Skip to content

Commit f83c0d1

Browse files
committed
add support for setting project cloud armor tier
1 parent 6e5e388 commit f83c0d1

11 files changed

+176
-4
lines changed

README.md

+4-2
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,7 @@ determining that location is as follows:
132132
| budget\_display\_name | The display name of the budget. If not set defaults to `Budget For <projects[0]|All Projects>` | `string` | `null` | no |
133133
| budget\_labels | A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget. | `map(string)` | `{}` | no |
134134
| budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | `list(string)` | `[]` | no |
135+
| cloud\_armor\_tier | Managed protection tier to be set. Possible values are: CA\_STANDARD, CA\_ENTERPRISE\_PAYGO. If not set, then project will be set to default Standard protection | `string` | `null` | no |
135136
| consumer\_quotas | The quotas configuration you want to override for the project. | <pre>list(object({<br> service = string,<br> metric = string,<br> dimensions = map(string),<br> limit = string,<br> value = string,<br> }))</pre> | `[]` | no |
136137
| create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
137138
| default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
@@ -173,6 +174,7 @@ determining that location is as follows:
173174
| api\_s\_account | API service account email |
174175
| api\_s\_account\_fmt | API service account email formatted for terraform use |
175176
| budget\_name | The name of the budget if created |
177+
| cloud\_armor\_tier | Managed protection tier to be set. If not set, then project will be set to default Standard protection |
176178
| domain | The organization's domain |
177179
| enabled\_api\_identities | Enabled API identities in the project |
178180
| enabled\_apis | Enabled APIs in the project |
@@ -199,8 +201,8 @@ determining that location is as follows:
199201
- [gcloud sdk](https://cloud.google.com/sdk/install) >= 269.0.0
200202
- [jq](https://stedolan.github.io/jq/) >= 1.6
201203
- [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
202-
- [terraform-provider-google] plugin >= 5.22
203-
- [terraform-provider-google-beta] plugin >= 5.22
204+
- [terraform-provider-google] plugin >= 5.33
205+
- [terraform-provider-google-beta] plugin >= 5.33
204206
- [terraform-provider-gsuite] plugin ~> 0.1.x if GSuite functionality is desired
205207

206208
### Permissions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# Upgrading to Project Factory v16.0
2+
3+
The v16.0 release of Project Factory is a backwards incompatible release.
4+
5+
### Google Cloud Platform Provider upgrade
6+
7+
The Project Factory module now requires version `5.33` or higher of the Google Cloud Platform Provider and `5.33` or higher of the Google Cloud Platform Beta Provider.

main.tf

+10
Original file line numberDiff line numberDiff line change
@@ -129,3 +129,13 @@ module "essential_contacts" {
129129
essential_contacts = var.essential_contacts
130130
language_tag = var.language_tag
131131
}
132+
133+
/******************************************
134+
Cloud Armor tier of the project
135+
*****************************************/
136+
module "cloud_armor_tier" {
137+
source = "./modules/cloud_armor_tier"
138+
139+
project_id = module.project-factory.project_id
140+
cloud_armor_tier = var.cloud_armor_tier
141+
}

modules/cloud_armor_tier/README.md

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
# Cloud Armor Tier
2+
3+
This module uses the [`google_compute_project_cloud_armor_tier`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_project_cloud_armor_tier)
4+
resource to set the Cloud Armor tier of the project.
5+
6+
## Prerequisites
7+
8+
1. Service account used to run Terraform has permission to To enroll a project into the Cloud Armor Enterprise subscription
9+
[`resourcemanager.projects.createBillingAssignment` and `resourcemanager.projects.update`](https://cloud.google.com/armor/docs/armor-enterprise-using#required_permissions).
10+
2. The target project has the compute engine API enabled `compute.googleapis.com `
11+
12+
## Example Usage
13+
```
14+
module "cloud_armor_tier" {
15+
source = "terraform-google-modules/project-factory/google//module/cloud_armor_tier"
16+
version = "16.0"
17+
18+
project_id = module.project-factory.project_id
19+
cloud_armor_tier = var.cloud_armor_tier
20+
}
21+
```
22+
23+
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
24+
## Inputs
25+
26+
| Name | Description | Type | Default | Required |
27+
|------|-------------|------|---------|:--------:|
28+
| cloud\_armor\_tier | Managed protection tier to be set. Possible values are: CA\_STANDARD, CA\_ENTERPRISE\_PAYGO | `string` | n/a | yes |
29+
| project\_id | The GCP project you want to send Essential Contacts notifications for | `string` | n/a | yes |
30+
31+
## Outputs
32+
33+
| Name | Description |
34+
|------|-------------|
35+
| cloud\_armor\_tier | Cloud Armor tier for the project |
36+
| project\_id | The GCP project you want to enable APIs on |
37+
38+
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/cloud_armor_tier/main.tf

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
/**
2+
* Copyright 2022 Google LLC
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
/******************************************
18+
Cloud Armor tier of the project
19+
*****************************************/
20+
21+
resource "google_compute_project_cloud_armor_tier" "cloud_armor_tier_config" {
22+
count = var.cloud_armor_tier == null ? 0 : 1
23+
24+
project = var.project_id
25+
cloud_armor_tier = var.cloud_armor_tier
26+
}

modules/cloud_armor_tier/outputs.tf

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
/**
2+
* Copyright 2022 Google LLC
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
output "cloud_armor_tier" {
18+
description = "Cloud Armor tier for the project"
19+
value = var.cloud_armor_tier
20+
}
21+
22+
output "project_id" {
23+
description = "The GCP project you want to enable APIs on"
24+
value = var.project_id
25+
}

modules/cloud_armor_tier/variables.tf

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
/**
2+
* Copyright 2022 Google LLC
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
variable "project_id" {
18+
description = "The GCP project you want to send Essential Contacts notifications for"
19+
type = string
20+
}
21+
22+
variable "cloud_armor_tier" {
23+
description = "Managed protection tier to be set. Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO"
24+
type = string
25+
}

modules/cloud_armor_tier/versions.tf

+28
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
/**
2+
* Copyright 2022 Google LLC
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
terraform {
18+
required_version = ">= 1.3"
19+
required_providers {
20+
google = {
21+
source = "hashicorp/google"
22+
version = ">= 5.33, < 6"
23+
}
24+
}
25+
provider_meta "google" {
26+
module_name = "blueprints/terraform/terraform-google-project-factory:cloud_armor_tier/v15.0.1"
27+
}
28+
}

outputs.tf

+5
Original file line numberDiff line numberDiff line change
@@ -108,3 +108,8 @@ output "usage_report_export_bucket" {
108108
description = "GCE usage reports bucket"
109109
value = module.project-factory.usage_report_export_bucket
110110
}
111+
112+
output "cloud_armor_tier" {
113+
description = "Managed protection tier to be set. If not set, then project will be set to default Standard protection"
114+
value = var.cloud_armor_tier
115+
}

variables.tf

+6
Original file line numberDiff line numberDiff line change
@@ -359,3 +359,9 @@ variable "tag_binding_values" {
359359
type = list(string)
360360
default = []
361361
}
362+
363+
variable "cloud_armor_tier" {
364+
description = "Managed protection tier to be set. Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO. If not set, then project will be set to default Standard protection"
365+
type = string
366+
default = null
367+
}

versions.tf

+2-2
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,11 @@ terraform {
1919
required_providers {
2020
google = {
2121
source = "hashicorp/google"
22-
version = ">= 5.22, < 6"
22+
version = ">= 5.33, < 6"
2323
}
2424
google-beta = {
2525
source = "hashicorp/google-beta"
26-
version = ">= 5.22, < 6"
26+
version = ">= 5.33, < 6"
2727
}
2828
}
2929
provider_meta "google" {

0 commit comments

Comments
 (0)