terraform-google-modules · thefirstofthe300 · Jan 24, 2019 · Jan 24, 2019 · Feb 22, 2019 · Feb 22, 2019
@@ -8,12 +8,24 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 ## [Unreleased]
 
+## [2.0.0] - 2019-02-22
+2.0.0 is a major backwards incompatible release. See the [upgrade guide](./docs/upgrading_to_project_factory_v2.0.md) for details.
+
+### ADDED
+
+- Added separate App Engine module. [#144]
+
+### REMOVED
+
+- Removed `app_engine` argument (config block).
+
 ## [1.1.1] - 2019-02-25
 ### FIXED
 - Drop dependency on `gsuite` provider from core module. [#147]
 
 ## [1.1.0] - 2019-02-22
 ### ADDED
+- Added separate App Engine module. [#134]
 - Preconditions script checks billing account format. [#117]
 - Add project_services submodule. [#133]
 
@@ -59,7 +71,8 @@ Extending the adopted spec, each change should have a link to its corresponding
 ### ADDED
 - This is the initial release of the Project Factory Module.
 
-[Unreleased]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.1.1...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v2.0.0...HEAD
+[2.0.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.1.1...v2.0.0
 [1.1.1]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.1.0...v1.1.1
 [1.1.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.0.2...v1.1.0
 [1.0.2]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.0.1...v1.0.2
@@ -70,6 +83,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 [0.2.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v0.1.0...v0.2.0
 
 [#147]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/147
+[#144]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/144
 [#143]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/143
 [#141]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/141
 [#133]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/133

@@ -18,7 +18,7 @@ SHELL := /usr/bin/env bash
 # Docker build config variables
 CREDENTIALS_PATH ?= /cft/workdir/credentials.json
 DOCKER_ORG := gcr.io/cloud-foundation-cicd
-DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.10_216.0.0_1.19.1_0.1.10
+DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.11_235.0.0_1.19.1_0.1.10
 DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
 
 all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs ## Run all linters and update documentation

@@ -10,6 +10,13 @@ access, Service Accounts, and API enablement to follow best practices.
 To include G Suite integration for creating groups and adding Service Accounts into groups, use the
 [gsuite_enabled module][gsuite-enabled-module].
 
+## Version
+
+Current version is 2.0. Upgrade guides:
+
+- [0.X -> 1.0](./docs/upgrading_to_project_factory_v1.0.md)
+- [1.X -> 2.0](./docs/upgrading_to_project_factory_v2.0.md)
+
 ## Usage
 
 There are multiple examples included in the [examples](./examples/) folder but simple usage is as follows:
@@ -82,49 +89,48 @@ The roles granted are specifically:
 
 [^]: (autogen_docs_start)
 
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| activate\_apis | The list of apis to activate within the project | list | `<list>` | no |
-| app\_engine | A map for app engine configuration | map | `<map>` | no |
-| auto\_create\_network | Create the default network | string | `false` | no |
-| billing\_account | The ID of the billing account to associate this project with | string | - | yes |
-| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no |
-| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no |
-| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no |
+| activate_apis | The list of apis to activate within the project | list | `<list>` | no |
+| auto_create_network | Create the default network | string | `false` | no |
+| billing_account | The ID of the billing account to associate this project with | string | - | yes |
+| bucket_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no |
+| bucket_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no |
+| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
+| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no |
 | domain | The domain name (optional). | string | `` | no |
-| folder\_id | The ID of a folder to host this project | string | `` | no |
-| group\_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `` | no |
-| group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no |
+| folder_id | The ID of a folder to host this project | string | `` | no |
+| group_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `` | no |
+| group_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no |
 | labels | Map of labels for project | map | `<map>` | no |
 | lien | Add a lien on the project to prevent accidental deletion | string | `false` | no |
 | name | The name for the project | string | - | yes |
-| org\_id | The organization ID. | string | - | yes |
-| random\_project\_id | Enables project random id generation | string | `false` | no |
-| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no |
-| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `` | no |
-| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `<list>` | no |
-| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no |
-| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no |
+| org_id | The organization ID. | string | - | yes |
+| random_project_id | Enables project random id generation | string | `false` | no |
+| sa_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no |
+| shared_vpc | The ID of the host project which hosts the shared VPC | string | `` | no |
+| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `<list>` | no |
+| usage_bucket_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no |
+| usage_bucket_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| app\_engine\_enabled | Whether app engine is enabled |
 | domain | The organization's domain |
-| group\_email | The email of the GSuite group with group_name |
-| project\_bucket\_self\_link | Project's bucket selfLink |
-| project\_bucket\_url | Project's bucket url |
-| project\_id | - |
-| project\_number | - |
-| service\_account\_display\_name | The display name of the default service account |
-| service\_account\_email | The email of the default service account |
-| service\_account\_id | The id of the default service account |
-| service\_account\_name | The fully-qualified name of the default service account |
-| service\_account\_unique\_id | The unique id of the default service account |
+| group_email | The email of the GSuite group with group_name |
+| project_bucket_self_link | Project's bucket selfLink |
+| project_bucket_url | Project's bucket url |
+| project_id |  |
+| project_number |  |
+| service_account_display_name | The display name of the default service account |
+| service_account_email | The email of the default service account |
+| service_account_id | The id of the default service account |
+| service_account_name | The fully-qualified name of the default service account |
+| service_account_unique_id | The unique id of the default service account |
 
 [^]: (autogen_docs_end)
 
@@ -364,4 +370,4 @@ versions][release-new-version].
 [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta
 [terraform-provider-gsuite]: https://github.com/DeviaVir/terraform-provider-gsuite
 [glossary]: /docs/GLOSSARY.md
-[release-new-version]: https://www.terraform.io/docs/registry/modules/publish.html#releasing-new-versions
+[release-new-version]: https://www.terraform.io/docs/registry/modules/publish.html#releasing-new-versions
@@ -0,0 +1,63 @@
+# Upgrading to Project Factory v2.0 (from v1.X)
+
+The v2.0 release of Project Factory is a backwards incompatible release. It only affects users who utilize the `app_engine` argument.
+
+## Migration Instructions
+
+### App Engine
+
+These steps are only required if you are currently using the `app_engine` argument.
+
+#### App Engine Argument Changes
+
+The old version of project factory used a single field for configuring App Engine (`app_engine`):
+
+```hcl
+/// @file main.tf
+
+module "project-factory" {
+  ...
+  app_engine {
+    location_id = "${var.region}"
+    auth_domain = "${var.domain}"
+
+    feature_settings = [
+      {
+        split_health_checks = false
+      },
+    ]
+  }
+}
+```
+
+The new version of project factory uses a new module named `app_engine`. It accepts
+
+```hcl
+/// @file main.tf
+
+module "app-engine" {
+  source  = "terraform-google-modules/project-factory/google//modules/app_engine"
+  version = "~> 2.0"
+
+  project     = "${var.project_id}
+  location_id = "${var.region}"
+  auth_domain = "${var.domain}"
+
+  feature_settings = [
+    {
+      split_health_checks = true
+    },
+  ]
+}
+```
+
+#### App Engine State Import
+
+The new implementation uses the `google_app_engine_application` resource which needs to be imported into the current state (make sure to replace `$YOUR_PROJECT_ID`):
+
+```sh
+terraform import module.app-engine.google_app_engine_application.app $YOUR_PROJECT_ID
+```
+
+After importing, run `terraform` `plan` and `apply`.
+
@@ -14,20 +14,21 @@ Expected variables:
 
 [^]: (autogen_docs_start)
 
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| admin\_email | Admin user email on Gsuite | string | - | yes |
-| billing\_account | The ID of the billing account to associate this project with | string | - | yes |
-| organization\_id | The organization id for the associated services | string | - | yes |
+| admin_email | Admin user email on Gsuite | string | - | yes |
+| billing_account | The ID of the billing account to associate this project with | string | - | yes |
+| organization_id | The organization id for the associated services | string | - | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| app\_engine\_enabled\_example | Whether app engine is enabled |
-| domain\_example | The organization's domain |
-| project\_info\_example | The ID of the created project |
+| app_engine_enabled_example | Whether app engine is enabled |
+| domain_example | The organization's domain |
+| project_info_example | The ID of the created project |
 
 [^]: (autogen_docs_end)
@@ -25,14 +25,15 @@ More information about GKE with Shared VPC can be found here: https://cloud.goog
 
 [^]: (autogen_docs_start)
 
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| billing\_account | billing account | string | - | yes |
-| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
-| org\_id | organization id | string | - | yes |
-| shared\_vpc | The ID of the host project which hosts the shared VPC | string | - | yes |
-| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list | `<list>` | no |
+| billing_account | billing account | string | - | yes |
+| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
+| org_id | organization id | string | - | yes |
+| shared_vpc | The ID of the host project which hosts the shared VPC | string | - | yes |
+| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list | `<list>` | no |
 
 [^]: (autogen_docs_end)
@@ -16,23 +16,24 @@ Expected variables:
 
 [^]: (autogen_docs_start)
 
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| admin\_email | Admin user email on Gsuite. This should be a user account, not a service account. | string | - | yes |
-| api\_sa\_group | An existing GSuite group email to place the Google APIs Service Account for the project in | string | - | yes |
-| billing\_account | The ID of the billing account to associate this project with | string | - | yes |
-| credentials\_file\_path | Service account json auth path | string | - | yes |
-| organization\_id | The organization id for the associated services | string | - | yes |
-| project\_group\_name | The name of a GSuite group to create for controlling the project | string | - | yes |
+| admin_email | Admin user email on Gsuite. This should be a user account, not a service account. | string | - | yes |
+| api_sa_group | An existing GSuite group email to place the Google APIs Service Account for the project in | string | - | yes |
+| billing_account | The ID of the billing account to associate this project with | string | - | yes |
+| credentials_file_path | Service account json auth path | string | - | yes |
+| organization_id | The organization id for the associated services | string | - | yes |
+| project_group_name | The name of a GSuite group to create for controlling the project | string | - | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| domain\_example | The organization's domain |
-| group\_email\_example | The email of the created GSuite group |
-| project\_info\_example | The ID of the created project |
+| domain_example | The organization's domain |
+| group_email_example | The email of the created GSuite group |
+| project_info_example | The ID of the created project |
 
 [^]: (autogen_docs_end)
@@ -22,21 +22,22 @@ Expected variables:
 
 [^]: (autogen_docs_start)
 
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| admin\_email | Admin user email on Gsuite | string | - | yes |
-| billing\_account | The ID of the billing account to associate this project with | string | - | yes |
-| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
-| organization\_id | The organization id for the associated services | string | - | yes |
+| admin_email | Admin user email on Gsuite | string | - | yes |
+| billing_account | The ID of the billing account to associate this project with | string | - | yes |
+| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
+| organization_id | The organization id for the associated services | string | - | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| domain\_example | The organization's domain |
-| project\_info\_example | The ID of the created prod_gke project |
-| project\_info\_factory\_example | The ID of the created factory project |
+| domain_example | The organization's domain |
+| project_info_example | The ID of the created prod_gke project |
+| project_info_factory_example | The ID of the created factory project |
 
 [^]: (autogen_docs_end)
@@ -10,19 +10,20 @@ Expected variables:
 
 [^]: (autogen_docs_start)
 
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| billing\_account | The ID of the billing account to associate this project with | string | - | yes |
-| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
-| organization\_id | The organization id for the associated services | string | - | yes |
+| billing_account | The ID of the billing account to associate this project with | string | - | yes |
+| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
+| organization_id | The organization id for the associated services | string | - | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| domain\_example | The organization's domain |
-| project\_info\_example | The ID of the created project |
+| domain_example | The organization's domain |
+| project_info_example | The ID of the created project |
 
 [^]: (autogen_docs_end)
@@ -48,6 +48,5 @@ module "project-factory" {
   bucket_project              = "${var.bucket_project}"
   bucket_name                 = "${var.bucket_name}"
   auto_create_network         = "${var.auto_create_network}"
-  app_engine                  = "${var.app_engine}"
   disable_services_on_destroy = "${var.disable_services_on_destroy}"
 }
@@ -0,0 +1,23 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_app_engine_application" "app" {
+  project          = "${var.project_id}"
+  location_id      = "${var.location_id}"
+  auth_domain      = "${var.auth_domain}"
+  serving_status   = "${var.serving_status}"
+  feature_settings = "${var.feature_settings}"
+}