diff --git a/README.md b/README.md index 606c204e..97f8829c 100644 --- a/README.md +++ b/README.md @@ -57,11 +57,12 @@ For the cloudbuild submodule, see the README [cloudbuild](./modules/cloudbuild). | org\_id | GCP Organization ID | `string` | n/a | yes | | org\_project\_creators | Additional list of members to have project creator role accross the organization. Prefix of group: user: or serviceAccount: is required. | `list(string)` | `[]` | no | | parent\_folder | GCP parent folder ID in the form folders/{id} | `string` | `""` | no | -| project\_id | Custom project ID to use for project created. | `string` | `""` | no | +| project\_id | Custom project ID to use for project created. If not supplied, the default id is {project\_prefix}-seed-{random suffix}. | `string` | `""` | no | | project\_labels | Labels to apply to the project. | `map(string)` | `{}` | no | | project\_prefix | Name prefix to use for projects created. | `string` | `"cft"` | no | | sa\_enable\_impersonation | Allow org\_admins group to impersonate service account & enable APIs required. | `bool` | `false` | no | | sa\_org\_iam\_permissions | List of permissions granted to Terraform service account across the GCP organization. | `list(string)` | 
[
  "roles/billing.user",
  "roles/compute.networkAdmin",
  "roles/compute.xpnAdmin",
  "roles/iam.securityAdmin",
  "roles/iam.serviceAccountAdmin",
  "roles/logging.configWriter",
  "roles/orgpolicy.policyAdmin",
  "roles/resourcemanager.folderAdmin",
  "roles/resourcemanager.organizationViewer"
]
| no | +| state\_bucket\_name | Custom state bucket name. If not supplied, the default name is {project\_prefix}-tfstate-{random suffix}. | `string` | `""` | no | | storage\_bucket\_labels | Labels to apply to the storage bucket. | `map(string)` | `{}` | no | ## Outputs diff --git a/main.tf b/main.tf index 543123bf..37f33e8c 100644 --- a/main.tf +++ b/main.tf @@ -16,6 +16,7 @@ locals { seed_project_id = var.project_id != "" ? var.project_id : format("%s-%s", var.project_prefix, "seed") + state_bucket_name = var.state_bucket_name != "" ? var.state_bucket_name : format("%s-%s-%s", var.project_prefix, "tfstate", random_id.suffix.hex) impersonation_apis = distinct(concat(var.activate_apis, ["serviceusage.googleapis.com", "iamcredentials.googleapis.com"])) impersonation_enabled_count = var.sa_enable_impersonation == true ? 1 : 0 activate_apis = var.sa_enable_impersonation == true ? local.impersonation_apis : var.activate_apis @@ -80,7 +81,7 @@ resource "google_service_account" "org_terraform" { resource "google_storage_bucket" "org_terraform_state" { project = module.seed_project.project_id - name = format("%s-%s-%s", var.project_prefix, "tfstate", random_id.suffix.hex) + name = local.state_bucket_name location = var.default_region labels = var.storage_bucket_labels uniform_bucket_level_access = true diff --git a/variables.tf b/variables.tf index 983fdab1..db02b7fd 100644 --- a/variables.tf +++ b/variables.tf @@ -67,7 +67,7 @@ variable "project_prefix" { } variable "project_id" { - description = "Custom project ID to use for project created." + description = "Custom project ID to use for project created. If not supplied, the default id is {project_prefix}-seed-{random suffix}." default = "" type = string } @@ -114,6 +114,12 @@ variable "sa_enable_impersonation" { default = false } +variable "state_bucket_name" { + description = "Custom state bucket name. If not supplied, the default name is {project_prefix}-tfstate-{random suffix}." + default = "" + type = string +} + variable "grant_billing_user" { description = "Grant roles/billing.user role to CFT service account" type = bool