You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+8-6
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ To include G Suite integration for creating groups and adding Service Accounts i
12
12
13
13
## Compatibility
14
14
15
-
This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue.
15
+
This module is meant for use with Terraform 0.13+ and tested using Terraform 1.3+. If you find incompatibilities using Terraform >=0.13, please open an issue.
16
16
If you haven't
17
17
[upgraded][terraform-0.13-upgrade] and need a Terraform
18
18
0.12.x-compatible version of this module, the last released version
@@ -29,7 +29,7 @@ There are multiple examples included in the [examples](./examples/) folder but s
@@ -161,7 +161,8 @@ determining that location is as follows:
161
161
| tag\_binding\_values | Tag values to bind the project to. |`list(string)`|`[]`| no |
162
162
| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) |`string`|`""`| no |
163
163
| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) |`string`|`""`| no |
164
-
| vpc\_service\_control\_attach\_enabled | Whether the project will be attached to a VPC Service Control Perimeter |`bool`|`false`| no |
164
+
| vpc\_service\_control\_attach\_dry\_run | Whether the project will be attached to a VPC Service Control Perimeter in Dry Run Mode. vpc\_service\_control\_attach\_enabled should be false for this to be true |`bool`|`false`| no |
165
+
| vpc\_service\_control\_attach\_enabled | Whether the project will be attached to a VPC Service Control Perimeter in ENFORCED MODE. vpc\_service\_control\_attach\_dry\_run should be false for this to be true |`bool`|`false`| no |
165
166
| vpc\_service\_control\_perimeter\_name | The name of a VPC Service Control Perimeter to add the created project to |`string`|`null`| no |
166
167
| vpc\_service\_control\_sleep\_duration | The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter. VPC-SC is eventually consistent. |`string`|`"5s"`| no |
167
168
@@ -187,6 +188,7 @@ determining that location is as follows:
187
188
| service\_account\_name | The fully-qualified name of the default service account |
188
189
| service\_account\_unique\_id | The unique id of the default service account |
Copy file name to clipboardexpand all lines: modules/core_project_factory/variables.tf
+8-2
Original file line number
Diff line number
Diff line change
@@ -111,7 +111,7 @@ variable "activate_apis" {
111
111
variable"activate_api_identities" {
112
112
description=<<EOF
113
113
The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).
114
-
APIs in this list will automatically be appended to `activate_apis`.
114
+
APIs in this list will automatically be appended to `activate_apis`. Use for services supported by `gcloud beta services identity create`
115
115
Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).
116
116
Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles.
description="Whether the project will be attached to a VPC Service Control Perimeter"
233
+
description="Whether the project will be attached to a VPC Service Control Perimeter in ENFORCED MODE. vpc_service_control_attach_dry_run should be false for this to be true"
234
+
type=bool
235
+
default=false
236
+
}
237
+
238
+
variable"vpc_service_control_attach_dry_run" {
239
+
description="Whether the project will be attached to a VPC Service Control Perimeter in Dry Run Mode. vpc_service_control_attach_enabled should be false for this to be true"
description="Whether the project will be attached to a VPC Service Control Perimeter"
292
+
description="Whether the project will be attached to a VPC Service Control Perimeter in ENFORCED MODE. vpc_service_control_attach_dry_run should be false for this to be true"
293
+
type=bool
294
+
default=false
295
+
}
296
+
297
+
variable"vpc_service_control_attach_dry_run" {
298
+
description="Whether the project will be attached to a VPC Service Control Perimeter in Dry Run Mode. vpc_service_control_attach_enabled should be false for this to be true"
0 commit comments