | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
 | project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    base_network_budget_amount                  = optional(number, 1000)<br>    base_network_alert_spent_percents           = optional(list(number), [1.2])<br>    base_network_alert_pubsub_topic             = optional(string, null)<br>    base_network_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_network_budget_amount            = optional(number, 1000)<br>    restricted_network_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_network_alert_pubsub_topic       = optional(string, null)<br>    restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    secret_budget_amount                        = optional(number, 1000)<br>    secret_alert_spent_percents                 = optional(list(number), [1.2])<br>    secret_alert_pubsub_topic                   = optional(string, null)<br>    secret_budget_alert_spend_basis             = optional(string, "FORECASTED_SPEND")<br>    kms_budget_amount                           = optional(number, 1000)<br>    kms_alert_spent_percents                    = optional(list(number), [1.2])<br>    kms_alert_pubsub_topic                      = optional(string, null)<br>    kms_budget_alert_spend_basis                = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | n/a | yes |
 

diff --git a/2-environments/modules/env_baseline/kms.tf b/2-environments/modules/env_baseline/kms.tf
@@ -21,7 +21,7 @@
 
 module "env_kms" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id           = true
   random_project_id_length    = 4
@@ -33,6 +33,7 @@ module "env_kms" {
   disable_services_on_destroy = false
   depends_on                  = [time_sleep.wait_60_seconds]
   activate_apis               = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
+  deletion_policy             = var.project_deletion_policy
 
   labels = {
     environment       = var.env

diff --git a/2-environments/modules/env_baseline/secrets.tf b/2-environments/modules/env_baseline/secrets.tf
@@ -21,7 +21,7 @@
 
 module "env_secrets" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id           = true
   random_project_id_length    = 4
@@ -33,6 +33,7 @@ module "env_secrets" {
   disable_services_on_destroy = false
   depends_on                  = [time_sleep.wait_60_seconds]
   activate_apis               = ["logging.googleapis.com", "secretmanager.googleapis.com"]
+  deletion_policy             = var.project_deletion_policy
 
   labels = {
     environment       = var.env

diff --git a/2-environments/modules/env_baseline/variables.tf b/2-environments/modules/env_baseline/variables.tf
@@ -81,3 +81,9 @@ variable "assured_workload_configuration" {
   })
   default = {}
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/3-networks-hub-and-spoke/modules/transitivity/main.tf b/3-networks-hub-and-spoke/modules/transitivity/main.tf
@@ -37,7 +37,7 @@ module "service_account" {
 
 module "templates" {
   source   = "terraform-google-modules/vm/google//modules/instance_template"
-  version  = "~> 11.0"
+  version  = "~> 12.0"
   for_each = toset(var.regions)
 
   can_ip_forward = true
@@ -65,7 +65,7 @@ module "templates" {
 
 module "migs" {
   source   = "terraform-google-modules/vm/google//modules/mig"
-  version  = "~> 11.1"
+  version  = "~> 12.1"
   for_each = toset(var.regions)
 
   project_id        = var.project_id

diff --git a/4-projects/business_unit_1/development/README.md b/4-projects/business_unit_1/development/README.md
@@ -8,6 +8,7 @@
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
 | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
 | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
 

diff --git a/4-projects/business_unit_1/nonproduction/README.md b/4-projects/business_unit_1/nonproduction/README.md
@@ -8,6 +8,7 @@
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
 | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
 | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
 

diff --git a/4-projects/business_unit_1/production/README.md b/4-projects/business_unit_1/production/README.md
@@ -8,6 +8,7 @@
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
 | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
 | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
 

diff --git a/4-projects/business_unit_1/shared/README.md b/4-projects/business_unit_1/shared/README.md
@@ -5,6 +5,7 @@
 |------|-------------|------|---------|:--------:|
 | default\_region | Default region to create resources where applicable. | `string` | `"us-central1"` | no |
 | project\_budget | Budget configuration.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    budget_amount        = optional(number, 1000)<br>    alert_spent_percents = optional(list(number), [1.2])<br>    alert_pubsub_topic   = optional(string, null)<br>    alert_spend_basis    = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |