added check

imrannayer · imrannayer · commit ca8be95f656d · 2024-03-27T15:30:13.000Z
diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
@@ -109,7 +109,7 @@ module "project_services" {
   Shared VPC configuration
  *****************************************/
 resource "time_sleep" "wait_5_seconds" { #TODO rename resource in the next breaking change.
-  count           = var.vpc_service_control_attach_enabled ? 1 : 0
+  count           = var.vpc_service_control_attach_enabled || var.vpc_service_control_attach_dry_run ? 1 : 0
   depends_on      = [google_access_context_manager_service_perimeter_resource.service_perimeter_attachment[0], google_project_service.enable_access_context_manager[0]]
   create_duration = var.vpc_service_control_sleep_duration
 }
@@ -368,7 +368,7 @@ resource "google_access_context_manager_service_perimeter_dry_run_resource" "ser
   Enable Access Context Manager API
  *****************************************/
 resource "google_project_service" "enable_access_context_manager" {
-  count   = var.vpc_service_control_attach_enabled || var.vpc_service_control_attach_enabled ? 1 : 0
+  count   = var.vpc_service_control_attach_enabled || var.vpc_service_control_attach_dry_run ? 1 : 0
   project = google_project.main.number
   service = "accesscontextmanager.googleapis.com"
 }
diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
@@ -111,7 +111,7 @@ variable "activate_apis" {
 variable "activate_api_identities" {
   description = <<EOF
     The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).
-    APIs in this list will automatically be appended to `activate_apis`.
+    APIs in this list will automatically be appended to `activate_apis`. Use for services supported by `gcloud beta services identity create`
     Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).
     Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles.
   EOF
