diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl index f6b1ce913..1be67e401 100755 --- a/autogen/variables.tf.tmpl +++ b/autogen/variables.tf.tmpl @@ -184,7 +184,7 @@ variable "disable_services_on_destroy" { } variable "default_service_account" { - description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`." + description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`." default = "disable" type = string } @@ -213,8 +213,8 @@ variable "python_interpreter_path" { type = string default = "python3" } - {% if gsuite_enabled %} + variable "create_group" { type = bool description = "Whether to create the group or not" @@ -222,13 +222,14 @@ variable "create_group" { } variable "sa_group" { + type = string description = "A G Suite group to place the default Service Account for the project in" default = "" } variable "api_sa_group" { + type = string description = "A G Suite group to place the Google APIs Service Account for the project in" default = "" } - {% endif %} \ No newline at end of file diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf index dd86f6d92..4e8b80aac 100644 --- a/modules/gsuite_enabled/variables.tf +++ b/modules/gsuite_enabled/variables.tf @@ -158,7 +158,7 @@ variable "disable_services_on_destroy" { } variable "default_service_account" { - description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`." + description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`." default = "disable" type = string } @@ -196,4 +196,3 @@ variable "api_sa_group" { description = "A G Suite group to place the Google APIs Service Account for the project in" default = "" } - diff --git a/modules/shared_vpc/variables.tf b/modules/shared_vpc/variables.tf index 114a17d27..c73227251 100755 --- a/modules/shared_vpc/variables.tf +++ b/modules/shared_vpc/variables.tf @@ -152,7 +152,7 @@ variable "disable_services_on_destroy" { } variable "default_service_account" { - description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`." + description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`." default = "disable" type = string } @@ -174,4 +174,3 @@ variable "python_interpreter_path" { type = string default = "python3" } - diff --git a/orig_files/gsuite_enabled/README.md b/orig_files/gsuite_enabled/README.md deleted file mode 100644 index 21d74260a..000000000 --- a/orig_files/gsuite_enabled/README.md +++ /dev/null @@ -1,114 +0,0 @@ -# Google Cloud Project Factory with G Suite Terraform Module - -This module performs the same functions as the -[root module][root-module] with the addition of integrating G Suite. - -## Usage - -There are multiple examples included in the [examples] folder but simple usage is as follows: - -```hcl -module "project-factory" { - source = "terraform-google-modules/project-factory/google//modules/gsuite_enabled" - version = "~> 1.0" - - billing_account = "ABCDEF-ABCDEF-ABCDEF" - create_group = "true" - credentials_path = "${local.credentials_file_path}" - group_name = "test_sa_group" - group_role = "roles/editor" - name = "pf-test-1" - org_id = "1234567890" - random_project_id = "true" - sa_group = "test_sa_group@yourdomain.com" - shared_vpc = "shared_vpc_host_name" - - shared_vpc_subnets = [ - "projects/base-project-196723/regions/us-east1/subnetworks/default", - "projects/base-project-196723/regions/us-central1/subnetworks/default", - "projects/base-project-196723/regions/us-central1/subnetworks/subnet-1", - ] - - usage_bucket_name = "pf-test-1-usage-report-bucket" - usage_bucket_prefix = "pf/test/1/integration" -} -``` - -## Features - -The G Suite Enabled module will perform the following actions in -addition to those of the root module: - -1. Create a new Google group for the project using `group_name` if - `create_group` is `"true"`. -1. Add the new default service account for the project to the - `sa_group` in Google Groups, if specified. -1. Add the Google APIs service account to the `api_sa_group`, - if specified. - -The roles granted are specifically: - -- New Default Service Account - - MEMBER of the specified `sa_group` -- Google APIs Service Account - - MEMBER of the specified `api_sa_group` - - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| activate\_apis | The list of apis to activate within the project | list(string) | `` | no | -| api\_sa\_group | A G Suite group to place the Google APIs Service Account for the project in | string | `""` | no | -| auto\_create\_network | Create the default network | string | `"false"` | no | -| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | -| bucket\_location | The location for a GCS bucket to create (optional) | string | `""` | no | -| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `""` | no | -| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no | -| create\_group | Whether to create the group or not | bool | `"false"` | no | -| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no | -| default\_service\_account | Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`. | string | `"disable"` | no | -| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | string | `"true"` | no | -| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no | -| domain | The domain name (optional). | string | `""` | no | -| folder\_id | The ID of a folder to host this project | string | `""` | no | -| group\_name | A group to control the project by being assigned group_role - defaults to $${project_name}-editors | string | `""` | no | -| group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `"roles/editor"` | no | -| impersonate\_service\_account | An optional service account to impersonate. If this service account is not specified, Terraform will fall back to credential file or Application Default Credentials. | string | `""` | no | -| labels | Map of labels for project | map(string) | `` | no | -| lien | Add a lien on the project to prevent accidental deletion | string | `"false"` | no | -| name | The name for the project | string | n/a | yes | -| org\_id | The organization ID. | string | n/a | yes | -| project\_id | If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true. | string | `""` | no | -| python\_interpreter\_path | Python interpreter path for precondition check script. | string | `"python3"` | no | -| random\_project\_id | Enables project random id generation. Mutually exclusive with project_id being non-empty. | string | `"false"` | no | -| sa\_group | A G Suite group to place the default Service Account for the project in | string | `""` | no | -| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `""` | no | -| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `""` | no | -| shared\_vpc\_enabled | If shared VPC should be used | bool | `"false"` | no | -| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `` | no | -| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | -| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| domain | The organization's domain | -| group\_email | The email of the created G Suite group with group_name | -| group\_name | The group_name of the G Suite group | -| project\_bucket\_self\_link | Project's bucket selfLink | -| project\_bucket\_url | Project's bucket url | -| project\_id | | -| project\_name | | -| project\_number | | -| service\_account\_display\_name | The display name of the default service account | -| service\_account\_email | The email of the default service account | -| service\_account\_id | The id of the default service account | -| service\_account\_name | The fully-qualified name of the default service account | -| service\_account\_unique\_id | The unique id of the default service account | - - - -[examples]: ../../examples/ -[root-module]: ../../README.md diff --git a/orig_files/gsuite_enabled/main.tf b/orig_files/gsuite_enabled/main.tf deleted file mode 100644 index 862d27cee..000000000 --- a/orig_files/gsuite_enabled/main.tf +++ /dev/null @@ -1,101 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - group_name = var.group_name != "" ? var.group_name : format("%s-editors", var.name) -} - -/*********************************************** - Make service account member of sa_group group - ***********************************************/ -resource "gsuite_group_member" "service_account_sa_group_member" { - count = var.sa_group != "" ? 1 : 0 - - group = var.sa_group - email = module.project-factory.service_account_email - role = "MEMBER" -} - -/***************************************** - G Suite group information retrieval - *****************************************/ -module "gsuite_group" { - source = "../gsuite_group" - - domain = var.domain - name = local.group_name - org_id = var.org_id -} - -/****************************************** - Gsuite Group Configuration - *****************************************/ -resource "gsuite_group" "group" { - count = var.create_group ? 1 : 0 - - description = "${var.name} project group" - email = module.gsuite_group.email - name = local.group_name -} - -/*********************************************** - Make APIs service account member of api_sa_group - ***********************************************/ -resource "gsuite_group_member" "api_s_account_api_sa_group_member" { - count = var.api_sa_group != "" ? 1 : 0 - - group = var.api_sa_group - email = module.project-factory.api_s_account - role = "MEMBER" -} - -module "project-factory" { - source = "../core_project_factory/" - - group_email = element( - compact( - concat(gsuite_group.group.*.email, [module.gsuite_group.email]), - ), - 0, - ) - group_role = var.group_role - lien = var.lien - manage_group = var.group_name != "" || var.create_group - random_project_id = var.random_project_id - org_id = var.org_id - name = var.name - project_id = var.project_id - shared_vpc = var.shared_vpc - shared_vpc_enabled = var.shared_vpc_enabled - billing_account = var.billing_account - folder_id = var.folder_id - sa_role = var.sa_role - activate_apis = var.activate_apis - usage_bucket_name = var.usage_bucket_name - usage_bucket_prefix = var.usage_bucket_prefix - credentials_path = var.credentials_path - impersonate_service_account = var.impersonate_service_account - shared_vpc_subnets = var.shared_vpc_subnets - labels = var.labels - bucket_project = var.bucket_project - bucket_name = var.bucket_name - bucket_location = var.bucket_location - auto_create_network = var.auto_create_network - disable_services_on_destroy = var.disable_services_on_destroy - default_service_account = var.default_service_account - disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path -} diff --git a/orig_files/gsuite_enabled/outputs.tf b/orig_files/gsuite_enabled/outputs.tf deleted file mode 100644 index cde3e3f7b..000000000 --- a/orig_files/gsuite_enabled/outputs.tf +++ /dev/null @@ -1,78 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "project_name" { - value = module.project-factory.project_name -} - -output "project_id" { - value = module.project-factory.project_id -} - -output "project_number" { - value = module.project-factory.project_number -} - -output "domain" { - value = module.gsuite_group.domain - description = "The organization's domain" -} - -output "group_email" { - value = module.gsuite_group.email - description = "The email of the created G Suite group with group_name" -} - -output "group_name" { - value = module.gsuite_group.name - description = "The group_name of the G Suite group" -} - -output "service_account_id" { - value = module.project-factory.service_account_id - description = "The id of the default service account" -} - -output "service_account_display_name" { - value = module.project-factory.service_account_display_name - description = "The display name of the default service account" -} - -output "service_account_email" { - value = module.project-factory.service_account_email - description = "The email of the default service account" -} - -output "service_account_name" { - value = module.project-factory.service_account_name - description = "The fully-qualified name of the default service account" -} - -output "service_account_unique_id" { - value = module.project-factory.service_account_unique_id - description = "The unique id of the default service account" -} - -output "project_bucket_self_link" { - value = module.project-factory.project_bucket_self_link - description = "Project's bucket selfLink" -} - -output "project_bucket_url" { - value = module.project-factory.project_bucket_url - description = "Project's bucket url" -} - diff --git a/orig_files/gsuite_enabled/variables.tf b/orig_files/gsuite_enabled/variables.tf deleted file mode 100644 index 35159cbaf..000000000 --- a/orig_files/gsuite_enabled/variables.tf +++ /dev/null @@ -1,178 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "lien" { - description = "Add a lien on the project to prevent accidental deletion" - default = "false" - type = string -} - -variable "random_project_id" { - description = "Enables project random id generation. Mutually exclusive with project_id being non-empty." - default = "false" -} - -variable "org_id" { - description = "The organization ID." -} - -variable "domain" { - description = "The domain name (optional)." - default = "" -} - -variable "name" { - description = "The name for the project" -} - -variable "project_id" { - description = "If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true." - default = "" -} - -variable "shared_vpc" { - description = "The ID of the host project which hosts the shared VPC" - default = "" -} - -variable "billing_account" { - description = "The ID of the billing account to associate this project with" -} - -variable "folder_id" { - description = "The ID of a folder to host this project" - default = "" -} - -variable "group_name" { - description = "A group to control the project by being assigned group_role - defaults to $${project_name}-editors" - default = "" -} - -variable "create_group" { - type = bool - description = "Whether to create the group or not" - default = false -} - -variable "group_role" { - description = "The role to give the controlling group (group_name) over the project (defaults to project editor)" - default = "roles/editor" -} - -variable "sa_group" { - description = "A G Suite group to place the default Service Account for the project in" - default = "" -} - -variable "sa_role" { - description = "A role to give the default Service Account for the project (defaults to none)" - default = "" -} - -variable "activate_apis" { - description = "The list of apis to activate within the project" - type = list(string) - default = ["compute.googleapis.com"] -} - -variable "usage_bucket_name" { - description = "Name of a GCS bucket to store GCE usage reports in (optional)" - default = "" -} - -variable "usage_bucket_prefix" { - description = "Prefix in the GCS bucket to store GCE usage reports in (optional)" - default = "" -} - -variable "credentials_path" { - description = "Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials." - default = "" -} - -variable "impersonate_service_account" { - description = "An optional service account to impersonate. If this service account is not specified, Terraform will fall back to credential file or Application Default Credentials." - type = string - default = "" -} - -variable "shared_vpc_subnets" { - description = "List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id)" - type = list(string) - default = [""] -} - -variable "labels" { - description = "Map of labels for project" - type = map(string) - default = {} -} - -variable "bucket_project" { - description = "A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional)" - default = "" -} - -variable "bucket_name" { - description = "A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional)" - default = "" -} - -variable "bucket_location" { - description = "The location for a GCS bucket to create (optional)" - default = "" -} - - variable "api_sa_group" { - description = "A G Suite group to place the Google APIs Service Account for the project in" - default = "" -} - -variable "auto_create_network" { - description = "Create the default network" - default = "false" -} - -variable "disable_services_on_destroy" { - description = "Whether project services will be disabled when the resources are destroyed" - default = "true" - type = string -} - -variable "default_service_account" { - description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`." - default = "disable" - type = string -} - -variable "disable_dependent_services" { - description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed." - default = "true" - type = string -} - -variable "shared_vpc_enabled" { - description = "If shared VPC should be used" - type = bool - default = false -} - -variable "python_interpreter_path" { - description = "Python interpreter path for precondition check script." - type = string - default = "python3" -} diff --git a/orig_files/gsuite_enabled/versions.tf b/orig_files/gsuite_enabled/versions.tf deleted file mode 100644 index e9f21a7fb..000000000 --- a/orig_files/gsuite_enabled/versions.tf +++ /dev/null @@ -1,23 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_version = "~> 0.12.6" - - required_providers { - gsuite = "~> 0.1" - } -} diff --git a/orig_files/root/main.tf b/orig_files/root/main.tf deleted file mode 100644 index 272ffdc0e..000000000 --- a/orig_files/root/main.tf +++ /dev/null @@ -1,59 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/***************************************** - Organization info retrieval - *****************************************/ -module "gsuite_group" { - source = "./modules/gsuite_group" - - domain = var.domain - name = var.group_name - org_id = var.org_id -} - -module "project-factory" { - source = "./modules/core_project_factory" - - group_email = module.gsuite_group.email - group_role = var.group_role - lien = var.lien - manage_group = var.group_name != "" ? "true" : "false" - random_project_id = var.random_project_id - org_id = var.org_id - name = var.name - project_id = var.project_id - shared_vpc = var.shared_vpc - shared_vpc_enabled = var.shared_vpc != "" - billing_account = var.billing_account - folder_id = var.folder_id - sa_role = var.sa_role - activate_apis = var.activate_apis - usage_bucket_name = var.usage_bucket_name - usage_bucket_prefix = var.usage_bucket_prefix - credentials_path = var.credentials_path - impersonate_service_account = var.impersonate_service_account - shared_vpc_subnets = var.shared_vpc_subnets - labels = var.labels - bucket_project = var.bucket_project - bucket_name = var.bucket_name - bucket_location = var.bucket_location - auto_create_network = var.auto_create_network - disable_services_on_destroy = var.disable_services_on_destroy - default_service_account = var.default_service_account - disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path -} diff --git a/orig_files/root/outputs.tf b/orig_files/root/outputs.tf deleted file mode 100644 index 42db07e11..000000000 --- a/orig_files/root/outputs.tf +++ /dev/null @@ -1,73 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "project_name" { - value = module.project-factory.project_name -} - -output "project_id" { - value = module.project-factory.project_id -} - -output "project_number" { - value = module.project-factory.project_number -} - -output "domain" { - value = module.gsuite_group.domain - description = "The organization's domain" -} - -output "group_email" { - value = module.gsuite_group.email - description = "The email of the G Suite group with group_name" -} - -output "service_account_id" { - value = module.project-factory.service_account_id - description = "The id of the default service account" -} - -output "service_account_display_name" { - value = module.project-factory.service_account_display_name - description = "The display name of the default service account" -} - -output "service_account_email" { - value = module.project-factory.service_account_email - description = "The email of the default service account" -} - -output "service_account_name" { - value = module.project-factory.service_account_name - description = "The fully-qualified name of the default service account" -} - -output "service_account_unique_id" { - value = module.project-factory.service_account_unique_id - description = "The unique id of the default service account" -} - -output "project_bucket_self_link" { - value = module.project-factory.project_bucket_self_link - description = "Project's bucket selfLink" -} - -output "project_bucket_url" { - value = module.project-factory.project_bucket_url - description = "Project's bucket url" -} - diff --git a/orig_files/root/variables.tf b/orig_files/root/variables.tf deleted file mode 100644 index 9e4bf3202..000000000 --- a/orig_files/root/variables.tf +++ /dev/null @@ -1,174 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "random_project_id" { - description = "Enables project random id generation. Mutually exclusive with project_id being non-empty." - type = bool - default = false -} - -variable "org_id" { - description = "The organization ID." - type = string -} - -variable "domain" { - description = "The domain name (optional)." - type = string - default = "" -} - -variable "name" { - description = "The name for the project" - type = string -} - -variable "project_id" { - description = "If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true." - type = string - default = "" -} - -variable "shared_vpc" { - description = "The ID of the host project which hosts the shared VPC" - type = string - default = "" -} - -variable "billing_account" { - description = "The ID of the billing account to associate this project with" - type = string -} - -variable "folder_id" { - description = "The ID of a folder to host this project" - type = string - default = "" -} - -variable "group_name" { - description = "A group to control the project by being assigned group_role (defaults to project editor)" - type = string - default = "" -} - -variable "group_role" { - description = "The role to give the controlling group (group_name) over the project (defaults to project editor)" - type = string - default = "roles/editor" -} - -variable "sa_role" { - description = "A role to give the default Service Account for the project (defaults to none)" - type = string - default = "" -} - -variable "activate_apis" { - description = "The list of apis to activate within the project" - type = list(string) - default = ["compute.googleapis.com"] -} - -variable "usage_bucket_name" { - description = "Name of a GCS bucket to store GCE usage reports in (optional)" - type = string - default = "" -} - -variable "usage_bucket_prefix" { - description = "Prefix in the GCS bucket to store GCE usage reports in (optional)" - type = string - default = "" -} - -variable "credentials_path" { - description = "Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials." - type = string - default = "" -} - -variable "impersonate_service_account" { - description = "An optional service account to impersonate. This cannot be used with credentials_path. If this service account is not specified and credentials_path is absent, the module will use Application Default Credentials." - type = string - default = "" -} - -variable "shared_vpc_subnets" { - description = "List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id)" - type = list(string) - default = [""] -} - -variable "labels" { - description = "Map of labels for project" - type = map(string) - default = {} -} - -variable "bucket_project" { - description = "A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional)" - type = string - default = "" -} - -variable "bucket_name" { - description = "A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional)" - type = string - default = "" -} - -variable "bucket_location" { - description = "The location for a GCS bucket to create (optional)" - type = string - default = "US" -} - -variable "auto_create_network" { - description = "Create the default network" - type = bool - default = false -} - -variable "lien" { - description = "Add a lien on the project to prevent accidental deletion" - type = bool - default = false -} - -variable "disable_services_on_destroy" { - description = "Whether project services will be disabled when the resources are destroyed" - default = "true" - type = string -} - -variable "default_service_account" { - description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`." - default = "disable" - type = string -} - -variable "disable_dependent_services" { - description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed." - default = true - type = bool -} - -variable "python_interpreter_path" { - description = "Python interpreter path for precondition check script." - type = string - default = "python3" -} diff --git a/orig_files/root/versions.tf b/orig_files/root/versions.tf deleted file mode 100644 index 1a9363a31..000000000 --- a/orig_files/root/versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_version = "~> 0.12.6" -} diff --git a/orig_files/shared_vpc/main.tf b/orig_files/shared_vpc/main.tf deleted file mode 100755 index 2542a022b..000000000 --- a/orig_files/shared_vpc/main.tf +++ /dev/null @@ -1,58 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/***************************************** - Organization info retrieval - *****************************************/ -module "gsuite_group" { - source = "../gsuite_group" - - domain = var.domain - name = var.group_name - org_id = var.org_id -} - -module "project-factory" { - source = "../core_project_factory" - - group_email = module.gsuite_group.email - group_role = var.group_role - lien = var.lien - manage_group = var.group_name != "" ? "true" : "false" - random_project_id = var.random_project_id - org_id = var.org_id - name = var.name - project_id = var.project_id - shared_vpc = var.shared_vpc - shared_vpc_enabled = true - billing_account = var.billing_account - folder_id = var.folder_id - sa_role = var.sa_role - activate_apis = var.activate_apis - usage_bucket_name = var.usage_bucket_name - usage_bucket_prefix = var.usage_bucket_prefix - credentials_path = var.credentials_path - shared_vpc_subnets = var.shared_vpc_subnets - labels = var.labels - bucket_project = var.bucket_project - bucket_name = var.bucket_name - bucket_location = var.bucket_location - auto_create_network = var.auto_create_network - disable_services_on_destroy = var.disable_services_on_destroy - default_service_account = var.default_service_account - disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path -} diff --git a/orig_files/shared_vpc/outputs.tf b/orig_files/shared_vpc/outputs.tf deleted file mode 100755 index c18b92bd3..000000000 --- a/orig_files/shared_vpc/outputs.tf +++ /dev/null @@ -1,76 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "project_name" { - description = "The name for the project" - value = module.project-factory.project_name -} - -output "project_id" { - description = "If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true." - value = module.project-factory.project_id -} - -output "project_number" { - description = "The number for the project" - value = module.project-factory.project_number -} - -output "domain" { - value = module.gsuite_group.domain - description = "The organization's domain" -} - -output "group_email" { - value = module.gsuite_group.email - description = "The email of the G Suite group with group_name" -} - -output "service_account_id" { - value = module.project-factory.service_account_id - description = "The id of the default service account" -} - -output "service_account_display_name" { - value = module.project-factory.service_account_display_name - description = "The display name of the default service account" -} - -output "service_account_email" { - value = module.project-factory.service_account_email - description = "The email of the default service account" -} - -output "service_account_name" { - value = module.project-factory.service_account_name - description = "The fully-qualified name of the default service account" -} - -output "service_account_unique_id" { - value = module.project-factory.service_account_unique_id - description = "The unique id of the default service account" -} - -output "project_bucket_self_link" { - value = module.project-factory.project_bucket_self_link - description = "Project's bucket selfLink" -} - -output "project_bucket_url" { - value = module.project-factory.project_bucket_url - description = "Project's bucket url" -} - diff --git a/orig_files/shared_vpc/variables.tf b/orig_files/shared_vpc/variables.tf deleted file mode 100755 index 3d2ff4d6c..000000000 --- a/orig_files/shared_vpc/variables.tf +++ /dev/null @@ -1,172 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "random_project_id" { - description = "Enables project random id generation. Mutually exclusive with project_id being non-empty." - type = bool - default = false -} - -variable "org_id" { - description = "The organization ID." - type = string -} - -variable "domain" { - description = "The domain name (optional)." - type = string - default = "" -} - -variable "name" { - description = "The name for the project" - type = string -} - -variable "project_id" { - description = "If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true." - type = string - default = "" -} - -variable "shared_vpc" { - description = "The ID of the host project which hosts the shared VPC" - type = string - default = "" -} - -variable "billing_account" { - description = "The ID of the billing account to associate this project with" - type = string -} - -variable "folder_id" { - description = "The ID of a folder to host this project" - type = string - default = "" -} - -variable "group_name" { - description = "A group to control the project by being assigned group_role (defaults to project editor)" - type = string - default = "" -} - -variable "group_role" { - description = "The role to give the controlling group (group_name) over the project (defaults to project editor)" - type = string - default = "roles/editor" -} - -variable "sa_role" { - description = "A role to give the default Service Account for the project (defaults to none)" - default = "" -} - -variable "activate_apis" { - description = "The list of apis to activate within the project" - type = list(string) - default = ["compute.googleapis.com"] -} - -variable "usage_bucket_name" { - description = "Name of a GCS bucket to store GCE usage reports in (optional)" - type = string - default = "" -} - -variable "usage_bucket_prefix" { - description = "Prefix in the GCS bucket to store GCE usage reports in (optional)" - type = string - default = "" -} - -variable "credentials_path" { - description = "Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials." - default = "" -} - -variable "shared_vpc_subnets" { - description = "List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id)" - type = list(string) - default = [""] -} - -variable "labels" { - description = "Map of labels for project" - type = map(string) - default = {} -} - -variable "bucket_project" { - description = "A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional)" - type = string - default = "" -} - -variable "bucket_name" { - description = "A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional)" - type = string - default = "" -} - -variable "bucket_location" { - description = "The location for a GCS bucket to create (optional)" - type = string - default = "US" -} - -variable "auto_create_network" { - description = "Create the default network" - type = bool - default = false -} - -variable "lien" { - description = "Add a lien on the project to prevent accidental deletion" - type = bool - default = false -} - -variable "disable_services_on_destroy" { - description = "Whether project services will be disabled when the resources are destroyed" - default = true - type = bool -} - -variable "default_service_account" { - description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`." - default = "disable" - type = string -} - -variable "disable_dependent_services" { - description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed." - default = true - type = bool -} - -variable "shared_vpc_enabled" { - description = "If shared VPC should be used" - type = bool - default = false -} - -variable "python_interpreter_path" { - description = "Python interpreter path for precondition check script." - type = string - default = "python3" -} diff --git a/orig_files/shared_vpc/versions.tf b/orig_files/shared_vpc/versions.tf deleted file mode 100644 index 1a9363a31..000000000 --- a/orig_files/shared_vpc/versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_version = "~> 0.12.6" -} diff --git a/variables.tf b/variables.tf index 9b0b2cc63..5c344bdd7 100644 --- a/variables.tf +++ b/variables.tf @@ -158,7 +158,7 @@ variable "disable_services_on_destroy" { } variable "default_service_account" { - description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`." + description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`." default = "disable" type = string } @@ -174,4 +174,3 @@ variable "python_interpreter_path" { type = string default = "python3" } -