diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md
index 2b5b5c58c..dd93e13b7 100644
--- a/0-bootstrap/README.md
+++ b/0-bootstrap/README.md
@@ -367,6 +367,7 @@ Each step has instructions for this change.
| org\_id | GCP Organization ID | `string` | n/a | yes |
| org\_policy\_admin\_role | Additional Org Policy Admin role for admin group. You can use this for testing purposes. | `bool` | `false` | no |
| parent\_folder | Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. | `string` | `""` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| project\_prefix | Name prefix to use for projects created. Should be the same in all steps. Max size is 3 characters. | `string` | `"prj"` | no |
## Outputs
diff --git a/0-bootstrap/modules/jenkins-agent/README.md b/0-bootstrap/modules/jenkins-agent/README.md
index 09f72a5aa..10c713ea4 100644
--- a/0-bootstrap/modules/jenkins-agent/README.md
+++ b/0-bootstrap/modules/jenkins-agent/README.md
@@ -68,6 +68,7 @@ module "jenkins_bootstrap" {
| on\_prem\_vpn\_public\_ip\_address | The public IP Address of the Jenkins Controller. | `string` | n/a | yes |
| on\_prem\_vpn\_public\_ip\_address2 | The secondpublic IP Address of the Jenkins Controller. | `string` | n/a | yes |
| org\_id | GCP Organization ID | `string` | n/a | yes |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| project\_labels | Labels to apply to the project. | `map(string)` | `{}` | no |
| project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
| router\_asn | BGP ASN for cloud routes. | `number` | `"64515"` | no |
diff --git a/1-org/envs/shared/README.md b/1-org/envs/shared/README.md
index e260c67ca..8fe1ace97 100644
--- a/1-org/envs/shared/README.md
+++ b/1-org/envs/shared/README.md
@@ -18,6 +18,7 @@
| log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | object({
is_locked = bool
retention_period_days = number
}) | `null` | no |
| log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
| project\_budget | Budget configuration for projects.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | object({
dns_hub_budget_amount = optional(number, 1000)
dns_hub_alert_spent_percents = optional(list(number), [1.2])
dns_hub_alert_pubsub_topic = optional(string, null)
dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
base_net_hub_budget_amount = optional(number, 1000)
base_net_hub_alert_spent_percents = optional(list(number), [1.2])
base_net_hub_alert_pubsub_topic = optional(string, null)
base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
base_network_budget_amount = optional(number, 1000)
base_network_alert_spent_percents = optional(list(number), [1.2])
base_network_alert_pubsub_topic = optional(string, null)
base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_net_hub_budget_amount = optional(number, 1000)
restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])
restricted_net_hub_alert_pubsub_topic = optional(string, null)
restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_network_budget_amount = optional(number, 1000)
restricted_network_alert_spent_percents = optional(list(number), [1.2])
restricted_network_alert_pubsub_topic = optional(string, null)
restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
interconnect_budget_amount = optional(number, 1000)
interconnect_alert_spent_percents = optional(list(number), [1.2])
interconnect_alert_pubsub_topic = optional(string, null)
interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_secrets_budget_amount = optional(number, 1000)
org_secrets_alert_spent_percents = optional(list(number), [1.2])
org_secrets_alert_pubsub_topic = optional(string, null)
org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_billing_export_budget_amount = optional(number, 1000)
org_billing_export_alert_spent_percents = optional(list(number), [1.2])
org_billing_export_alert_pubsub_topic = optional(string, null)
org_billing_export_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_audit_logs_budget_amount = optional(number, 1000)
org_audit_logs_alert_spent_percents = optional(list(number), [1.2])
org_audit_logs_alert_pubsub_topic = optional(string, null)
org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
common_kms_budget_amount = optional(number, 1000)
common_kms_alert_spent_percents = optional(list(number), [1.2])
common_kms_alert_pubsub_topic = optional(string, null)
common_kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
scc_notifications_budget_amount = optional(number, 1000)
scc_notifications_alert_spent_percents = optional(list(number), [1.2])
scc_notifications_alert_pubsub_topic = optional(string, null)
scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
}) | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
| scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe --organization=org_id` to check if it already exists. | `string` | n/a | yes |
diff --git a/1-org/modules/cai-monitoring/main.tf b/1-org/modules/cai-monitoring/main.tf
index d55bf71e2..a7261493b 100644
--- a/1-org/modules/cai-monitoring/main.tf
+++ b/1-org/modules/cai-monitoring/main.tf
@@ -121,7 +121,7 @@ resource "google_cloud_asset_organization_feed" "organization_feed" {
module "pubsub_cai_feed" {
source = "terraform-google-modules/pubsub/google"
- version = "~> 6.0"
+ version = "~> 7.0"
topic = "top-cai-monitoring-${random_id.suffix.hex}-event"
project_id = var.project_id
diff --git a/1-org/modules/centralized-logging/main.tf b/1-org/modules/centralized-logging/main.tf
index 58bebc7c5..75cad1c1d 100644
--- a/1-org/modules/centralized-logging/main.tf
+++ b/1-org/modules/centralized-logging/main.tf
@@ -83,7 +83,7 @@ resource "random_string" "suffix" {
module "log_export" {
source = "terraform-google-modules/log-export/google"
- version = "~> 8.0"
+ version = "~> 10.0"
for_each = local.log_exports
@@ -98,7 +98,7 @@ module "log_export" {
module "log_export_billing" {
source = "terraform-google-modules/log-export/google"
- version = "~> 8.0"
+ version = "~> 10.0"
for_each = var.enable_billing_account_sink ? local.destination_resource_name : {}
@@ -123,7 +123,7 @@ resource "time_sleep" "wait_sa_iam_membership" {
module "destination_project" {
source = "terraform-google-modules/log-export/google//modules/project"
- version = "~> 8.0"
+ version = "~> 10.0"
count = var.project_options != null ? 1 : 0
project_id = var.logging_destination_project_id
@@ -151,7 +151,7 @@ resource "google_project_iam_member" "project_sink_member" {
module "internal_project_log_export" {
source = "terraform-google-modules/log-export/google"
- version = "~> 8.0"
+ version = "~> 10.0"
count = var.project_options != null ? 1 : 0
destination_uri = "logging.googleapis.com/projects/${var.logging_destination_project_id}/locations/${var.project_options.location}/buckets/${coalesce(var.project_options.log_bucket_id, "AggregatedLogs")}"
@@ -164,7 +164,7 @@ module "internal_project_log_export" {
module "destination_aggregated_logs" {
source = "terraform-google-modules/log-export/google//modules/logbucket"
- version = "~> 8.0"
+ version = "~> 10.0"
count = var.project_options != null ? 1 : 0
project_id = var.logging_destination_project_id
@@ -238,7 +238,7 @@ resource "google_project_iam_member" "project_sink_member_billing" {
#----------------------#
module "destination_storage" {
source = "terraform-google-modules/log-export/google//modules/storage"
- version = "~> 8.0"
+ version = "~> 10.0"
count = var.storage_options != null ? 1 : 0
@@ -289,7 +289,7 @@ resource "google_storage_bucket_iam_member" "storage_sink_member_billing" {
#----------------------#
module "destination_pubsub" {
source = "terraform-google-modules/log-export/google//modules/pubsub"
- version = "~> 8.0"
+ version = "~> 10.0"
count = var.pubsub_options != null ? 1 : 0
diff --git a/2-environments/envs/development/README.md b/2-environments/envs/development/README.md
index 15e492c25..cf01bc7f7 100644
--- a/2-environments/envs/development/README.md
+++ b/2-environments/envs/development/README.md
@@ -3,6 +3,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
diff --git a/2-environments/envs/development/main.tf b/2-environments/envs/development/main.tf
index c8502a9a6..2f66c50dc 100644
--- a/2-environments/envs/development/main.tf
+++ b/2-environments/envs/development/main.tf
@@ -21,4 +21,6 @@ module "env" {
environment_code = "d"
remote_state_bucket = var.remote_state_bucket
tfc_org_name = var.tfc_org_name
+
+ project_deletion_policy = var.project_deletion_policy
}
diff --git a/2-environments/envs/development/variables.tf b/2-environments/envs/development/variables.tf
index 5b2c5e365..db3da85da 100644
--- a/2-environments/envs/development/variables.tf
+++ b/2-environments/envs/development/variables.tf
@@ -24,3 +24,9 @@ variable "tfc_org_name" {
type = string
default = ""
}
+
+variable "project_deletion_policy" {
+ description = "The deletion policy for the project created."
+ type = string
+ default = "PREVENT"
+}
diff --git a/2-environments/envs/nonproduction/README.md b/2-environments/envs/nonproduction/README.md
index 15e492c25..cf01bc7f7 100644
--- a/2-environments/envs/nonproduction/README.md
+++ b/2-environments/envs/nonproduction/README.md
@@ -3,6 +3,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
diff --git a/2-environments/envs/nonproduction/main.tf b/2-environments/envs/nonproduction/main.tf
index b7684243b..350e72ec0 100644
--- a/2-environments/envs/nonproduction/main.tf
+++ b/2-environments/envs/nonproduction/main.tf
@@ -21,4 +21,6 @@ module "env" {
environment_code = "n"
remote_state_bucket = var.remote_state_bucket
tfc_org_name = var.tfc_org_name
+
+ project_deletion_policy = var.project_deletion_policy
}
diff --git a/2-environments/envs/nonproduction/variables.tf b/2-environments/envs/nonproduction/variables.tf
index 5b2c5e365..db3da85da 100644
--- a/2-environments/envs/nonproduction/variables.tf
+++ b/2-environments/envs/nonproduction/variables.tf
@@ -24,3 +24,9 @@ variable "tfc_org_name" {
type = string
default = ""
}
+
+variable "project_deletion_policy" {
+ description = "The deletion policy for the project created."
+ type = string
+ default = "PREVENT"
+}
diff --git a/2-environments/envs/production/README.md b/2-environments/envs/production/README.md
index 99e479ae3..19cb9a2f1 100644
--- a/2-environments/envs/production/README.md
+++ b/2-environments/envs/production/README.md
@@ -3,6 +3,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
diff --git a/2-environments/envs/production/main.tf b/2-environments/envs/production/main.tf
index 95ecdd724..deba01685 100644
--- a/2-environments/envs/production/main.tf
+++ b/2-environments/envs/production/main.tf
@@ -22,6 +22,8 @@ module "env" {
remote_state_bucket = var.remote_state_bucket
tfc_org_name = var.tfc_org_name
+ project_deletion_policy = var.project_deletion_policy
+
assured_workload_configuration = {
enabled = false
location = "us-central1"
diff --git a/2-environments/envs/production/variables.tf b/2-environments/envs/production/variables.tf
index 15cef8a0c..1cb41ac55 100644
--- a/2-environments/envs/production/variables.tf
+++ b/2-environments/envs/production/variables.tf
@@ -25,3 +25,9 @@ variable "tfc_org_name" {
default = ""
}
+variable "project_deletion_policy" {
+ description = "The deletion policy for the project created."
+ type = string
+ default = "PREVENT"
+}
+
diff --git a/2-environments/modules/env_baseline/README.md b/2-environments/modules/env_baseline/README.md
index 1dfb1317a..de489bdbc 100644
--- a/2-environments/modules/env_baseline/README.md
+++ b/2-environments/modules/env_baseline/README.md
@@ -7,6 +7,7 @@
| env | The environment to prepare (ex. development) | `string` | n/a | yes |
| environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
| project\_budget | Budget configuration for projects.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | object({
base_network_budget_amount = optional(number, 1000)
base_network_alert_spent_percents = optional(list(number), [1.2])
base_network_alert_pubsub_topic = optional(string, null)
base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_network_budget_amount = optional(number, 1000)
restricted_network_alert_spent_percents = optional(list(number), [1.2])
restricted_network_alert_pubsub_topic = optional(string, null)
restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
secret_budget_amount = optional(number, 1000)
secret_alert_spent_percents = optional(list(number), [1.2])
secret_alert_pubsub_topic = optional(string, null)
secret_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
kms_budget_amount = optional(number, 1000)
kms_alert_spent_percents = optional(list(number), [1.2])
kms_alert_pubsub_topic = optional(string, null)
kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
}) | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization | `string` | n/a | yes |
diff --git a/2-environments/modules/env_baseline/kms.tf b/2-environments/modules/env_baseline/kms.tf
index e6e4d992f..01dc42f26 100644
--- a/2-environments/modules/env_baseline/kms.tf
+++ b/2-environments/modules/env_baseline/kms.tf
@@ -21,7 +21,7 @@
module "env_kms" {
source = "terraform-google-modules/project-factory/google"
- version = "~> 15.0"
+ version = "~> 17.0"
random_project_id = true
random_project_id_length = 4
@@ -33,6 +33,7 @@ module "env_kms" {
disable_services_on_destroy = false
depends_on = [time_sleep.wait_60_seconds]
activate_apis = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
+ deletion_policy = var.project_deletion_policy
labels = {
environment = var.env
diff --git a/2-environments/modules/env_baseline/secrets.tf b/2-environments/modules/env_baseline/secrets.tf
index fa875c67a..6ff24a4ec 100644
--- a/2-environments/modules/env_baseline/secrets.tf
+++ b/2-environments/modules/env_baseline/secrets.tf
@@ -21,7 +21,7 @@
module "env_secrets" {
source = "terraform-google-modules/project-factory/google"
- version = "~> 15.0"
+ version = "~> 17.0"
random_project_id = true
random_project_id_length = 4
@@ -33,6 +33,7 @@ module "env_secrets" {
disable_services_on_destroy = false
depends_on = [time_sleep.wait_60_seconds]
activate_apis = ["logging.googleapis.com", "secretmanager.googleapis.com"]
+ deletion_policy = var.project_deletion_policy
labels = {
environment = var.env
diff --git a/2-environments/modules/env_baseline/variables.tf b/2-environments/modules/env_baseline/variables.tf
index 400479c0e..6aa14afc4 100644
--- a/2-environments/modules/env_baseline/variables.tf
+++ b/2-environments/modules/env_baseline/variables.tf
@@ -81,3 +81,9 @@ variable "assured_workload_configuration" {
})
default = {}
}
+
+variable "project_deletion_policy" {
+ description = "The deletion policy for the project created."
+ type = string
+ default = "PREVENT"
+}
diff --git a/3-networks-hub-and-spoke/modules/transitivity/main.tf b/3-networks-hub-and-spoke/modules/transitivity/main.tf
index 92cafdf2f..1b082e482 100644
--- a/3-networks-hub-and-spoke/modules/transitivity/main.tf
+++ b/3-networks-hub-and-spoke/modules/transitivity/main.tf
@@ -37,7 +37,7 @@ module "service_account" {
module "templates" {
source = "terraform-google-modules/vm/google//modules/instance_template"
- version = "~> 11.0"
+ version = "~> 12.0"
for_each = toset(var.regions)
can_ip_forward = true
@@ -65,7 +65,7 @@ module "templates" {
module "migs" {
source = "terraform-google-modules/vm/google//modules/mig"
- version = "~> 11.1"
+ version = "~> 12.1"
for_each = toset(var.regions)
project_id = var.project_id
diff --git a/4-projects/business_unit_1/development/README.md b/4-projects/business_unit_1/development/README.md
index e1fa6e324..25eaa0408 100644
--- a/4-projects/business_unit_1/development/README.md
+++ b/4-projects/business_unit_1/development/README.md
@@ -8,6 +8,7 @@
| location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
| location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
| peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
diff --git a/4-projects/business_unit_1/nonproduction/README.md b/4-projects/business_unit_1/nonproduction/README.md
index e1fa6e324..25eaa0408 100644
--- a/4-projects/business_unit_1/nonproduction/README.md
+++ b/4-projects/business_unit_1/nonproduction/README.md
@@ -8,6 +8,7 @@
| location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
| location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
| peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
diff --git a/4-projects/business_unit_1/production/README.md b/4-projects/business_unit_1/production/README.md
index e1fa6e324..25eaa0408 100644
--- a/4-projects/business_unit_1/production/README.md
+++ b/4-projects/business_unit_1/production/README.md
@@ -8,6 +8,7 @@
| location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
| location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
| peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
diff --git a/4-projects/business_unit_1/shared/README.md b/4-projects/business_unit_1/shared/README.md
index 9515329eb..011c44625 100644
--- a/4-projects/business_unit_1/shared/README.md
+++ b/4-projects/business_unit_1/shared/README.md
@@ -5,6 +5,7 @@
|------|-------------|------|---------|:--------:|
| default\_region | Default region to create resources where applicable. | `string` | `"us-central1"` | no |
| project\_budget | Budget configuration.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
}) | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
diff --git a/4-projects/modules/base_env/README.md b/4-projects/modules/base_env/README.md
index 70d08bc55..b64447262 100644
--- a/4-projects/modules/base_env/README.md
+++ b/4-projects/modules/base_env/README.md
@@ -20,6 +20,7 @@
| peering\_iap\_fw\_rules\_enabled | Toggle creation of optional IAP firewall rules: SSH, RDP. | `bool` | `false` | no |
| peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
| project\_budget | Budget configuration.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
}) | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| subnet\_ip\_range | IP range for the peered subnetwork. If "peering\_iap\_fw\_rules\_enabled" is true, this field should not be null. | `string` | `null` | no |
| subnet\_region | Region which the peered subnet will be created. If "peering\_iap\_fw\_rules\_enabled" is true, this field should not be null. | `string` | `null` | no |
diff --git a/4-projects/modules/single_project/README.md b/4-projects/modules/single_project/README.md
index b92f4b388..80758abb9 100644
--- a/4-projects/modules/single_project/README.md
+++ b/4-projects/modules/single_project/README.md
@@ -15,6 +15,7 @@
| org\_id | The organization id for the associated services | `string` | n/a | yes |
| primary\_contact | The primary email contact for the project | `string` | n/a | yes |
| project\_budget | Budget configuration.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
}) | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
| project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
| project\_suffix | The name of the GCP project. Max 16 characters with 3 character business unit code. | `string` | n/a | yes |
| sa\_roles | A list of roles to give the Service Account from App Infra Pipeline. | `map(list(string))` | `{}` | no |
diff --git a/test/setup/main.tf b/test/setup/main.tf
index 7b85df91d..cb8cdfd9d 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -46,7 +46,7 @@ resource "google_folder" "test_folder" {
module "project" {
source = "terraform-google-modules/project-factory/google"
- version = "~> 15.0"
+ version = "~> 17.0"
name = "ci-foundation-${random_string.suffix.result}"
random_project_id = true
@@ -54,6 +54,7 @@ module "project" {
org_id = var.org_id
folder_id = var.folder_id
billing_account = var.billing_account
+ deletion_policy = "DELETE"
activate_apis = [
"cloudresourcemanager.googleapis.com",
diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf
index bff0125e8..4b19fdbc2 100644
--- a/test/setup/outputs.tf
+++ b/test/setup/outputs.tf
@@ -109,3 +109,8 @@ output "create_unique_tag_key" {
description = "Set to true to avoid tag key name colision during integrated tests. Tag keys are organization-wide unique names."
value = true
}
+
+output "project_deletion_policy" {
+ description = "The deletion policy for the project created. Set to `DELETE` during integrated tests so that projects can be destroyed."
+ value = "DELETE"
+}