├── test
├── integration
│ ├── budget
│ │ ├── libraries
│ │ │ └── .gitkeep
│ │ └── inspec.yml
│ ├── full
│ │ ├── libraries
│ │ │ └── .gitkeep
│ │ ├── inspec.yml
│ │ └── controls
│ │ │ └── gsuite.rb
│ ├── minimal
│ │ ├── libraries
│ │ │ └── .gitkeep
│ │ └── inspec.yml
│ ├── fabric_project
│ │ ├── libraries
│ │ │ └── .gitkeep
│ │ ├── inspec.yml
│ │ └── controls
│ │ │ └── project_fabric.rb
│ ├── vpc_sc_project
│ │ ├── libraries
│ │ │ └── .gitkeep
│ │ ├── inspec.yml
│ │ └── controls
│ │ │ └── vpc_sc_project.rb
│ ├── app_engine
│ │ ├── inspec.yml
│ │ └── controls
│ │ │ └── app-engine.rb
│ ├── discover_test.go
│ ├── shared_vpc_no_subnets
│ │ ├── inspec.yml
│ │ └── controls
│ │ │ └── gcp.rb
│ ├── dynamic_shared_vpc
│ │ └── inspec.yml
│ └── tags_project
│ │ └── tags_project_test.go
├── fixtures
│ ├── full
│ │ ├── .gitignore
│ │ ├── versions.tf
│ │ ├── README.md
│ │ ├── variables.tf
│ │ └── outputs.tf
│ ├── minimal
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── variables.tf
│ │ ├── outputs.tf
│ │ └── main.tf
│ ├── vpc_sc_project
│ │ ├── .gitignore
│ │ ├── versions.tf
│ │ ├── variables.tf
│ │ ├── outputs.tf
│ │ └── main.tf
│ ├── app_engine
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ ├── fabric_project
│ │ ├── variables.tf
│ │ ├── main.tf
│ │ └── outputs.tf
│ ├── budget
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ ├── dynamic_shared_vpc
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ └── shared_vpc_no_subnets
│ │ ├── outputs.tf
│ │ ├── variables.tf
│ │ └── main.tf
├── .gitignore
└── setup
│ ├── .gitignore
│ ├── variables.tf
│ ├── tags.tf
│ ├── versions.tf
│ └── outputs.tf
├── helpers
├── preconditions
│ └── requirements.txt
├── terraform_validate
└── release-new-version.sh
├── .github
├── renovate.json
├── release-please.yml
├── trusted-contribution.yml
└── workflows
│ └── stale.yml
├── docs
├── upgrading_to_project_factory_v15.0.md
├── upgrading_to_project_factory_v16.0.md
├── upgrading_to_project_factory_v8.0.md
├── GLOSSARY.md
├── upgrading_to_project_factory_v17.0.md
├── upgrading_to_project_factory_v6.0.md
├── upgrading_to_project_factory_v11.0.md
├── upgrading_to_project_factory_v2.0.md
└── upgrading_to_fabric_project_v5.0.md
├── CODEOWNERS
├── examples
├── project_services
│ ├── README.md
│ ├── outputs.tf
│ ├── variables.tf
│ └── main.tf
├── quota_project
│ ├── README.md
│ ├── outputs.tf
│ ├── variables.tf
│ └── main.tf
├── essential_contacts
│ ├── outputs.tf
│ ├── README.md
│ ├── variables.tf
│ └── main.tf
├── group_project
│ ├── versions.tf
│ ├── outputs.tf
│ ├── variables.tf
│ ├── main.tf
│ └── README.md
├── project-hierarchy
│ ├── versions.tf
│ ├── variables.tf
│ ├── outputs.tf
│ ├── README.md
│ └── main.tf
├── simple_project
│ ├── README.md
│ ├── variables.tf
│ ├── outputs.tf
│ └── main.tf
├── tags_project
│ ├── README.md
│ ├── outputs.tf
│ ├── main.tf
│ └── variables.tf
├── app_engine
│ ├── variables.tf
│ ├── README.md
│ ├── outputs.tf
│ └── main.tf
├── fabric_project
│ ├── outputs.tf
│ ├── README.md
│ ├── main.tf
│ └── variables.tf
├── gke_shared_vpc
│ ├── main.tf
│ ├── variables.tf
│ └── README.md
├── shared_vpc
│ ├── variables.tf
│ ├── outputs.tf
│ └── README.md
└── budget_project
│ ├── variables.tf
│ ├── outputs.tf
│ ├── README.md
│ └── main.tf
├── .pre-commit-config.yaml
├── modules
├── quota_manager
│ ├── outputs.tf
│ ├── versions.tf
│ ├── variables.tf
│ ├── main.tf
│ ├── metadata.display.yaml
│ └── README.md
├── gsuite_group
│ ├── versions.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── main.tf
├── app_engine
│ ├── versions.tf
│ ├── main.tf
│ ├── variables.tf
│ └── outputs.tf
├── budget
│ ├── outputs.tf
│ ├── versions.tf
│ └── metadata.display.yaml
├── essential_contacts
│ ├── outputs.tf
│ ├── main.tf
│ ├── variables.tf
│ ├── versions.tf
│ ├── metadata.display.yaml
│ └── README.md
├── fabric-project
│ ├── versions.tf
│ └── outputs.tf
├── shared_vpc_access
│ ├── outputs.tf
│ ├── versions.tf
│ ├── metadata.display.yaml
│ └── variables.tf
├── project_services
│ ├── versions.tf
│ ├── outputs.tf
│ ├── metadata.display.yaml
│ └── variables.tf
├── core_project_factory
│ └── versions.tf
├── svpc_service_project
│ ├── versions.tf
│ └── outputs.tf
└── gsuite_enabled
│ ├── versions.tf
│ └── outputs.tf
├── .gitignore
└── versions.tf
/test/integration/budget/libraries/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/test/integration/full/libraries/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/test/integration/minimal/libraries/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/test/fixtures/full/.gitignore:
--------------------------------------------------------------------------------
1 | terraform.tfvars
2 |
--------------------------------------------------------------------------------
/test/fixtures/minimal/.gitignore:
--------------------------------------------------------------------------------
1 | terraform.tfvars
2 |
--------------------------------------------------------------------------------
/test/integration/fabric_project/libraries/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/test/integration/vpc_sc_project/libraries/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/test/.gitignore:
--------------------------------------------------------------------------------
1 | source.sh
2 | credentials_pfactory.json
3 |
--------------------------------------------------------------------------------
/test/fixtures/vpc_sc_project/.gitignore:
--------------------------------------------------------------------------------
1 | terraform.tfvars
2 |
--------------------------------------------------------------------------------
/test/setup/.gitignore:
--------------------------------------------------------------------------------
1 | terraform.tfvars
2 | source.sh
3 | credentials_pfactory.json
4 |
--------------------------------------------------------------------------------
/helpers/preconditions/requirements.txt:
--------------------------------------------------------------------------------
1 | google-api-python-client~=2.127
2 | google-auth~=2.29
3 | requests~=2.22
4 |
--------------------------------------------------------------------------------
/.github/renovate.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json",
3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"]
4 | }
5 |
--------------------------------------------------------------------------------
/docs/upgrading_to_project_factory_v15.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Project Factory v15.0
2 |
3 | The v15.0 release of Project Factory is a backwards incompatible release.
4 |
5 | ### Google Cloud Platform Provider upgrade
6 |
7 | The Project Factory module now requires version 5.22 or higher of the Google Cloud Platform Provider and 5.22 or higher of
8 | the Google Cloud Platform Beta Provider.
9 |
--------------------------------------------------------------------------------
/docs/upgrading_to_project_factory_v16.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Project Factory v16.0
2 |
3 | The v16.0 release of Project Factory is a backwards incompatible release.
4 |
5 | ### Google Cloud Platform Provider upgrade
6 |
7 | The Project Factory module now requires version `5.33` or higher of the Google Cloud Platform Provider and `5.33` or higher of the Google Cloud Platform Beta Provider.
8 |
--------------------------------------------------------------------------------
/docs/upgrading_to_project_factory_v8.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Project Factory v8.0
2 |
3 | The v8.0 release of Project Factory updates the `gcloud` module to use the [1.0.0](https://github.com/terraform-google-modules/terraform-google-gcloud/blob/master/CHANGELOG.md#100-2020-04-15) version.
4 |
5 | ## gcloud module
6 | If you are relying on the built-in gcloud module, you will need to make sure `curl`
7 | is available in your Terraform execution environment.
8 |
9 | If you have `skip_gcloud_download` set to `true`, no change is necessary.
10 |
--------------------------------------------------------------------------------
/docs/GLOSSARY.md:
--------------------------------------------------------------------------------
1 | # Glossary
2 |
3 | Defined terms in the documentation for Project Factory are capitalized and have
4 | specific meaning within the domain of knowledge.
5 |
6 | ## Seed Project
7 |
8 | An existing GCP project with resources, services, and service accounts needed to
9 | create projects with the project factory.
10 |
11 | ## Seed Service Account
12 |
13 | A service account in the **Seed Project** used to create **Target Projects**.
14 | The Seed Service Account has broad access and should be considered a "root
15 | level" account.
16 |
17 | ## Target Project
18 |
19 | One or more projects managed by the Project Factory.
20 |
--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # NOTE: This file is automatically generated from values at:
2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf
3 |
4 | * @terraform-google-modules/cft-admins @imrannayer
5 |
6 | # NOTE: GitHub CODEOWNERS locations:
7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection
8 |
9 | CODEOWNERS @terraform-google-modules/cft-admins
10 | .github/CODEOWNERS @terraform-google-modules/cft-admins
11 | docs/CODEOWNERS @terraform-google-modules/cft-admins
12 |
13 |
--------------------------------------------------------------------------------
/examples/project_services/README.md:
--------------------------------------------------------------------------------
1 | # Project Services
2 |
3 | This example illustrates how to use the project_services submodule to activate APIs
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | enable | Actually enable the APIs listed | `bool` | `true` | no |
11 | | project\_id | The GCP project you want to enable APIs on | `any` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | project\_id | The GCP project you want to enable APIs on |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/.github/release-please.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | releaseType: terraform-module
16 | handleGHRelease: true
17 |
--------------------------------------------------------------------------------
/examples/quota_project/README.md:
--------------------------------------------------------------------------------
1 | # Quota Project
2 |
3 | This example illustrates how to use quota_manager submodule to override customer quotas.
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | billing\_account | The ID of the billing account to associate this project with | `string` | n/a | yes |
11 | | folder\_id | The ID of a folder to host this project. | `string` | `""` | no |
12 | | org\_id | The organization ID. | `string` | n/a | yes |
13 |
14 | ## Outputs
15 |
16 | | Name | Description |
17 | |------|-------------|
18 | | project\_id | The project ID in which to override quota |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/examples/quota_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2021 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The project ID in which to override quota"
19 | value = module.quota-project.project_id
20 | }
21 |
--------------------------------------------------------------------------------
/examples/essential_contacts/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | value = module.project-factory.project_id
19 | description = "The GCP project with Essential Contacts"
20 | }
21 |
--------------------------------------------------------------------------------
/examples/project_services/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | value = module.project-services.project_id
19 | description = "The GCP project you want to enable APIs on"
20 | }
21 |
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2018 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | - repo: git://github.com/antonbabenko/pre-commit-terraform
16 | rev: v1.11.0
17 | hooks:
18 | - id: terraform_fmt
19 | - id: terraform_docs
20 | - id: terraform_validate_with_variables
21 |
--------------------------------------------------------------------------------
/examples/group_project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_providers {
19 | gsuite = {
20 | source = "deviavir/gsuite"
21 | version = "~> 0.1.12"
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/docs/upgrading_to_project_factory_v17.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Project Factory v17.0
2 |
3 | The v17.0 release of Project Factory is a backwards incompatible release.
4 |
5 | ### Google Cloud Provider Project deletion_policy
6 |
7 | The `deletion_policy` for projects now defaults to `"PREVENT"` rather than `"DELETE"`. This aligns with the behavior in Google Cloud Platform Provider v6+. To maintain the old behavior you can set `deletion_policy = "DELETE"`.
8 |
9 | ```diff
10 | module "project" {
11 | - version = "~> 16.0"
12 | + version = "~> 17.0"
13 |
14 | + deletion_policy = "DELETE"
15 | }
16 | ```
17 |
18 | ### Google Cloud Platform Provider upgrade
19 |
20 | The Project Factory module now requires version `5.41` or higher of the Google Cloud Platform Provider and `5.41` or higher of the Google Cloud Platform Beta Provider.
21 |
--------------------------------------------------------------------------------
/examples/project-hierarchy/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_providers {
19 | gsuite = {
20 | source = "deviavir/gsuite"
21 | version = "~> 0.1.12"
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/test/integration/fabric_project/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: fabric_project
16 | attributes:
17 | - name: project_id
18 | required: true
19 |
20 | - name: project_number
21 | required: true
22 |
23 | - name: name
24 | required: true
25 |
--------------------------------------------------------------------------------
/modules/quota_manager/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "quota_overrides" {
18 | description = "The server-generated names of the quota override."
19 | value = google_service_usage_consumer_quota_override.override
20 | }
21 |
--------------------------------------------------------------------------------
/test/integration/app_engine/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: app_engine
16 | attributes:
17 | - name: project_id
18 | required: true
19 | type: string
20 | - name: region
21 | required: true
22 | - name: app_name
23 | required: true
24 |
25 |
--------------------------------------------------------------------------------
/examples/simple_project/README.md:
--------------------------------------------------------------------------------
1 | # Simple Project
2 |
3 | This example illustrates how to create a simple project.
4 |
5 | Expected variables:
6 | - `admin_email`
7 | - `organization_id`
8 | - `billing_account`
9 | - `credentials_path`
10 |
11 |
12 | ## Inputs
13 |
14 | | Name | Description | Type | Default | Required |
15 | |------|-------------|------|---------|:--------:|
16 | | billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
17 | | organization\_id | The organization id for the associated services | `any` | n/a | yes |
18 |
19 | ## Outputs
20 |
21 | | Name | Description |
22 | |------|-------------|
23 | | domain\_example | The organization's domain |
24 | | project\_info\_example | The ID of the created project |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/modules/gsuite_group/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 3.43, < 8"
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/modules/app_engine/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 |
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 3.43, < 8"
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/test/fixtures/app_engine/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "app-eng" {
18 | source = "../../../examples/app_engine"
19 | org_id = var.org_id
20 | folder_id = var.folder_id
21 | billing_account = var.billing_account
22 | }
23 |
--------------------------------------------------------------------------------
/helpers/terraform_validate:
--------------------------------------------------------------------------------
1 | #! /bin/bash
2 | #
3 | # Copyright 2019 Google LLC. This software is provided as-is, without warranty
4 | # or representation for any use or purpose. Your use of it is subject to your
5 | # agreement with Google.
6 | #
7 | # This script initializes modules so that terraform validate as of 0.12 behaves
8 | # as expected and does not issue errors such as:
9 | #
10 | # Error: Module not installed
11 | #
12 | # on test/fixtures/shared_vpc_no_subnets/main.tf line 37:
13 | # 37: module "project-factory" {
14 | #
15 | # This module is not yet installed. Run "terraform init" to install all modules
16 | # required by this configuration.
17 |
18 | # The first and only argument to this script is the directory containing *.tf
19 | # files to validate. This directory is assumed to be a root module.
20 |
21 | cd "$1"
22 | terraform init -backend=false
23 | terraform validate
24 |
--------------------------------------------------------------------------------
/modules/quota_manager/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 |
20 | required_providers {
21 | google-beta = {
22 | source = "hashicorp/google-beta"
23 | version = ">= 4.11, < 8"
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/examples/project_services/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The GCP project you want to enable APIs on"
19 | }
20 |
21 | variable "enable" {
22 | description = "Actually enable the APIs listed"
23 | default = true
24 | }
25 |
--------------------------------------------------------------------------------
/examples/tags_project/README.md:
--------------------------------------------------------------------------------
1 | # Project with tags
2 |
3 | This example illustrates how to create a project with a tag binding.
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
11 | | folder\_id | The ID of a folder to host this project. | `string` | `null` | no |
12 | | organization\_id | The organization id for the associated services | `string` | `"684124036889"` | no |
13 | | tag\_value | value | `string` | n/a | yes |
14 |
15 | ## Outputs
16 |
17 | | Name | Description |
18 | |------|-------------|
19 | | project\_id | The ID of the created project |
20 | | project\_num | The number of the created project |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/test/fixtures/fabric_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "folder_id" {
18 | type = string
19 | description = "Parent folder ID."
20 | }
21 |
22 | variable "billing_account" {
23 | type = string
24 | description = "Billing account ID."
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/test/fixtures/minimal/README.md:
--------------------------------------------------------------------------------
1 | # minimal
2 |
3 |
4 | ## Inputs
5 |
6 | | Name | Description | Type | Default | Required |
7 | |------|-------------|------|---------|:--------:|
8 | | billing\_account | Billing account ID. | `string` | n/a | yes |
9 | | folder\_id | n/a | `string` | n/a | yes |
10 | | org\_id | n/a | `string` | n/a | yes |
11 | | random\_string\_for\_testing | A random string of characters to be appended to resource names to ensure uniqueness | `string` | n/a | yes |
12 |
13 | ## Outputs
14 |
15 | | Name | Description |
16 | |------|-------------|
17 | | compute\_service\_account\_email | n/a |
18 | | container\_service\_account\_email | n/a |
19 | | group\_email | n/a |
20 | | project\_id | n/a |
21 | | project\_name | n/a |
22 | | project\_number | n/a |
23 | | service\_account\_email | n/a |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/examples/simple_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "organization_id" {
18 | description = "The organization id for the associated services"
19 | }
20 |
21 | variable "billing_account" {
22 | description = "The ID of the billing account to associate this project with"
23 | }
24 |
--------------------------------------------------------------------------------
/test/fixtures/budget/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "budget" {
18 | source = "../../../examples/budget_project"
19 | org_id = var.org_id
20 | folder_id = var.folder_id
21 | billing_account = var.billing_account
22 | parent_project_id = var.project_id
23 | }
24 |
--------------------------------------------------------------------------------
/modules/budget/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "name" {
18 | description = "Resource name of the budget. Values are of the form `billingAccounts/{billingAccountId}/budgets/{budgetId}.`"
19 | value = length(google_billing_budget.budget) > 0 ? google_billing_budget.budget[0].name : ""
20 | }
21 |
--------------------------------------------------------------------------------
/docs/upgrading_to_project_factory_v6.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Project Factory v6.0
2 |
3 | The v6.0 release of Project Factory is a backwards incompatible release for
4 | new projects only, as it changes how the default compute service account is
5 | treated when the project is created.
6 |
7 | The default of `default_service_account` changed from `"delete"` to `"disable"`.
8 | If you want to continue deleting the default compute service account for new
9 | projects, you will need to specify:
10 |
11 | ```
12 | default_service_account = "delete"
13 | ```
14 |
15 | ## Migration Instructions
16 |
17 | Projects that are already created with the default not overridden don't need
18 | any changes, as their service account is already deleted.
19 |
20 | Note that changing `default_service_account` to `"disable"` from `"delete"` on
21 | already created projects will not bring the service account back, as the input
22 | is only applied on project creation.
23 |
--------------------------------------------------------------------------------
/examples/essential_contacts/README.md:
--------------------------------------------------------------------------------
1 | # Essential Contacts
2 |
3 | This example illustrates how to use the essential_contacts submodule to assign emails to specific notification types and languages.
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | billing\_account | Billing account ID. | `string` | n/a | yes |
11 | | folder\_id | The ID of a folder to host this project. | `string` | n/a | yes |
12 | | org\_id | The organization ID. | `string` | n/a | yes |
13 | | random\_string\_for\_testing | A random string of characters to be appended to resource names to ensure uniqueness | `string` | n/a | yes |
14 |
15 | ## Outputs
16 |
17 | | Name | Description |
18 | |------|-------------|
19 | | project\_id | The GCP project with Essential Contacts |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/examples/simple_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_info_example" {
18 | value = module.project-factory.project_id
19 | description = "The ID of the created project"
20 | }
21 |
22 | output "domain_example" {
23 | value = module.project-factory.domain
24 | description = "The organization's domain"
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/examples/tags_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | value = module.project-factory.project_id
19 | description = "The ID of the created project"
20 | }
21 |
22 | output "project_num" {
23 | value = module.project-factory.project_number
24 | description = "The number of the created project"
25 | }
26 |
27 |
--------------------------------------------------------------------------------
/modules/essential_contacts/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2022 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "essential_contacts" {
18 | description = "Essential Contact resources created"
19 | value = [for contact in google_essential_contacts_contact.contact : contact.name]
20 | }
21 |
22 | output "project_id" {
23 | description = "The GCP project you want to enable APIs on"
24 | value = var.project_id
25 | }
26 |
--------------------------------------------------------------------------------
/test/fixtures/fabric_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "fabric-project" {
18 | source = "../../../examples/fabric_project"
19 |
20 | name = "fabric-project"
21 | parent = "folders/${var.folder_id}"
22 | billing_account = var.billing_account
23 | activate_apis = [
24 | "compute.googleapis.com",
25 | "storage-api.googleapis.com",
26 | ]
27 | }
28 |
--------------------------------------------------------------------------------
/examples/project-hierarchy/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "admin_email" {
18 | description = "Admin user email on Gsuite"
19 | }
20 |
21 | variable "organization_id" {
22 | description = "The organization id for the associated services"
23 | }
24 |
25 | variable "billing_account" {
26 | description = "The ID of the billing account to associate this project with"
27 | }
28 |
29 |
--------------------------------------------------------------------------------
/.github/trusted-contribution.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2023-2025 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # NOTE: This file is automatically generated from:
16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github
17 |
18 | annotations:
19 | - type: comment
20 | text: "/gcbrun"
21 | trustedContributors:
22 | - release-please[bot]
23 | - renovate[bot]
24 | - renovate-bot
25 | - forking-renovate[bot]
26 | - dependabot[bot]
27 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # OSX leaves these everywhere on SMB shares
2 | ._*
3 |
4 | # OSX trash
5 | .DS_Store
6 |
7 | # Python
8 | *.pyc
9 | # Python virtualenv
10 | venv
11 |
12 | # Emacs save files
13 | *~
14 | \#*\#
15 | .\#*
16 |
17 | # Vim-related files
18 | [._]*.s[a-w][a-z]
19 | [._]s[a-w][a-z]
20 | *.un~
21 | Session.vim
22 | .netrwhist
23 |
24 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
25 |
26 | # Local .terraform directories
27 | **/.terraform/*
28 |
29 | # .tfstate files
30 | *.tfstate
31 | *.tfstate.*
32 |
33 | # Crash log files
34 | crash.log
35 |
36 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
37 | # .tfvars files are managed as part of configuration and so should be included in
38 | # version control.
39 | #
40 | # example.tfvars
41 |
42 | .kitchen
43 | terraform.tfstate.d/
44 | *.auto.tfvars
45 | credentials.json
46 | .vscode/
47 | .idea
48 | env/
49 | test/fixtures/shared/terraform.tfvars
50 | .envrc
51 |
52 | # tf lock file
53 | .terraform.lock.hcl
54 |
--------------------------------------------------------------------------------
/modules/gsuite_group/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "domain" {
18 | value = local.domain
19 | description = "The domain of the group's organization."
20 | }
21 |
22 | output "email" {
23 | description = "The email address of the group."
24 | value = local.email
25 | }
26 |
27 | output "name" {
28 | description = "The username portion of the email address of the group."
29 | value = var.name
30 | }
31 |
32 |
--------------------------------------------------------------------------------
/modules/gsuite_group/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "domain" {
18 | type = string
19 | description = "The domain name"
20 | default = ""
21 | }
22 |
23 | variable "name" {
24 | type = string
25 | description = "The name of the group."
26 | default = ""
27 | }
28 |
29 | variable "org_id" {
30 | type = string
31 | description = "The organization ID."
32 | default = null
33 | }
34 |
35 |
--------------------------------------------------------------------------------
/test/fixtures/dynamic_shared_vpc/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "example" {
18 | source = "../../../examples/shared_vpc"
19 | organization_id = var.org_id
20 | folder_id = var.folder_id
21 | billing_account = var.billing_account
22 | host_project_name = "pf-ci-shared2-host-${var.random_string_for_testing}"
23 | service_project_name = "pf-ci-shared2-svc-${var.random_string_for_testing}"
24 | }
25 |
--------------------------------------------------------------------------------
/examples/quota_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2021 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The organization ID."
19 | type = string
20 | }
21 |
22 | variable "folder_id" {
23 | description = "The ID of a folder to host this project."
24 | type = string
25 | default = ""
26 | }
27 |
28 | variable "billing_account" {
29 | description = "The ID of the billing account to associate this project with"
30 | type = string
31 | }
32 |
--------------------------------------------------------------------------------
/examples/app_engine/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The organization ID."
19 | type = string
20 | }
21 |
22 | variable "folder_id" {
23 | description = "The ID of a folder to host this project."
24 | type = string
25 | default = ""
26 | }
27 |
28 | variable "billing_account" {
29 | description = "The ID of the billing account to associate this project with"
30 | type = string
31 | }
32 |
33 |
--------------------------------------------------------------------------------
/test/fixtures/minimal/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | type = string
19 | }
20 |
21 | variable "folder_id" {
22 | type = string
23 | }
24 |
25 | variable "billing_account" {
26 | type = string
27 | description = "Billing account ID."
28 | }
29 |
30 | variable "random_string_for_testing" {
31 | type = string
32 | description = "A random string of characters to be appended to resource names to ensure uniqueness"
33 | }
34 |
--------------------------------------------------------------------------------
/modules/app_engine/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "google_app_engine_application" "main" {
18 | project = var.project_id
19 | location_id = var.location_id
20 | auth_domain = var.auth_domain
21 | serving_status = var.serving_status
22 | dynamic "feature_settings" {
23 | for_each = var.feature_settings
24 | content {
25 | split_health_checks = lookup(feature_settings.value, "split_health_checks", true)
26 | }
27 | }
28 | }
29 |
30 |
--------------------------------------------------------------------------------
/test/fixtures/app_engine/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The organization ID."
19 | type = string
20 | }
21 |
22 | variable "folder_id" {
23 | description = "The ID of a folder to host this project."
24 | type = string
25 | default = ""
26 | }
27 |
28 | variable "billing_account" {
29 | description = "The ID of the billing account to associate this project with"
30 | type = string
31 | }
32 |
33 |
34 |
--------------------------------------------------------------------------------
/examples/fabric_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The project id of the created project."
19 | value = module.fabric-project.project_id
20 | }
21 |
22 | output "name" {
23 | description = "The name of the created project."
24 | value = module.fabric-project.name
25 | }
26 |
27 | output "project_number" {
28 | description = "The project number of the created project."
29 | value = module.fabric-project.number
30 | }
31 |
--------------------------------------------------------------------------------
/test/fixtures/vpc_sc_project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2022 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 0.13"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | }
23 | google-beta = {
24 | source = "hashicorp/google-beta"
25 | }
26 | null = {
27 | source = "hashicorp/null"
28 | version = "~> 3.0"
29 | }
30 | random = {
31 | source = "hashicorp/random"
32 | version = "~> 3.0"
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/test/integration/minimal/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: minimal
16 | attributes:
17 | - name: project_id
18 | required: true
19 |
20 | - name: project_number
21 | required: true
22 |
23 | - name: service_account_email
24 | required: true
25 |
26 | - name: compute_service_account_email
27 | required: true
28 |
29 | - name: container_service_account_email
30 | required: true
31 |
32 | - name: group_email
33 | required: true
34 |
35 | - name: group_name
36 | required: true
37 |
--------------------------------------------------------------------------------
/test/fixtures/fabric_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The project id of the created project."
19 | value = module.fabric-project.project_id
20 | }
21 |
22 | output "name" {
23 | description = "The name of the created project."
24 | value = module.fabric-project.name
25 | }
26 |
27 | output "project_number" {
28 | description = "The project number of the created project."
29 | value = module.fabric-project.project_number
30 | }
31 |
--------------------------------------------------------------------------------
/examples/group_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_info_example" {
18 | value = module.project-factory.project_id
19 | description = "The ID of the created project"
20 | }
21 |
22 | output "domain_example" {
23 | value = module.project-factory.domain
24 | description = "The organization's domain"
25 | }
26 |
27 | output "group_email_example" {
28 | value = module.project-factory.group_email
29 | description = "The email of the created G Suite group"
30 | }
31 |
32 |
--------------------------------------------------------------------------------
/test/fixtures/shared_vpc_no_subnets/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | value = module.project-factory.project_id
19 | }
20 |
21 | output "project_number" {
22 | value = module.project-factory.project_number
23 | }
24 |
25 | output "group_email" {
26 | value = module.project-factory.group_email
27 | }
28 |
29 | output "service_account_email" {
30 | value = module.project-factory.service_account_email
31 | }
32 |
33 | output "shared_vpc" {
34 | value = var.shared_vpc
35 | }
36 |
37 |
--------------------------------------------------------------------------------
/modules/quota_manager/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The GCP project where you want to manage the consumer quotas"
19 | type = string
20 | }
21 |
22 | variable "consumer_quotas" {
23 | description = "The quotas configuration you want to override for the project."
24 | type = list(object({
25 | service = string,
26 | metric = string,
27 | dimensions = map(string),
28 | limit = string,
29 | value = string,
30 | }))
31 | }
32 |
--------------------------------------------------------------------------------
/modules/budget/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 |
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 4.28, < 8"
24 | }
25 | }
26 |
27 | provider_meta "google" {
28 | module_name = "blueprints/terraform/terraform-google-project-factory:budget/v18.2.0"
29 | }
30 | provider_meta "google-beta" {
31 | module_name = "blueprints/terraform/terraform-google-project-factory:budget/v18.2.0"
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/examples/project-hierarchy/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "domain_example" {
18 | value = module.project-factory.domain
19 | description = "The organization's domain"
20 | }
21 |
22 | output "project_info_example" {
23 | value = module.project-prod-gke.project_id
24 | description = "The ID of the created prod_gke project"
25 | }
26 |
27 | output "project_info_factory_example" {
28 | value = module.project-factory.project_id
29 | description = "The ID of the created factory project"
30 | }
31 |
32 |
--------------------------------------------------------------------------------
/test/integration/discover_test.go:
--------------------------------------------------------------------------------
1 | // Copyright 2022 Google LLC
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | package test
16 |
17 | import (
18 | // should be imported to enable testing for GO modules
19 | "testing"
20 |
21 | // should be imported to use terraform helpers in blueprints test framework
22 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
23 | )
24 |
25 | // entry function for the test; can be named as Test*
26 | func TestAll(t *testing.T) {
27 | // the helper to autodiscover and test blueprint examples
28 | tft.AutoDiscoverAndTest(t)
29 | }
30 |
--------------------------------------------------------------------------------
/test/setup/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The numeric organization id"
19 | }
20 |
21 | variable "folder_id" {
22 | description = "The folder to deploy in"
23 | }
24 |
25 | variable "billing_account" {
26 | description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ"
27 | }
28 |
29 | variable "gsuite_admin_email" {
30 | description = "Gsuite administrator e-mail "
31 | }
32 |
33 | variable "gsuite_domain" {
34 | description = "Gsuite domain"
35 | }
36 |
--------------------------------------------------------------------------------
/modules/fabric-project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 |
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 5.41, < 8"
24 | }
25 | }
26 | provider_meta "google" {
27 | module_name = "blueprints/terraform/terraform-google-project-factory:fabric-project/v18.2.0"
28 | }
29 | provider_meta "google-beta" {
30 | module_name = "blueprints/terraform/terraform-google-project-factory:fabric-project/v18.2.0"
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/modules/essential_contacts/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2022 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | /******************************************
18 | Essential Contact configuration
19 | *****************************************/
20 |
21 | resource "google_essential_contacts_contact" "contact" {
22 | for_each = var.essential_contacts
23 |
24 | parent = "projects/${var.project_id}"
25 | email = each.key
26 | language_tag = var.language_tag
27 | notification_category_subscriptions = each.value
28 | }
29 |
--------------------------------------------------------------------------------
/test/setup/tags.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "key_suffix" {
18 | length = 7
19 | special = false
20 | upper = false
21 | }
22 |
23 | resource "google_tags_tag_key" "key" {
24 | parent = "organizations/${var.org_id}"
25 | short_name = "pf-key-${random_string.key_suffix.result}"
26 | description = "Sample tag key"
27 | }
28 |
29 | resource "google_tags_tag_value" "value" {
30 | parent = "tagKeys/${google_tags_tag_key.key.name}"
31 | short_name = "sample-val"
32 | description = "Sample val"
33 | }
34 |
--------------------------------------------------------------------------------
/test/integration/shared_vpc_no_subnets/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2018 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: shared_vpc_no_subnets
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v0.10.0
20 | attributes:
21 | - name: project_id
22 | required: true
23 | type: string
24 |
25 | - name: project_number
26 | required: true
27 | type: string
28 |
29 | - name: service_account_email
30 | required: true
31 | type: string
32 |
33 | - name: shared_vpc
34 | required: true
35 |
36 | - name: group_email
37 | required: true
38 |
--------------------------------------------------------------------------------
/examples/tags_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "project-factory" {
18 | source = "terraform-google-modules/project-factory/google"
19 | version = "~> 18.0"
20 |
21 | random_project_id = true
22 | name = "simple-tag-project"
23 | org_id = var.organization_id
24 | folder_id = var.folder_id
25 | billing_account = var.billing_account
26 | default_service_account = "deprivilege"
27 | tag_binding_values = [var.tag_value]
28 |
29 | deletion_policy = "DELETE"
30 | }
31 |
--------------------------------------------------------------------------------
/modules/shared_vpc_access/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2020 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "active_api_service_accounts" {
18 | description = "List of active API service accounts in the service project."
19 | value = local.active_apis
20 | }
21 |
22 | output "project_id" {
23 | description = "Service project ID."
24 | value = var.service_project_id
25 | depends_on = [
26 | google_compute_subnetwork_iam_member.service_shared_vpc_subnet_users,
27 | google_project_iam_member.gke_host_agent,
28 | google_project_iam_member.service_shared_vpc_user,
29 | ]
30 | }
31 |
--------------------------------------------------------------------------------
/examples/tags_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2024 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "organization_id" {
18 | description = "The organization id for the associated services"
19 | default = "684124036889"
20 | }
21 |
22 | variable "folder_id" {
23 | description = "The ID of a folder to host this project."
24 | type = string
25 | default = null
26 | }
27 |
28 | variable "billing_account" {
29 | description = "The ID of the billing account to associate this project with"
30 | }
31 |
32 | variable "tag_value" {
33 | description = "value"
34 | type = string
35 | }
36 |
--------------------------------------------------------------------------------
/test/setup/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 0.13"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | }
23 | google-beta = {
24 | source = "hashicorp/google-beta"
25 | }
26 | null = {
27 | source = "hashicorp/null"
28 | version = "~> 3.0"
29 | }
30 | random = {
31 | source = "hashicorp/random"
32 | version = "~> 3.0"
33 | }
34 | time = {
35 | source = "hashicorp/time"
36 | version = ">= 0.5.0"
37 | }
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/test/fixtures/full/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2021 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_providers {
19 | google = {
20 | source = "hashicorp/google"
21 | }
22 | google-beta = {
23 | source = "hashicorp/google-beta"
24 | }
25 | gsuite = {
26 | source = "deviavir/gsuite"
27 | version = "~> 0.1.12"
28 | }
29 | null = {
30 | source = "hashicorp/null"
31 | version = "~> 3.0"
32 | }
33 | random = {
34 | source = "hashicorp/random"
35 | version = "~> 3.0"
36 | }
37 | }
38 | required_version = ">= 0.13"
39 | }
40 |
--------------------------------------------------------------------------------
/modules/gsuite_group/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | locals {
18 | domain_list = concat(data.google_organization.org[*].domain, ["dummy"])
19 | domain = var.domain == "" ? element(local.domain_list, 0) : var.domain
20 | email = var.name == "" ? "" : format("%s@%s", var.name, local.domain)
21 | }
22 |
23 | /*****************************************
24 | Organization info retrieval
25 | *****************************************/
26 | data "google_organization" "org" {
27 | count = var.domain == "" && var.name != "" ? 1 : 0
28 | organization = var.org_id
29 | }
30 |
31 |
--------------------------------------------------------------------------------
/examples/essential_contacts/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | type = string
19 | description = "The organization ID."
20 | }
21 |
22 | variable "folder_id" {
23 | type = string
24 | description = "The ID of a folder to host this project."
25 | }
26 |
27 | variable "billing_account" {
28 | type = string
29 | description = "Billing account ID."
30 | }
31 |
32 | variable "random_string_for_testing" {
33 | type = string
34 | description = "A random string of characters to be appended to resource names to ensure uniqueness"
35 | }
36 |
--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 5.41, < 8"
23 | }
24 | google-beta = {
25 | source = "hashicorp/google-beta"
26 | version = ">= 5.41, < 8"
27 | }
28 | }
29 | provider_meta "google" {
30 | module_name = "blueprints/terraform/terraform-google-project-factory/v18.2.0"
31 | }
32 | provider_meta "google-beta" {
33 | module_name = "blueprints/terraform/terraform-google-project-factory/v18.2.0"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/examples/app_engine/README.md:
--------------------------------------------------------------------------------
1 | # App Engine Project
2 |
3 | This example illustrates how to create a simple project with App Engine enabled.
4 |
5 | It will do the following:
6 | - Create a project
7 | - Active the Google App Engine Admin API on the new project
8 | - Create a new App Engine app
9 |
10 | Expected variables:
11 | - `admin_email`
12 | - `organization_id`
13 | - `billing_account`
14 |
15 |
16 | ## Inputs
17 |
18 | | Name | Description | Type | Default | Required |
19 | |------|-------------|------|---------|:--------:|
20 | | billing\_account | The ID of the billing account to associate this project with | `string` | n/a | yes |
21 | | folder\_id | The ID of a folder to host this project. | `string` | `""` | no |
22 | | org\_id | The organization ID. | `string` | n/a | yes |
23 |
24 | ## Outputs
25 |
26 | | Name | Description |
27 | |------|-------------|
28 | | app\_name | Unique name of the app, usually apps/{PROJECT\_ID}. |
29 | | default\_hostname | The default hostname for this app. |
30 | | location\_id | The location app engine is serving from |
31 | | project\_id | The project ID where app engine is created |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/modules/essential_contacts/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2022 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The GCP project you want to send Essential Contacts notifications for"
19 | type = string
20 | }
21 |
22 | variable "essential_contacts" {
23 | description = "A mapping of users or groups to be assigned as Essential Contacts to the project, specifying a notification category"
24 | type = map(list(string))
25 | default = {}
26 | }
27 |
28 | variable "language_tag" {
29 | description = "Language code to be used for essential contacts notifiactions"
30 | type = string
31 | }
32 |
--------------------------------------------------------------------------------
/modules/quota_manager/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | locals {
18 | consumer_quotas = { for index, quota in var.consumer_quotas : "${quota.service}-${quota.metric}" => quota }
19 | }
20 |
21 | resource "google_service_usage_consumer_quota_override" "override" {
22 | provider = google-beta
23 | for_each = local.consumer_quotas
24 |
25 | project = var.project_id
26 | service = each.value.service
27 | metric = each.value.metric
28 | limit = each.value.limit
29 | dimensions = each.value.dimensions
30 | override_value = each.value.value
31 | force = true
32 | }
33 |
--------------------------------------------------------------------------------
/test/integration/vpc_sc_project/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: vpc_sc_project
16 | attributes:
17 | - name: project_id
18 | required: true
19 |
20 | - name: project_number
21 | required: true
22 |
23 | - name: service_account_email
24 | required: true
25 |
26 | - name: compute_service_account_email
27 | required: true
28 |
29 | - name: container_service_account_email
30 | required: true
31 |
32 | - name: group_email
33 | required: true
34 |
35 | - name: group_name
36 | required: true
37 |
38 | - name: perimeter_name
39 | required: true
40 |
41 | - name: policy_id
42 | required: true
43 |
--------------------------------------------------------------------------------
/test/fixtures/app_engine/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The project ID where app engine is created"
19 | value = module.app-eng.project_id
20 | }
21 |
22 | output "app_name" {
23 | description = "Unique name of the app, usually apps/{PROJECT_ID}."
24 | value = module.app-eng.app_name
25 | }
26 |
27 | output "default_hostname" {
28 | description = "The default hostname for this app."
29 | value = module.app-eng.default_hostname
30 | }
31 |
32 | output "region" {
33 | description = "The location app engine is serving from"
34 | value = module.app-eng.location_id
35 | }
36 |
--------------------------------------------------------------------------------
/test/fixtures/budget/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The organization ID."
19 | type = string
20 | }
21 |
22 | variable "folder_id" {
23 | description = "The ID of a folder to host this project."
24 | type = string
25 | default = ""
26 | }
27 |
28 | variable "billing_account" {
29 | description = "The ID of the billing account to associate this project with"
30 | type = string
31 | }
32 |
33 | variable "project_id" {
34 | description = "The project_id of the parent project when the PubSub topic will be created. Created by test setup"
35 | type = string
36 | }
37 |
--------------------------------------------------------------------------------
/examples/fabric_project/README.md:
--------------------------------------------------------------------------------
1 | # Simple Project
2 |
3 | This example illustrates how to create a simple project using the `fabric-project` submodule.
4 |
5 |
6 | ## Inputs
7 |
8 | | Name | Description | Type | Default | Required |
9 | |------|-------------|------|---------|:--------:|
10 | | activate\_apis | Service APIs to enable. | `list(string)` | [
"serviceusage.googleapis.com",
"compute.googleapis.com"
]
| no |
11 | | billing\_account | Billing account id. | `string` | n/a | yes |
12 | | name | Project name, joined with prefix. | `string` | `"fabric-project"` | no |
13 | | owners | Optional list of IAM-format members to set as project owners. | `list(string)` | `[]` | no |
14 | | parent | Organization or folder id, in the `organizations/nnn` or `folders/nnn` format. | `string` | n/a | yes |
15 | | prefix | Prefix prepended to project name, uses random id by default. | `string` | `""` | no |
16 |
17 | ## Outputs
18 |
19 | | Name | Description |
20 | |------|-------------|
21 | | name | The name of the created project. |
22 | | project\_id | The project id of the created project. |
23 | | project\_number | The project number of the created project. |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/modules/project_services/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 3.43, < 8"
23 | }
24 | google-beta = {
25 | source = "hashicorp/google-beta"
26 | version = ">= 3.43, < 8"
27 | }
28 | }
29 | provider_meta "google" {
30 | module_name = "blueprints/terraform/terraform-google-project-factory:project_services/v18.2.0"
31 | }
32 | provider_meta "google-beta" {
33 | module_name = "blueprints/terraform/terraform-google-project-factory:project_services/v18.2.0"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/modules/shared_vpc_access/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2020 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 3.43, < 8"
23 | }
24 | google-beta = {
25 | source = "hashicorp/google-beta"
26 | version = ">= 3.43, < 8"
27 | }
28 | }
29 | provider_meta "google" {
30 | module_name = "blueprints/terraform/terraform-google-project-factory:shared_vpc_access/v18.2.0"
31 | }
32 | provider_meta "google-beta" {
33 | module_name = "blueprints/terraform/terraform-google-project-factory:shared_vpc_access/v18.2.0"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/modules/essential_contacts/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2022 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 3.43, < 8"
23 | }
24 | google-beta = {
25 | source = "hashicorp/google-beta"
26 | version = ">= 3.43, < 8"
27 | }
28 | }
29 | provider_meta "google" {
30 | module_name = "blueprints/terraform/terraform-google-project-factory:essential_contacts/v18.2.0"
31 | }
32 | provider_meta "google-beta" {
33 | module_name = "blueprints/terraform/terraform-google-project-factory:essential_contacts/v18.2.0"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/examples/app_engine/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The project ID where app engine is created"
19 | value = module.app-engine-project.project_id
20 | }
21 |
22 | output "app_name" {
23 | description = "Unique name of the app, usually apps/{PROJECT_ID}."
24 | value = module.app-engine.name
25 | }
26 |
27 | output "default_hostname" {
28 | description = "The default hostname for this app."
29 | value = module.app-engine.default_hostname
30 | }
31 |
32 | output "location_id" {
33 | description = "The location app engine is serving from"
34 | value = module.app-engine.location_id
35 | }
36 |
37 |
--------------------------------------------------------------------------------
/examples/gke_shared_vpc/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "project-factory" {
18 | source = "terraform-google-modules/project-factory/google"
19 | version = "~> 18.0"
20 |
21 | random_project_id = true
22 | name = "sample-gke-shared-project"
23 | org_id = var.org_id
24 | billing_account = var.billing_account
25 | svpc_host_project_id = var.shared_vpc
26 | activate_apis = ["compute.googleapis.com", "container.googleapis.com", "cloudbilling.googleapis.com"]
27 | shared_vpc_subnets = var.shared_vpc_subnets
28 | default_network_tier = var.default_network_tier
29 |
30 | deletion_policy = "DELETE"
31 | }
32 |
--------------------------------------------------------------------------------
/examples/simple_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "project-factory" {
18 | source = "terraform-google-modules/project-factory/google"
19 | version = "~> 18.0"
20 |
21 | random_project_id = true
22 | name = "simple-sample-project"
23 | org_id = var.organization_id
24 | billing_account = var.billing_account
25 | default_service_account = "deprivilege"
26 |
27 | activate_api_identities = [{
28 | api = "healthcare.googleapis.com"
29 | roles = [
30 | "roles/healthcare.serviceAgent",
31 | "roles/bigquery.jobUser",
32 | ]
33 | }]
34 |
35 | deletion_policy = "DELETE"
36 | }
37 |
--------------------------------------------------------------------------------
/modules/core_project_factory/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 |
20 | required_providers {
21 | google = {
22 | source = "hashicorp/google"
23 | version = ">= 5.41, < 8"
24 | }
25 | google-beta = {
26 | source = "hashicorp/google-beta"
27 | version = ">= 5.41, < 8"
28 | }
29 | null = {
30 | source = "hashicorp/null"
31 | version = ">= 2.1"
32 | }
33 | random = {
34 | source = "hashicorp/random"
35 | version = ">= 2.2"
36 | }
37 | time = {
38 | source = "hashicorp/time"
39 | version = ">= 0.5"
40 | }
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/modules/svpc_service_project/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 4.5, < 8"
23 | }
24 | google-beta = {
25 | source = "hashicorp/google-beta"
26 | version = ">= 4.5, < 8"
27 | }
28 | }
29 | provider_meta "google" {
30 | module_name = "blueprints/terraform/terraform-google-project-factory:svpc_service_project/v18.2.0"
31 | }
32 | provider_meta "google-beta" {
33 | module_name = "blueprints/terraform/terraform-google-project-factory:svpc_service_project/v18.2.0"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/test/fixtures/dynamic_shared_vpc/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The organization ID."
19 | type = string
20 | }
21 |
22 | variable "folder_id" {
23 | description = "The ID of a folder to host this project."
24 | type = string
25 | default = ""
26 | }
27 |
28 | variable "billing_account" {
29 | description = "The ID of the billing account to associate this project with"
30 | type = string
31 | }
32 |
33 | variable "random_string_for_testing" {
34 | type = string
35 | description = "A random string of characters to be appended to resource names to ensure uniqueness"
36 | }
37 |
38 |
--------------------------------------------------------------------------------
/modules/project_services/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The GCP project you want to enable APIs on"
19 | value = element(concat([for v in google_project_service.project_services : v.project], [var.project_id]), 0)
20 | }
21 |
22 | output "enabled_apis" {
23 | description = "Enabled APIs in the project"
24 | value = [for api in google_project_service.project_services : api.service]
25 | }
26 |
27 | output "enabled_api_identities" {
28 | description = "Enabled API identities in the project"
29 | value = { for i in google_project_service_identity.project_service_identities : i.service => i.email }
30 | }
31 |
--------------------------------------------------------------------------------
/test/integration/budget/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: budget
16 | attributes:
17 | - name: project_id
18 | required: true
19 |
20 | - name: billing_account
21 | required: true
22 |
23 | - name: parent_project_id
24 | required: true
25 |
26 | - name: pubsub_topic
27 | required: true
28 |
29 | - name: main_budget_name
30 | required: true
31 |
32 | - name: additional_budget_name
33 | required: true
34 |
35 | - name: budget_amount
36 | required: true
37 |
38 | - name: budget_alert_spent_percents
39 | required: true
40 |
41 | - name: budget_services
42 | required: true
43 |
44 | - name: budget_credit_types_treatment
45 | required: true
46 |
--------------------------------------------------------------------------------
/examples/group_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "admin_email" {
18 | description = "Admin user email on Gsuite. This should be a user account, not a service account."
19 | }
20 |
21 | variable "organization_id" {
22 | description = "The organization id for the associated services"
23 | }
24 |
25 | variable "billing_account" {
26 | description = "The ID of the billing account to associate this project with"
27 | }
28 |
29 | variable "api_sa_group" {
30 | description = "An existing G Suite group email to place the Google APIs Service Account for the project in"
31 | }
32 |
33 | variable "project_group_name" {
34 | description = "The name of a G Suite group to create for controlling the project"
35 | }
36 |
37 |
--------------------------------------------------------------------------------
/examples/fabric_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | locals {
18 | prefix = var.prefix == "" ? random_string.prefix.result : var.prefix
19 | }
20 |
21 | resource "random_string" "prefix" {
22 | length = 30 - length(var.name) - 1
23 | upper = false
24 | numeric = false
25 | special = false
26 | }
27 |
28 | module "fabric-project" {
29 | source = "terraform-google-modules/project-factory/google//modules/fabric-project"
30 | version = "~> 18.0"
31 |
32 | activate_apis = var.activate_apis
33 | billing_account = var.billing_account
34 | name = var.name
35 | owners = var.owners
36 | parent = var.parent
37 | prefix = local.prefix
38 |
39 | deletion_policy = "DELETE"
40 | }
41 |
--------------------------------------------------------------------------------
/modules/quota_manager/metadata.display.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2024 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: blueprints.cloud.google.com/v1alpha1
16 | kind: BlueprintMetadata
17 | metadata:
18 | name: terraform-google-project-factory-display
19 | annotations:
20 | config.kubernetes.io/local-config: "true"
21 | spec:
22 | info:
23 | title: Consumer quota override for a project
24 | source:
25 | repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
26 | sourceType: git
27 | dir: /modules/quota_manager
28 | ui:
29 | input:
30 | variables:
31 | consumer_quotas:
32 | name: consumer_quotas
33 | title: Consumer Quotas
34 | project_id:
35 | name: project_id
36 | title: Project Id
37 |
--------------------------------------------------------------------------------
/modules/gsuite_enabled/versions.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 1.3"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | version = ">= 4.11, < 8"
23 | }
24 | google-beta = {
25 | source = "hashicorp/google-beta"
26 | version = ">= 4.11, < 8"
27 | }
28 | gsuite = {
29 | source = "DeviaVir/gsuite"
30 | version = "~> 0.1"
31 | }
32 | }
33 | provider_meta "google" {
34 | module_name = "blueprints/terraform/terraform-google-project-factory:gsuite_enabled/v18.2.0"
35 | }
36 | provider_meta "google-beta" {
37 | module_name = "blueprints/terraform/terraform-google-project-factory:gsuite_enabled/v18.2.0"
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/test/fixtures/shared_vpc_no_subnets/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | type = string
19 | }
20 |
21 | variable "folder_id" {
22 | type = string
23 | }
24 |
25 | variable "billing_account" {
26 | type = string
27 | description = "Billing account ID."
28 | }
29 |
30 | variable "random_string_for_testing" {
31 | type = string
32 | description = "A random string of characters to be appended to resource names to ensure uniqueness"
33 | }
34 |
35 | variable "domain" {
36 | type = string
37 | }
38 |
39 | variable "group_role" {
40 | default = "roles/viewer"
41 | type = string
42 | }
43 |
44 | variable "shared_vpc" {
45 | type = string
46 | }
47 |
48 | variable "gsuite_admin_account" {
49 | type = string
50 | }
51 |
--------------------------------------------------------------------------------
/examples/project_services/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | /******************************************
18 | Provider configuration
19 | *****************************************/
20 | module "project-services" {
21 | source = "terraform-google-modules/project-factory/google//modules/project_services"
22 | version = "~> 18.0"
23 |
24 | project_id = var.project_id
25 | enable_apis = var.enable
26 | disable_services_on_destroy = true
27 |
28 | activate_apis = [
29 | "sqladmin.googleapis.com",
30 | "bigquery-json.googleapis.com",
31 | ]
32 | activate_api_identities = [{
33 | api = "healthcare.googleapis.com"
34 | roles = [
35 | "roles/healthcare.serviceAgent",
36 | "roles/bigquery.jobUser",
37 | ]
38 | }]
39 | }
40 |
--------------------------------------------------------------------------------
/docs/upgrading_to_project_factory_v11.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Project Factory v11.0
2 |
3 | The v11.0 release of Project Factory is a backwards incompatible release.
4 |
5 | ## Migration Instructions
6 |
7 | ### Unused variables have been removed
8 |
9 | Variables `credentials_path` and `impersonate_service_account` have been removed as we have removed the need for gcloud and local-execs in [v10.0](https://github.com/terraform-google-modules/terraform-google-project-factory/blob/master/docs/upgrading_to_project_factory_v10.0.md). This change should be no-op.
10 |
11 | ```diff
12 | module "project-factory" {
13 | source = "terraform-google-modules/project-factory/google"
14 | - version = "~> 10.0"
15 | + version = "~> 11.0"
16 |
17 | name = "pf-test-1"
18 | random_project_id = "true"
19 | org_id = "1234567890"
20 | usage_bucket_name = "pf-test-1-usage-report-bucket"
21 | usage_bucket_prefix = "pf/test/1/integration"
22 | billing_account = "ABCDEF-ABCDEF-ABCDEF"
23 | - credentials_path = "..."
24 | - impersonate_service_account = "..."
25 | }
26 | ```
27 |
28 | ### Uniform Bucket Level Access is enabled by default
29 |
30 | Uniform Bucket Level Access is enabled by default and controlled by the `bucket_ula` variable.
31 |
32 | If you want to keep Uniform Bucket Level Access disabled, this variable should be set to false.
33 |
--------------------------------------------------------------------------------
/test/fixtures/minimal/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_name" {
18 | value = module.project-factory.project_name
19 | }
20 |
21 | output "project_id" {
22 | value = module.project-factory.project_id
23 | }
24 |
25 | output "project_number" {
26 | value = module.project-factory.project_number
27 | }
28 |
29 | output "service_account_email" {
30 | value = module.project-factory.service_account_email
31 | }
32 |
33 | output "compute_service_account_email" {
34 | value = "${module.project-factory.project_number}-compute@developer.gserviceaccount.com"
35 | }
36 |
37 | output "container_service_account_email" {
38 | value = "service-${module.project-factory.project_number}@container-engine-robot.iam.gserviceaccount.com"
39 | }
40 |
41 | output "group_email" {
42 | value = module.project-factory.group_email
43 | }
44 |
45 |
--------------------------------------------------------------------------------
/modules/essential_contacts/metadata.display.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2024 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: blueprints.cloud.google.com/v1alpha1
16 | kind: BlueprintMetadata
17 | metadata:
18 | name: terraform-google-project-factory-display
19 | annotations:
20 | config.kubernetes.io/local-config: "true"
21 | spec:
22 | info:
23 | title: Essential Contacts configuration
24 | source:
25 | repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
26 | sourceType: git
27 | dir: /modules/essential_contacts
28 | ui:
29 | input:
30 | variables:
31 | essential_contacts:
32 | name: essential_contacts
33 | title: Essential Contacts
34 | language_tag:
35 | name: language_tag
36 | title: Language Tag
37 | project_id:
38 | name: project_id
39 | title: Project Id
40 |
--------------------------------------------------------------------------------
/examples/app_engine/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | special = false
20 | upper = false
21 | }
22 |
23 | module "app-engine-project" {
24 | source = "terraform-google-modules/project-factory/google"
25 | version = "~> 18.0"
26 |
27 | name = "appeng-${random_string.suffix.result}"
28 | random_project_id = true
29 | org_id = var.org_id
30 | folder_id = var.folder_id
31 | billing_account = var.billing_account
32 | activate_apis = [
33 | "appengine.googleapis.com",
34 | ]
35 |
36 | deletion_policy = "DELETE"
37 | }
38 |
39 | module "app-engine" {
40 | source = "terraform-google-modules/project-factory/google//modules/app_engine"
41 | version = "~> 18.0"
42 |
43 | project_id = module.app-engine-project.project_id
44 | location_id = "us-east4"
45 | }
46 |
--------------------------------------------------------------------------------
/test/fixtures/vpc_sc_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "policy_name" {
18 | type = string
19 | description = "The policy's name"
20 | default = ""
21 | }
22 |
23 | variable "org_id" {
24 | type = string
25 | description = "The organization ID"
26 | }
27 |
28 | variable "folder_id" {
29 | type = string
30 | description = "The ID of a folder to host this project"
31 | }
32 |
33 | variable "billing_account" {
34 | type = string
35 | description = "Billing account ID"
36 | }
37 |
38 | variable "random_string_for_testing" {
39 | type = string
40 | description = "A random string of characters to be appended to resource names to ensure uniqueness"
41 | }
42 |
43 | variable "policy_id" {
44 | type = string
45 | description = "The ID of the access context manager policy the perimeter lies in"
46 | }
47 |
--------------------------------------------------------------------------------
/examples/group_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | /******************************************
18 | Provider configuration
19 | *****************************************/
20 | provider "gsuite" {
21 | impersonated_user_email = var.admin_email
22 |
23 | oauth_scopes = [
24 | "https://www.googleapis.com/auth/admin.directory.group",
25 | "https://www.googleapis.com/auth/admin.directory.group.member",
26 | ]
27 |
28 | }
29 |
30 | module "project-factory" {
31 | source = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
32 | version = "~> 18.0"
33 |
34 | random_project_id = true
35 | name = "group-sample-project"
36 | org_id = var.organization_id
37 | billing_account = var.billing_account
38 | create_group = true
39 | group_name = var.project_group_name
40 | api_sa_group = var.api_sa_group
41 | }
42 |
--------------------------------------------------------------------------------
/examples/gke_shared_vpc/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "organization id"
19 | }
20 |
21 | variable "billing_account" {
22 | description = "billing account"
23 | }
24 |
25 | variable "shared_vpc" {
26 | description = "The ID of the host project which hosts the shared VPC"
27 | }
28 |
29 | variable "shared_vpc_subnets" {
30 | description = "List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID)"
31 | type = list(string)
32 | default = []
33 | }
34 |
35 | variable "default_network_tier" {
36 | description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
37 | type = string
38 | default = ""
39 | }
40 |
--------------------------------------------------------------------------------
/examples/group_project/README.md:
--------------------------------------------------------------------------------
1 | # Group Project
2 |
3 | This example illustrates how to create a group project.
4 |
5 | It will do the following:
6 | - Create a project
7 | - Create a Gsuite group
8 | - Give members of the newly created Gsuite group the appropriate access on the project
9 | - Make APIs service account member of api_sa_group in Gsuite
10 |
11 | Expected variables:
12 | - `admin_email`
13 | - `organization_id`
14 | - `billing_account`
15 | - `api_sa_group`
16 |
17 |
18 | ## Inputs
19 |
20 | | Name | Description | Type | Default | Required |
21 | |------|-------------|------|---------|:--------:|
22 | | admin\_email | Admin user email on Gsuite. This should be a user account, not a service account. | `any` | n/a | yes |
23 | | api\_sa\_group | An existing G Suite group email to place the Google APIs Service Account for the project in | `any` | n/a | yes |
24 | | billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
25 | | organization\_id | The organization id for the associated services | `any` | n/a | yes |
26 | | project\_group\_name | The name of a G Suite group to create for controlling the project | `any` | n/a | yes |
27 |
28 | ## Outputs
29 |
30 | | Name | Description |
31 | |------|-------------|
32 | | domain\_example | The organization's domain |
33 | | group\_email\_example | The email of the created G Suite group |
34 | | project\_info\_example | The ID of the created project |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/modules/app_engine/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The project to enable app engine on."
19 | type = string
20 | }
21 |
22 | variable "location_id" {
23 | description = "The location to serve the app from."
24 | default = ""
25 | type = string
26 | }
27 |
28 | variable "auth_domain" {
29 | description = "The domain to authenticate users with when using App Engine's User API."
30 | default = ""
31 | type = string
32 | }
33 |
34 | variable "serving_status" {
35 | description = "The serving status of the app."
36 | default = "SERVING"
37 | type = string
38 | }
39 |
40 | variable "feature_settings" {
41 | description = "A list of maps of optional settings to configure specific App Engine features."
42 | type = list(object({ split_health_checks = bool }))
43 | default = [{ split_health_checks = true }]
44 | }
45 |
46 |
--------------------------------------------------------------------------------
/examples/essential_contacts/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2021 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | module "project-factory" {
18 | source = "terraform-google-modules/project-factory/google"
19 | version = "~> 18.0"
20 |
21 | name = "pf-ci-test-ec-${var.random_string_for_testing}"
22 | random_project_id = true
23 | org_id = var.org_id
24 | folder_id = var.folder_id
25 | billing_account = var.billing_account
26 |
27 | activate_apis = [
28 | "compute.googleapis.com",
29 | "container.googleapis.com",
30 | "essentialcontacts.googleapis.com",
31 | "serviceusage.googleapis.com"
32 | ]
33 |
34 | essential_contacts = {
35 | "user1@foo.com" = ["ALL"],
36 | "security@foo.com" = ["SECURITY", "TECHNICAL"],
37 | "app@foo.com" = ["TECHNICAL"]
38 | }
39 |
40 | language_tag = "en-US"
41 |
42 | default_service_account = "DISABLE"
43 | disable_services_on_destroy = false
44 |
45 | deletion_policy = "DELETE"
46 | }
47 |
--------------------------------------------------------------------------------
/test/integration/app_engine/controls/app-engine.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2018 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | project_id = attribute('project_id')
16 | region = attribute('region')
17 | app_name = attribute('app_name')
18 |
19 | control 'project-factory-app-engine' do
20 | title "Project Factory App Engine configuration"
21 |
22 | describe command("gcloud app describe --project #{project_id} --format=json") do
23 | its('exit_status') { should be 0 }
24 | its('stderr') { should eq '' }
25 |
26 | let(:metadata) do
27 | if subject.exit_status == 0
28 | JSON.parse(subject.stdout, symbolize_names: true)
29 | else
30 | {}
31 | end
32 | end
33 |
34 | it { expect(metadata[:featureSettings]).to include({splitHealthChecks: true}) }
35 | it { expect(metadata).to include(id: project_id) }
36 | it { expect(metadata).to include(name: app_name) }
37 | it { expect(metadata).to include(locationId: region) }
38 | it { expect(metadata).to include(servingStatus: 'SERVING') }
39 | end
40 | end
41 |
--------------------------------------------------------------------------------
/examples/project-hierarchy/README.md:
--------------------------------------------------------------------------------
1 | # Project Hierarchy
2 |
3 | This is example illustrates how to set up a project hierarchy.
4 |
5 | It will do the following:
6 | - Create a folder on an organization
7 | - Create two projects under the newly created folder
8 |
9 | Note: this example requires for the service account used by terraform to have the role resourcemanager.folderCreator . You can grant this role with the command "gcloud organizations add-iam-policy-binding" as in the example below
10 |
11 | ```
12 | gcloud organizations add-iam-policy-binding 1092662220185 \
13 | --member="serviceAccount:project-factory-12782@terraform-213322.iam.gserviceaccount.com" \
14 | --role="roles/resourcemanager.folderCreator"
15 | ```
16 |
17 | Expected variables:
18 | - `admin_email`
19 | - `organization_id`
20 | - `billing_account`
21 | - `credentials_path`
22 |
23 |
24 | ## Inputs
25 |
26 | | Name | Description | Type | Default | Required |
27 | |------|-------------|------|---------|:--------:|
28 | | admin\_email | Admin user email on Gsuite | `any` | n/a | yes |
29 | | billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
30 | | organization\_id | The organization id for the associated services | `any` | n/a | yes |
31 |
32 | ## Outputs
33 |
34 | | Name | Description |
35 | |------|-------------|
36 | | domain\_example | The organization's domain |
37 | | project\_info\_example | The ID of the created prod\_gke project |
38 | | project\_info\_factory\_example | The ID of the created factory project |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/docs/upgrading_to_project_factory_v2.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to Project Factory v2.0 (from v1.X)
2 |
3 | The v2.0 release of Project Factory is a backwards incompatible release. It only affects users who utilize the `app_engine` argument.
4 |
5 | ## Migration Instructions
6 |
7 | ### App Engine Argument Changes
8 |
9 | Version 1.X of Project Factory used the `app_engine` map variable to configure App Engine:
10 |
11 | ```hcl
12 | /// @file main.tf
13 | module "project-factory" {
14 | # ...
15 | app_engine {
16 | location_id = "${var.region}"
17 | auth_domain = "${var.domain}"
18 |
19 | feature_settings = [
20 | {
21 | split_health_checks = false
22 | },
23 | ]
24 | }
25 | }
26 | ```
27 |
28 | Version 2.X of Project Factory uses a new module named `app_engine`:
29 |
30 | ```hcl
31 | /// @file main.tf
32 | module "project-factory" {
33 | # ...
34 | }
35 |
36 | module "app-engine" {
37 | source = "terraform-google-modules/project-factory/google//modules/app_engine"
38 | version = "~> 2.0"
39 |
40 | project = "${var.project_id}
41 | location_id = "${var.region}"
42 | auth_domain = "${var.domain}"
43 |
44 | feature_settings = [
45 | {
46 | split_health_checks = true
47 | },
48 | ]
49 | }
50 | ```
51 |
52 | ### App Engine State Import
53 |
54 | The new implementation uses the `google_app_engine_application` resource which needs to be imported into the current state (make sure to replace `$YOUR_PROJECT_ID`):
55 |
56 | ```sh
57 | terraform import module.app-engine.google_app_engine_application.main $YOUR_PROJECT_ID
58 | ```
59 |
60 | After importing, run `terraform` `plan` and `apply`.
61 |
62 |
--------------------------------------------------------------------------------
/examples/fabric_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "activate_apis" {
18 | description = "Service APIs to enable."
19 | type = list(string)
20 | default = ["serviceusage.googleapis.com", "compute.googleapis.com"]
21 | }
22 |
23 | variable "billing_account" {
24 | description = "Billing account id."
25 | type = string
26 | }
27 |
28 | variable "name" {
29 | description = "Project name, joined with prefix."
30 | type = string
31 | default = "fabric-project"
32 | }
33 |
34 | variable "owners" {
35 | description = "Optional list of IAM-format members to set as project owners."
36 | type = list(string)
37 | default = []
38 | }
39 |
40 | variable "parent" {
41 | description = "Organization or folder id, in the `organizations/nnn` or `folders/nnn` format."
42 | type = string
43 | }
44 |
45 | variable "prefix" {
46 | description = "Prefix prepended to project name, uses random id by default."
47 | type = string
48 | default = ""
49 | }
50 |
--------------------------------------------------------------------------------
/test/setup/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | value = module.pfactory_project.project_id
19 | }
20 |
21 | output "shared_vpc" {
22 | value = module.pfactory_project.project_id
23 | }
24 |
25 | output "sa_key" {
26 | value = google_service_account_key.int_test.private_key
27 | sensitive = true
28 | }
29 |
30 | output "folder_id" {
31 | value = google_folder.ci_pfactory_folder.folder_id
32 | }
33 |
34 | output "org_id" {
35 | value = var.org_id
36 | }
37 |
38 | output "billing_account" {
39 | value = var.billing_account
40 | }
41 |
42 | output "random_string_for_testing" {
43 | value = random_id.random_string_for_testing.hex
44 | }
45 |
46 | output "gsuite_admin_account" {
47 | value = var.gsuite_admin_email
48 | }
49 |
50 | output "domain" {
51 | value = var.gsuite_domain
52 | }
53 |
54 | output "group_name" {
55 | value = "ci-pfactory-test-group-${random_id.folder_rand.hex}"
56 | }
57 |
58 | output "service_account_email" {
59 | value = google_service_account.int_test.email
60 | }
61 |
62 | output "tag_value" {
63 | value = google_tags_tag_value.value.name
64 | }
65 |
--------------------------------------------------------------------------------
/modules/app_engine/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "name" {
18 | description = "Unique name of the app, usually apps/{PROJECT_ID}."
19 | value = google_app_engine_application.main.name
20 | }
21 |
22 | output "url_dispatch_rule" {
23 | description = "A list of dispatch rule blocks. Each block has a domain, path, and service field."
24 | value = google_app_engine_application.main.url_dispatch_rule
25 | }
26 |
27 | output "code_bucket" {
28 | description = "The GCS bucket code is being stored in for this app."
29 | value = google_app_engine_application.main.code_bucket
30 | }
31 |
32 | output "default_hostname" {
33 | description = "The default hostname for this app."
34 | value = google_app_engine_application.main.default_hostname
35 | }
36 |
37 | output "default_bucket" {
38 | description = "The GCS bucket content is being stored in for this app."
39 | value = google_app_engine_application.main.default_bucket
40 | }
41 |
42 | output "location_id" {
43 | description = "The location app engine is serving from"
44 | value = google_app_engine_application.main.location_id
45 | }
46 |
47 |
--------------------------------------------------------------------------------
/examples/shared_vpc/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "organization_id" {
18 | description = "The organization id for the associated services"
19 | }
20 |
21 | variable "folder_id" {
22 | description = "The folder to create projects in"
23 | }
24 |
25 | variable "billing_account" {
26 | description = "The ID of the billing account to associate this project with"
27 | }
28 |
29 | variable "host_project_name" {
30 | description = "Name for Shared VPC host project"
31 | default = "shared-vpc-host"
32 | }
33 |
34 | variable "service_project_name" {
35 | description = "Name for Shared VPC service project"
36 | default = "shared-vpc-service"
37 | }
38 |
39 | variable "network_name" {
40 | description = "Name for Shared VPC network"
41 | default = "shared-network"
42 | }
43 |
44 | variable "default_network_tier" {
45 | description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
46 | type = string
47 | default = ""
48 | }
49 |
--------------------------------------------------------------------------------
/.github/workflows/stale.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2022-2025 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # NOTE: This file is automatically generated from:
16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github
17 |
18 | name: "Close stale issues"
19 | on:
20 | schedule:
21 | - cron: "0 23 * * *"
22 |
23 | permissions:
24 | contents: read
25 | issues: write
26 | pull-requests: write
27 | actions: write
28 |
29 | jobs:
30 | stale:
31 | if: github.repository_owner == 'GoogleCloudPlatform' || github.repository_owner == 'terraform-google-modules'
32 | runs-on: ubuntu-latest
33 | steps:
34 | - uses: actions/stale@v10
35 | with:
36 | repo-token: ${{ secrets.GITHUB_TOKEN }}
37 | stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days'
38 | stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days'
39 | exempt-issue-labels: 'triaged'
40 | exempt-pr-labels: 'dependencies,autorelease: pending'
41 | operations-per-run: 100
42 |
--------------------------------------------------------------------------------
/helpers/release-new-version.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2018 Google LLC
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | if [ -n "$(git status --porcelain)" ]; then
17 | echo -e "\nError, repository dirty, please commit or stash your changes.\n"
18 | exit 1
19 | fi
20 |
21 | NEW_VERSION=$(grep '##' CHANGELOG.md | head -n 1 | cut -d' ' -f2)
22 | NEW_RELEASE_NAME=v$NEW_VERSION
23 | CURRENT_RELEASE_NAME=$(git describe --abbrev=0 --tags)
24 |
25 | if [ "$NEW_RELEASE_NAME" == "$CURRENT_RELEASE_NAME" ]; then
26 | echo -e "\nLatest version already released.\n"
27 | echo -e "If this is not so, make sure CHANGELOG.md is updated as necessary.\n"
28 | exit 1
29 | fi
30 |
31 | echo -e "\nUpdating usage examples in README to use $NEW_RELEASE_NAME and commiting...\n"
32 |
33 | sed -i.bak -e "s/$CURRENT_RELEASE_NAME/$NEW_RELEASE_NAME/g" README.md && rm README.md.bak
34 |
35 | git checkout master && \
36 | git add README.md && \
37 | git commit -m "Update usage examples in README to use $NEW_RELEASE_NAME." > /dev/null 2>&1
38 |
39 | echo -e "Releasing $NEW_RELEASE_NAME...\n"
40 |
41 | git tag -a "$NEW_RELEASE_NAME" -m "$NEW_RELEASE_NAME" && \
42 | git push origin master --verbose && \
43 | git push origin "$NEW_RELEASE_NAME" --verbose
44 |
--------------------------------------------------------------------------------
/test/fixtures/full/README.md:
--------------------------------------------------------------------------------
1 | # full
2 |
3 |
4 | ## Inputs
5 |
6 | | Name | Description | Type | Default | Required |
7 | |------|-------------|------|---------|:--------:|
8 | | billing\_account | Billing account ID. | `string` | n/a | yes |
9 | | domain | n/a | `string` | n/a | yes |
10 | | folder\_id | n/a | `string` | n/a | yes |
11 | | group\_name | n/a | `string` | n/a | yes |
12 | | group\_role | n/a | `string` | `"roles/viewer"` | no |
13 | | gsuite\_admin\_account | n/a | `string` | n/a | yes |
14 | | org\_id | Organization ID. | `string` | n/a | yes |
15 | | random\_string\_for\_testing | A random string of characters to be appended to resource names to ensure uniqueness | `string` | n/a | yes |
16 | | region | n/a | `string` | `"us-east4"` | no |
17 | | sa\_group | n/a | `string` | n/a | yes |
18 | | sa\_role | n/a | `string` | `"roles/editor"` | no |
19 | | shared\_vpc | n/a | `string` | n/a | yes |
20 | | usage\_bucket\_name | n/a | `string` | n/a | yes |
21 | | usage\_bucket\_prefix | n/a | `string` | n/a | yes |
22 |
23 | ## Outputs
24 |
25 | | Name | Description |
26 | |------|-------------|
27 | | compute\_service\_account\_email | n/a |
28 | | domain | n/a |
29 | | extra\_service\_account\_email | n/a |
30 | | group\_email | n/a |
31 | | group\_role | n/a |
32 | | gsuite\_admin\_account | n/a |
33 | | project\_id | n/a |
34 | | project\_name | n/a |
35 | | project\_number | n/a |
36 | | region | n/a |
37 | | sa\_role | n/a |
38 | | service\_account\_email | n/a |
39 | | shared\_vpc | n/a |
40 | | shared\_vpc\_subnet\_name\_01 | n/a |
41 | | shared\_vpc\_subnet\_name\_02 | n/a |
42 | | shared\_vpc\_subnet\_region\_01 | n/a |
43 | | shared\_vpc\_subnet\_region\_02 | n/a |
44 | | usage\_bucket\_name | n/a |
45 | | usage\_bucket\_prefix | n/a |
46 |
47 |
48 |
--------------------------------------------------------------------------------
/test/fixtures/full/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | type = string
19 | description = "Organization ID."
20 | }
21 |
22 | variable "folder_id" {
23 | type = string
24 | }
25 |
26 | variable "billing_account" {
27 | type = string
28 | description = "Billing account ID."
29 | }
30 |
31 | variable "random_string_for_testing" {
32 | type = string
33 | description = "A random string of characters to be appended to resource names to ensure uniqueness"
34 | }
35 |
36 | variable "domain" {
37 | type = string
38 | }
39 |
40 | variable "usage_bucket_name" {
41 | type = string
42 | }
43 |
44 | variable "usage_bucket_prefix" {
45 | type = string
46 | }
47 |
48 | variable "group_name" {
49 | type = string
50 | }
51 |
52 | variable "group_role" {
53 | default = "roles/viewer"
54 | type = string
55 | }
56 |
57 | variable "sa_role" {
58 | default = "roles/editor"
59 | type = string
60 | }
61 |
62 | variable "sa_group" {
63 | type = string
64 | }
65 |
66 | variable "region" {
67 | default = "us-east4"
68 | type = string
69 | }
70 |
71 | variable "gsuite_admin_account" {
72 | type = string
73 | }
74 |
75 | variable "shared_vpc" {
76 | type = string
77 | }
78 |
--------------------------------------------------------------------------------
/examples/shared_vpc/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "host_project_id" {
18 | value = module.host-project.project_id
19 | description = "The ID of the created project"
20 | }
21 |
22 | output "host_project" {
23 | value = module.host-project
24 | description = "The full host project info"
25 | }
26 |
27 | output "service_project" {
28 | value = module.service-project
29 | description = "The service project info"
30 | }
31 |
32 | output "service_project_b" {
33 | value = module.service-project-b
34 | description = "The second service project"
35 | }
36 |
37 | output "service_project_c" {
38 | value = module.service-project-c
39 | description = "The third service project"
40 | }
41 |
42 | output "vpc" {
43 | value = module.vpc
44 | description = "The network info"
45 | }
46 |
47 | output "network_name" {
48 | value = module.vpc.network_name
49 | description = "The name of the VPC being created"
50 | }
51 |
52 | output "network_self_link" {
53 | value = module.vpc.network_self_link
54 | description = "The URI of the VPC being created"
55 | }
56 |
57 | output "subnets" {
58 | value = module.vpc.subnets_self_links
59 | description = "The shared VPC subets"
60 | }
61 |
--------------------------------------------------------------------------------
/test/integration/dynamic_shared_vpc/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: dynamic_shared_vpc
16 | depends:
17 | - name: inspec-gcp
18 | git: https://github.com/inspec/inspec-gcp.git
19 | tag: v1.8.2
20 | attributes:
21 | - name: service_project_name
22 | required: true
23 | type: string
24 | - name: service_project_id
25 | required: true
26 | type: string
27 | - name: service_project_ids
28 | required: true
29 | type: array
30 | - name: service_project_number
31 | required: true
32 | type: string
33 | - name: service_project_b_number
34 | required: true
35 | type: string
36 | - name: service_project_c_number
37 | required: true
38 | type: string
39 | - name: service_account_email
40 | required: true
41 | type: string
42 | - name: secondary_service_account_email
43 | required: true
44 | type: string
45 | - name: shared_vpc
46 | required: false
47 | default: null
48 | - name: shared_vpc_subnet_name_01
49 | type: string
50 | required: true
51 | - name: shared_vpc_subnet_region_01
52 | type: string
53 | required: true
54 | - name: shared_vpc_subnet_name_02
55 | type: string
56 | required: true
57 | - name: shared_vpc_subnet_region_02
58 | type: string
59 | required: true
60 |
--------------------------------------------------------------------------------
/test/fixtures/vpc_sc_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_name" {
18 | value = module.project-factory.project_name
19 | }
20 |
21 | output "project_id" {
22 | value = module.project-factory.project_id
23 | }
24 |
25 | output "project_number" {
26 | value = module.project-factory.project_number
27 | }
28 |
29 | output "perimeter_name" {
30 | value = local.perimeter_name
31 | }
32 |
33 | output "policy_id" {
34 | value = var.policy_id
35 | }
36 |
37 | output "service_account_email" {
38 | value = module.project-factory.service_account_email
39 | description = "The email of the default service account"
40 | }
41 |
42 | output "compute_service_account_email" {
43 | value = "${module.project-factory.project_number}-compute@developer.gserviceaccount.com"
44 | description = "The email of the default compute engine service account"
45 | }
46 |
47 | output "container_service_account_email" {
48 | value = "service-${module.project-factory.project_number}@container-engine-robot.iam.gserviceaccount.com"
49 | description = "The email of the default gke service account"
50 | }
51 |
52 | output "group_email" {
53 | value = module.project-factory.group_email
54 | description = "The email of the G Suite group with group_name"
55 | }
56 |
--------------------------------------------------------------------------------
/test/integration/tags_project/tags_project_test.go:
--------------------------------------------------------------------------------
1 | // Copyright 2024 Google LLC
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | package tags_project
16 |
17 | import (
18 | "fmt"
19 | "testing"
20 |
21 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
22 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
23 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils"
24 | "github.com/stretchr/testify/assert"
25 | )
26 |
27 | func TestTagsProject(t *testing.T) {
28 | tagsProjectT := tft.NewTFBlueprintTest(t)
29 | tagsProjectT.DefineVerify(func(assert *assert.Assertions) {
30 | tagsProjectT.DefaultVerify(assert)
31 |
32 | projectNum := tagsProjectT.GetStringOutput("project_num")
33 | tagValue := tagsProjectT.GetTFSetupStringOutput("tag_value")
34 |
35 | parent := fmt.Sprintf("//cloudresourcemanager.googleapis.com/projects/%s", projectNum)
36 | projBindings := gcloud.Runf(t, "resource-manager tags bindings list --parent=%s", parent).Array()
37 | assert.Len(projBindings, 1, "expected one binding")
38 |
39 | binding := utils.GetFirstMatchResult(t, projBindings, "parent", parent)
40 | assert.Equalf(fmt.Sprintf("tagValues/%s", tagValue), binding.Get("tagValue").String(), "expected binding to %s", tagValue)
41 | })
42 | tagsProjectT.Test()
43 | }
44 |
--------------------------------------------------------------------------------
/modules/quota_manager/README.md:
--------------------------------------------------------------------------------
1 | # Consumer quota override for a project
2 |
3 | This module allows to manage the consumer override of quotas of a [google service usage consumer quota override](https://www.terraform.io/docs/providers/google/r/service_usage_consumer_quota_override.html) tied to a specific `project_id`
4 |
5 | ## Usage
6 |
7 | Basic usage of this module is as follows:
8 |
9 | ```hcl
10 | module "project_quota_manager" {
11 | source = "terraform-google-modules/project-factory/google//modules/quota_manager"
12 | project = "my-project-id"
13 | consumer_quotas = [
14 | {
15 | service = "compute.googleapis.com"
16 | metric = "SimulateMaintenanceEventGroup"
17 | dimensions = { region = "us-central1" }
18 | limit = "%2F100s%2Fproject"
19 | value = "19"
20 | },{
21 | service = "servicemanagement.googleapis.com"
22 | metric = "servicemanagement.googleapis.com%2Fdefault_requests"
23 | dimensions = {}
24 | limit = "%2Fmin%2Fproject"
25 | value = "95"
26 | }
27 | ]
28 | }
29 | ```
30 |
31 |
32 | ## Inputs
33 |
34 | | Name | Description | Type | Default | Required |
35 | |------|-------------|------|---------|:--------:|
36 | | consumer\_quotas | The quotas configuration you want to override for the project. | list(object({
service = string,
metric = string,
dimensions = map(string),
limit = string,
value = string,
})) | n/a | yes |
37 | | project\_id | The GCP project where you want to manage the consumer quotas | `string` | n/a | yes |
38 |
39 | ## Outputs
40 |
41 | | Name | Description |
42 | |------|-------------|
43 | | quota\_overrides | The server-generated names of the quota override. |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/modules/project_services/metadata.display.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2024 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: blueprints.cloud.google.com/v1alpha1
16 | kind: BlueprintMetadata
17 | metadata:
18 | name: terraform-google-project-factory-display
19 | annotations:
20 | config.kubernetes.io/local-config: "true"
21 | spec:
22 | info:
23 | title: Project API Activation
24 | source:
25 | repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
26 | sourceType: git
27 | dir: /modules/project_services
28 | ui:
29 | input:
30 | variables:
31 | activate_api_identities:
32 | name: activate_api_identities
33 | title: Activate Api Identities
34 | activate_apis:
35 | name: activate_apis
36 | title: Activate Apis
37 | altDefaults:
38 | - type: ALTERNATE_TYPE_DC
39 | value:
40 | - aiplatform.googleapis.com
41 | disable_dependent_services:
42 | name: disable_dependent_services
43 | title: Disable Dependent Services
44 | disable_services_on_destroy:
45 | name: disable_services_on_destroy
46 | title: Disable Services On Destroy
47 | enable_apis:
48 | name: enable_apis
49 | title: Enable Apis
50 | project_id:
51 | name: project_id
52 | title: Project Id
53 |
--------------------------------------------------------------------------------
/examples/project-hierarchy/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | /******************************************
18 | Provider configuration
19 | *****************************************/
20 | provider "gsuite" {
21 | impersonated_user_email = var.admin_email
22 |
23 | oauth_scopes = [
24 | "https://www.googleapis.com/auth/admin.directory.group",
25 | "https://www.googleapis.com/auth/admin.directory.group.member",
26 | ]
27 | }
28 |
29 | resource "google_folder" "prod" {
30 | display_name = "gcp-prod"
31 | parent = "organizations/${var.organization_id}"
32 | }
33 |
34 | module "project-prod-gke" {
35 | source = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
36 | version = "~> 18.0"
37 |
38 | random_project_id = true
39 | name = "hierarchy-sample-prod-gke"
40 | org_id = var.organization_id
41 | billing_account = var.billing_account
42 | folder_id = google_folder.prod.folder_id
43 | }
44 |
45 | module "project-factory" {
46 | source = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
47 | version = "~> 18.0"
48 |
49 | random_project_id = true
50 | name = "hierarchy-sample-factory"
51 | org_id = var.organization_id
52 | billing_account = var.billing_account
53 | folder_id = google_folder.prod.folder_id
54 | }
55 |
--------------------------------------------------------------------------------
/modules/essential_contacts/README.md:
--------------------------------------------------------------------------------
1 | # Essential Contacts configuration
2 |
3 | This module uses the [`google_essential_contacts_contact`](https://www.terraform.io/docs/providers/google/r/google_project_service.html)
4 | resource to add contact emails which will receive notification types from Google Cloud, using specified subcription types.
5 |
6 | ## Prerequisites
7 |
8 | 1. Service account used to run Terraform has permission to administer Essential Contacts:
9 | [`roles/essentialcontacts.admin`](https://cloud.google.com/iam/docs/understanding-roles#other-roles).
10 | 2. The target project has the Essential Contacts API enabled `essentialcontacts.googleapis.com `
11 |
12 | ## Example Usage
13 | ```
14 | module "essential_contacts" {
15 | source = "../../modules/essential_contacts"
16 | project_id = var.project_id
17 |
18 | essential_contacts = {
19 | "user1@foo.com" = ["ALL"],
20 | "security@foo.com" = ["SECURITY", "TECHNICAL"],
21 | "app@foo.com" = ["TECHNICAL"]
22 | }
23 |
24 | language_tag = "en-US"
25 | }
26 | ```
27 |
28 | See [examples/essential_contacts](./examples/essential_contacts) for a full example.
29 |
30 |
31 | ## Inputs
32 |
33 | | Name | Description | Type | Default | Required |
34 | |------|-------------|------|---------|:--------:|
35 | | essential\_contacts | A mapping of users or groups to be assigned as Essential Contacts to the project, specifying a notification category | `map(list(string))` | `{}` | no |
36 | | language\_tag | Language code to be used for essential contacts notifiactions | `string` | n/a | yes |
37 | | project\_id | The GCP project you want to send Essential Contacts notifications for | `string` | n/a | yes |
38 |
39 | ## Outputs
40 |
41 | | Name | Description |
42 | |------|-------------|
43 | | essential\_contacts | Essential Contact resources created |
44 | | project\_id | The GCP project you want to enable APIs on |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/examples/gke_shared_vpc/README.md:
--------------------------------------------------------------------------------
1 | # Simple project with GKE shared VPC
2 |
3 | This illustrates how to create a project with a shared VPC from a host project that is GKE suitable.
4 |
5 | As shown in this example, GKE shared VPC is only enabled if the "container.googleapis.com" API is in the "activate_apis" variable list.
6 |
7 | It will do the following:
8 |
9 | - Create a project
10 | - Give appropriate iam permissions to the API and GKE service accounts on the host vpc project
11 |
12 | Expected variables:
13 |
14 | - `org_id`
15 | - `billing_account`
16 | - `shared_vpc`
17 |
18 | To specify a subnet use the "shared_vpc_subnets" variable, and list subnets like the following:
19 |
20 | - ["projects//regions//subnetworks/", "projects//regions//subnetworks/"]
21 |
22 | If no subnets are specified, all networks and subnets from the host project are shared.
23 |
24 | More information about GKE with Shared VPC can be found here: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc
25 |
26 |
27 | ## Inputs
28 |
29 | | Name | Description | Type | Default | Required |
30 | |------|-------------|------|---------|:--------:|
31 | | billing\_account | billing account | `any` | n/a | yes |
32 | | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
33 | | org\_id | organization id | `any` | n/a | yes |
34 | | shared\_vpc | The ID of the host project which hosts the shared VPC | `any` | n/a | yes |
35 | | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT\_ID/regions/$REGION/subnetworks/$SUBNET\_ID) | `list(string)` | `[]` | no |
36 |
37 | ## Outputs
38 |
39 | No outputs.
40 |
41 |
42 |
--------------------------------------------------------------------------------
/examples/shared_vpc/README.md:
--------------------------------------------------------------------------------
1 | # Shared VPC Host Project
2 |
3 | This example illustrates how to create a [Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) host project.
4 |
5 | It includes creating the host project and using the [network module](https://github.com/terraform-google-modules/terraform-google-network) to create network.
6 |
7 | It then attaches two new service projects to the host project.
8 |
9 |
10 | ## Inputs
11 |
12 | | Name | Description | Type | Default | Required |
13 | |------|-------------|------|---------|:--------:|
14 | | billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
15 | | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
16 | | folder\_id | The folder to create projects in | `any` | n/a | yes |
17 | | host\_project\_name | Name for Shared VPC host project | `string` | `"shared-vpc-host"` | no |
18 | | network\_name | Name for Shared VPC network | `string` | `"shared-network"` | no |
19 | | organization\_id | The organization id for the associated services | `any` | n/a | yes |
20 | | service\_project\_name | Name for Shared VPC service project | `string` | `"shared-vpc-service"` | no |
21 |
22 | ## Outputs
23 |
24 | | Name | Description |
25 | |------|-------------|
26 | | host\_project | The full host project info |
27 | | host\_project\_id | The ID of the created project |
28 | | network\_name | The name of the VPC being created |
29 | | network\_self\_link | The URI of the VPC being created |
30 | | service\_project | The service project info |
31 | | service\_project\_b | The second service project |
32 | | service\_project\_c | The third service project |
33 | | subnets | The shared VPC subets |
34 | | vpc | The network info |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/examples/quota_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | /******************************************
18 | Consumer Quota
19 | *****************************************/
20 |
21 | resource "random_string" "suffix" {
22 | length = 4
23 | special = false
24 | upper = false
25 | }
26 |
27 | module "quota-project" {
28 | source = "terraform-google-modules/project-factory/google"
29 | version = "~> 18.0"
30 |
31 | name = "pf-ci-test-quota-${random_string.suffix.result}"
32 | random_project_id = true
33 | org_id = var.org_id
34 | folder_id = var.folder_id
35 | billing_account = var.billing_account
36 |
37 | activate_apis = [
38 | "serviceusage.googleapis.com",
39 | "compute.googleapis.com",
40 | "servicemanagement.googleapis.com"
41 | ]
42 |
43 | consumer_quotas = [
44 | {
45 | service = "compute.googleapis.com"
46 | metric = urlencode("compute.googleapis.com/n2_cpus")
47 | limit = urlencode("/project/region")
48 | dimensions = {
49 | region = "us-central1"
50 | }
51 | value = "10"
52 | },
53 | {
54 | service = "servicemanagement.googleapis.com"
55 | metric = urlencode("servicemanagement.googleapis.com/default_requests")
56 | limit = urlencode("/min/project")
57 | dimensions = {}
58 | value = "95"
59 | }
60 | ]
61 |
62 | deletion_policy = "DELETE"
63 | }
64 |
--------------------------------------------------------------------------------
/test/fixtures/minimal/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | terraform {
18 | required_version = ">= 0.13"
19 | required_providers {
20 | google = {
21 | source = "hashicorp/google"
22 | }
23 | google-beta = {
24 | source = "hashicorp/google-beta"
25 | }
26 | null = {
27 | source = "hashicorp/null"
28 | version = "~> 3.0"
29 | }
30 | random = {
31 | source = "hashicorp/random"
32 | version = "~> 3.0"
33 | }
34 | }
35 | }
36 | module "project-factory" {
37 | source = "../../../"
38 |
39 | name = "pf-ci-test-minimal-${var.random_string_for_testing}"
40 | random_project_id = true
41 | org_id = var.org_id
42 | folder_id = var.folder_id
43 | billing_account = var.billing_account
44 |
45 | activate_apis = [
46 | "compute.googleapis.com",
47 | "container.googleapis.com",
48 | ]
49 |
50 | default_service_account = "DISABLE"
51 | disable_services_on_destroy = false
52 |
53 | deletion_policy = "DELETE"
54 | }
55 |
56 | // Add a binding to the container service robot account to test that the
57 | // dependency on that service is correctly sequenced.
58 | resource "google_project_iam_member" "iam-binding" {
59 | project = module.project-factory.project_id
60 | role = "roles/container.developer"
61 | member = "serviceAccount:service-${module.project-factory.project_number}@container-engine-robot.iam.gserviceaccount.com"
62 | }
63 |
--------------------------------------------------------------------------------
/test/integration/fabric_project/controls/project_fabric.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2018 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | project_id = attribute('project_id')
16 |
17 | control 'fabric-project' do
18 | title 'Submodule Project Fabric'
19 |
20 | describe command("gcloud projects describe #{project_id} --format=json") do
21 | its('exit_status') { should be 0 }
22 | its('stderr') { should eq '' }
23 |
24 | let(:metadata) do
25 | if subject.exit_status == 0
26 | JSON.parse(subject.stdout, symbolize_names: true)
27 | else
28 | {}
29 | end
30 | end
31 |
32 | it { expect(metadata).to include(name: project_id) }
33 | it { expect(metadata).to include(projectId: project_id) }
34 | end
35 |
36 | describe command("gcloud services list --project #{project_id}") do
37 | its('exit_status') { should be 0 }
38 | its('stderr') { should eq '' }
39 |
40 | its('stdout') { should match(/compute\.googleapis\.com/) }
41 | its('stdout') { should match(/storage-api\.googleapis\.com/) }
42 | end
43 |
44 | describe command("gcloud alpha resource-manager liens list --project #{project_id} --format=json") do
45 | its('exit_status') { should be 0 }
46 | its('stderr') { should eq '' }
47 |
48 | let(:liens) do
49 | if subject.exit_status == 0
50 | JSON.parse(subject.stdout, symbolize_names: true)
51 | else
52 | []
53 | end
54 | end
55 |
56 | it "has no liens" do
57 | expect(liens).to be_empty
58 | end
59 | end
60 |
61 | end
62 |
--------------------------------------------------------------------------------
/examples/budget_project/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "org_id" {
18 | description = "The organization ID."
19 | type = string
20 | }
21 |
22 | variable "folder_id" {
23 | description = "The ID of a folder to host this project."
24 | type = string
25 | default = ""
26 | }
27 |
28 | variable "parent_project_id" {
29 | description = "The project_id of the parent project to add as an additional project for the budget"
30 | type = string
31 | }
32 |
33 | variable "billing_account" {
34 | description = "The ID of the billing account to associate this project with"
35 | type = string
36 | }
37 |
38 | variable "budget_amount" {
39 | description = "The amount to use for the budget"
40 | default = 10
41 | type = number
42 | }
43 |
44 | variable "budget_alert_spent_percents" {
45 | description = "The list of percentages of the budget to alert on"
46 | type = list(number)
47 | default = [0.7, 0.8, 0.9, 1.0]
48 | }
49 |
50 | variable "budget_services" {
51 | description = "A list of services to be included in the budget"
52 | type = list(string)
53 | default = [
54 | "6F81-5844-456A", # Compute Engine
55 | "A1E8-BE35-7EBC" # Pub/Sub
56 | ]
57 | }
58 |
59 | variable "budget_credit_types_treatment" {
60 | description = "Specifies how credits should be treated when determining spend for threshold calculations"
61 | type = string
62 | default = "EXCLUDE_ALL_CREDITS"
63 | }
64 |
--------------------------------------------------------------------------------
/docs/upgrading_to_fabric_project_v5.0.md:
--------------------------------------------------------------------------------
1 | # Upgrading to the Fabric Project module v5.0
2 |
3 | **This document only applies to the `fabric-project` module. If you use the main module or other submodules, you can stop reading now.**
4 |
5 | The v5.0 release of the `fabric-project` module is a backwards incompatible release, changing how Google Project Services (APIs) are managed.
6 |
7 | ## Migration instructions
8 |
9 | First, ensure there are no pending changes to infrastructure by applying existing code.
10 |
11 | ```shell
12 | terraform apply
13 | ```
14 |
15 | Backup Terraform state for safety.
16 |
17 | ```shell
18 | terraform state pull >terraform-state.json
19 | ```
20 |
21 | Update the `fabric-project` version to 5.0.0, run `terraform init`, then identify project service resources to move.
22 |
23 | ```shell
24 | tf state list |grep module.project_services.google_project_service | sed 's/\[.*$//' |uniq
25 | ```
26 |
27 | The command will output a list of resources which will need to be moved in Terraform state:
28 |
29 | ```
30 | module.audit-project.module.project_services.google_project_service.project_services
31 | module.service-project.module.project_services.google_project_service.project_services
32 | ```
33 |
34 | For each of the above resources, issue a `terraform state mv` command, where the destination resource omits `module.project_services`. Using the example above:
35 |
36 | ```shell
37 | terraform state mv \
38 | module.audit-project.module.project_services.google_project_service.project_services \
39 | module.audit-project.google_project_service.project_services
40 | terraform state mv \
41 | module.service-project.module.project_services.google_project_service.project_services \
42 | module.service-project.google_project_service.project_services
43 | ```
44 |
45 | Once done, test that `terraform plan` won't create or destroy any `google_project_service` resource, then delete the `terraform-state.json` file you saved earlier.
46 |
47 | In case of issues, revert the module version, run `terraform init`, then revert to the known working Terraform state version with `terraform state push terraform-state.json`.
48 |
--------------------------------------------------------------------------------
/modules/fabric-project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "Project id (depends on services)."
19 | value = trimprefix(google_project.project.id, "projects/")
20 | depends_on = [google_project_service.project_services]
21 | }
22 |
23 | output "name" {
24 | description = "Name (depends on services)."
25 | value = google_project.project.name
26 | depends_on = [google_project_service.project_services]
27 | }
28 |
29 | output "number" {
30 | description = "Project number (depends on services)."
31 | value = google_project.project.number
32 | depends_on = [google_project_service.project_services]
33 | }
34 |
35 | output "cloudsvc_service_account" {
36 | description = "Cloud services service account (depends on services)."
37 | value = local.cloudsvc_service_account
38 | depends_on = [google_project_service.project_services]
39 | }
40 |
41 | output "gce_service_account" {
42 | description = "Default GCE service account (depends on services)."
43 | value = local.gce_service_account
44 | depends_on = [google_project_service.project_services]
45 | }
46 |
47 | output "gke_service_account" {
48 | description = "Default GKE service account (depends on services)."
49 | value = local.gke_service_account
50 | depends_on = [google_project_service.project_services]
51 | }
52 |
53 | output "custom_roles" {
54 | description = "Ids of the created custom roles."
55 | value = google_project_iam_custom_role.roles[*].role_id
56 | }
57 |
58 |
--------------------------------------------------------------------------------
/test/integration/full/inspec.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2021 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | name: full
16 | attributes:
17 | - name: project_name
18 | required: true
19 | type: string
20 |
21 | - name: project_id
22 | required: true
23 | type: string
24 |
25 | - name: project_number
26 | required: true
27 | type: string
28 |
29 | - name: service_account_email
30 | required: true
31 | type: string
32 |
33 | - name: extra_service_account_email
34 | required: true
35 | type: string
36 |
37 | - name: compute_service_account_email
38 | required: true
39 | type: string
40 |
41 | - name: sa_role
42 | required: false
43 | default: null
44 |
45 | - name: usage_bucket_name
46 | required: false
47 | default: null
48 |
49 | - name: usage_bucket_prefix
50 | required: false
51 | default: null
52 |
53 | - name: shared_vpc
54 | required: false
55 | default: null
56 |
57 | - name: group_role
58 | type: string
59 | required: true
60 |
61 | - name: group_email
62 | required: true
63 |
64 | - name: gsuite_admin_account
65 | required: true
66 |
67 | - name: region
68 | required: true
69 |
70 | - name: domain
71 | type: string
72 | required: true
73 |
74 | - name: shared_vpc_subnet_name_01
75 | type: string
76 | required: true
77 |
78 | - name: shared_vpc_subnet_region_01
79 | type: string
80 | required: true
81 |
82 | - name: shared_vpc_subnet_name_02
83 | type: string
84 | required: true
85 |
86 | - name: shared_vpc_subnet_region_02
87 | type: string
88 | required: true
89 |
--------------------------------------------------------------------------------
/examples/budget_project/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The project ID created"
19 | value = module.budget_project.project_id
20 | }
21 |
22 | output "parent_project_id" {
23 | description = "The project_id of the parent project to add as an additional project for the budget"
24 | value = var.parent_project_id
25 | }
26 |
27 | output "pubsub_topic" {
28 | description = "The PubSub topic name created for budget alerts"
29 | value = google_pubsub_topic.budget.name
30 | }
31 |
32 | output "main_budget_name" {
33 | description = "The name of the budget created by the core project factory module"
34 | value = module.budget_project.budget_name
35 | }
36 |
37 | output "additional_budget_name" {
38 | description = "The name of the 2nd budget manually created"
39 | value = module.additional_budget.name
40 | }
41 |
42 | output "budget_amount" {
43 | description = "The amount to use for the budget"
44 | value = var.budget_amount
45 | }
46 |
47 | output "budget_alert_spent_percents" {
48 | description = "The list of percentages of the budget to alert on"
49 | value = var.budget_alert_spent_percents
50 | }
51 |
52 | output "budget_services" {
53 | description = "A list of services to be included in the budget"
54 | value = var.budget_services
55 | }
56 |
57 | output "budget_credit_types_treatment" {
58 | description = "Specifies how credits should be treated when determining spend for threshold calculations"
59 | value = var.budget_credit_types_treatment
60 | }
61 |
--------------------------------------------------------------------------------
/test/integration/shared_vpc_no_subnets/controls/gcp.rb:
--------------------------------------------------------------------------------
1 | # Copyright 2018 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # https://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | group_email = attribute('group_email')
16 | shared_vpc = attribute('shared_vpc')
17 |
18 | control "gcp" do
19 | # The shared_vpc_no_subnets scenario is testing to ensure that
20 | # compute.networkUser bindings are set at the shared VPC host project level
21 | # and aren't set at the subnetwork level. The only way to be sure that
22 | # subnetwork bindings haven't been created (because a subnetwork was not
23 | # specified) is to loop through all subnetworks in all regions and ensure
24 | # there aren't any bindings set for the group being tested
25 | google_compute_regions(
26 | project: shared_vpc
27 | ).region_names.each do |region|
28 | google_compute_subnetworks(
29 | project: shared_vpc,
30 | region: region,
31 | ).subnetwork_names.each do |subnetwork_name|
32 | describe "IAM bindings for subnetwork #{subnetwork_name} in region #{region}" do
33 | let(:bindings) do
34 | output = %x{gcloud beta compute networks subnets get-iam-policy #{subnetwork_name} --region #{region} --project #{shared_vpc} --format=json}
35 | JSON.parse(output, symbolize_names: true)[:bindings]
36 | end
37 |
38 | it "do not include #{group_email} in the roles/compute.networkUser IAM binding" do
39 | unless bindings.nil?
40 | expect(bindings).not_to include(
41 | members: including("group:#{group_email}"),
42 | role: "roles/compute.networkUser",
43 | )
44 | end
45 | end
46 | end
47 | end
48 | end
49 | end
50 |
51 |
--------------------------------------------------------------------------------
/test/fixtures/vpc_sc_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | locals {
18 | perimeter_name = "regular_service_perimeter_${var.random_string_for_testing}"
19 | }
20 |
21 | module "regular_service_perimeter_1" {
22 | source = "terraform-google-modules/vpc-service-controls/google//modules/regular_service_perimeter"
23 | version = "~> 7.0"
24 | policy = var.policy_id
25 | perimeter_name = local.perimeter_name
26 | description = "New service perimeter"
27 | resources = []
28 |
29 | restricted_services = ["storage.googleapis.com"]
30 | }
31 |
32 | module "project-factory" {
33 | source = "../../../"
34 |
35 | name = "test-vpc-sc-proj-${var.random_string_for_testing}"
36 | random_project_id = true
37 | org_id = var.org_id
38 | folder_id = var.folder_id
39 | billing_account = var.billing_account
40 |
41 | activate_apis = [
42 | "compute.googleapis.com",
43 | "accesscontextmanager.googleapis.com",
44 | "storage-component.googleapis.com",
45 | "cloudresourcemanager.googleapis.com"
46 | ]
47 |
48 | default_service_account = "DISABLE"
49 | disable_services_on_destroy = false
50 |
51 | vpc_service_control_attach_enabled = true
52 | vpc_service_control_perimeter_name = "accessPolicies/${var.policy_id}/servicePerimeters/${local.perimeter_name}"
53 |
54 | deletion_policy = "DELETE"
55 | }
56 |
57 | resource "google_project_iam_member" "iam-binding" {
58 | project = module.project-factory.project_id
59 | role = "roles/editor"
60 | member = "serviceAccount:${module.project-factory.service_account_email}"
61 | }
62 |
--------------------------------------------------------------------------------
/examples/budget_project/README.md:
--------------------------------------------------------------------------------
1 | # Budget Project
2 |
3 | This example illustrates how to create a simple project with Budget alerts created.
4 |
5 | It will do the following:
6 | - Create a PubSub Topic
7 | - Create a project
8 | - Enable Budget creating on the project with PubSub forwarding
9 |
10 |
11 | ## Inputs
12 |
13 | | Name | Description | Type | Default | Required |
14 | |------|-------------|------|---------|:--------:|
15 | | billing\_account | The ID of the billing account to associate this project with | `string` | n/a | yes |
16 | | budget\_alert\_spent\_percents | The list of percentages of the budget to alert on | `list(number)` | [
0.7,
0.8,
0.9,
1
]
| no |
17 | | budget\_amount | The amount to use for the budget | `number` | `10` | no |
18 | | budget\_credit\_types\_treatment | Specifies how credits should be treated when determining spend for threshold calculations | `string` | `"EXCLUDE_ALL_CREDITS"` | no |
19 | | budget\_services | A list of services to be included in the budget | `list(string)` | [
"6F81-5844-456A",
"A1E8-BE35-7EBC"
]
| no |
20 | | folder\_id | The ID of a folder to host this project. | `string` | `""` | no |
21 | | org\_id | The organization ID. | `string` | n/a | yes |
22 | | parent\_project\_id | The project\_id of the parent project to add as an additional project for the budget | `string` | n/a | yes |
23 |
24 | ## Outputs
25 |
26 | | Name | Description |
27 | |------|-------------|
28 | | additional\_budget\_name | The name of the 2nd budget manually created |
29 | | budget\_alert\_spent\_percents | The list of percentages of the budget to alert on |
30 | | budget\_amount | The amount to use for the budget |
31 | | budget\_credit\_types\_treatment | Specifies how credits should be treated when determining spend for threshold calculations |
32 | | budget\_services | A list of services to be included in the budget |
33 | | main\_budget\_name | The name of the budget created by the core project factory module |
34 | | parent\_project\_id | The project\_id of the parent project to add as an additional project for the budget |
35 | | project\_id | The project ID created |
36 | | pubsub\_topic | The PubSub topic name created for budget alerts |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/test/fixtures/budget/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "project_id" {
18 | description = "The project ID created"
19 | value = module.budget.project_id
20 | }
21 |
22 | output "billing_account" {
23 | description = "The billing account where budgets are created"
24 | value = var.billing_account
25 | }
26 |
27 | output "parent_project_id" {
28 | description = "The project_id of the parent project to add as an additional project for the budget"
29 | value = module.budget.parent_project_id
30 | }
31 |
32 | output "pubsub_topic" {
33 | description = "The PubSub topic name created for budget alerts"
34 | value = module.budget.pubsub_topic
35 | }
36 |
37 | output "main_budget_name" {
38 | description = "The name of the budget created by the core project factory module"
39 | value = module.budget.main_budget_name
40 | }
41 |
42 | output "additional_budget_name" {
43 | description = "The name of the 2nd budget manually created"
44 | value = module.budget.additional_budget_name
45 | }
46 |
47 | output "budget_amount" {
48 | description = "The amount to use for the budget"
49 | value = module.budget.budget_amount
50 | }
51 |
52 | output "budget_alert_spent_percents" {
53 | description = "The list of percentages of the budget to alert on"
54 | value = module.budget.budget_alert_spent_percents
55 | }
56 |
57 | output "budget_services" {
58 | description = "A list of services to be included in the budget"
59 | value = module.budget.budget_services
60 | }
61 |
62 | output "budget_credit_types_treatment" {
63 | description = "Specifies how credits should be treated when determining spend for threshold calculations"
64 | value = module.budget.budget_credit_types_treatment
65 | }
66 |
--------------------------------------------------------------------------------
/modules/shared_vpc_access/metadata.display.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2024 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | apiVersion: blueprints.cloud.google.com/v1alpha1
16 | kind: BlueprintMetadata
17 | metadata:
18 | name: terraform-google-project-factory-display
19 | annotations:
20 | config.kubernetes.io/local-config: "true"
21 | spec:
22 | info:
23 | title: Shared VPC Access
24 | source:
25 | repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
26 | sourceType: git
27 | dir: /modules/shared_vpc_access
28 | ui:
29 | input:
30 | variables:
31 | active_apis:
32 | name: active_apis
33 | title: Active Apis
34 | enable_shared_vpc_service_project:
35 | name: enable_shared_vpc_service_project
36 | title: Enable Shared Vpc Service Project
37 | grant_network_role:
38 | name: grant_network_role
39 | title: Grant Network Role
40 | grant_services_network_admin_role:
41 | name: grant_services_network_admin_role
42 | title: Grant Services Network Admin Role
43 | grant_services_security_admin_role:
44 | name: grant_services_security_admin_role
45 | title: Grant Services Security Admin Role
46 | host_project_id:
47 | name: host_project_id
48 | title: Host Project Id
49 | lookup_project_numbers:
50 | name: lookup_project_numbers
51 | title: Lookup Project Numbers
52 | service_project_id:
53 | name: service_project_id
54 | title: Service Project Id
55 | service_project_number:
56 | name: service_project_number
57 | title: Service Project Number
58 | shared_vpc_subnets:
59 | name: shared_vpc_subnets
60 | title: Shared Vpc Subnets
61 |
--------------------------------------------------------------------------------
/test/fixtures/full/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "extra_service_account_email" {
18 | value = google_service_account.extra_service_account.email
19 | }
20 |
21 | output "shared_vpc_subnet_name_01" {
22 | value = local.shared_vpc_subnet_name_01
23 | }
24 |
25 | output "shared_vpc_subnet_region_01" {
26 | value = local.shared_vpc_subnet_region_01
27 | }
28 |
29 | output "shared_vpc_subnet_name_02" {
30 | value = local.shared_vpc_subnet_name_02
31 | }
32 |
33 | output "shared_vpc_subnet_region_02" {
34 | value = local.shared_vpc_subnet_region_02
35 | }
36 |
37 | output "project_name" {
38 | value = module.project-factory.project_name
39 | }
40 |
41 | output "project_id" {
42 | value = module.project-factory.project_id
43 | }
44 |
45 | output "project_number" {
46 | value = module.project-factory.project_number
47 | }
48 |
49 | output "domain" {
50 | value = module.project-factory.domain
51 | }
52 |
53 | output "group_email" {
54 | value = module.project-factory.group_email
55 | }
56 |
57 | output "group_role" {
58 | value = var.group_role
59 | }
60 |
61 | output "service_account_email" {
62 | value = module.project-factory.service_account_email
63 | }
64 |
65 | output "compute_service_account_email" {
66 | value = "${module.project-factory.project_number}-compute@developer.gserviceaccount.com"
67 | }
68 |
69 | output "gsuite_admin_account" {
70 | value = var.gsuite_admin_account
71 | }
72 |
73 | output "region" {
74 | value = var.region
75 | }
76 |
77 | output "sa_role" {
78 | value = var.sa_role
79 | }
80 |
81 | output "shared_vpc" {
82 | value = var.shared_vpc
83 | }
84 |
85 | output "usage_bucket_name" {
86 | value = var.usage_bucket_name
87 | }
88 |
89 | output "usage_bucket_prefix" {
90 | value = var.usage_bucket_prefix
91 | }
92 |
93 |
--------------------------------------------------------------------------------
/examples/budget_project/main.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | resource "random_string" "suffix" {
18 | length = 4
19 | special = false
20 | upper = false
21 | }
22 |
23 | module "budget_project" {
24 | source = "terraform-google-modules/project-factory/google"
25 | version = "~> 18.0"
26 |
27 | name = "budget-project-${random_string.suffix.result}"
28 | random_project_id = true
29 | random_project_id_length = 6
30 | org_id = var.org_id
31 | folder_id = var.folder_id
32 | billing_account = var.billing_account
33 | budget_amount = var.budget_amount
34 |
35 | activate_apis = [
36 | "compute.googleapis.com",
37 | "cloudresourcemanager.googleapis.com",
38 | "billingbudgets.googleapis.com"
39 | ]
40 |
41 | deletion_policy = "DELETE"
42 | }
43 |
44 |
45 | # An additional budget with more options
46 | resource "google_pubsub_topic" "budget" {
47 | name = "budget-topic-${random_string.suffix.result}"
48 | project = module.budget_project.project_id
49 | }
50 |
51 | module "additional_budget" {
52 | source = "terraform-google-modules/project-factory/google//modules/budget"
53 | version = "~> 18.0"
54 |
55 | billing_account = var.billing_account
56 | projects = [var.parent_project_id, module.budget_project.project_id]
57 | amount = var.budget_amount
58 | display_name = "CI/CD Budget for ${module.budget_project.project_id}"
59 | credit_types_treatment = var.budget_credit_types_treatment
60 | services = var.budget_services
61 | alert_spent_percents = var.budget_alert_spent_percents
62 | alert_pubsub_topic = "projects/${module.budget_project.project_id}/topics/${google_pubsub_topic.budget.name}"
63 | labels = {
64 | "cost-center" : "dept-x"
65 | }
66 | }
67 |
--------------------------------------------------------------------------------
/modules/project_services/variables.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2018 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | variable "project_id" {
18 | description = "The GCP project you want to enable APIs on"
19 | type = string
20 | }
21 |
22 | variable "enable_apis" {
23 | description = "Whether to actually enable the APIs. If false, this module is a no-op."
24 | type = bool
25 | default = true
26 | }
27 |
28 | variable "activate_apis" {
29 | description = "The list of apis to activate within the project"
30 | type = list(string)
31 | default = []
32 | }
33 |
34 | variable "activate_api_identities" {
35 | description = < "New service perimeter",
59 | "name" => "accessPolicies/#{policy_id}/servicePerimeters/#{perimeter_name}",
60 | "status" => including(
61 | "resources" => match_array(["projects/#{project_number}"]),
62 | "restrictedServices" => match_array(["storage.googleapis.com"]),
63 | ),
64 | "title" => perimeter_name,
65 | )
66 | end
67 | end
68 | end
69 | end
70 |
--------------------------------------------------------------------------------
/test/fixtures/dynamic_shared_vpc/outputs.tf:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2019 Google LLC
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | output "service_project_name" {
18 | value = module.example.service_project.project_name
19 | description = "The service project name"
20 | }
21 |
22 | output "service_project_id" {
23 | value = module.example.service_project.project_id
24 | description = "The service project ID"
25 | }
26 |
27 | output "service_project_ids" {
28 | value = [
29 | module.example.service_project.project_id,
30 | module.example.service_project_b.project_id,
31 | module.example.service_project_c.project_id
32 | ]
33 | description = "The service project IDs"
34 | }
35 |
36 | output "service_project_number" {
37 | value = module.example.service_project.project_number
38 | description = "The service project number"
39 | }
40 |
41 | output "service_project_b_number" {
42 | value = module.example.service_project_b.project_number
43 | description = "The service project b number"
44 | }
45 |
46 | output "service_project_c_number" {
47 | value = module.example.service_project_c.project_number
48 | description = "The service project c number"
49 | }
50 |
51 | output "service_account_email" {
52 | value = module.example.service_project.service_account_email
53 | description = "The service account email"
54 | }
55 |
56 | output "secondary_service_account_email" {
57 | value = module.example.service_project_b.service_account_email
58 | description = "The secondary service account email"
59 | }
60 |
61 | output "shared_vpc" {
62 | value = module.example.host_project.project_id
63 | description = "The host project ID"
64 | }
65 |
66 | output "shared_vpc_subnet_name_01" {
67 | value = module.example.vpc.subnets_names[0]
68 | description = "The first subnet name"
69 | }
70 |
71 | output "shared_vpc_subnet_region_01" {
72 | value = module.example.vpc.subnets_regions[0]
73 | description = "The first subnet region"
74 | }
75 |
76 | output "shared_vpc_subnet_name_02" {
77 | value = module.example.vpc.subnets_names[1]
78 | description = "The second subnet name"
79 | }
80 |
81 | output "shared_vpc_subnet_region_02" {
82 | value = module.example.vpc.subnets_regions[1]
83 | description = "The second subnet region"
84 | }
85 |
--------------------------------------------------------------------------------