From 3e4302d81f6cc5a11ba62776bc0e0298c051d22c Mon Sep 17 00:00:00 2001 From: Daniel Andrade Date: Mon, 4 Nov 2024 17:54:40 -0300 Subject: [PATCH] chore: upgrade module version to allow terraform Google provider v6 --- 0-bootstrap/README.md | 1 + 0-bootstrap/modules/jenkins-agent/README.md | 1 + 1-org/envs/shared/README.md | 1 + 1-org/modules/cai-monitoring/main.tf | 2 +- 1-org/modules/centralized-logging/main.tf | 14 +++++++------- 2-environments/envs/development/README.md | 1 + 2-environments/envs/development/main.tf | 2 ++ 2-environments/envs/development/variables.tf | 6 ++++++ 2-environments/envs/nonproduction/README.md | 1 + 2-environments/envs/nonproduction/main.tf | 2 ++ 2-environments/envs/nonproduction/variables.tf | 6 ++++++ 2-environments/envs/production/README.md | 1 + 2-environments/envs/production/main.tf | 2 ++ 2-environments/envs/production/variables.tf | 6 ++++++ 2-environments/modules/env_baseline/README.md | 1 + 2-environments/modules/env_baseline/kms.tf | 3 ++- 2-environments/modules/env_baseline/secrets.tf | 3 ++- 2-environments/modules/env_baseline/variables.tf | 6 ++++++ .../modules/transitivity/main.tf | 4 ++-- 4-projects/business_unit_1/development/README.md | 1 + 4-projects/business_unit_1/nonproduction/README.md | 1 + 4-projects/business_unit_1/production/README.md | 1 + 4-projects/business_unit_1/shared/README.md | 1 + 4-projects/modules/base_env/README.md | 1 + 4-projects/modules/single_project/README.md | 1 + test/setup/main.tf | 3 ++- test/setup/outputs.tf | 5 +++++ 27 files changed, 64 insertions(+), 13 deletions(-) diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md index 2b5b5c58c..dd93e13b7 100644 --- a/0-bootstrap/README.md +++ b/0-bootstrap/README.md @@ -367,6 +367,7 @@ Each step has instructions for this change. | org\_id | GCP Organization ID | `string` | n/a | yes | | org\_policy\_admin\_role | Additional Org Policy Admin role for admin group. You can use this for testing purposes. | `bool` | `false` | no | | parent\_folder | Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. | `string` | `""` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | project\_prefix | Name prefix to use for projects created. Should be the same in all steps. Max size is 3 characters. | `string` | `"prj"` | no | ## Outputs diff --git a/0-bootstrap/modules/jenkins-agent/README.md b/0-bootstrap/modules/jenkins-agent/README.md index 09f72a5aa..10c713ea4 100644 --- a/0-bootstrap/modules/jenkins-agent/README.md +++ b/0-bootstrap/modules/jenkins-agent/README.md @@ -68,6 +68,7 @@ module "jenkins_bootstrap" { | on\_prem\_vpn\_public\_ip\_address | The public IP Address of the Jenkins Controller. | `string` | n/a | yes | | on\_prem\_vpn\_public\_ip\_address2 | The secondpublic IP Address of the Jenkins Controller. | `string` | n/a | yes | | org\_id | GCP Organization ID | `string` | n/a | yes | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | project\_labels | Labels to apply to the project. | `map(string)` | `{}` | no | | project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no | | router\_asn | BGP ASN for cloud routes. | `number` | `"64515"` | no | diff --git a/1-org/envs/shared/README.md b/1-org/envs/shared/README.md index e260c67ca..8fe1ace97 100644 --- a/1-org/envs/shared/README.md +++ b/1-org/envs/shared/README.md @@ -18,6 +18,7 @@ | log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. |
object({
is_locked = bool
retention_period_days = number
})
| `null` | no | | log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no | | project\_budget | Budget configuration for projects.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). |
object({
dns_hub_budget_amount = optional(number, 1000)
dns_hub_alert_spent_percents = optional(list(number), [1.2])
dns_hub_alert_pubsub_topic = optional(string, null)
dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
base_net_hub_budget_amount = optional(number, 1000)
base_net_hub_alert_spent_percents = optional(list(number), [1.2])
base_net_hub_alert_pubsub_topic = optional(string, null)
base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
base_network_budget_amount = optional(number, 1000)
base_network_alert_spent_percents = optional(list(number), [1.2])
base_network_alert_pubsub_topic = optional(string, null)
base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_net_hub_budget_amount = optional(number, 1000)
restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])
restricted_net_hub_alert_pubsub_topic = optional(string, null)
restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_network_budget_amount = optional(number, 1000)
restricted_network_alert_spent_percents = optional(list(number), [1.2])
restricted_network_alert_pubsub_topic = optional(string, null)
restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
interconnect_budget_amount = optional(number, 1000)
interconnect_alert_spent_percents = optional(list(number), [1.2])
interconnect_alert_pubsub_topic = optional(string, null)
interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_secrets_budget_amount = optional(number, 1000)
org_secrets_alert_spent_percents = optional(list(number), [1.2])
org_secrets_alert_pubsub_topic = optional(string, null)
org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_billing_export_budget_amount = optional(number, 1000)
org_billing_export_alert_spent_percents = optional(list(number), [1.2])
org_billing_export_alert_pubsub_topic = optional(string, null)
org_billing_export_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_audit_logs_budget_amount = optional(number, 1000)
org_audit_logs_alert_spent_percents = optional(list(number), [1.2])
org_audit_logs_alert_pubsub_topic = optional(string, null)
org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
common_kms_budget_amount = optional(number, 1000)
common_kms_alert_spent_percents = optional(list(number), [1.2])
common_kms_alert_pubsub_topic = optional(string, null)
common_kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
scc_notifications_budget_amount = optional(number, 1000)
scc_notifications_alert_spent_percents = optional(list(number), [1.2])
scc_notifications_alert_pubsub_topic = optional(string, null)
scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
| `{}` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no | | scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe --organization=org_id` to check if it already exists. | `string` | n/a | yes | diff --git a/1-org/modules/cai-monitoring/main.tf b/1-org/modules/cai-monitoring/main.tf index d55bf71e2..a7261493b 100644 --- a/1-org/modules/cai-monitoring/main.tf +++ b/1-org/modules/cai-monitoring/main.tf @@ -121,7 +121,7 @@ resource "google_cloud_asset_organization_feed" "organization_feed" { module "pubsub_cai_feed" { source = "terraform-google-modules/pubsub/google" - version = "~> 6.0" + version = "~> 7.0" topic = "top-cai-monitoring-${random_id.suffix.hex}-event" project_id = var.project_id diff --git a/1-org/modules/centralized-logging/main.tf b/1-org/modules/centralized-logging/main.tf index 58bebc7c5..75cad1c1d 100644 --- a/1-org/modules/centralized-logging/main.tf +++ b/1-org/modules/centralized-logging/main.tf @@ -83,7 +83,7 @@ resource "random_string" "suffix" { module "log_export" { source = "terraform-google-modules/log-export/google" - version = "~> 8.0" + version = "~> 10.0" for_each = local.log_exports @@ -98,7 +98,7 @@ module "log_export" { module "log_export_billing" { source = "terraform-google-modules/log-export/google" - version = "~> 8.0" + version = "~> 10.0" for_each = var.enable_billing_account_sink ? local.destination_resource_name : {} @@ -123,7 +123,7 @@ resource "time_sleep" "wait_sa_iam_membership" { module "destination_project" { source = "terraform-google-modules/log-export/google//modules/project" - version = "~> 8.0" + version = "~> 10.0" count = var.project_options != null ? 1 : 0 project_id = var.logging_destination_project_id @@ -151,7 +151,7 @@ resource "google_project_iam_member" "project_sink_member" { module "internal_project_log_export" { source = "terraform-google-modules/log-export/google" - version = "~> 8.0" + version = "~> 10.0" count = var.project_options != null ? 1 : 0 destination_uri = "logging.googleapis.com/projects/${var.logging_destination_project_id}/locations/${var.project_options.location}/buckets/${coalesce(var.project_options.log_bucket_id, "AggregatedLogs")}" @@ -164,7 +164,7 @@ module "internal_project_log_export" { module "destination_aggregated_logs" { source = "terraform-google-modules/log-export/google//modules/logbucket" - version = "~> 8.0" + version = "~> 10.0" count = var.project_options != null ? 1 : 0 project_id = var.logging_destination_project_id @@ -238,7 +238,7 @@ resource "google_project_iam_member" "project_sink_member_billing" { #----------------------# module "destination_storage" { source = "terraform-google-modules/log-export/google//modules/storage" - version = "~> 8.0" + version = "~> 10.0" count = var.storage_options != null ? 1 : 0 @@ -289,7 +289,7 @@ resource "google_storage_bucket_iam_member" "storage_sink_member_billing" { #----------------------# module "destination_pubsub" { source = "terraform-google-modules/log-export/google//modules/pubsub" - version = "~> 8.0" + version = "~> 10.0" count = var.pubsub_options != null ? 1 : 0 diff --git a/2-environments/envs/development/README.md b/2-environments/envs/development/README.md index 15e492c25..cf01bc7f7 100644 --- a/2-environments/envs/development/README.md +++ b/2-environments/envs/development/README.md @@ -3,6 +3,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | diff --git a/2-environments/envs/development/main.tf b/2-environments/envs/development/main.tf index c8502a9a6..2f66c50dc 100644 --- a/2-environments/envs/development/main.tf +++ b/2-environments/envs/development/main.tf @@ -21,4 +21,6 @@ module "env" { environment_code = "d" remote_state_bucket = var.remote_state_bucket tfc_org_name = var.tfc_org_name + + project_deletion_policy = var.project_deletion_policy } diff --git a/2-environments/envs/development/variables.tf b/2-environments/envs/development/variables.tf index 5b2c5e365..db3da85da 100644 --- a/2-environments/envs/development/variables.tf +++ b/2-environments/envs/development/variables.tf @@ -24,3 +24,9 @@ variable "tfc_org_name" { type = string default = "" } + +variable "project_deletion_policy" { + description = "The deletion policy for the project created." + type = string + default = "PREVENT" +} diff --git a/2-environments/envs/nonproduction/README.md b/2-environments/envs/nonproduction/README.md index 15e492c25..cf01bc7f7 100644 --- a/2-environments/envs/nonproduction/README.md +++ b/2-environments/envs/nonproduction/README.md @@ -3,6 +3,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | diff --git a/2-environments/envs/nonproduction/main.tf b/2-environments/envs/nonproduction/main.tf index b7684243b..350e72ec0 100644 --- a/2-environments/envs/nonproduction/main.tf +++ b/2-environments/envs/nonproduction/main.tf @@ -21,4 +21,6 @@ module "env" { environment_code = "n" remote_state_bucket = var.remote_state_bucket tfc_org_name = var.tfc_org_name + + project_deletion_policy = var.project_deletion_policy } diff --git a/2-environments/envs/nonproduction/variables.tf b/2-environments/envs/nonproduction/variables.tf index 5b2c5e365..db3da85da 100644 --- a/2-environments/envs/nonproduction/variables.tf +++ b/2-environments/envs/nonproduction/variables.tf @@ -24,3 +24,9 @@ variable "tfc_org_name" { type = string default = "" } + +variable "project_deletion_policy" { + description = "The deletion policy for the project created." + type = string + default = "PREVENT" +} diff --git a/2-environments/envs/production/README.md b/2-environments/envs/production/README.md index 99e479ae3..19cb9a2f1 100644 --- a/2-environments/envs/production/README.md +++ b/2-environments/envs/production/README.md @@ -3,6 +3,7 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | diff --git a/2-environments/envs/production/main.tf b/2-environments/envs/production/main.tf index 95ecdd724..deba01685 100644 --- a/2-environments/envs/production/main.tf +++ b/2-environments/envs/production/main.tf @@ -22,6 +22,8 @@ module "env" { remote_state_bucket = var.remote_state_bucket tfc_org_name = var.tfc_org_name + project_deletion_policy = var.project_deletion_policy + assured_workload_configuration = { enabled = false location = "us-central1" diff --git a/2-environments/envs/production/variables.tf b/2-environments/envs/production/variables.tf index 15cef8a0c..1cb41ac55 100644 --- a/2-environments/envs/production/variables.tf +++ b/2-environments/envs/production/variables.tf @@ -25,3 +25,9 @@ variable "tfc_org_name" { default = "" } +variable "project_deletion_policy" { + description = "The deletion policy for the project created." + type = string + default = "PREVENT" +} + diff --git a/2-environments/modules/env_baseline/README.md b/2-environments/modules/env_baseline/README.md index 1dfb1317a..de489bdbc 100644 --- a/2-environments/modules/env_baseline/README.md +++ b/2-environments/modules/env_baseline/README.md @@ -7,6 +7,7 @@ | env | The environment to prepare (ex. development) | `string` | n/a | yes | | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes | | project\_budget | Budget configuration for projects.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). |
object({
base_network_budget_amount = optional(number, 1000)
base_network_alert_spent_percents = optional(list(number), [1.2])
base_network_alert_pubsub_topic = optional(string, null)
base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_network_budget_amount = optional(number, 1000)
restricted_network_alert_spent_percents = optional(list(number), [1.2])
restricted_network_alert_pubsub_topic = optional(string, null)
restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
secret_budget_amount = optional(number, 1000)
secret_alert_spent_percents = optional(list(number), [1.2])
secret_alert_pubsub_topic = optional(string, null)
secret_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
kms_budget_amount = optional(number, 1000)
kms_alert_spent_percents = optional(list(number), [1.2])
kms_alert_pubsub_topic = optional(string, null)
kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
| `{}` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization | `string` | n/a | yes | diff --git a/2-environments/modules/env_baseline/kms.tf b/2-environments/modules/env_baseline/kms.tf index e6e4d992f..01dc42f26 100644 --- a/2-environments/modules/env_baseline/kms.tf +++ b/2-environments/modules/env_baseline/kms.tf @@ -21,7 +21,7 @@ module "env_kms" { source = "terraform-google-modules/project-factory/google" - version = "~> 15.0" + version = "~> 17.0" random_project_id = true random_project_id_length = 4 @@ -33,6 +33,7 @@ module "env_kms" { disable_services_on_destroy = false depends_on = [time_sleep.wait_60_seconds] activate_apis = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"] + deletion_policy = var.project_deletion_policy labels = { environment = var.env diff --git a/2-environments/modules/env_baseline/secrets.tf b/2-environments/modules/env_baseline/secrets.tf index fa875c67a..6ff24a4ec 100644 --- a/2-environments/modules/env_baseline/secrets.tf +++ b/2-environments/modules/env_baseline/secrets.tf @@ -21,7 +21,7 @@ module "env_secrets" { source = "terraform-google-modules/project-factory/google" - version = "~> 15.0" + version = "~> 17.0" random_project_id = true random_project_id_length = 4 @@ -33,6 +33,7 @@ module "env_secrets" { disable_services_on_destroy = false depends_on = [time_sleep.wait_60_seconds] activate_apis = ["logging.googleapis.com", "secretmanager.googleapis.com"] + deletion_policy = var.project_deletion_policy labels = { environment = var.env diff --git a/2-environments/modules/env_baseline/variables.tf b/2-environments/modules/env_baseline/variables.tf index 400479c0e..6aa14afc4 100644 --- a/2-environments/modules/env_baseline/variables.tf +++ b/2-environments/modules/env_baseline/variables.tf @@ -81,3 +81,9 @@ variable "assured_workload_configuration" { }) default = {} } + +variable "project_deletion_policy" { + description = "The deletion policy for the project created." + type = string + default = "PREVENT" +} diff --git a/3-networks-hub-and-spoke/modules/transitivity/main.tf b/3-networks-hub-and-spoke/modules/transitivity/main.tf index 92cafdf2f..1b082e482 100644 --- a/3-networks-hub-and-spoke/modules/transitivity/main.tf +++ b/3-networks-hub-and-spoke/modules/transitivity/main.tf @@ -37,7 +37,7 @@ module "service_account" { module "templates" { source = "terraform-google-modules/vm/google//modules/instance_template" - version = "~> 11.0" + version = "~> 12.0" for_each = toset(var.regions) can_ip_forward = true @@ -65,7 +65,7 @@ module "templates" { module "migs" { source = "terraform-google-modules/vm/google//modules/mig" - version = "~> 11.1" + version = "~> 12.1" for_each = toset(var.regions) project_id = var.project_id diff --git a/4-projects/business_unit_1/development/README.md b/4-projects/business_unit_1/development/README.md index e1fa6e324..25eaa0408 100644 --- a/4-projects/business_unit_1/development/README.md +++ b/4-projects/business_unit_1/development/README.md @@ -8,6 +8,7 @@ | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no | | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no | | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no | diff --git a/4-projects/business_unit_1/nonproduction/README.md b/4-projects/business_unit_1/nonproduction/README.md index e1fa6e324..25eaa0408 100644 --- a/4-projects/business_unit_1/nonproduction/README.md +++ b/4-projects/business_unit_1/nonproduction/README.md @@ -8,6 +8,7 @@ | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no | | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no | | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no | diff --git a/4-projects/business_unit_1/production/README.md b/4-projects/business_unit_1/production/README.md index e1fa6e324..25eaa0408 100644 --- a/4-projects/business_unit_1/production/README.md +++ b/4-projects/business_unit_1/production/README.md @@ -8,6 +8,7 @@ | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no | | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no | | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no | diff --git a/4-projects/business_unit_1/shared/README.md b/4-projects/business_unit_1/shared/README.md index 9515329eb..011c44625 100644 --- a/4-projects/business_unit_1/shared/README.md +++ b/4-projects/business_unit_1/shared/README.md @@ -5,6 +5,7 @@ |------|-------------|------|---------|:--------:| | default\_region | Default region to create resources where applicable. | `string` | `"us-central1"` | no | | project\_budget | Budget configuration.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). |
object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
| `{}` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no | diff --git a/4-projects/modules/base_env/README.md b/4-projects/modules/base_env/README.md index 70d08bc55..b64447262 100644 --- a/4-projects/modules/base_env/README.md +++ b/4-projects/modules/base_env/README.md @@ -20,6 +20,7 @@ | peering\_iap\_fw\_rules\_enabled | Toggle creation of optional IAP firewall rules: SSH, RDP. | `bool` | `false` | no | | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no | | project\_budget | Budget configuration.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). |
object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
| `{}` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes | | subnet\_ip\_range | IP range for the peered subnetwork. If "peering\_iap\_fw\_rules\_enabled" is true, this field should not be null. | `string` | `null` | no | | subnet\_region | Region which the peered subnet will be created. If "peering\_iap\_fw\_rules\_enabled" is true, this field should not be null. | `string` | `null` | no | diff --git a/4-projects/modules/single_project/README.md b/4-projects/modules/single_project/README.md index b92f4b388..80758abb9 100644 --- a/4-projects/modules/single_project/README.md +++ b/4-projects/modules/single_project/README.md @@ -15,6 +15,7 @@ | org\_id | The organization id for the associated services | `string` | n/a | yes | | primary\_contact | The primary email contact for the project | `string` | n/a | yes | | project\_budget | Budget configuration.
budget\_amount: The amount to use as the budget.
alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). |
object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
| `{}` | no | +| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no | | project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no | | project\_suffix | The name of the GCP project. Max 16 characters with 3 character business unit code. | `string` | n/a | yes | | sa\_roles | A list of roles to give the Service Account from App Infra Pipeline. | `map(list(string))` | `{}` | no | diff --git a/test/setup/main.tf b/test/setup/main.tf index 7b85df91d..cb8cdfd9d 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -46,7 +46,7 @@ resource "google_folder" "test_folder" { module "project" { source = "terraform-google-modules/project-factory/google" - version = "~> 15.0" + version = "~> 17.0" name = "ci-foundation-${random_string.suffix.result}" random_project_id = true @@ -54,6 +54,7 @@ module "project" { org_id = var.org_id folder_id = var.folder_id billing_account = var.billing_account + deletion_policy = "DELETE" activate_apis = [ "cloudresourcemanager.googleapis.com", diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf index bff0125e8..4b19fdbc2 100644 --- a/test/setup/outputs.tf +++ b/test/setup/outputs.tf @@ -109,3 +109,8 @@ output "create_unique_tag_key" { description = "Set to true to avoid tag key name colision during integrated tests. Tag keys are organization-wide unique names." value = true } + +output "project_deletion_policy" { + description = "The deletion policy for the project created. Set to `DELETE` during integrated tests so that projects can be destroyed." + value = "DELETE" +}