diff --git a/Makefile b/Makefile index af78edc5..a5b0feba 100644 --- a/Makefile +++ b/Makefile @@ -89,6 +89,17 @@ docker_generate_docs: $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' +# Generate files from autogen +.PHONY: docker_generate +docker_generate: + docker run --rm -it \ + -v "$(CURDIR)":/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate' + # Alias for backwards compatibility .PHONY: generate_docs generate_docs: docker_generate_docs + +.PHONY: generate +generate: docker_generate diff --git a/README.md b/README.md index 7261abfc..372bd78f 100644 --- a/README.md +++ b/README.md @@ -151,14 +151,13 @@ determining that location is as follows: | Name | Description | |------|-------------| -| budget\_name | The name of the budget if created | | domain | The organization's domain | | group\_email | The email of the G Suite group with group_name | | project\_bucket\_self\_link | Project's bucket selfLink | | project\_bucket\_url | Project's bucket url | -| project\_id | | -| project\_name | | -| project\_number | | +| project\_id | If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true. | +| project\_name | The name for the project | +| project\_number | The number for the project | | service\_account\_display\_name | The display name of the default service account | | service\_account\_email | The email of the default service account | | service\_account\_id | The id of the default service account | diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl new file mode 100755 index 00000000..61c621f0 --- /dev/null +++ b/autogen/main.tf.tmpl @@ -0,0 +1,160 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +{{ autogeneration_note }} + +{% if gsuite_enabled %} +locals { + group_name = var.group_name != "" ? var.group_name : format("%s-editors", var.name) +} + +/*********************************************** + Make service account member of sa_group group + ***********************************************/ +resource "gsuite_group_member" "service_account_sa_group_member" { + count = var.sa_group != "" ? 1 : 0 + + group = var.sa_group + email = module.project-factory.service_account_email + role = "MEMBER" +} + +/***************************************** + G Suite group information retrieval + *****************************************/ +{% else %} +/***************************************** + Organization info retrieval + *****************************************/ +{% endif %} +module "gsuite_group" { + {% if root_module %} + source = "./modules/gsuite_group" + {% else %} + source = "../gsuite_group" + {% endif %} + + domain = var.domain + {% if gsuite_enabled %} + name = local.group_name + {% else %} + name = var.group_name + {% endif %} + org_id = var.org_id +} + +{% if gsuite_enabled %} +/****************************************** + Gsuite Group Configuration + *****************************************/ +resource "gsuite_group" "group" { + count = var.create_group ? 1 : 0 + + description = "${var.name} project group" + email = module.gsuite_group.email + name = local.group_name +} + +/*********************************************** + Make APIs service account member of api_sa_group + ***********************************************/ +resource "gsuite_group_member" "api_s_account_api_sa_group_member" { + count = var.api_sa_group != "" ? 1 : 0 + + group = var.api_sa_group + email = module.project-factory.api_s_account + role = "MEMBER" +} + +{% endif %} +module "project-factory" { + {% if root_module %} + source = "./modules/core_project_factory" + {% else %} + source = "../core_project_factory" + {% endif %} + + {% if gsuite_enabled %} + group_email = element( + compact( + concat(gsuite_group.group.*.email, [module.gsuite_group.email]), + ), + 0, + ) + {% else %} + group_email = module.gsuite_group.email + {% endif %} + group_role = var.group_role + lien = var.lien + {% if gsuite_enabled %} + manage_group = var.group_name != "" || var.create_group + {% else %} + manage_group = var.group_name != "" ? "true" : "false" + {% endif %} + random_project_id = var.random_project_id + org_id = var.org_id + name = var.name + project_id = var.project_id + shared_vpc = var.shared_vpc + {% if svpc_module %} + shared_vpc_enabled = true + {% elif gsuite_enabled %} + shared_vpc_enabled = var.shared_vpc_enabled + {% elif root_module %} + shared_vpc_enabled = var.shared_vpc != "" + {% endif %} + billing_account = var.billing_account + folder_id = var.folder_id + sa_role = var.sa_role + activate_apis = var.activate_apis + usage_bucket_name = var.usage_bucket_name + usage_bucket_prefix = var.usage_bucket_prefix + credentials_path = var.credentials_path + {% if root_module or gsuite_enabled %} + impersonate_service_account = var.impersonate_service_account + {% endif %} + shared_vpc_subnets = var.shared_vpc_subnets + labels = var.labels + bucket_project = var.bucket_project + bucket_name = var.bucket_name + bucket_location = var.bucket_location + auto_create_network = var.auto_create_network + disable_services_on_destroy = var.disable_services_on_destroy + default_service_account = var.default_service_account + disable_dependent_services = var.disable_dependent_services + python_interpreter_path = var.python_interpreter_path + {% if root_module %} + pip_executable_path = var.pip_executable_path + {% endif %} +} + +/****************************************** + Billing budget to create if amount is set + *****************************************/ +module "budget" { + {% if root_module %} + source = "./modules/budget" + {% else %} + source = "../budget" + {% endif %} + create_budget = var.budget_amount != null + + projects = [module.project-factory.project_id] + billing_account = var.billing_account + amount = var.budget_amount + alert_spent_percents = var.budget_alert_spent_percents + alert_pubsub_topic = var.budget_alert_pubsub_topic +} diff --git a/autogen/outputs.tf.tmpl b/autogen/outputs.tf.tmpl new file mode 100755 index 00000000..e56568b8 --- /dev/null +++ b/autogen/outputs.tf.tmpl @@ -0,0 +1,89 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +{{ autogeneration_note }} + +output "project_name" { + description = "The name for the project" + value = module.project-factory.project_name +} + +output "project_id" { + description = "If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true." + value = module.project-factory.project_id +} + +output "project_number" { + description = "The number for the project" + value = module.project-factory.project_number +} + +output "domain" { + value = module.gsuite_group.domain + description = "The organization's domain" +} + +output "group_email" { + value = module.gsuite_group.email + {% if gsuite_enabled %} + description = "The email of the created G Suite group with group_name" + {% else %} + description = "The email of the G Suite group with group_name" + {% endif %} +} +{% if gsuite_enabled %} + +output "group_name" { + value = module.gsuite_group.name + description = "The group_name of the G Suite group" +} +{% endif %} + +output "service_account_id" { + value = module.project-factory.service_account_id + description = "The id of the default service account" +} + +output "service_account_display_name" { + value = module.project-factory.service_account_display_name + description = "The display name of the default service account" +} + +output "service_account_email" { + value = module.project-factory.service_account_email + description = "The email of the default service account" +} + +output "service_account_name" { + value = module.project-factory.service_account_name + description = "The fully-qualified name of the default service account" +} + +output "service_account_unique_id" { + value = module.project-factory.service_account_unique_id + description = "The unique id of the default service account" +} + +output "project_bucket_self_link" { + value = module.project-factory.project_bucket_self_link + description = "Project's bucket selfLink" +} + +output "project_bucket_url" { + value = module.project-factory.project_bucket_url + description = "Project's bucket url" +} + diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl new file mode 100755 index 00000000..20f7aa0c --- /dev/null +++ b/autogen/variables.tf.tmpl @@ -0,0 +1,261 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + {{ autogeneration_note }} + +variable "random_project_id" { + description = "Adds a suffix of 4 random characters to the `project_id`" + {% if gsuite_enabled %} + default = "false" + type = string + {% else %} + type = bool + default = false + {% endif %} +} + +variable "org_id" { + description = "The organization ID." + type = string +} + +variable "domain" { + description = "The domain name (optional)." + type = string + default = "" +} + +variable "name" { + description = "The name for the project" + type = string +} + +variable "project_id" { + description = "The ID to give the project. If not provided, the `name` will be used." + type = string + default = "" +} + +variable "shared_vpc" { + description = "The ID of the host project which hosts the shared VPC" + type = string + default = "" +} + +variable "billing_account" { + description = "The ID of the billing account to associate this project with" + type = string +} + +variable "folder_id" { + description = "The ID of a folder to host this project" + type = string + default = "" +} + +variable "group_name" { + description = "A group to control the project by being assigned group_role (defaults to project editor)" + type = string + default = "" +} + +variable "group_role" { + description = "The role to give the controlling group (group_name) over the project (defaults to project editor)" + type = string + default = "roles/editor" +} + +variable "sa_role" { + description = "A role to give the default Service Account for the project (defaults to none)" + type = string + default = "" +} + +variable "activate_apis" { + description = "The list of apis to activate within the project" + type = list(string) + default = ["compute.googleapis.com"] +} + +variable "usage_bucket_name" { + description = "Name of a GCS bucket to store GCE usage reports in (optional)" + type = string + default = "" +} + +variable "usage_bucket_prefix" { + description = "Prefix in the GCS bucket to store GCE usage reports in (optional)" + type = string + default = "" +} + +variable "credentials_path" { + description = "Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials." + type = string + default = "" +} + +{% if root_module or gsuite_enabled %} +variable "impersonate_service_account" { + description = "An optional service account to impersonate. This cannot be used with credentials_path. If this service account is not specified and credentials_path is absent, the module will use Application Default Credentials." + type = string + default = "" +} + +{% endif %} +variable "shared_vpc_subnets" { + description = "List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id)" + type = list(string) + default = [""] +} + +variable "labels" { + description = "Map of labels for project" + type = map(string) + default = {} +} + +variable "bucket_project" { + description = "A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional)" + type = string + default = "" +} + +variable "bucket_name" { + description = "A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional)" + type = string + default = "" +} + +variable "bucket_location" { + description = "The location for a GCS bucket to create (optional)" + type = string + {% if gsuite_enabled %} + default = "" + {% else %} + default = "US" + {% endif %} +} + +variable "auto_create_network" { + description = "Create the default network" + {% if gsuite_enabled %} + type = string + default = "false" + {% else %} + type = bool + default = false + {% endif %} +} + +variable "lien" { + description = "Add a lien on the project to prevent accidental deletion" + {% if gsuite_enabled %} + default = "false" + type = string + {% else %} + type = bool + default = false + {% endif %} +} + +variable "disable_services_on_destroy" { + description = "Whether project services will be disabled when the resources are destroyed" + {% if svpc_module %} + default = true + type = bool + {% else %} + default = "true" + type = string + {% endif %} +} + +variable "default_service_account" { + description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`." + default = "disable" + type = string +} + +variable "disable_dependent_services" { + description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed." + {% if gsuite_enabled %} + default = "true" + type = string + {% else %} + default = true + type = bool + {% endif %} +} + +{% if svpc_module or gsuite_enabled %} +variable "shared_vpc_enabled" { + description = "If shared VPC should be used" + type = bool + default = false +} + +{% endif %} +variable "python_interpreter_path" { + description = "Python interpreter path for precondition check script." + type = string + default = "python3" +} +{% if root_module %} + +variable "pip_executable_path" { + description = "Pip executable path for precondition requirements.txt install." + type = string + default = "pip3" +} +{% endif %} +{% if gsuite_enabled %} + +variable "create_group" { + type = bool + description = "Whether to create the group or not" + default = false +} + +variable "sa_group" { + type = string + description = "A G Suite group to place the default Service Account for the project in" + default = "" +} + +variable "api_sa_group" { + type = string + description = "A G Suite group to place the Google APIs Service Account for the project in" + default = "" +} +{% endif %} + +variable "budget_amount" { + description = "The amount to use for a budget alert" + type = number + default = null +} + +variable "budget_alert_pubsub_topic" { + description = "The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`" + type = string + default = null +} + +variable "budget_alert_spent_percents" { + description = "A list of percentages of the budget to alert on when threshold is exceeded" + type = list(number) + default = [0.5, 0.7, 1.0] +} diff --git a/autogen/versions.tf.tmpl b/autogen/versions.tf.tmpl new file mode 100644 index 00000000..07e78534 --- /dev/null +++ b/autogen/versions.tf.tmpl @@ -0,0 +1,27 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + {{ autogeneration_note }} + +terraform { + required_version = "~> 0.12.6" + {% if gsuite_enabled %} + + required_providers { + gsuite = "~> 0.1" + } + {% endif %} +} diff --git a/helpers/generate_modules/generate_modules.py b/helpers/generate_modules/generate_modules.py new file mode 100755 index 00000000..c014e718 --- /dev/null +++ b/helpers/generate_modules/generate_modules.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python3 + +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +import subprocess +import sys + +from jinja2 import Environment, FileSystemLoader + +TEMPLATE_FOLDER = "./autogen" +BASE_TEMPLATE_OPTIONS = { + 'autogeneration_note': '// This file was automatically generated ' + + 'from a template in {folder}'.format( + folder=TEMPLATE_FOLDER + ), +} + + +class Module(object): + path = None + options = {} + + def __init__(self, path, template_options): + self.path = path + self.options = template_options + + def template_options(self, base): + return {k: v for d in [base, self.options] for k, v in d.items()} + + +MODULES = [ + Module("./", { + 'root_module': True + }), + + Module("./modules/shared_vpc", { + 'svpc_module': True, + }), + Module("./modules/gsuite_enabled", { + 'gsuite_enabled': True, + }) +] +DEVNULL_FILE = open(os.devnull, 'w') + + +def main(argv): + env = Environment( + keep_trailing_newline=True, + loader=FileSystemLoader(TEMPLATE_FOLDER), + trim_blocks=True, + lstrip_blocks=True, + ) + templates = env.list_templates() + for module in MODULES: + for template_file in templates: + template = env.get_template(template_file) + if template_file.endswith(".tf.tmpl"): + template_file = template_file.replace(".tf.tmpl", ".tf") + rendered = template.render( + module.template_options(BASE_TEMPLATE_OPTIONS) + ) + with open(os.path.join(module.path, template_file), "w") as f: + f.write(rendered) + if template_file.endswith(".sh"): + os.chmod(os.path.join(module.path, template_file), 0o755) + # Call terraform fmt for module folder + print ("terraform fmt %s" % module.path) + subprocess.call( + [ + "terraform", + "fmt", + "-write=true", + module.path + ], + stdout=DEVNULL_FILE, + stderr=subprocess.STDOUT + ) + + DEVNULL_FILE.close() + + +if __name__ == "__main__": + main(sys.argv) diff --git a/helpers/generate_modules/requirements.txt b/helpers/generate_modules/requirements.txt new file mode 100644 index 00000000..8ce973e9 --- /dev/null +++ b/helpers/generate_modules/requirements.txt @@ -0,0 +1 @@ +Jinja2 diff --git a/main.tf b/main.tf index 4563b1ea..e69b30f4 100644 --- a/main.tf +++ b/main.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + /***************************************** Organization info retrieval *****************************************/ diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md index 32adccdb..a4096ad0 100644 --- a/modules/gsuite_enabled/README.md +++ b/modules/gsuite_enabled/README.md @@ -75,9 +75,9 @@ The roles granted are specifically: | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no | | domain | The domain name (optional). | string | `""` | no | | folder\_id | The ID of a folder to host this project | string | `""` | no | -| group\_name | A group to control the project by being assigned group_role - defaults to $${project_name}-editors | string | `""` | no | +| group\_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `""` | no | | group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `"roles/editor"` | no | -| impersonate\_service\_account | An optional service account to impersonate. If this service account is not specified, Terraform will fall back to credential file or Application Default Credentials. | string | `""` | no | +| impersonate\_service\_account | An optional service account to impersonate. This cannot be used with credentials_path. If this service account is not specified and credentials_path is absent, the module will use Application Default Credentials. | string | `""` | no | | labels | Map of labels for project | map(string) | `` | no | | lien | Add a lien on the project to prevent accidental deletion | string | `"false"` | no | | name | The name for the project | string | n/a | yes | @@ -102,9 +102,9 @@ The roles granted are specifically: | group\_name | The group_name of the G Suite group | | project\_bucket\_self\_link | Project's bucket selfLink | | project\_bucket\_url | Project's bucket url | -| project\_id | | -| project\_name | | -| project\_number | | +| project\_id | If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true. | +| project\_name | The name for the project | +| project\_number | The number for the project | | service\_account\_display\_name | The display name of the default service account | | service\_account\_email | The email of the default service account | | service\_account\_id | The id of the default service account | diff --git a/modules/gsuite_enabled/main.tf b/modules/gsuite_enabled/main.tf index 5e1f2b7b..81a7dd14 100644 --- a/modules/gsuite_enabled/main.tf +++ b/modules/gsuite_enabled/main.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + locals { group_name = var.group_name != "" ? var.group_name : format("%s-editors", var.name) } @@ -63,7 +65,7 @@ resource "gsuite_group_member" "api_s_account_api_sa_group_member" { } module "project-factory" { - source = "../core_project_factory/" + source = "../core_project_factory" group_email = element( compact( diff --git a/modules/gsuite_enabled/outputs.tf b/modules/gsuite_enabled/outputs.tf index cde3e3f7..aed22c8f 100644 --- a/modules/gsuite_enabled/outputs.tf +++ b/modules/gsuite_enabled/outputs.tf @@ -14,16 +14,21 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + output "project_name" { - value = module.project-factory.project_name + description = "The name for the project" + value = module.project-factory.project_name } output "project_id" { - value = module.project-factory.project_id + description = "If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true." + value = module.project-factory.project_id } output "project_number" { - value = module.project-factory.project_number + description = "The number for the project" + value = module.project-factory.project_number } output "domain" { diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf index 274fef17..c327f0bc 100644 --- a/modules/gsuite_enabled/variables.tf +++ b/modules/gsuite_enabled/variables.tf @@ -14,72 +14,68 @@ * limitations under the License. */ -variable "lien" { - description = "Add a lien on the project to prevent accidental deletion" - default = "false" - type = string -} +// This file was automatically generated from a template in ./autogen variable "random_project_id" { description = "Adds a suffix of 4 random characters to the `project_id`" default = "false" + type = string } variable "org_id" { description = "The organization ID." + type = string } variable "domain" { description = "The domain name (optional)." + type = string default = "" } variable "name" { description = "The name for the project" + type = string } variable "project_id" { description = "The ID to give the project. If not provided, the `name` will be used." + type = string default = "" } variable "shared_vpc" { description = "The ID of the host project which hosts the shared VPC" + type = string default = "" } variable "billing_account" { description = "The ID of the billing account to associate this project with" + type = string } variable "folder_id" { description = "The ID of a folder to host this project" + type = string default = "" } variable "group_name" { - description = "A group to control the project by being assigned group_role - defaults to $${project_name}-editors" + description = "A group to control the project by being assigned group_role (defaults to project editor)" + type = string default = "" } -variable "create_group" { - type = bool - description = "Whether to create the group or not" - default = false -} - variable "group_role" { description = "The role to give the controlling group (group_name) over the project (defaults to project editor)" + type = string default = "roles/editor" } -variable "sa_group" { - description = "A G Suite group to place the default Service Account for the project in" - default = "" -} - variable "sa_role" { description = "A role to give the default Service Account for the project (defaults to none)" + type = string default = "" } @@ -91,21 +87,24 @@ variable "activate_apis" { variable "usage_bucket_name" { description = "Name of a GCS bucket to store GCE usage reports in (optional)" + type = string default = "" } variable "usage_bucket_prefix" { description = "Prefix in the GCS bucket to store GCE usage reports in (optional)" + type = string default = "" } variable "credentials_path" { description = "Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials." + type = string default = "" } variable "impersonate_service_account" { - description = "An optional service account to impersonate. If this service account is not specified, Terraform will fall back to credential file or Application Default Credentials." + description = "An optional service account to impersonate. This cannot be used with credentials_path. If this service account is not specified and credentials_path is absent, the module will use Application Default Credentials." type = string default = "" } @@ -124,27 +123,32 @@ variable "labels" { variable "bucket_project" { description = "A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional)" + type = string default = "" } variable "bucket_name" { description = "A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional)" + type = string default = "" } variable "bucket_location" { description = "The location for a GCS bucket to create (optional)" - default = "" -} - -variable "api_sa_group" { - description = "A G Suite group to place the Google APIs Service Account for the project in" + type = string default = "" } variable "auto_create_network" { description = "Create the default network" + type = string + default = "false" +} + +variable "lien" { + description = "Add a lien on the project to prevent accidental deletion" default = "false" + type = string } variable "disable_services_on_destroy" { @@ -177,6 +181,24 @@ variable "python_interpreter_path" { default = "python3" } +variable "create_group" { + type = bool + description = "Whether to create the group or not" + default = false +} + +variable "sa_group" { + type = string + description = "A G Suite group to place the default Service Account for the project in" + default = "" +} + +variable "api_sa_group" { + type = string + description = "A G Suite group to place the Google APIs Service Account for the project in" + default = "" +} + variable "budget_amount" { description = "The amount to use for a budget alert" type = number diff --git a/modules/gsuite_enabled/versions.tf b/modules/gsuite_enabled/versions.tf index e9f21a7f..8172a246 100644 --- a/modules/gsuite_enabled/versions.tf +++ b/modules/gsuite_enabled/versions.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + terraform { required_version = "~> 0.12.6" diff --git a/modules/shared_vpc/main.tf b/modules/shared_vpc/main.tf index b343f06e..6ad2ce1c 100755 --- a/modules/shared_vpc/main.tf +++ b/modules/shared_vpc/main.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + /***************************************** Organization info retrieval *****************************************/ diff --git a/modules/shared_vpc/outputs.tf b/modules/shared_vpc/outputs.tf index c18b92bd..67ba00b6 100755 --- a/modules/shared_vpc/outputs.tf +++ b/modules/shared_vpc/outputs.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + output "project_name" { description = "The name for the project" value = module.project-factory.project_name diff --git a/modules/shared_vpc/variables.tf b/modules/shared_vpc/variables.tf index 8a91170a..f47dabb6 100755 --- a/modules/shared_vpc/variables.tf +++ b/modules/shared_vpc/variables.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + variable "random_project_id" { description = "Adds a suffix of 4 random characters to the `project_id`" type = bool @@ -73,6 +75,7 @@ variable "group_role" { variable "sa_role" { description = "A role to give the default Service Account for the project (defaults to none)" + type = string default = "" } @@ -96,6 +99,7 @@ variable "usage_bucket_prefix" { variable "credentials_path" { description = "Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials." + type = string default = "" } diff --git a/modules/shared_vpc/versions.tf b/modules/shared_vpc/versions.tf index 1a9363a3..07650ff4 100644 --- a/modules/shared_vpc/versions.tf +++ b/modules/shared_vpc/versions.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + terraform { required_version = "~> 0.12.6" } diff --git a/outputs.tf b/outputs.tf index bbdc5b5e..67ba00b6 100644 --- a/outputs.tf +++ b/outputs.tf @@ -14,16 +14,21 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + output "project_name" { - value = module.project-factory.project_name + description = "The name for the project" + value = module.project-factory.project_name } output "project_id" { - value = module.project-factory.project_id + description = "If provided, the project uses the given project ID. Mutually exclusive with random_project_id being true." + value = module.project-factory.project_id } output "project_number" { - value = module.project-factory.project_number + description = "The number for the project" + value = module.project-factory.project_number } output "domain" { @@ -71,7 +76,3 @@ output "project_bucket_url" { description = "Project's bucket url" } -output "budget_name" { - value = module.budget.name - description = "The name of the budget if created" -} diff --git a/test/task_helper_functions.sh b/test/task_helper_functions.sh new file mode 100755 index 00000000..25cb0e51 --- /dev/null +++ b/test/task_helper_functions.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +function generate() { + pip3 install --user -r /workspace/helpers/generate_modules/requirements.txt + /workspace/helpers/generate_modules/generate_modules.py +} + diff --git a/variables.tf b/variables.tf index 52709f90..899cc748 100644 --- a/variables.tf +++ b/variables.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + variable "random_project_id" { description = "Adds a suffix of 4 random characters to the `project_id`" type = bool diff --git a/versions.tf b/versions.tf index 1a9363a3..07650ff4 100644 --- a/versions.tf +++ b/versions.tf @@ -14,6 +14,8 @@ * limitations under the License. */ +// This file was automatically generated from a template in ./autogen + terraform { required_version = "~> 0.12.6" }