Merge branch 'master' into feat_vpc_gcs_config

Author: apeabody

CHANGELOG.md

@@ -6,6 +6,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 Extending the adopted spec, each change should have a link to its corresponding pull request appended.
 
+## [16.0.1](https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v16.0.0...v16.0.1) (2024-08-28)
+
+
+### Bug Fixes
+
+* switch svpc access to explicit dep on service enablement ([#934](https://github.com/terraform-google-modules/terraform-google-project-factory/issues/934)) ([105be42](https://github.com/terraform-google-modules/terraform-google-project-factory/commit/105be421c9a57f2f29adcaa6fd74377d33652d3a))
+
+## [16.0.0](https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v15.0.1...v16.0.0) (2024-08-14)
+
+
+### ⚠ BREAKING CHANGES
+
+* **TPG>=5.33:** add support for setting cloud armor tier of the project ([#921](https://github.com/terraform-google-modules/terraform-google-project-factory/issues/921))
+
+### Features
+
+* **TPG>=5.33:** add support for setting cloud armor tier of the project ([#921](https://github.com/terraform-google-modules/terraform-google-project-factory/issues/921)) ([895b501](https://github.com/terraform-google-modules/terraform-google-project-factory/commit/895b501edb3f6b21e2ad6b8f9656a4994b501dd3))
+
+
+### Bug Fixes
+
+* ignore changes on firebase label ([#931](https://github.com/terraform-google-modules/terraform-google-project-factory/issues/931)) ([e424a35](https://github.com/terraform-google-modules/terraform-google-project-factory/commit/e424a3531381d71d1ba37300de3e94eca89209ae))
+
 ## [15.0.1](https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v15.0.0...v15.0.1) (2024-05-17)
 
 

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.21
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -137,6 +137,7 @@ determining that location is as follows:
 | create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
 | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
 | default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
+| deletion\_policy | The deletion policy for the project. | `string` | `"PREVENT"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
 | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
 | domain | The domain name (optional). | `string` | `""` | no |

build/int.cloudbuild.yaml

@@ -188,7 +188,7 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.21'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22'
 options:
   machineType: 'N1_HIGHCPU_8'
   env:

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.21'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22'

docs/upgrading_to_project_factory_v17.0.md

@@ -0,0 +1,20 @@
+# Upgrading to Project Factory v17.0
+
+The v17.0 release of Project Factory is a backwards incompatible release.
+
+### Google Cloud Provider Project deletion_policy
+
+The `deletion_policy` for projects now defaults to `"PREVENT"` rather than `"DELETE"`.  This aligns with the behavior in Google Cloud Platform Provider v6+.  To maintain the old behavior you can set `deletion_policy = "DELETE"`.
+
+```diff
+  module "project" {
+-   version          = "~> 16.0"
++   version          = "~> 17.0"
+
++   deletion_policy = "DELETE"
+}
+```
+
+### Google Cloud Platform Provider upgrade
+
+The Project Factory module now requires version `5.41` or higher of the Google Cloud Platform Provider and `5.41` or higher of the Google Cloud Platform Beta Provider.

examples/app_engine/main.tf

@@ -22,7 +22,7 @@ resource "random_string" "suffix" {
 
 module "app-engine-project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name              = "appeng-${random_string.suffix.result}"
   random_project_id = true
@@ -32,11 +32,13 @@ module "app-engine-project" {
   activate_apis = [
     "appengine.googleapis.com",
   ]
+
+  deletion_policy = "DELETE"
 }
 
 module "app-engine" {
   source  = "terraform-google-modules/project-factory/google//modules/app_engine"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   project_id  = module.app-engine-project.project_id
   location_id = "us-east4"

examples/budget_project/main.tf

@@ -22,7 +22,7 @@ resource "random_string" "suffix" {
 
 module "budget_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name                     = "budget-project-${random_string.suffix.result}"
   random_project_id        = true
@@ -38,6 +38,7 @@ module "budget_project" {
     "billingbudgets.googleapis.com"
   ]
 
+  deletion_policy = "DELETE"
 }
 
 
@@ -49,7 +50,7 @@ resource "google_pubsub_topic" "budget" {
 
 module "additional_budget" {
   source  = "terraform-google-modules/project-factory/google//modules/budget"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   billing_account        = var.billing_account
   projects               = [var.parent_project_id, module.budget_project.project_id]

examples/essential_contacts/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name              = "pf-ci-test-ec-${var.random_string_for_testing}"
   random_project_id = true
@@ -41,4 +41,6 @@ module "project-factory" {
 
   default_service_account     = "DISABLE"
   disable_services_on_destroy = false
+
+  deletion_policy = "DELETE"
 }

examples/fabric_project/main.tf

@@ -27,12 +27,14 @@ resource "random_string" "prefix" {
 
 module "fabric-project" {
   source  = "terraform-google-modules/project-factory/google//modules/fabric-project"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   activate_apis   = var.activate_apis
   billing_account = var.billing_account
   name            = var.name
   owners          = var.owners
   parent          = var.parent
   prefix          = local.prefix
+
+  deletion_policy = "DELETE"
 }

examples/gke_shared_vpc/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   random_project_id    = true
   name                 = "sample-gke-shared-project"
@@ -26,4 +26,6 @@ module "project-factory" {
   activate_apis        = ["compute.googleapis.com", "container.googleapis.com", "cloudbilling.googleapis.com"]
   shared_vpc_subnets   = var.shared_vpc_subnets
   default_network_tier = var.default_network_tier
+
+  deletion_policy = "DELETE"
 }

examples/group_project/main.tf

@@ -29,7 +29,7 @@ provider "gsuite" {
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   random_project_id = true
   name              = "group-sample-project"

examples/project-hierarchy/main.tf

@@ -33,7 +33,7 @@ resource "google_folder" "prod" {
 
 module "project-prod-gke" {
   source  = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   random_project_id = true
   name              = "hierarchy-sample-prod-gke"
@@ -44,7 +44,7 @@ module "project-prod-gke" {
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   random_project_id = true
   name              = "hierarchy-sample-factory"

examples/project_services/main.tf

@@ -19,7 +19,7 @@
  *****************************************/
 module "project-services" {
   source  = "terraform-google-modules/project-factory/google//modules/project_services"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   project_id                  = var.project_id
   enable_apis                 = var.enable

examples/quota_project/main.tf

@@ -26,7 +26,7 @@ resource "random_string" "suffix" {
 
 module "quota-project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name              = "pf-ci-test-quota-${random_string.suffix.result}"
   random_project_id = true
@@ -58,4 +58,6 @@ module "quota-project" {
       value      = "95"
     }
   ]
+
+  deletion_policy = "DELETE"
 }

examples/shared_vpc/main.tf

@@ -24,7 +24,7 @@ locals {
  *****************************************/
 module "host-project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   random_project_id              = true
   name                           = var.host_project_name
@@ -39,6 +39,7 @@ module "host-project" {
     "cloudresourcemanager.googleapis.com"
   ]
 
+  deletion_policy = "DELETE"
 }
 
 /******************************************
@@ -93,7 +94,7 @@ module "vpc" {
  *****************************************/
 module "service-project" {
   source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name              = var.service_project_name
   random_project_id = false
@@ -113,14 +114,15 @@ module "service-project" {
   ]
 
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 }
 
 /******************************************
   Second Service Project Creation
  *****************************************/
 module "service-project-b" {
   source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name              = "b-${var.service_project_name}"
   random_project_id = false
@@ -146,6 +148,7 @@ module "service-project-b" {
   }]
 
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 }
 
 /******************************************
@@ -154,7 +157,7 @@ module "service-project-b" {
  *****************************************/
 module "service-project-c" {
   source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name              = "c-${var.service_project_name}"
   random_project_id = false
@@ -184,6 +187,7 @@ module "service-project-c" {
 
   disable_services_on_destroy = false
   grant_network_role          = false
+  deletion_policy             = "DELETE"
 }
 
 /******************************************

examples/simple_project/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   random_project_id       = true
   name                    = "simple-sample-project"
@@ -31,4 +31,6 @@ module "project-factory" {
       "roles/bigquery.jobUser",
     ]
   }]
+
+  deletion_policy = "DELETE"
 }

examples/tags_project/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   random_project_id       = true
   name                    = "simple-tag-project"
@@ -25,4 +25,6 @@ module "project-factory" {
   billing_account         = var.billing_account
   default_service_account = "deprivilege"
   tag_binding_values      = [var.tag_value]
+
+  deletion_policy = "DELETE"
 }

main.tf

@@ -72,6 +72,7 @@ module "project-factory" {
   default_network_tier               = var.default_network_tier
   tag_binding_values                 = var.tag_binding_values
   cloud_armor_tier                   = var.cloud_armor_tier
+  deletion_policy                    = var.deletion_policy
 }
 
 /******************************************
@@ -82,12 +83,15 @@ module "shared_vpc_access" {
   enable_shared_vpc_service_project  = var.svpc_host_project_id != "" ? true : false
   host_project_id                    = var.svpc_host_project_id
   service_project_id                 = module.project-factory.project_id
-  active_apis                        = module.project-factory.enabled_apis
+  active_apis                        = var.activate_apis
   shared_vpc_subnets                 = var.shared_vpc_subnets
   service_project_number             = module.project-factory.project_number
   lookup_project_numbers             = false
   grant_services_security_admin_role = var.grant_services_security_admin_role
   grant_network_role                 = var.grant_network_role
+  # Workaround for import complaining about count cannot determine resource instances
+  # until apply. https://github.com/hashicorp/terraform/issues/24690
+  depends_on = [module.project-factory.enabled_apis]
 }
 
 /******************************************

metadata.yaml

@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
     sourceType: git
-  version: 15.0.1
+  version: 16.0.1
   actuationTool:
     type: Terraform
     version: '>=0.13.0'

modules/app_engine/versions.tf

@@ -20,7 +20,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.43, < 6"
+      version = ">= 3.43, < 7"
     }
   }
 }

modules/budget/metadata.yaml

@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
     sourceType: git
-  version: 15.0.1
+  version: 16.0.1
   actuationTool:
     type: Terraform
     version: '>= 0.13'