From 984dd54030560f69a097254dd3f5fc309cb773e5 Mon Sep 17 00:00:00 2001 From: Nick Stogner Date: Thu, 24 Jan 2019 09:11:01 -0800 Subject: [PATCH 01/13] Break out deprecated app_engine arg into its own resource/module --- main.tf | 6 ++++- modules/app_engine/main.tf | 10 ++++++++ modules/app_engine/outputs.tf | 2 ++ modules/app_engine/variables.tf | 28 ++++++++++++++++++++ modules/core_project_factory/main.tf | 18 +++++++------ modules/core_project_factory/variables.tf | 31 ++++++++++++++++++----- modules/gsuite_enabled/main.tf | 6 ++++- modules/gsuite_enabled/variables.tf | 31 ++++++++++++++++++----- test/fixtures/full/main.tf | 17 ++++++------- test/fixtures/minimal/main.tf | 7 ++--- test/fixtures/shared/variables.tf | 3 +-- variables.tf | 26 ++++++++++++++----- 12 files changed, 143 insertions(+), 42 deletions(-) create mode 100644 modules/app_engine/main.tf create mode 100644 modules/app_engine/outputs.tf create mode 100644 modules/app_engine/variables.tf diff --git a/main.tf b/main.tf index b7d78888..f8046e44 100755 --- a/main.tf +++ b/main.tf @@ -48,6 +48,10 @@ module "project-factory" { bucket_project = "${var.bucket_project}" bucket_name = "${var.bucket_name}" auto_create_network = "${var.auto_create_network}" - app_engine = "${var.app_engine}" disable_services_on_destroy = "${var.disable_services_on_destroy}" + app_engine_enabled = "${var.app_engine_enabled}" + app_engine_location_id = "${var.app_engine_location_id}" + app_engine_auth_domain = "${var.app_engine_auth_domain}" + app_engine_serving_status = "${var.app_engine_serving_status}" + app_engine_feature_settings = "${var.app_engine_feature_settings}" } diff --git a/modules/app_engine/main.tf b/modules/app_engine/main.tf new file mode 100644 index 00000000..4c7334a1 --- /dev/null +++ b/modules/app_engine/main.tf @@ -0,0 +1,10 @@ +resource "google_app_engine_application" "app" { + count = "${var.enabled ? 1 : 0}" + + project = "${var.project_id}" + + location_id = "${var.location_id}" + auth_domain = "${var.auth_domain}" + serving_status = "${var.serving_status}" + feature_settings = "${var.feature_settings}" +} diff --git a/modules/app_engine/outputs.tf b/modules/app_engine/outputs.tf new file mode 100644 index 00000000..b714df14 --- /dev/null +++ b/modules/app_engine/outputs.tf @@ -0,0 +1,2 @@ + +# TODO diff --git a/modules/app_engine/variables.tf b/modules/app_engine/variables.tf new file mode 100644 index 00000000..e44c5ace --- /dev/null +++ b/modules/app_engine/variables.tf @@ -0,0 +1,28 @@ +variable "enabled" { + description = "Enable App Engine." + default = true +} + +variable "project_id" { + description = "The project to enable app engine on." +} + +variable "location_id" { + description = "The location to serve the app from." + default = "" +} + +variable "auth_domain" { + description = "The domain to authenticate users with when using App Engine's User API." + default = "" +} + +variable "serving_status" { + description = "The serving status of the app." + default = "SERVING" +} + +variable "feature_settings" { + description = "A list of maps of optional settings to configure specific App Engine features." + default = [] +} diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index 2dec15c5..f22d7b6a 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -39,17 +39,11 @@ locals { gke_s_account_fmt = "${local.gke_shared_vpc_enabled ? format("serviceAccount:%s", local.gke_s_account) : ""}" project_bucket_name = "${var.bucket_name != "" ? var.bucket_name : format("%s-state", var.name)}" create_bucket = "${var.bucket_project != "" ? "true" : "false"}" - app_engine_enabled = "${length(keys(var.app_engine)) > 0 ? true : false}" shared_vpc_users = "${compact(list(local.group_id, local.s_account_fmt, local.api_s_account_fmt, local.gke_s_account_fmt))}" # Workaround for https://github.com/hashicorp/terraform/issues/10857 shared_vpc_users_length = "${local.gke_shared_vpc_enabled ? 4 : 3}" - - app_engine_config = { - enabled = "${list(var.app_engine)}" - disabled = "${list()}" - } } resource "null_resource" "preconditions" { @@ -90,11 +84,19 @@ resource "google_project" "main" { labels = "${var.labels}" - app_engine = "${local.app_engine_config["${local.app_engine_enabled ? "enabled" : "disabled"}"]}" - depends_on = ["null_resource.preconditions"] } +module "app-engine" { + source = "../app_engine" + + project_id = "${google_project.main.project_id}" + location_id = "${var.app_engine_location_id}" + auth_domain = "${var.app_engine_auth_domain}" + serving_status = "${var.app_engine_serving_status}" + feature_settings = "${var.app_engine_feature_settings}" +} + /****************************************** Project lien *****************************************/ diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf index 84c5aa83..a2dbef8b 100644 --- a/modules/core_project_factory/variables.tf +++ b/modules/core_project_factory/variables.tf @@ -114,14 +114,33 @@ variable "auto_create_network" { default = "false" } -variable "app_engine" { - description = "A map for app engine configuration" - type = "map" - default = {} -} - variable "disable_services_on_destroy" { description = "Whether project services will be disabled when the resources are destroyed" default = "true" type = "string" } + +variable "app_engine_enabled" { + description = "Enable App Engine on the project." + default = false +} + +variable "app_engine_location_id" { + description = "The location to serve the app from." + default = "" +} + +variable "app_engine_auth_domain" { + description = "The domain to authenticate users with when using App Engine's User API." + default = "" +} + +variable "app_engine_serving_status" { + description = "The serving status of the App Engine application." + default = "SERVING" +} + +variable "app_engine_feature_settings" { + description = "A block of optional settings to configure specific App Engine features." + default = [] +} diff --git a/modules/gsuite_enabled/main.tf b/modules/gsuite_enabled/main.tf index 772ca0e7..ed5dba05 100644 --- a/modules/gsuite_enabled/main.tf +++ b/modules/gsuite_enabled/main.tf @@ -85,6 +85,10 @@ module "project-factory" { bucket_project = "${var.bucket_project}" bucket_name = "${var.bucket_name}" auto_create_network = "${var.auto_create_network}" - app_engine = "${var.app_engine}" disable_services_on_destroy = "${var.disable_services_on_destroy}" + app_engine_enabled = "${var.app_engine_enabled}" + app_engine_location_id = "${var.app_engine_location_id}" + app_engine_auth_domain = "${var.app_engine_auth_domain}" + app_engine_serving_status = "${var.app_engine_serving_status}" + app_engine_feature_settings = "${var.app_engine_feature_settings}" } diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf index ee070fb8..db3bb4c5 100644 --- a/modules/gsuite_enabled/variables.tf +++ b/modules/gsuite_enabled/variables.tf @@ -129,14 +129,33 @@ variable "auto_create_network" { default = "false" } -variable "app_engine" { - description = "A map for app engine configuration" - type = "map" - default = {} -} - variable "disable_services_on_destroy" { description = "Whether project services will be disabled when the resources are destroyed" default = "true" type = "string" } + +variable "app_engine_enabled" { + description = "Enable App Engine on the project." + default = false +} + +variable "app_engine_location_id" { + description = "The location to serve the app from." + default = "" +} + +variable "app_engine_auth_domain" { + description = "The domain to authenticate users with when using App Engine's User API." + default = "" +} + +variable "app_engine_serving_status" { + description = "The serving status of the App Engine application." + default = "SERVING" +} + +variable "app_engine_feature_settings" { + description = "A block of optional settings to configure specific App Engine features." + default = [] +} diff --git a/test/fixtures/full/main.tf b/test/fixtures/full/main.tf index f573be04..a138f8bc 100644 --- a/test/fixtures/full/main.tf +++ b/test/fixtures/full/main.tf @@ -102,16 +102,15 @@ module "project-factory" { disable_services_on_destroy = "false" - app_engine { - location_id = "${var.region}" - auth_domain = "${var.domain}" + app_engine_enabled = true + app_engine_location_id = "${var.region}" + app_engine_auth_domain = "${var.domain}" - feature_settings = [ - { - split_health_checks = false - }, - ] - } + app_engine_feature_settings = [ + { + split_health_checks = true + }, + ] } resource "google_service_account" "extra_service_account" { diff --git a/test/fixtures/minimal/main.tf b/test/fixtures/minimal/main.tf index 7a9f3221..5bc1a0c9 100644 --- a/test/fixtures/minimal/main.tf +++ b/test/fixtures/minimal/main.tf @@ -23,12 +23,13 @@ provider "google-beta" { } resource "random_string" "suffix" { - length = 5 + length = 5 special = false - upper = false + upper = false } + module "project-factory" { - source = "../../../" + source = "../../../" name = "pf-ci-test-minimal-${random_string.suffix.result}" random_project_id = true diff --git a/test/fixtures/shared/variables.tf b/test/fixtures/shared/variables.tf index 22ea4242..d8f37e83 100644 --- a/test/fixtures/shared/variables.tf +++ b/test/fixtures/shared/variables.tf @@ -20,8 +20,7 @@ variable "folder_id" { default = "" } -variable "domain" { -} +variable "domain" {} variable "usage_bucket_name" { default = "" diff --git a/variables.tf b/variables.tf index 71b36f4f..13b2371b 100755 --- a/variables.tf +++ b/variables.tf @@ -109,12 +109,6 @@ variable "auto_create_network" { default = "false" } -variable "app_engine" { - description = "A map for app engine configuration" - type = "map" - default = {} -} - variable "lien" { description = "Add a lien on the project to prevent accidental deletion" default = "false" @@ -126,3 +120,23 @@ variable "disable_services_on_destroy" { default = "true" type = "string" } + +variable "app_engine_enabled" { + description = "Enable App Engine on the project." +} + +variable "app_engine_location_id" { + description = "The location to serve the app from." +} + +variable "app_engine_auth_domain" { + description = "The domain to authenticate users with when using App Engine's User API." +} + +variable "app_engine_serving_status" { + description = "The serving status of the App Engine application." +} + +variable "app_engine_feature_settings" { + description = "A block of optional settings to configure specific App Engine features." +} From c7afebe8f085288cae8da0f6d2cdafec8af2c286 Mon Sep 17 00:00:00 2001 From: Nick Stogner Date: Thu, 24 Jan 2019 13:03:57 -0800 Subject: [PATCH 02/13] Add app engine outputs and fix root module vars --- modules/app_engine/outputs.tf | 45 ++++++++++++++++++++++++- modules/core_project_factory/main.tf | 2 ++ modules/core_project_factory/outputs.tf | 35 ++++++++++++++++--- modules/gsuite_enabled/outputs.tf | 31 +++++++++++++++-- outputs.tf | 31 +++++++++++++++-- variables.tf | 5 +++ 6 files changed, 137 insertions(+), 12 deletions(-) diff --git a/modules/app_engine/outputs.tf b/modules/app_engine/outputs.tf index b714df14..6d614628 100644 --- a/modules/app_engine/outputs.tf +++ b/modules/app_engine/outputs.tf @@ -1,2 +1,45 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ -# TODO +output "name" { + description = "Unique name of the app, usually apps/{PROJECT_ID}." + value = "${google_app_engine_application.app.0.name}" +} + +output "url_dispatch_rule" { + description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." + value = "${google_app_engine_application.app.0.url_dispatch_rule}" +} + +output "code_bucket" { + description = "The GCS bucket code is being stored in for this app." + value = "${google_app_engine_application.app.0.code_bucket}" +} + +output "default_hostname" { + description = "The default hostname for this app." + value = "${google_app_engine_application.app.0.default_hostname}" +} + +output "default_bucket" { + description = "The GCS bucket content is being stored in for this app." + value = "${google_app_engine_application.app.0.default_bucket}" +} + +output "gcr_domain" { + description = "The GCR domain used for storing managed Docker images for this app." + value = "${google_app_engine_application.app.0.gcr_domain}" +} diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index f22d7b6a..696e34a8 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -90,6 +90,8 @@ resource "google_project" "main" { module "app-engine" { source = "../app_engine" + enabled = "${var.app_engine_enabled}" + project_id = "${google_project.main.project_id}" location_id = "${var.app_engine_location_id}" auth_domain = "${var.app_engine_auth_domain}" diff --git a/modules/core_project_factory/outputs.tf b/modules/core_project_factory/outputs.tf index 0c6e52e8..e2389e61 100644 --- a/modules/core_project_factory/outputs.tf +++ b/modules/core_project_factory/outputs.tf @@ -62,11 +62,6 @@ output "project_bucket_url" { description = "Project's bucket url" } -output "app_engine_enabled" { - value = "${local.app_engine_enabled}" - description = "Whether app engine is enabled" -} - output "api_s_account" { value = "${local.api_s_account}" description = "API service account email" @@ -76,3 +71,33 @@ output "api_s_account_fmt" { value = "${local.api_s_account_fmt}" description = "API service account email formatted for terraform use" } + +output "app_engine_name" { + description = "Unique name of the app, usually apps/{PROJECT_ID}." + value = "${module.app-engine.name}" +} + +output "app_engine_url_dispatch_rule" { + description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." + value = "${module.app-engine.url_dispatch_rule}" +} + +output "app_engine_code_bucket" { + description = "The GCS bucket code is being stored in for this app." + value = "${module.app-engine.code_bucket}" +} + +output "app_engine_default_hostname" { + description = "The default hostname for this app." + value = "${module.app-engine.default_hostname}" +} + +output "app_engine_default_bucket" { + description = "The GCS bucket content is being stored in for this app." + value = "${module.app-engine.default_bucket}" +} + +output "app_engine_gcr_domain" { + description = "The GCR domain used for storing managed Docker images for this app." + value = "${module.app-engine.gcr_domain}" +} diff --git a/modules/gsuite_enabled/outputs.tf b/modules/gsuite_enabled/outputs.tf index 5f4b0ec1..ad57d84d 100644 --- a/modules/gsuite_enabled/outputs.tf +++ b/modules/gsuite_enabled/outputs.tf @@ -67,7 +67,32 @@ output "project_bucket_url" { description = "Project's bucket url" } -output "app_engine_enabled" { - value = "${module.project-factory.app_engine_enabled}" - description = "Whether app engine is enabled" +output "app_engine_name" { + description = "Unique name of the app, usually apps/{PROJECT_ID}." + value = "${module.project-factory.app_engine_name}" +} + +output "app_engine_url_dispatch_rule" { + description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." + value = "${module.project-factory.app_engine_url_dispatch_rule}" +} + +output "app_engine_code_bucket" { + description = "The GCS bucket code is being stored in for this app." + value = "${module.project-factory.app_engine_code_bucket}" +} + +output "app_engine_default_hostname" { + description = "The default hostname for this app." + value = "${module.project-factory.app_engine_default_hostname}" +} + +output "app_engine_default_bucket" { + description = "The GCS bucket content is being stored in for this app." + value = "${module.project-factory.app_engine_default_bucket}" +} + +output "app_engine_gcr_domain" { + description = "The GCR domain used for storing managed Docker images for this app." + value = "${module.project-factory.app_engine_gcr_domain}" } diff --git a/outputs.tf b/outputs.tf index d1a8fd90..09cf5903 100755 --- a/outputs.tf +++ b/outputs.tf @@ -67,7 +67,32 @@ output "project_bucket_url" { description = "Project's bucket url" } -output "app_engine_enabled" { - value = "${module.project-factory.app_engine_enabled}" - description = "Whether app engine is enabled" +output "app_engine_name" { + description = "Unique name of the app, usually apps/{PROJECT_ID}." + value = "${module.project-factory.app_engine_name}" +} + +output "app_engine_url_dispatch_rule" { + description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." + value = "${module.project-factory.app_engine_url_dispatch_rule}" +} + +output "app_engine_code_bucket" { + description = "The GCS bucket code is being stored in for this app." + value = "${module.project-factory.app_engine_code_bucket}" +} + +output "app_engine_default_hostname" { + description = "The default hostname for this app." + value = "${module.project-factory.app_engine_default_hostname}" +} + +output "app_engine_default_bucket" { + description = "The GCS bucket content is being stored in for this app." + value = "${module.project-factory.app_engine_default_bucket}" +} + +output "app_engine_gcr_domain" { + description = "The GCR domain used for storing managed Docker images for this app." + value = "${module.project-factory.app_engine_gcr_domain}" } diff --git a/variables.tf b/variables.tf index 13b2371b..8da1877a 100755 --- a/variables.tf +++ b/variables.tf @@ -123,20 +123,25 @@ variable "disable_services_on_destroy" { variable "app_engine_enabled" { description = "Enable App Engine on the project." + default = false } variable "app_engine_location_id" { description = "The location to serve the app from." + default = "" } variable "app_engine_auth_domain" { description = "The domain to authenticate users with when using App Engine's User API." + default = "" } variable "app_engine_serving_status" { description = "The serving status of the App Engine application." + default = "SERVING" } variable "app_engine_feature_settings" { description = "A block of optional settings to configure specific App Engine features." + default = [] } From 504afd7aa18b709728fbb29d58e181c35d49f554 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Fri, 22 Feb 2019 10:43:18 -0800 Subject: [PATCH 03/13] Add migration guide for v2.0.0 --- README.md | 7 +++ docs/upgrading_to_project_factory_v2.0.md | 61 +++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 docs/upgrading_to_project_factory_v2.0.md diff --git a/README.md b/README.md index 84061709..d791bc5a 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,13 @@ access, Service Accounts, and API enablement to follow best practices. To include G Suite integration for creating groups and adding Service Accounts into groups, use the [gsuite_enabled module][gsuite-enabled-module]. +## Version + +Current version is 2.0. Upgrade guides: + +- [0.X -> 1.0](./docs/upgrading_to_project_factory_v1.0.md) +- [1.X -> 2.0](./docs/upgrading_to_project_factory_v2.0.md) + ## Usage There are multiple examples included in the [examples](./examples/) folder but simple usage is as follows: diff --git a/docs/upgrading_to_project_factory_v2.0.md b/docs/upgrading_to_project_factory_v2.0.md new file mode 100644 index 00000000..909c7cc3 --- /dev/null +++ b/docs/upgrading_to_project_factory_v2.0.md @@ -0,0 +1,61 @@ +# Upgrading to Project Factory v2.0 (from v1.X) + +The v2.0 release of Project Factory is a backwards incompatible release. It only affects users who utilize the `app_engine` argument. + +## Migration Instructions + +### App Engine + +These steps are only required if you are currently using the `app_engine` argument. + +#### App Engine Argument Changes + +The old version of project factory used a single field for configuring App Engine (`app_engine`): + +```hcl +/// @file main.tf + +module "project-factory" { + ... + app_engine { + location_id = "${var.region}" + auth_domain = "${var.domain}" + + feature_settings = [ + { + split_health_checks = false + }, + ] + } +} +``` + +The new version of project factory uses granular fields prefixed by `app_engine_`. There is also an additional `app_engine_enabled` argument that needs to be set to true. + +```hcl +/// @file main.tf + +module "project-factory" { + ... + app_engine_enabled = true + app_engine_location_id = "${var.region}" + app_engine_auth_domain = "${var.domain}" + + app_engine_feature_settings = [ + { + split_health_checks = true + }, + ] +} +``` + +#### App Engine State Import + +The new implementation uses the `google_app_engine_application` resource which needs to be imported into the current state (make sure to replace `$YOUR_PROJECT_ID`): + +```sh +terraform import module.project-factory.module.project-factory.module.app-engine.google_app_engine_application.app $YOUR_PROJECT_ID +``` + +After importing, you should be good to `terraform` `plan` and `apply`. + From 70cee5722c3fcf152ddf0187fad6e50ac27951e8 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Fri, 22 Feb 2019 10:43:51 -0800 Subject: [PATCH 04/13] Update CHANGELOG for v2.0.0 --- CHANGELOG.md | 15 +++++++++++++-- docs/upgrading_to_project_factory_v2.0.md | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ecf39300..6aa47141 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. -## [Unreleased] +## [2.0.0] - 2019-03-05 +2.0.0 is a major backwards incompatible release. See the [upgrade guide](./docs/upgrading_to_project_factory_v2.0.md) for details. + +### ADDED + +- Added separate App Engine module. [#144] + +### REMOVED + +- Removed `app_engine` argument (config block). ## [1.2.0] - 2019-03-05 @@ -69,7 +78,8 @@ Extending the adopted spec, each change should have a link to its corresponding ### ADDED - This is the initial release of the Project Factory Module. -[Unreleased]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.2.0...HEAD +[Unreleased]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v2.0.0...HEAD +[2.0.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.2.0...v2.0.0 [1.2.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.1.2...v1.2.0 [1.1.2]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.1.1...v1.1.2 [1.1.1]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v1.1.0...v1.1.1 @@ -83,6 +93,7 @@ Extending the adopted spec, each change should have a link to its corresponding [#153]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/153 [#147]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/147 +[#144]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/144 [#143]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/143 [#141]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/141 [#133]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/133 diff --git a/docs/upgrading_to_project_factory_v2.0.md b/docs/upgrading_to_project_factory_v2.0.md index 909c7cc3..31a72110 100644 --- a/docs/upgrading_to_project_factory_v2.0.md +++ b/docs/upgrading_to_project_factory_v2.0.md @@ -57,5 +57,5 @@ The new implementation uses the `google_app_engine_application` resource which n terraform import module.project-factory.module.project-factory.module.app-engine.google_app_engine_application.app $YOUR_PROJECT_ID ``` -After importing, you should be good to `terraform` `plan` and `apply`. +After importing, run `terraform` `plan` and `apply`. From 9d6b6784326d6bf889447de21364e901b3cfe460 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Thu, 21 Feb 2019 11:35:36 -0800 Subject: [PATCH 05/13] Update kitchen-terraform container to version with python API client --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 92bf1a4a..f2faca0a 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ SHELL := /usr/bin/env bash # Docker build config variables CREDENTIALS_PATH ?= /cft/workdir/credentials.json DOCKER_ORG := gcr.io/cloud-foundation-cicd -DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.10_216.0.0_1.19.1_0.1.10 +DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.11_235.0.0_1.19.1_0.1.10 DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM} all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs ## Run all linters and update documentation From 931d5e0d159b640af39062319b11654054de4b01 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Thu, 21 Feb 2019 21:54:26 -0800 Subject: [PATCH 06/13] Update integration tests to expect the newly enabled split health checks --- test/integration/full/controls/app-engine.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/full/controls/app-engine.rb b/test/integration/full/controls/app-engine.rb index b707201b..5df8ed8d 100644 --- a/test/integration/full/controls/app-engine.rb +++ b/test/integration/full/controls/app-engine.rb @@ -32,7 +32,7 @@ end it { expect(metadata).to include(authDomain: domain) } - it { expect(metadata).to include(featureSettings: Hash.new) } + it { expect(metadata).to include(featureSettings: {:splitHealthChecks=>true}) } it { expect(metadata).to include(id: project_id) } it { expect(metadata).to include(name: "apps/#{project_id}") } it { expect(metadata).to include(locationId: region) } From 87faeab04d390a0948c5e0d63d99fcc68f111167 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Thu, 21 Feb 2019 11:36:27 -0800 Subject: [PATCH 07/13] Fix python linting errors and file headers --- modules/app_engine/main.tf | 16 ++++++++++++++++ modules/app_engine/outputs.tf | 2 +- modules/app_engine/variables.tf | 16 ++++++++++++++++ .../scripts/preconditions/preconditions.py | 5 ++++- test/helpers/test_migrate.py | 19 +++++++++---------- 5 files changed, 46 insertions(+), 12 deletions(-) diff --git a/modules/app_engine/main.tf b/modules/app_engine/main.tf index 4c7334a1..7c63e590 100644 --- a/modules/app_engine/main.tf +++ b/modules/app_engine/main.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + resource "google_app_engine_application" "app" { count = "${var.enabled ? 1 : 0}" diff --git a/modules/app_engine/outputs.tf b/modules/app_engine/outputs.tf index 6d614628..0567c1af 100644 --- a/modules/app_engine/outputs.tf +++ b/modules/app_engine/outputs.tf @@ -1,5 +1,5 @@ /** - * Copyright 2019 Google LLC + * Copyright 2018 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/app_engine/variables.tf b/modules/app_engine/variables.tf index e44c5ace..dfaaaddc 100644 --- a/modules/app_engine/variables.tf +++ b/modules/app_engine/variables.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + variable "enabled" { description = "Enable App Engine." default = true diff --git a/modules/core_project_factory/scripts/preconditions/preconditions.py b/modules/core_project_factory/scripts/preconditions/preconditions.py index 45720081..c6539efe 100755 --- a/modules/core_project_factory/scripts/preconditions/preconditions.py +++ b/modules/core_project_factory/scripts/preconditions/preconditions.py @@ -301,7 +301,9 @@ def validate(self, credentials): return req.asdict() @classmethod - def argument_type(cls, string, pat=re.compile(r"[A-Z0-9]{6}-[A-Z0-9]{6}-[A-Z0-9]{6}")): + def argument_type(cls, + string, + pat=re.compile(r"[A-Z0-9]{6}-[A-Z0-9]{6}-[A-Z0-9]{6}")): if not pat.match(string): msg = "%r is not a valid billing account ID format" % string raise argparse.ArgumentTypeError(msg) @@ -352,6 +354,7 @@ class EmptyStrAction(argparse.Action): """ Convert empty string values parsed by argparse into None. """ + def __call__(self, parser, namespace, values, option_string=None): values = None if values == '' else values setattr(namespace, self.dest, values) diff --git a/test/helpers/test_migrate.py b/test/helpers/test_migrate.py index 515b9a3a..2eea3ce1 100755 --- a/test/helpers/test_migrate.py +++ b/test/helpers/test_migrate.py @@ -14,7 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -import copy import os import sys import unittest @@ -117,15 +116,15 @@ ), ( "module.project-factory.google_project_iam_member.gsuite_group_role", - "module.project-factory.module.project-factory.google_project_iam_member.gsuite_group_role", + "module.project-factory.module.project-factory.google_project_iam_member.gsuite_group_role", # noqa: E501 ), ( "module.project-factory.google_project_service.project_services", - "module.project-factory.module.project-factory.google_project_service.project_services", + "module.project-factory.module.project-factory.google_project_service.project_services", # noqa: E501 ), ( - "module.project-factory.google_service_account.default_service_account", - "module.project-factory.module.project-factory.google_service_account.default_service_account", + "module.project-factory.google_service_account.default_service_account", # noqa: E501 + "module.project-factory.module.project-factory.google_service_account.default_service_account", # noqa: E501 ), ( "module.project-factory.google_service_account_iam_member.service_account_grant_to_group", # noqa: E501 @@ -137,7 +136,7 @@ ), ( "module.project-factory.random_id.random_project_id_suffix", - "module.project-factory.module.project-factory.random_id.random_project_id_suffix", + "module.project-factory.module.project-factory.random_id.random_project_id_suffix", # noqa: E501 ), ] @@ -148,19 +147,19 @@ TERRAFORM_DROPPED_DATA_SOURCES = [ ( "module.project-factory.google_organization.org", - "module.project-factory.module.project-factory.google_organization.org", + "module.project-factory.module.project-factory.google_organization.org", # noqa: E501 ), ( "module.project-factory.null_data_source.data_final_group_email", - "module.project-factory.module.project-factory.null_data_source.data_final_group_email", + "module.project-factory.module.project-factory.null_data_source.data_final_group_email", # noqa: E501 ), ( "module.project-factory.null_data_source.data_given_group_email", - "module.project-factory.module.project-factory.null_data_source.data_given_group_email", + "module.project-factory.module.project-factory.null_data_source.data_given_group_email", # noqa: E501 ), ( "module.project-factory.null_data_source.data_group_email_format", - "module.project-factory.module.project-factory.null_data_source.data_group_email_format", + "module.project-factory.module.project-factory.null_data_source.data_group_email_format", # noqa: E501 ), ] From 8a6ea69ab61f6dba02888f7490953c6f9f367d30 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Fri, 22 Feb 2019 09:58:07 -0800 Subject: [PATCH 08/13] Regenerate documentation --- README.md | 70 +++++++++-------- examples/app_engine/README.md | 13 ++-- examples/gke_shared_vpc/README.md | 11 +-- examples/group_project/README.md | 19 ++--- examples/project-hierarchy/README.md | 15 ++-- examples/simple_project/README.md | 11 +-- modules/core_project_factory/README.md | 74 ++++++++++-------- modules/gsuite_enabled/README.md | 76 +++++++++++-------- modules/gsuite_group/README.md | 3 +- modules/project_services/README.md | 11 +-- .../examples/project_services/README.md | 7 +- test/fixtures/full/README.md | 58 +++++++------- test/fixtures/minimal/README.md | 55 +++++++------- 13 files changed, 230 insertions(+), 193 deletions(-) diff --git a/README.md b/README.md index d791bc5a..0a28fbe4 100644 --- a/README.md +++ b/README.md @@ -88,49 +88,59 @@ The roles granted are specifically: [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate\_apis | The list of apis to activate within the project | list | `` | no | -| app\_engine | A map for app engine configuration | map | `` | no | -| auto\_create\_network | Create the default network | string | `false` | no | -| billing\_account | The ID of the billing account to associate this project with | string | - | yes | -| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | -| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | -| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | `` | no | -| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | +| activate_apis | The list of apis to activate within the project | list | `` | no | +| app_engine_auth_domain | The domain to authenticate users with when using App Engine's User API. | string | `` | no | +| app_engine_enabled | Enable App Engine on the project. | string | `false` | no | +| app_engine_feature_settings | A block of optional settings to configure specific App Engine features. | string | `` | no | +| app_engine_location_id | The location to serve the app from. | string | `` | no | +| app_engine_serving_status | The serving status of the App Engine application. | string | `SERVING` | no | +| auto_create_network | Create the default network | string | `false` | no | +| billing_account | The ID of the billing account to associate this project with | string | - | yes | +| bucket_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | +| bucket_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | +| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | +| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | | domain | The domain name (optional). | string | `` | no | -| folder\_id | The ID of a folder to host this project | string | `` | no | -| group\_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `` | no | -| group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no | +| folder_id | The ID of a folder to host this project | string | `` | no | +| group_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `` | no | +| group_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no | | labels | Map of labels for project | map | `` | no | | lien | Add a lien on the project to prevent accidental deletion | string | `false` | no | | name | The name for the project | string | - | yes | -| org\_id | The organization ID. | string | - | yes | -| random\_project\_id | Enables project random id generation | string | `false` | no | -| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | -| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | -| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | -| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | -| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| org_id | The organization ID. | string | - | yes | +| random_project_id | Enables project random id generation | string | `false` | no | +| sa_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | +| shared_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | +| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | +| usage_bucket_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| usage_bucket_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | ## Outputs | Name | Description | |------|-------------| -| app\_engine\_enabled | Whether app engine is enabled | +| app_engine_code_bucket | The GCS bucket code is being stored in for this app. | +| app_engine_default_bucket | The GCS bucket content is being stored in for this app. | +| app_engine_default_hostname | The default hostname for this app. | +| app_engine_gcr_domain | The GCR domain used for storing managed Docker images for this app. | +| app_engine_name | Unique name of the app, usually apps/{PROJECT_ID}. | +| app_engine_url_dispatch_rule | A list of dispatch rule blocks. Each block has a domain, path, and service field. | | domain | The organization's domain | -| group\_email | The email of the GSuite group with group_name | -| project\_bucket\_self\_link | Project's bucket selfLink | -| project\_bucket\_url | Project's bucket url | -| project\_id | - | -| project\_number | - | -| service\_account\_display\_name | The display name of the default service account | -| service\_account\_email | The email of the default service account | -| service\_account\_id | The id of the default service account | -| service\_account\_name | The fully-qualified name of the default service account | -| service\_account\_unique\_id | The unique id of the default service account | +| group_email | The email of the GSuite group with group_name | +| project_bucket_self_link | Project's bucket selfLink | +| project_bucket_url | Project's bucket url | +| project_id | | +| project_number | | +| service_account_display_name | The display name of the default service account | +| service_account_email | The email of the default service account | +| service_account_id | The id of the default service account | +| service_account_name | The fully-qualified name of the default service account | +| service_account_unique_id | The unique id of the default service account | [^]: (autogen_docs_end) @@ -412,4 +422,4 @@ versions][release-new-version]. [terraform-provider-gsuite]: https://github.com/DeviaVir/terraform-provider-gsuite [glossary]: /docs/GLOSSARY.md [release-new-version]: https://www.terraform.io/docs/registry/modules/publish.html#releasing-new-versions -[application-default-credentials]: https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application +[application-default-credentials]: https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application \ No newline at end of file diff --git a/examples/app_engine/README.md b/examples/app_engine/README.md index c54dc293..9c9c17d0 100755 --- a/examples/app_engine/README.md +++ b/examples/app_engine/README.md @@ -14,20 +14,21 @@ Expected variables: [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| admin\_email | Admin user email on Gsuite | string | - | yes | -| billing\_account | The ID of the billing account to associate this project with | string | - | yes | -| organization\_id | The organization id for the associated services | string | - | yes | +| admin_email | Admin user email on Gsuite | string | - | yes | +| billing_account | The ID of the billing account to associate this project with | string | - | yes | +| organization_id | The organization id for the associated services | string | - | yes | ## Outputs | Name | Description | |------|-------------| -| app\_engine\_enabled\_example | Whether app engine is enabled | -| domain\_example | The organization's domain | -| project\_info\_example | The ID of the created project | +| app_engine_enabled_example | Whether app engine is enabled | +| domain_example | The organization's domain | +| project_info_example | The ID of the created project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/gke_shared_vpc/README.md b/examples/gke_shared_vpc/README.md index 0309ca6f..87ce2c64 100644 --- a/examples/gke_shared_vpc/README.md +++ b/examples/gke_shared_vpc/README.md @@ -25,14 +25,15 @@ More information about GKE with Shared VPC can be found here: https://cloud.goog [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing\_account | billing account | string | - | yes | -| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | -| org\_id | organization id | string | - | yes | -| shared\_vpc | The ID of the host project which hosts the shared VPC | string | - | yes | -| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list | `` | no | +| billing_account | billing account | string | - | yes | +| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | +| org_id | organization id | string | - | yes | +| shared_vpc | The ID of the host project which hosts the shared VPC | string | - | yes | +| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list | `` | no | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/group_project/README.md b/examples/group_project/README.md index 74dd78ed..d411374c 100644 --- a/examples/group_project/README.md +++ b/examples/group_project/README.md @@ -16,23 +16,24 @@ Expected variables: [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| admin\_email | Admin user email on Gsuite. This should be a user account, not a service account. | string | - | yes | -| api\_sa\_group | An existing GSuite group email to place the Google APIs Service Account for the project in | string | - | yes | -| billing\_account | The ID of the billing account to associate this project with | string | - | yes | -| credentials\_file\_path | Service account json auth path | string | - | yes | -| organization\_id | The organization id for the associated services | string | - | yes | -| project\_group\_name | The name of a GSuite group to create for controlling the project | string | - | yes | +| admin_email | Admin user email on Gsuite. This should be a user account, not a service account. | string | - | yes | +| api_sa_group | An existing GSuite group email to place the Google APIs Service Account for the project in | string | - | yes | +| billing_account | The ID of the billing account to associate this project with | string | - | yes | +| credentials_file_path | Service account json auth path | string | - | yes | +| organization_id | The organization id for the associated services | string | - | yes | +| project_group_name | The name of a GSuite group to create for controlling the project | string | - | yes | ## Outputs | Name | Description | |------|-------------| -| domain\_example | The organization's domain | -| group\_email\_example | The email of the created GSuite group | -| project\_info\_example | The ID of the created project | +| domain_example | The organization's domain | +| group_email_example | The email of the created GSuite group | +| project_info_example | The ID of the created project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/project-hierarchy/README.md b/examples/project-hierarchy/README.md index 1d18b2c1..ad01b5ec 100644 --- a/examples/project-hierarchy/README.md +++ b/examples/project-hierarchy/README.md @@ -22,21 +22,22 @@ Expected variables: [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| admin\_email | Admin user email on Gsuite | string | - | yes | -| billing\_account | The ID of the billing account to associate this project with | string | - | yes | -| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | -| organization\_id | The organization id for the associated services | string | - | yes | +| admin_email | Admin user email on Gsuite | string | - | yes | +| billing_account | The ID of the billing account to associate this project with | string | - | yes | +| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | +| organization_id | The organization id for the associated services | string | - | yes | ## Outputs | Name | Description | |------|-------------| -| domain\_example | The organization's domain | -| project\_info\_example | The ID of the created prod_gke project | -| project\_info\_factory\_example | The ID of the created factory project | +| domain_example | The organization's domain | +| project_info_example | The ID of the created prod_gke project | +| project_info_factory_example | The ID of the created factory project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/simple_project/README.md b/examples/simple_project/README.md index 32cbaec4..24f1f6ba 100755 --- a/examples/simple_project/README.md +++ b/examples/simple_project/README.md @@ -10,19 +10,20 @@ Expected variables: [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing\_account | The ID of the billing account to associate this project with | string | - | yes | -| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | -| organization\_id | The organization id for the associated services | string | - | yes | +| billing_account | The ID of the billing account to associate this project with | string | - | yes | +| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | +| organization_id | The organization id for the associated services | string | - | yes | ## Outputs | Name | Description | |------|-------------| -| domain\_example | The organization's domain | -| project\_info\_example | The ID of the created project | +| domain_example | The organization's domain | +| project_info_example | The ID of the created project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/modules/core_project_factory/README.md b/modules/core_project_factory/README.md index d05fe131..77e66a6b 100644 --- a/modules/core_project_factory/README.md +++ b/modules/core_project_factory/README.md @@ -2,49 +2,59 @@ [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate\_apis | The list of apis to activate within the project | list | `` | no | -| app\_engine | A map for app engine configuration | map | `` | no | -| auto\_create\_network | Create the default network | string | `false` | no | -| billing\_account | The ID of the billing account to associate this project with | string | - | yes | -| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | -| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | -| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | `` | no | -| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | -| folder\_id | The ID of a folder to host this project | string | `` | no | -| group\_email | The email address of a group to control the project by being assigned group_role. | string | - | yes | -| group\_role | The role to give the controlling group (group_name) over the project. | string | `` | no | +| activate_apis | The list of apis to activate within the project | list | `` | no | +| app_engine_auth_domain | The domain to authenticate users with when using App Engine's User API. | string | `` | no | +| app_engine_enabled | Enable App Engine on the project. | string | `false` | no | +| app_engine_feature_settings | A block of optional settings to configure specific App Engine features. | string | `` | no | +| app_engine_location_id | The location to serve the app from. | string | `` | no | +| app_engine_serving_status | The serving status of the App Engine application. | string | `SERVING` | no | +| auto_create_network | Create the default network | string | `false` | no | +| billing_account | The ID of the billing account to associate this project with | string | - | yes | +| bucket_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | +| bucket_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | +| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | +| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | +| folder_id | The ID of a folder to host this project | string | `` | no | +| group_email | The email address of a group to control the project by being assigned group_role. | string | - | yes | +| group_role | The role to give the controlling group (group_name) over the project. | string | `` | no | | labels | Map of labels for project | map | `` | no | | lien | Add a lien on the project to prevent accidental deletion | string | `false` | no | -| manage\_group | A toggle to indicate if a G Suite group should be managed. | string | `false` | no | +| manage_group | A toggle to indicate if a G Suite group should be managed. | string | `false` | no | | name | The name for the project | string | - | yes | -| org\_id | The organization ID. | string | - | yes | -| random\_project\_id | Enables project random id generation | string | `false` | no | -| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | -| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | -| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | -| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | -| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| org_id | The organization ID. | string | - | yes | +| random_project_id | Enables project random id generation | string | `false` | no | +| sa_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | +| shared_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | +| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | +| usage_bucket_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| usage_bucket_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | ## Outputs | Name | Description | |------|-------------| -| api\_s\_account | API service account email | -| api\_s\_account\_fmt | API service account email formatted for terraform use | -| app\_engine\_enabled | Whether app engine is enabled | -| project\_bucket\_name | The name of the projec's bucket | -| project\_bucket\_self\_link | Project's bucket selfLink | -| project\_bucket\_url | Project's bucket url | -| project\_id | - | -| project\_number | - | -| service\_account\_display\_name | The display name of the default service account | -| service\_account\_email | The email of the default service account | -| service\_account\_id | The id of the default service account | -| service\_account\_name | The fully-qualified name of the default service account | -| service\_account\_unique\_id | The unique id of the default service account | +| api_s_account | API service account email | +| api_s_account_fmt | API service account email formatted for terraform use | +| app_engine_code_bucket | The GCS bucket code is being stored in for this app. | +| app_engine_default_bucket | The GCS bucket content is being stored in for this app. | +| app_engine_default_hostname | The default hostname for this app. | +| app_engine_gcr_domain | The GCR domain used for storing managed Docker images for this app. | +| app_engine_name | Unique name of the app, usually apps/{PROJECT_ID}. | +| app_engine_url_dispatch_rule | A list of dispatch rule blocks. Each block has a domain, path, and service field. | +| project_bucket_name | The name of the projec's bucket | +| project_bucket_self_link | Project's bucket selfLink | +| project_bucket_url | Project's bucket url | +| project_id | | +| project_number | | +| service_account_display_name | The display name of the default service account | +| service_account_email | The email of the default service account | +| service_account_id | The id of the default service account | +| service_account_name | The fully-qualified name of the default service account | +| service_account_unique_id | The unique id of the default service account | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md index 225639e3..02377f6e 100644 --- a/modules/gsuite_enabled/README.md +++ b/modules/gsuite_enabled/README.md @@ -55,54 +55,64 @@ The roles granted are specifically: [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate\_apis | The list of apis to activate within the project | list | `` | no | -| api\_sa\_group | A GSuite group to place the Google APIs Service Account for the project in | string | `` | no | -| app\_engine | A map for app engine configuration | map | `` | no | -| auto\_create\_network | Create the default network | string | `false` | no | -| billing\_account | The ID of the billing account to associate this project with | string | - | yes | -| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | -| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | -| create\_group | Whether to create the group or not | string | `false` | no | -| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | -| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | +| activate_apis | The list of apis to activate within the project | list | `` | no | +| api_sa_group | A GSuite group to place the Google APIs Service Account for the project in | string | `` | no | +| app_engine_auth_domain | The domain to authenticate users with when using App Engine's User API. | string | `` | no | +| app_engine_enabled | Enable App Engine on the project. | string | `false` | no | +| app_engine_feature_settings | A block of optional settings to configure specific App Engine features. | string | `` | no | +| app_engine_location_id | The location to serve the app from. | string | `` | no | +| app_engine_serving_status | The serving status of the App Engine application. | string | `SERVING` | no | +| auto_create_network | Create the default network | string | `false` | no | +| billing_account | The ID of the billing account to associate this project with | string | - | yes | +| bucket_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | +| bucket_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | +| create_group | Whether to create the group or not | string | `false` | no | +| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | +| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | | domain | The domain name (optional). | string | `` | no | -| folder\_id | The ID of a folder to host this project | string | `` | no | -| group\_name | A group to control the project by being assigned group_role - defaults to ${project_name}-editors | string | `` | no | -| group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no | +| folder_id | The ID of a folder to host this project | string | `` | no | +| group_name | A group to control the project by being assigned group_role - defaults to ${project_name}-editors | string | `` | no | +| group_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no | | labels | Map of labels for project | map | `` | no | | lien | Add a lien on the project to prevent accidental deletion | string | `false` | no | | name | The name for the project | string | - | yes | -| org\_id | The organization ID. | string | - | yes | -| random\_project\_id | Enables project random id generation | string | `false` | no | -| sa\_group | A GSuite group to place the default Service Account for the project in | string | `` | no | -| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | -| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | -| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | -| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | -| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| org_id | The organization ID. | string | - | yes | +| random_project_id | Enables project random id generation | string | `false` | no | +| sa_group | A GSuite group to place the default Service Account for the project in | string | `` | no | +| sa_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | +| shared_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | +| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | +| usage_bucket_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| usage_bucket_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | ## Outputs | Name | Description | |------|-------------| -| app\_engine\_enabled | Whether app engine is enabled | +| app_engine_code_bucket | The GCS bucket code is being stored in for this app. | +| app_engine_default_bucket | The GCS bucket content is being stored in for this app. | +| app_engine_default_hostname | The default hostname for this app. | +| app_engine_gcr_domain | The GCR domain used for storing managed Docker images for this app. | +| app_engine_name | Unique name of the app, usually apps/{PROJECT_ID}. | +| app_engine_url_dispatch_rule | A list of dispatch rule blocks. Each block has a domain, path, and service field. | | domain | The organization's domain | -| group\_email | The email of the created GSuite group with group_name | -| project\_bucket\_self\_link | Project's bucket selfLink | -| project\_bucket\_url | Project's bucket url | -| project\_id | - | -| project\_number | - | -| service\_account\_display\_name | The display name of the default service account | -| service\_account\_email | The email of the default service account | -| service\_account\_id | The id of the default service account | -| service\_account\_name | The fully-qualified name of the default service account | -| service\_account\_unique\_id | The unique id of the default service account | +| group_email | The email of the created GSuite group with group_name | +| project_bucket_self_link | Project's bucket selfLink | +| project_bucket_url | Project's bucket url | +| project_id | | +| project_number | | +| service_account_display_name | The display name of the default service account | +| service_account_email | The email of the default service account | +| service_account_id | The id of the default service account | +| service_account_name | The fully-qualified name of the default service account | +| service_account_unique_id | The unique id of the default service account | [^]: (autogen_docs_end) [examples]: ../../examples/ -[root-module]: ../../README.md +[root-module]: ../../README.md \ No newline at end of file diff --git a/modules/gsuite_group/README.md b/modules/gsuite_group/README.md index 7dfa43b5..7fbd4c03 100644 --- a/modules/gsuite_group/README.md +++ b/modules/gsuite_group/README.md @@ -2,13 +2,14 @@ [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | domain | The domain name | string | `` | no | | name | The name of the group. | string | - | yes | -| org\_id | The organization ID. | string | - | yes | +| org_id | The organization ID. | string | - | yes | ## Outputs diff --git a/modules/project_services/README.md b/modules/project_services/README.md index 8a4ebbc6..c05e5dea 100644 --- a/modules/project_services/README.md +++ b/modules/project_services/README.md @@ -23,19 +23,20 @@ See [examples/project_services](./examples/project_services) for an example. [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate\_apis | The list of apis to activate within the project | list | n/a | yes | -| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | string | `"true"` | no | -| enable\_apis | Whether to actually enable the APIs. If false, this module is a no-op. | string | `"true"` | no | -| project\_id | The GCP project you want to enable APIs on | string | n/a | yes | +| activate_apis | The list of apis to activate within the project | list | - | yes | +| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | string | `true` | no | +| enable_apis | Whether to actually enable the APIs. If false, this module is a no-op. | string | `true` | no | +| project_id | The GCP project you want to enable APIs on | string | - | yes | ## Outputs | Name | Description | |------|-------------| -| project\_id | The GCP project you want to enable APIs on | +| project_id | The GCP project you want to enable APIs on | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/modules/project_services/examples/project_services/README.md b/modules/project_services/examples/project_services/README.md index 7a95507a..1852f124 100755 --- a/modules/project_services/examples/project_services/README.md +++ b/modules/project_services/examples/project_services/README.md @@ -8,17 +8,18 @@ Expected variables: [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | n/a | yes | -| project\_id | The GCP project you want to enable APIs on | string | n/a | yes | +| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | +| project_id | The GCP project you want to enable APIs on | string | - | yes | ## Outputs | Name | Description | |------|-------------| -| project\_id | The GCP project you want to enable APIs on | +| project_id | The GCP project you want to enable APIs on | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/test/fixtures/full/README.md b/test/fixtures/full/README.md index bec6ecef..258bf2df 100644 --- a/test/fixtures/full/README.md +++ b/test/fixtures/full/README.md @@ -2,43 +2,43 @@ [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing\_account | - | string | - | yes | -| create\_group | - | string | `false` | no | -| credentials\_path | - | string | - | yes | -| domain | - | string | - | yes | -| folder\_id | - | string | `` | no | -| group\_name | - | string | `` | no | -| group\_role | - | string | `roles/viewer` | no | -| gsuite\_admin\_account | - | string | - | yes | -| org\_id | - | string | - | yes | -| region | - | string | `us-east4` | no | -| sa\_group | - | string | `` | no | -| sa\_role | - | string | `roles/editor` | no | -| shared\_vpc | - | string | `` | no | -| usage\_bucket\_name | - | string | `` | no | -| usage\_bucket\_prefix | - | string | `` | no | +| billing_account | | string | - | yes | +| create_group | | string | `false` | no | +| credentials_path | Path to a service account credentials file with rights to run the Project Factory. This is required for the `full` test fixture. | string | `` | no | +| domain | | string | - | yes | +| folder_id | | string | `` | no | +| group_name | | string | `` | no | +| group_role | | string | `roles/viewer` | no | +| gsuite_admin_account | | string | - | yes | +| org_id | | string | - | yes | +| region | | string | `us-east4` | no | +| sa_group | | string | `` | no | +| sa_role | | string | `roles/editor` | no | +| shared_vpc | | string | `` | no | +| usage_bucket_name | | string | `` | no | +| usage_bucket_prefix | | string | `` | no | ## Outputs | Name | Description | |------|-------------| -| credentials\_path | Pass through the `credentials_path` variable so that InSpec can reuse the credentials | -| domain | - | -| extra\_service\_account\_email | - | -| group\_email | - | -| group\_role | - | -| gsuite\_admin\_account | - | -| project\_id | - | -| project\_number | - | -| region | - | -| sa\_role | - | -| service\_account\_email | - | -| shared\_vpc | - | -| usage\_bucket\_name | - | -| usage\_bucket\_prefix | - | +| domain | | +| extra_service_account_email | | +| group_email | | +| group_role | | +| gsuite_admin_account | | +| project_id | | +| project_number | | +| region | | +| sa_role | | +| service_account_email | | +| shared_vpc | | +| usage_bucket_name | | +| usage_bucket_prefix | | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/test/fixtures/minimal/README.md b/test/fixtures/minimal/README.md index 176aff32..6b9732e9 100644 --- a/test/fixtures/minimal/README.md +++ b/test/fixtures/minimal/README.md @@ -2,42 +2,41 @@ [^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing\_account | - | string | - | yes | -| create\_group | - | string | `false` | no | -| credentials\_path | - | string | - | yes | -| domain | - | string | - | yes | -| folder\_id | - | string | `` | no | -| group\_name | - | string | `` | no | -| group\_role | - | string | `roles/viewer` | no | -| gsuite\_admin\_account | - | string | - | yes | -| org\_id | - | string | - | yes | -| region | - | string | `us-east4` | no | -| sa\_group | - | string | `` | no | -| sa\_role | - | string | `roles/editor` | no | -| shared\_vpc | - | string | `` | no | -| usage\_bucket\_name | - | string | `` | no | -| usage\_bucket\_prefix | - | string | `` | no | +| billing_account | | string | - | yes | +| create_group | | string | `false` | no | +| domain | | string | - | yes | +| folder_id | | string | `` | no | +| group_name | | string | `` | no | +| group_role | | string | `roles/viewer` | no | +| gsuite_admin_account | | string | - | yes | +| org_id | | string | - | yes | +| region | | string | `us-east4` | no | +| sa_group | | string | `` | no | +| sa_role | | string | `roles/editor` | no | +| shared_vpc | | string | `` | no | +| usage_bucket_name | | string | `` | no | +| usage_bucket_prefix | | string | `` | no | ## Outputs | Name | Description | |------|-------------| -| credentials\_path | Pass through the `credentials_path` variable so that InSpec can reuse the credentials | -| domain | - | -| group\_email | - | -| group\_role | - | -| gsuite\_admin\_account | - | -| project\_id | - | -| project\_number | - | -| region | - | -| sa\_role | - | -| service\_account\_email | - | -| shared\_vpc | - | -| usage\_bucket\_name | - | -| usage\_bucket\_prefix | - | +| domain | | +| group_email | | +| group_role | | +| gsuite_admin_account | | +| project_id | | +| project_number | | +| region | | +| sa_role | | +| service_account_email | | +| shared_vpc | | +| usage_bucket_name | | +| usage_bucket_prefix | | [^]: (autogen_docs_end) \ No newline at end of file From f7af603be6f184c37872b43c39f1870eedc52e7f Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Fri, 22 Feb 2019 10:34:24 -0800 Subject: [PATCH 09/13] Move App Engine components into its own submodule to avoid duplicating module interfaces --- CHANGELOG.md | 1 + docs/upgrading_to_project_factory_v2.0.md | 15 +++++++------- main.tf | 5 ----- modules/app_engine/main.tf | 5 +---- modules/app_engine/variables.tf | 5 ----- modules/core_project_factory/main.tf | 12 ----------- test/fixtures/full/main.tf | 10 +++++---- variables.tf | 25 ----------------------- 8 files changed, 15 insertions(+), 63 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6aa47141..7585d166 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ Extending the adopted spec, each change should have a link to its corresponding ## [1.1.0] - 2019-02-22 ### ADDED +- Added separate App Engine module. [#134] - Preconditions script checks billing account format. [#117] - Add project_services submodule. [#133] diff --git a/docs/upgrading_to_project_factory_v2.0.md b/docs/upgrading_to_project_factory_v2.0.md index 31a72110..5a43b3ea 100644 --- a/docs/upgrading_to_project_factory_v2.0.md +++ b/docs/upgrading_to_project_factory_v2.0.md @@ -30,18 +30,17 @@ module "project-factory" { } ``` -The new version of project factory uses granular fields prefixed by `app_engine_`. There is also an additional `app_engine_enabled` argument that needs to be set to true. +The new version of project factory uses a new module named `app_engine`. It accepts ```hcl /// @file main.tf -module "project-factory" { - ... - app_engine_enabled = true - app_engine_location_id = "${var.region}" - app_engine_auth_domain = "${var.domain}" +module "app-engine" { + project = "${var.project_id} + location_id = "${var.region}" + auth_domain = "${var.domain}" - app_engine_feature_settings = [ + feature_settings = [ { split_health_checks = true }, @@ -54,7 +53,7 @@ module "project-factory" { The new implementation uses the `google_app_engine_application` resource which needs to be imported into the current state (make sure to replace `$YOUR_PROJECT_ID`): ```sh -terraform import module.project-factory.module.project-factory.module.app-engine.google_app_engine_application.app $YOUR_PROJECT_ID +terraform import module.app-engine.google_app_engine_application.app $YOUR_PROJECT_ID ``` After importing, run `terraform` `plan` and `apply`. diff --git a/main.tf b/main.tf index f8046e44..1acbe9f6 100755 --- a/main.tf +++ b/main.tf @@ -49,9 +49,4 @@ module "project-factory" { bucket_name = "${var.bucket_name}" auto_create_network = "${var.auto_create_network}" disable_services_on_destroy = "${var.disable_services_on_destroy}" - app_engine_enabled = "${var.app_engine_enabled}" - app_engine_location_id = "${var.app_engine_location_id}" - app_engine_auth_domain = "${var.app_engine_auth_domain}" - app_engine_serving_status = "${var.app_engine_serving_status}" - app_engine_feature_settings = "${var.app_engine_feature_settings}" } diff --git a/modules/app_engine/main.tf b/modules/app_engine/main.tf index 7c63e590..338c018b 100644 --- a/modules/app_engine/main.tf +++ b/modules/app_engine/main.tf @@ -15,10 +15,7 @@ */ resource "google_app_engine_application" "app" { - count = "${var.enabled ? 1 : 0}" - - project = "${var.project_id}" - + project = "${var.project_id}" location_id = "${var.location_id}" auth_domain = "${var.auth_domain}" serving_status = "${var.serving_status}" diff --git a/modules/app_engine/variables.tf b/modules/app_engine/variables.tf index dfaaaddc..4f6e8e65 100644 --- a/modules/app_engine/variables.tf +++ b/modules/app_engine/variables.tf @@ -14,11 +14,6 @@ * limitations under the License. */ -variable "enabled" { - description = "Enable App Engine." - default = true -} - variable "project_id" { description = "The project to enable app engine on." } diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index 696e34a8..041832bd 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -87,18 +87,6 @@ resource "google_project" "main" { depends_on = ["null_resource.preconditions"] } -module "app-engine" { - source = "../app_engine" - - enabled = "${var.app_engine_enabled}" - - project_id = "${google_project.main.project_id}" - location_id = "${var.app_engine_location_id}" - auth_domain = "${var.app_engine_auth_domain}" - serving_status = "${var.app_engine_serving_status}" - feature_settings = "${var.app_engine_feature_settings}" -} - /****************************************** Project lien *****************************************/ diff --git a/test/fixtures/full/main.tf b/test/fixtures/full/main.tf index a138f8bc..a75da073 100644 --- a/test/fixtures/full/main.tf +++ b/test/fixtures/full/main.tf @@ -101,12 +101,14 @@ module "project-factory" { ] disable_services_on_destroy = "false" +} - app_engine_enabled = true - app_engine_location_id = "${var.region}" - app_engine_auth_domain = "${var.domain}" +module "app-engine" { + project = "${module.project-factory.project_id}" + location_id = "${var.region}" + auth_domain = "${var.domain}" - app_engine_feature_settings = [ + feature_settings = [ { split_health_checks = true }, diff --git a/variables.tf b/variables.tf index 8da1877a..b35ca2bd 100755 --- a/variables.tf +++ b/variables.tf @@ -120,28 +120,3 @@ variable "disable_services_on_destroy" { default = "true" type = "string" } - -variable "app_engine_enabled" { - description = "Enable App Engine on the project." - default = false -} - -variable "app_engine_location_id" { - description = "The location to serve the app from." - default = "" -} - -variable "app_engine_auth_domain" { - description = "The domain to authenticate users with when using App Engine's User API." - default = "" -} - -variable "app_engine_serving_status" { - description = "The serving status of the App Engine application." - default = "SERVING" -} - -variable "app_engine_feature_settings" { - description = "A block of optional settings to configure specific App Engine features." - default = [] -} From e3bba6ad9968cab542d247fa0ad8cb121ad7ffcc Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Fri, 22 Feb 2019 12:17:57 -0800 Subject: [PATCH 10/13] Fix failing tests --- modules/core_project_factory/outputs.tf | 30 ------------------------- modules/gsuite_enabled/main.tf | 5 ----- modules/gsuite_enabled/outputs.tf | 30 ------------------------- modules/gsuite_enabled/variables.tf | 25 --------------------- outputs.tf | 30 ------------------------- test/fixtures/full/main.tf | 4 +++- 6 files changed, 3 insertions(+), 121 deletions(-) diff --git a/modules/core_project_factory/outputs.tf b/modules/core_project_factory/outputs.tf index e2389e61..d1d05e18 100644 --- a/modules/core_project_factory/outputs.tf +++ b/modules/core_project_factory/outputs.tf @@ -71,33 +71,3 @@ output "api_s_account_fmt" { value = "${local.api_s_account_fmt}" description = "API service account email formatted for terraform use" } - -output "app_engine_name" { - description = "Unique name of the app, usually apps/{PROJECT_ID}." - value = "${module.app-engine.name}" -} - -output "app_engine_url_dispatch_rule" { - description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." - value = "${module.app-engine.url_dispatch_rule}" -} - -output "app_engine_code_bucket" { - description = "The GCS bucket code is being stored in for this app." - value = "${module.app-engine.code_bucket}" -} - -output "app_engine_default_hostname" { - description = "The default hostname for this app." - value = "${module.app-engine.default_hostname}" -} - -output "app_engine_default_bucket" { - description = "The GCS bucket content is being stored in for this app." - value = "${module.app-engine.default_bucket}" -} - -output "app_engine_gcr_domain" { - description = "The GCR domain used for storing managed Docker images for this app." - value = "${module.app-engine.gcr_domain}" -} diff --git a/modules/gsuite_enabled/main.tf b/modules/gsuite_enabled/main.tf index ed5dba05..f207e51b 100644 --- a/modules/gsuite_enabled/main.tf +++ b/modules/gsuite_enabled/main.tf @@ -86,9 +86,4 @@ module "project-factory" { bucket_name = "${var.bucket_name}" auto_create_network = "${var.auto_create_network}" disable_services_on_destroy = "${var.disable_services_on_destroy}" - app_engine_enabled = "${var.app_engine_enabled}" - app_engine_location_id = "${var.app_engine_location_id}" - app_engine_auth_domain = "${var.app_engine_auth_domain}" - app_engine_serving_status = "${var.app_engine_serving_status}" - app_engine_feature_settings = "${var.app_engine_feature_settings}" } diff --git a/modules/gsuite_enabled/outputs.tf b/modules/gsuite_enabled/outputs.tf index ad57d84d..0a78849e 100644 --- a/modules/gsuite_enabled/outputs.tf +++ b/modules/gsuite_enabled/outputs.tf @@ -66,33 +66,3 @@ output "project_bucket_url" { value = "${module.project-factory.project_bucket_url}" description = "Project's bucket url" } - -output "app_engine_name" { - description = "Unique name of the app, usually apps/{PROJECT_ID}." - value = "${module.project-factory.app_engine_name}" -} - -output "app_engine_url_dispatch_rule" { - description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." - value = "${module.project-factory.app_engine_url_dispatch_rule}" -} - -output "app_engine_code_bucket" { - description = "The GCS bucket code is being stored in for this app." - value = "${module.project-factory.app_engine_code_bucket}" -} - -output "app_engine_default_hostname" { - description = "The default hostname for this app." - value = "${module.project-factory.app_engine_default_hostname}" -} - -output "app_engine_default_bucket" { - description = "The GCS bucket content is being stored in for this app." - value = "${module.project-factory.app_engine_default_bucket}" -} - -output "app_engine_gcr_domain" { - description = "The GCR domain used for storing managed Docker images for this app." - value = "${module.project-factory.app_engine_gcr_domain}" -} diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf index db3bb4c5..a2749086 100644 --- a/modules/gsuite_enabled/variables.tf +++ b/modules/gsuite_enabled/variables.tf @@ -134,28 +134,3 @@ variable "disable_services_on_destroy" { default = "true" type = "string" } - -variable "app_engine_enabled" { - description = "Enable App Engine on the project." - default = false -} - -variable "app_engine_location_id" { - description = "The location to serve the app from." - default = "" -} - -variable "app_engine_auth_domain" { - description = "The domain to authenticate users with when using App Engine's User API." - default = "" -} - -variable "app_engine_serving_status" { - description = "The serving status of the App Engine application." - default = "SERVING" -} - -variable "app_engine_feature_settings" { - description = "A block of optional settings to configure specific App Engine features." - default = [] -} diff --git a/outputs.tf b/outputs.tf index 09cf5903..3e814458 100755 --- a/outputs.tf +++ b/outputs.tf @@ -66,33 +66,3 @@ output "project_bucket_url" { value = "${module.project-factory.project_bucket_url}" description = "Project's bucket url" } - -output "app_engine_name" { - description = "Unique name of the app, usually apps/{PROJECT_ID}." - value = "${module.project-factory.app_engine_name}" -} - -output "app_engine_url_dispatch_rule" { - description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." - value = "${module.project-factory.app_engine_url_dispatch_rule}" -} - -output "app_engine_code_bucket" { - description = "The GCS bucket code is being stored in for this app." - value = "${module.project-factory.app_engine_code_bucket}" -} - -output "app_engine_default_hostname" { - description = "The default hostname for this app." - value = "${module.project-factory.app_engine_default_hostname}" -} - -output "app_engine_default_bucket" { - description = "The GCS bucket content is being stored in for this app." - value = "${module.project-factory.app_engine_default_bucket}" -} - -output "app_engine_gcr_domain" { - description = "The GCR domain used for storing managed Docker images for this app." - value = "${module.project-factory.app_engine_gcr_domain}" -} diff --git a/test/fixtures/full/main.tf b/test/fixtures/full/main.tf index a75da073..6400cf99 100644 --- a/test/fixtures/full/main.tf +++ b/test/fixtures/full/main.tf @@ -104,7 +104,9 @@ module "project-factory" { } module "app-engine" { - project = "${module.project-factory.project_id}" + source = "../../../modules/app_engine" + + project_id = "${module.project-factory.project_id}" location_id = "${var.region}" auth_domain = "${var.domain}" From d2d385969e9d88ee8f5d2bdb2d870198f83f1f56 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Fri, 22 Feb 2019 13:58:19 -0800 Subject: [PATCH 11/13] Fix documentation, remove obsolete variables, and correct outputs --- README.md | 72 +++++++---------- docs/upgrading_to_project_factory_v2.0.md | 3 + examples/app_engine/README.md | 13 ++-- examples/gke_shared_vpc/README.md | 11 ++- examples/group_project/README.md | 19 +++-- examples/project-hierarchy/README.md | 15 ++-- examples/simple_project/README.md | 11 ++- modules/app_engine/outputs.tf | 12 +-- modules/core_project_factory/README.md | 76 ++++++++---------- modules/core_project_factory/variables.tf | 25 ------ modules/gsuite_enabled/README.md | 78 ++++++++----------- modules/gsuite_group/README.md | 7 +- modules/project_services/README.md | 11 ++- .../examples/project_services/README.md | 7 +- test/fixtures/full/README.md | 53 +++++++------ test/fixtures/minimal/README.md | 49 ++++++------ 16 files changed, 197 insertions(+), 265 deletions(-) diff --git a/README.md b/README.md index 0a28fbe4..45d7911d 100644 --- a/README.md +++ b/README.md @@ -88,59 +88,47 @@ The roles granted are specifically: [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate_apis | The list of apis to activate within the project | list | `` | no | -| app_engine_auth_domain | The domain to authenticate users with when using App Engine's User API. | string | `` | no | -| app_engine_enabled | Enable App Engine on the project. | string | `false` | no | -| app_engine_feature_settings | A block of optional settings to configure specific App Engine features. | string | `` | no | -| app_engine_location_id | The location to serve the app from. | string | `` | no | -| app_engine_serving_status | The serving status of the App Engine application. | string | `SERVING` | no | -| auto_create_network | Create the default network | string | `false` | no | -| billing_account | The ID of the billing account to associate this project with | string | - | yes | -| bucket_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | -| bucket_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | -| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | -| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | -| domain | The domain name (optional). | string | `` | no | -| folder_id | The ID of a folder to host this project | string | `` | no | -| group_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `` | no | -| group_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no | +| activate\_apis | The list of apis to activate within the project | list | `` | no | +| auto\_create\_network | Create the default network | string | `"false"` | no | +| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | +| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `""` | no | +| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no | +| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no | +| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no | +| domain | The domain name (optional). | string | `""` | no | +| folder\_id | The ID of a folder to host this project | string | `""` | no | +| group\_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `""` | no | +| group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `"roles/editor"` | no | | labels | Map of labels for project | map | `` | no | -| lien | Add a lien on the project to prevent accidental deletion | string | `false` | no | -| name | The name for the project | string | - | yes | -| org_id | The organization ID. | string | - | yes | -| random_project_id | Enables project random id generation | string | `false` | no | -| sa_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | -| shared_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | -| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | -| usage_bucket_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | -| usage_bucket_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| lien | Add a lien on the project to prevent accidental deletion | string | `"false"` | no | +| name | The name for the project | string | n/a | yes | +| org\_id | The organization ID. | string | n/a | yes | +| random\_project\_id | Enables project random id generation | string | `"false"` | no | +| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `""` | no | +| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `""` | no | +| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | +| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | +| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | ## Outputs | Name | Description | |------|-------------| -| app_engine_code_bucket | The GCS bucket code is being stored in for this app. | -| app_engine_default_bucket | The GCS bucket content is being stored in for this app. | -| app_engine_default_hostname | The default hostname for this app. | -| app_engine_gcr_domain | The GCR domain used for storing managed Docker images for this app. | -| app_engine_name | Unique name of the app, usually apps/{PROJECT_ID}. | -| app_engine_url_dispatch_rule | A list of dispatch rule blocks. Each block has a domain, path, and service field. | | domain | The organization's domain | -| group_email | The email of the GSuite group with group_name | -| project_bucket_self_link | Project's bucket selfLink | -| project_bucket_url | Project's bucket url | -| project_id | | -| project_number | | -| service_account_display_name | The display name of the default service account | -| service_account_email | The email of the default service account | -| service_account_id | The id of the default service account | -| service_account_name | The fully-qualified name of the default service account | -| service_account_unique_id | The unique id of the default service account | +| group\_email | The email of the GSuite group with group_name | +| project\_bucket\_self\_link | Project's bucket selfLink | +| project\_bucket\_url | Project's bucket url | +| project\_id | | +| project\_number | | +| service\_account\_display\_name | The display name of the default service account | +| service\_account\_email | The email of the default service account | +| service\_account\_id | The id of the default service account | +| service\_account\_name | The fully-qualified name of the default service account | +| service\_account\_unique\_id | The unique id of the default service account | [^]: (autogen_docs_end) diff --git a/docs/upgrading_to_project_factory_v2.0.md b/docs/upgrading_to_project_factory_v2.0.md index 5a43b3ea..94bd4962 100644 --- a/docs/upgrading_to_project_factory_v2.0.md +++ b/docs/upgrading_to_project_factory_v2.0.md @@ -36,6 +36,9 @@ The new version of project factory uses a new module named `app_engine`. It acce /// @file main.tf module "app-engine" { + source = "terraform-google-modules/project-factory/google//modules/app_engine" + version = "~> 2.0" + project = "${var.project_id} location_id = "${var.region}" auth_domain = "${var.domain}" diff --git a/examples/app_engine/README.md b/examples/app_engine/README.md index 9c9c17d0..e18cf63e 100755 --- a/examples/app_engine/README.md +++ b/examples/app_engine/README.md @@ -14,21 +14,20 @@ Expected variables: [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| admin_email | Admin user email on Gsuite | string | - | yes | -| billing_account | The ID of the billing account to associate this project with | string | - | yes | -| organization_id | The organization id for the associated services | string | - | yes | +| admin\_email | Admin user email on Gsuite | string | n/a | yes | +| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | +| organization\_id | The organization id for the associated services | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| app_engine_enabled_example | Whether app engine is enabled | -| domain_example | The organization's domain | -| project_info_example | The ID of the created project | +| app\_engine\_enabled\_example | Whether app engine is enabled | +| domain\_example | The organization's domain | +| project\_info\_example | The ID of the created project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/gke_shared_vpc/README.md b/examples/gke_shared_vpc/README.md index 87ce2c64..40540ef8 100644 --- a/examples/gke_shared_vpc/README.md +++ b/examples/gke_shared_vpc/README.md @@ -25,15 +25,14 @@ More information about GKE with Shared VPC can be found here: https://cloud.goog [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing_account | billing account | string | - | yes | -| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | -| org_id | organization id | string | - | yes | -| shared_vpc | The ID of the host project which hosts the shared VPC | string | - | yes | -| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list | `` | no | +| billing\_account | billing account | string | n/a | yes | +| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | n/a | yes | +| org\_id | organization id | string | n/a | yes | +| shared\_vpc | The ID of the host project which hosts the shared VPC | string | n/a | yes | +| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list | `` | no | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/group_project/README.md b/examples/group_project/README.md index d411374c..ed9793fc 100644 --- a/examples/group_project/README.md +++ b/examples/group_project/README.md @@ -16,24 +16,23 @@ Expected variables: [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| admin_email | Admin user email on Gsuite. This should be a user account, not a service account. | string | - | yes | -| api_sa_group | An existing GSuite group email to place the Google APIs Service Account for the project in | string | - | yes | -| billing_account | The ID of the billing account to associate this project with | string | - | yes | -| credentials_file_path | Service account json auth path | string | - | yes | -| organization_id | The organization id for the associated services | string | - | yes | -| project_group_name | The name of a GSuite group to create for controlling the project | string | - | yes | +| admin\_email | Admin user email on Gsuite. This should be a user account, not a service account. | string | n/a | yes | +| api\_sa\_group | An existing GSuite group email to place the Google APIs Service Account for the project in | string | n/a | yes | +| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | +| credentials\_file\_path | Service account json auth path | string | n/a | yes | +| organization\_id | The organization id for the associated services | string | n/a | yes | +| project\_group\_name | The name of a GSuite group to create for controlling the project | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| domain_example | The organization's domain | -| group_email_example | The email of the created GSuite group | -| project_info_example | The ID of the created project | +| domain\_example | The organization's domain | +| group\_email\_example | The email of the created GSuite group | +| project\_info\_example | The ID of the created project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/project-hierarchy/README.md b/examples/project-hierarchy/README.md index ad01b5ec..973ed796 100644 --- a/examples/project-hierarchy/README.md +++ b/examples/project-hierarchy/README.md @@ -22,22 +22,21 @@ Expected variables: [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| admin_email | Admin user email on Gsuite | string | - | yes | -| billing_account | The ID of the billing account to associate this project with | string | - | yes | -| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | -| organization_id | The organization id for the associated services | string | - | yes | +| admin\_email | Admin user email on Gsuite | string | n/a | yes | +| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | +| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no | +| organization\_id | The organization id for the associated services | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| domain_example | The organization's domain | -| project_info_example | The ID of the created prod_gke project | -| project_info_factory_example | The ID of the created factory project | +| domain\_example | The organization's domain | +| project\_info\_example | The ID of the created prod_gke project | +| project\_info\_factory\_example | The ID of the created factory project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/examples/simple_project/README.md b/examples/simple_project/README.md index 24f1f6ba..2600cec2 100755 --- a/examples/simple_project/README.md +++ b/examples/simple_project/README.md @@ -10,20 +10,19 @@ Expected variables: [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing_account | The ID of the billing account to associate this project with | string | - | yes | -| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | -| organization_id | The organization id for the associated services | string | - | yes | +| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | +| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no | +| organization\_id | The organization id for the associated services | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| domain_example | The organization's domain | -| project_info_example | The ID of the created project | +| domain\_example | The organization's domain | +| project\_info\_example | The ID of the created project | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/modules/app_engine/outputs.tf b/modules/app_engine/outputs.tf index 0567c1af..c6764c88 100644 --- a/modules/app_engine/outputs.tf +++ b/modules/app_engine/outputs.tf @@ -16,30 +16,30 @@ output "name" { description = "Unique name of the app, usually apps/{PROJECT_ID}." - value = "${google_app_engine_application.app.0.name}" + value = "${google_app_engine_application.app.name}" } output "url_dispatch_rule" { description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." - value = "${google_app_engine_application.app.0.url_dispatch_rule}" + value = "${google_app_engine_application.app.url_dispatch_rule}" } output "code_bucket" { description = "The GCS bucket code is being stored in for this app." - value = "${google_app_engine_application.app.0.code_bucket}" + value = "${google_app_engine_application.app.code_bucket}" } output "default_hostname" { description = "The default hostname for this app." - value = "${google_app_engine_application.app.0.default_hostname}" + value = "${google_app_engine_application.app.default_hostname}" } output "default_bucket" { description = "The GCS bucket content is being stored in for this app." - value = "${google_app_engine_application.app.0.default_bucket}" + value = "${google_app_engine_application.app.default_bucket}" } output "gcr_domain" { description = "The GCR domain used for storing managed Docker images for this app." - value = "${google_app_engine_application.app.0.gcr_domain}" + value = "${google_app_engine_application.app.gcr_domain}" } diff --git a/modules/core_project_factory/README.md b/modules/core_project_factory/README.md index 77e66a6b..2602fbef 100644 --- a/modules/core_project_factory/README.md +++ b/modules/core_project_factory/README.md @@ -2,59 +2,47 @@ [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate_apis | The list of apis to activate within the project | list | `` | no | -| app_engine_auth_domain | The domain to authenticate users with when using App Engine's User API. | string | `` | no | -| app_engine_enabled | Enable App Engine on the project. | string | `false` | no | -| app_engine_feature_settings | A block of optional settings to configure specific App Engine features. | string | `` | no | -| app_engine_location_id | The location to serve the app from. | string | `` | no | -| app_engine_serving_status | The serving status of the App Engine application. | string | `SERVING` | no | -| auto_create_network | Create the default network | string | `false` | no | -| billing_account | The ID of the billing account to associate this project with | string | - | yes | -| bucket_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | -| bucket_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | -| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | -| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | -| folder_id | The ID of a folder to host this project | string | `` | no | -| group_email | The email address of a group to control the project by being assigned group_role. | string | - | yes | -| group_role | The role to give the controlling group (group_name) over the project. | string | `` | no | +| activate\_apis | The list of apis to activate within the project | list | `` | no | +| auto\_create\_network | Create the default network | string | `"false"` | no | +| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | +| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `""` | no | +| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no | +| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no | +| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no | +| folder\_id | The ID of a folder to host this project | string | `""` | no | +| group\_email | The email address of a group to control the project by being assigned group_role. | string | n/a | yes | +| group\_role | The role to give the controlling group (group_name) over the project. | string | `""` | no | | labels | Map of labels for project | map | `` | no | -| lien | Add a lien on the project to prevent accidental deletion | string | `false` | no | -| manage_group | A toggle to indicate if a G Suite group should be managed. | string | `false` | no | -| name | The name for the project | string | - | yes | -| org_id | The organization ID. | string | - | yes | -| random_project_id | Enables project random id generation | string | `false` | no | -| sa_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | -| shared_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | -| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | -| usage_bucket_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | -| usage_bucket_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| lien | Add a lien on the project to prevent accidental deletion | string | `"false"` | no | +| manage\_group | A toggle to indicate if a G Suite group should be managed. | string | `"false"` | no | +| name | The name for the project | string | n/a | yes | +| org\_id | The organization ID. | string | n/a | yes | +| random\_project\_id | Enables project random id generation | string | `"false"` | no | +| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `""` | no | +| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `""` | no | +| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | +| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | +| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | ## Outputs | Name | Description | |------|-------------| -| api_s_account | API service account email | -| api_s_account_fmt | API service account email formatted for terraform use | -| app_engine_code_bucket | The GCS bucket code is being stored in for this app. | -| app_engine_default_bucket | The GCS bucket content is being stored in for this app. | -| app_engine_default_hostname | The default hostname for this app. | -| app_engine_gcr_domain | The GCR domain used for storing managed Docker images for this app. | -| app_engine_name | Unique name of the app, usually apps/{PROJECT_ID}. | -| app_engine_url_dispatch_rule | A list of dispatch rule blocks. Each block has a domain, path, and service field. | -| project_bucket_name | The name of the projec's bucket | -| project_bucket_self_link | Project's bucket selfLink | -| project_bucket_url | Project's bucket url | -| project_id | | -| project_number | | -| service_account_display_name | The display name of the default service account | -| service_account_email | The email of the default service account | -| service_account_id | The id of the default service account | -| service_account_name | The fully-qualified name of the default service account | -| service_account_unique_id | The unique id of the default service account | +| api\_s\_account | API service account email | +| api\_s\_account\_fmt | API service account email formatted for terraform use | +| project\_bucket\_name | The name of the projec's bucket | +| project\_bucket\_self\_link | Project's bucket selfLink | +| project\_bucket\_url | Project's bucket url | +| project\_id | | +| project\_number | | +| service\_account\_display\_name | The display name of the default service account | +| service\_account\_email | The email of the default service account | +| service\_account\_id | The id of the default service account | +| service\_account\_name | The fully-qualified name of the default service account | +| service\_account\_unique\_id | The unique id of the default service account | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf index a2dbef8b..2fd90d86 100644 --- a/modules/core_project_factory/variables.tf +++ b/modules/core_project_factory/variables.tf @@ -119,28 +119,3 @@ variable "disable_services_on_destroy" { default = "true" type = "string" } - -variable "app_engine_enabled" { - description = "Enable App Engine on the project." - default = false -} - -variable "app_engine_location_id" { - description = "The location to serve the app from." - default = "" -} - -variable "app_engine_auth_domain" { - description = "The domain to authenticate users with when using App Engine's User API." - default = "" -} - -variable "app_engine_serving_status" { - description = "The serving status of the App Engine application." - default = "SERVING" -} - -variable "app_engine_feature_settings" { - description = "A block of optional settings to configure specific App Engine features." - default = [] -} diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md index 02377f6e..799024a3 100644 --- a/modules/gsuite_enabled/README.md +++ b/modules/gsuite_enabled/README.md @@ -55,62 +55,50 @@ The roles granted are specifically: [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate_apis | The list of apis to activate within the project | list | `` | no | -| api_sa_group | A GSuite group to place the Google APIs Service Account for the project in | string | `` | no | -| app_engine_auth_domain | The domain to authenticate users with when using App Engine's User API. | string | `` | no | -| app_engine_enabled | Enable App Engine on the project. | string | `false` | no | -| app_engine_feature_settings | A block of optional settings to configure specific App Engine features. | string | `` | no | -| app_engine_location_id | The location to serve the app from. | string | `` | no | -| app_engine_serving_status | The serving status of the App Engine application. | string | `SERVING` | no | -| auto_create_network | Create the default network | string | `false` | no | -| billing_account | The ID of the billing account to associate this project with | string | - | yes | -| bucket_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `` | no | -| bucket_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `` | no | -| create_group | Whether to create the group or not | string | `false` | no | -| credentials_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes | -| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed | string | `true` | no | -| domain | The domain name (optional). | string | `` | no | -| folder_id | The ID of a folder to host this project | string | `` | no | -| group_name | A group to control the project by being assigned group_role - defaults to ${project_name}-editors | string | `` | no | -| group_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `roles/editor` | no | +| activate\_apis | The list of apis to activate within the project | list | `` | no | +| api\_sa\_group | A GSuite group to place the Google APIs Service Account for the project in | string | `""` | no | +| auto\_create\_network | Create the default network | string | `"false"` | no | +| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes | +| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `""` | no | +| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no | +| create\_group | Whether to create the group or not | string | `"false"` | no | +| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | n/a | yes | +| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no | +| domain | The domain name (optional). | string | `""` | no | +| folder\_id | The ID of a folder to host this project | string | `""` | no | +| group\_name | A group to control the project by being assigned group_role - defaults to ${project_name}-editors | string | `""` | no | +| group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `"roles/editor"` | no | | labels | Map of labels for project | map | `` | no | -| lien | Add a lien on the project to prevent accidental deletion | string | `false` | no | -| name | The name for the project | string | - | yes | -| org_id | The organization ID. | string | - | yes | -| random_project_id | Enables project random id generation | string | `false` | no | -| sa_group | A GSuite group to place the default Service Account for the project in | string | `` | no | -| sa_role | A role to give the default Service Account for the project (defaults to none) | string | `` | no | -| shared_vpc | The ID of the host project which hosts the shared VPC | string | `` | no | -| shared_vpc_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | -| usage_bucket_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `` | no | -| usage_bucket_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `` | no | +| lien | Add a lien on the project to prevent accidental deletion | string | `"false"` | no | +| name | The name for the project | string | n/a | yes | +| org\_id | The organization ID. | string | n/a | yes | +| random\_project\_id | Enables project random id generation | string | `"false"` | no | +| sa\_group | A GSuite group to place the default Service Account for the project in | string | `""` | no | +| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `""` | no | +| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `""` | no | +| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list | `` | no | +| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | +| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | ## Outputs | Name | Description | |------|-------------| -| app_engine_code_bucket | The GCS bucket code is being stored in for this app. | -| app_engine_default_bucket | The GCS bucket content is being stored in for this app. | -| app_engine_default_hostname | The default hostname for this app. | -| app_engine_gcr_domain | The GCR domain used for storing managed Docker images for this app. | -| app_engine_name | Unique name of the app, usually apps/{PROJECT_ID}. | -| app_engine_url_dispatch_rule | A list of dispatch rule blocks. Each block has a domain, path, and service field. | | domain | The organization's domain | -| group_email | The email of the created GSuite group with group_name | -| project_bucket_self_link | Project's bucket selfLink | -| project_bucket_url | Project's bucket url | -| project_id | | -| project_number | | -| service_account_display_name | The display name of the default service account | -| service_account_email | The email of the default service account | -| service_account_id | The id of the default service account | -| service_account_name | The fully-qualified name of the default service account | -| service_account_unique_id | The unique id of the default service account | +| group\_email | The email of the created GSuite group with group_name | +| project\_bucket\_self\_link | Project's bucket selfLink | +| project\_bucket\_url | Project's bucket url | +| project\_id | | +| project\_number | | +| service\_account\_display\_name | The display name of the default service account | +| service\_account\_email | The email of the default service account | +| service\_account\_id | The id of the default service account | +| service\_account\_name | The fully-qualified name of the default service account | +| service\_account\_unique\_id | The unique id of the default service account | [^]: (autogen_docs_end) diff --git a/modules/gsuite_group/README.md b/modules/gsuite_group/README.md index 7fbd4c03..967689bd 100644 --- a/modules/gsuite_group/README.md +++ b/modules/gsuite_group/README.md @@ -2,14 +2,13 @@ [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| domain | The domain name | string | `` | no | -| name | The name of the group. | string | - | yes | -| org_id | The organization ID. | string | - | yes | +| domain | The domain name | string | `""` | no | +| name | The name of the group. | string | n/a | yes | +| org\_id | The organization ID. | string | n/a | yes | ## Outputs diff --git a/modules/project_services/README.md b/modules/project_services/README.md index c05e5dea..8a4ebbc6 100644 --- a/modules/project_services/README.md +++ b/modules/project_services/README.md @@ -23,20 +23,19 @@ See [examples/project_services](./examples/project_services) for an example. [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| activate_apis | The list of apis to activate within the project | list | - | yes | -| disable_services_on_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | string | `true` | no | -| enable_apis | Whether to actually enable the APIs. If false, this module is a no-op. | string | `true` | no | -| project_id | The GCP project you want to enable APIs on | string | - | yes | +| activate\_apis | The list of apis to activate within the project | list | n/a | yes | +| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | string | `"true"` | no | +| enable\_apis | Whether to actually enable the APIs. If false, this module is a no-op. | string | `"true"` | no | +| project\_id | The GCP project you want to enable APIs on | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| project_id | The GCP project you want to enable APIs on | +| project\_id | The GCP project you want to enable APIs on | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/modules/project_services/examples/project_services/README.md b/modules/project_services/examples/project_services/README.md index 1852f124..98c58d0e 100755 --- a/modules/project_services/examples/project_services/README.md +++ b/modules/project_services/examples/project_services/README.md @@ -8,18 +8,17 @@ Expected variables: [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| credentials_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `` | no | -| project_id | The GCP project you want to enable APIs on | string | - | yes | +| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no | +| project\_id | The GCP project you want to enable APIs on | string | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| project_id | The GCP project you want to enable APIs on | +| project\_id | The GCP project you want to enable APIs on | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/test/fixtures/full/README.md b/test/fixtures/full/README.md index 258bf2df..7c03eb77 100644 --- a/test/fixtures/full/README.md +++ b/test/fixtures/full/README.md @@ -2,43 +2,42 @@ [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing_account | | string | - | yes | -| create_group | | string | `false` | no | -| credentials_path | Path to a service account credentials file with rights to run the Project Factory. This is required for the `full` test fixture. | string | `` | no | -| domain | | string | - | yes | -| folder_id | | string | `` | no | -| group_name | | string | `` | no | -| group_role | | string | `roles/viewer` | no | -| gsuite_admin_account | | string | - | yes | -| org_id | | string | - | yes | -| region | | string | `us-east4` | no | -| sa_group | | string | `` | no | -| sa_role | | string | `roles/editor` | no | -| shared_vpc | | string | `` | no | -| usage_bucket_name | | string | `` | no | -| usage_bucket_prefix | | string | `` | no | +| billing\_account | | string | n/a | yes | +| create\_group | | string | `"false"` | no | +| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. This is required for the `full` test fixture. | string | `""` | no | +| domain | | string | n/a | yes | +| folder\_id | | string | `""` | no | +| group\_name | | string | `""` | no | +| group\_role | | string | `"roles/viewer"` | no | +| gsuite\_admin\_account | | string | n/a | yes | +| org\_id | | string | n/a | yes | +| region | | string | `"us-east4"` | no | +| sa\_group | | string | `""` | no | +| sa\_role | | string | `"roles/editor"` | no | +| shared\_vpc | | string | `""` | no | +| usage\_bucket\_name | | string | `""` | no | +| usage\_bucket\_prefix | | string | `""` | no | ## Outputs | Name | Description | |------|-------------| | domain | | -| extra_service_account_email | | -| group_email | | -| group_role | | -| gsuite_admin_account | | -| project_id | | -| project_number | | +| extra\_service\_account\_email | | +| group\_email | | +| group\_role | | +| gsuite\_admin\_account | | +| project\_id | | +| project\_number | | | region | | -| sa_role | | -| service_account_email | | -| shared_vpc | | -| usage_bucket_name | | -| usage_bucket_prefix | | +| sa\_role | | +| service\_account\_email | | +| shared\_vpc | | +| usage\_bucket\_name | | +| usage\_bucket\_prefix | | [^]: (autogen_docs_end) \ No newline at end of file diff --git a/test/fixtures/minimal/README.md b/test/fixtures/minimal/README.md index 6b9732e9..8898b5c5 100644 --- a/test/fixtures/minimal/README.md +++ b/test/fixtures/minimal/README.md @@ -2,41 +2,40 @@ [^]: (autogen_docs_start) - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| billing_account | | string | - | yes | -| create_group | | string | `false` | no | -| domain | | string | - | yes | -| folder_id | | string | `` | no | -| group_name | | string | `` | no | -| group_role | | string | `roles/viewer` | no | -| gsuite_admin_account | | string | - | yes | -| org_id | | string | - | yes | -| region | | string | `us-east4` | no | -| sa_group | | string | `` | no | -| sa_role | | string | `roles/editor` | no | -| shared_vpc | | string | `` | no | -| usage_bucket_name | | string | `` | no | -| usage_bucket_prefix | | string | `` | no | +| billing\_account | | string | n/a | yes | +| create\_group | | string | `"false"` | no | +| domain | | string | n/a | yes | +| folder\_id | | string | `""` | no | +| group\_name | | string | `""` | no | +| group\_role | | string | `"roles/viewer"` | no | +| gsuite\_admin\_account | | string | n/a | yes | +| org\_id | | string | n/a | yes | +| region | | string | `"us-east4"` | no | +| sa\_group | | string | `""` | no | +| sa\_role | | string | `"roles/editor"` | no | +| shared\_vpc | | string | `""` | no | +| usage\_bucket\_name | | string | `""` | no | +| usage\_bucket\_prefix | | string | `""` | no | ## Outputs | Name | Description | |------|-------------| | domain | | -| group_email | | -| group_role | | -| gsuite_admin_account | | -| project_id | | -| project_number | | +| group\_email | | +| group\_role | | +| gsuite\_admin\_account | | +| project\_id | | +| project\_number | | | region | | -| sa_role | | -| service_account_email | | -| shared_vpc | | -| usage_bucket_name | | -| usage_bucket_prefix | | +| sa\_role | | +| service\_account\_email | | +| shared\_vpc | | +| usage\_bucket\_name | | +| usage\_bucket\_prefix | | [^]: (autogen_docs_end) \ No newline at end of file From bd5ea1848403f840450fab6586b795481e5b1004 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Wed, 27 Feb 2019 10:39:42 -0800 Subject: [PATCH 12/13] Remove gcr_domain due to bug in TF provider --- modules/app_engine/outputs.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/app_engine/outputs.tf b/modules/app_engine/outputs.tf index c6764c88..74b31ff2 100644 --- a/modules/app_engine/outputs.tf +++ b/modules/app_engine/outputs.tf @@ -38,8 +38,3 @@ output "default_bucket" { description = "The GCS bucket content is being stored in for this app." value = "${google_app_engine_application.app.default_bucket}" } - -output "gcr_domain" { - description = "The GCR domain used for storing managed Docker images for this app." - value = "${google_app_engine_application.app.gcr_domain}" -} From 479b9bd818e1e5339789ac10b20b9d8ec17730f7 Mon Sep 17 00:00:00 2001 From: Danny Seymour Date: Wed, 27 Feb 2019 12:23:46 -0800 Subject: [PATCH 13/13] Clean up suggestions from code review --- CHANGELOG.md | 1 - README.md | 4 ++-- docs/upgrading_to_project_factory_v2.0.md | 20 +++++++++----------- modules/app_engine/main.tf | 2 +- modules/app_engine/outputs.tf | 10 +++++----- 5 files changed, 17 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7585d166..6aa47141 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,7 +33,6 @@ Extending the adopted spec, each change should have a link to its corresponding ## [1.1.0] - 2019-02-22 ### ADDED -- Added separate App Engine module. [#134] - Preconditions script checks billing account format. [#117] - Add project_services submodule. [#133] diff --git a/README.md b/README.md index 45d7911d..1d30728d 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ access, Service Accounts, and API enablement to follow best practices. To include G Suite integration for creating groups and adding Service Accounts into groups, use the [gsuite_enabled module][gsuite-enabled-module]. -## Version +## Upgrading -Current version is 2.0. Upgrade guides: +The current version is 2.X. The following guides are available to assist with upgrades: - [0.X -> 1.0](./docs/upgrading_to_project_factory_v1.0.md) - [1.X -> 2.0](./docs/upgrading_to_project_factory_v2.0.md) diff --git a/docs/upgrading_to_project_factory_v2.0.md b/docs/upgrading_to_project_factory_v2.0.md index 94bd4962..719f5f21 100644 --- a/docs/upgrading_to_project_factory_v2.0.md +++ b/docs/upgrading_to_project_factory_v2.0.md @@ -4,19 +4,14 @@ The v2.0 release of Project Factory is a backwards incompatible release. It only ## Migration Instructions -### App Engine +### App Engine Argument Changes -These steps are only required if you are currently using the `app_engine` argument. - -#### App Engine Argument Changes - -The old version of project factory used a single field for configuring App Engine (`app_engine`): +Version 1.X of Project Factory used the `app_engine` map variable to configure App Engine: ```hcl /// @file main.tf - module "project-factory" { - ... + # ... app_engine { location_id = "${var.region}" auth_domain = "${var.domain}" @@ -30,10 +25,13 @@ module "project-factory" { } ``` -The new version of project factory uses a new module named `app_engine`. It accepts +Version 2.X of Project Factory uses a new module named `app_engine`: ```hcl /// @file main.tf +module "project-factory" { + # ... +} module "app-engine" { source = "terraform-google-modules/project-factory/google//modules/app_engine" @@ -51,12 +49,12 @@ module "app-engine" { } ``` -#### App Engine State Import +### App Engine State Import The new implementation uses the `google_app_engine_application` resource which needs to be imported into the current state (make sure to replace `$YOUR_PROJECT_ID`): ```sh -terraform import module.app-engine.google_app_engine_application.app $YOUR_PROJECT_ID +terraform import module.app-engine.google_app_engine_application.main $YOUR_PROJECT_ID ``` After importing, run `terraform` `plan` and `apply`. diff --git a/modules/app_engine/main.tf b/modules/app_engine/main.tf index 338c018b..8eb480e2 100644 --- a/modules/app_engine/main.tf +++ b/modules/app_engine/main.tf @@ -14,7 +14,7 @@ * limitations under the License. */ -resource "google_app_engine_application" "app" { +resource "google_app_engine_application" "main" { project = "${var.project_id}" location_id = "${var.location_id}" auth_domain = "${var.auth_domain}" diff --git a/modules/app_engine/outputs.tf b/modules/app_engine/outputs.tf index 74b31ff2..8bb007c1 100644 --- a/modules/app_engine/outputs.tf +++ b/modules/app_engine/outputs.tf @@ -16,25 +16,25 @@ output "name" { description = "Unique name of the app, usually apps/{PROJECT_ID}." - value = "${google_app_engine_application.app.name}" + value = "${google_app_engine_application.main.name}" } output "url_dispatch_rule" { description = "A list of dispatch rule blocks. Each block has a domain, path, and service field." - value = "${google_app_engine_application.app.url_dispatch_rule}" + value = "${google_app_engine_application.main.url_dispatch_rule}" } output "code_bucket" { description = "The GCS bucket code is being stored in for this app." - value = "${google_app_engine_application.app.code_bucket}" + value = "${google_app_engine_application.main.code_bucket}" } output "default_hostname" { description = "The default hostname for this app." - value = "${google_app_engine_application.app.default_hostname}" + value = "${google_app_engine_application.main.default_hostname}" } output "default_bucket" { description = "The GCS bucket content is being stored in for this app." - value = "${google_app_engine_application.app.default_bucket}" + value = "${google_app_engine_application.main.default_bucket}" }