Merge branch 'master' into feat_vpc_gcs_config

CHANGELOG.md

@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 Extending the adopted spec, each change should have a link to its corresponding pull request appended.
 
+## [15.0.1](https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v15.0.0...v15.0.1) (2024-05-17)
+
+
+### Bug Fixes
+
+* **core_project_factory:** ignore if SA already exists ([#910](https://github.com/terraform-google-modules/terraform-google-project-factory/issues/910)) ([cfd7f3f](https://github.com/terraform-google-modules/terraform-google-project-factory/commit/cfd7f3f15e0866fe09cc5ec4a2f8e94398c773d9))
+
 ## [15.0.0](https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v14.5.0...v15.0.0) (2024-05-02)
 
 

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.20
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.21
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -29,7 +29,7 @@ There are multiple examples included in the [examples](./examples/) folder but s
 ```hcl
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name                 = "pf-test-1"
   random_project_id    = true
@@ -132,6 +132,7 @@ determining that location is as follows:
 | budget\_display\_name | The display name of the budget. If not set defaults to `Budget For <projects[0]|All Projects>` | `string` | `null` | no |
 | budget\_labels | A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget. | `map(string)` | `{}` | no |
 | budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | `list(string)` | `[]` | no |
+| cloud\_armor\_tier | Managed protection tier to be set. Possible values are: CA\_STANDARD, CA\_ENTERPRISE\_PAYGO | `string` | `null` | no |
 | consumer\_quotas | The quotas configuration you want to override for the project. | <pre>list(object({<br>    service    = string,<br>    metric     = string,<br>    dimensions = map(string),<br>    limit      = string,<br>    value      = string,<br>  }))</pre> | `[]` | no |
 | create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
 | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
@@ -200,8 +201,8 @@ determining that location is as follows:
 -   [gcloud sdk](https://cloud.google.com/sdk/install) >= 269.0.0
 -   [jq](https://stedolan.github.io/jq/) >= 1.6
 -   [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
--   [terraform-provider-google] plugin >= 5.22
--   [terraform-provider-google-beta] plugin >= 5.22
+-   [terraform-provider-google] plugin >= 5.33
+-   [terraform-provider-google-beta] plugin >= 5.33
 -   [terraform-provider-gsuite] plugin ~> 0.1.x if GSuite functionality is desired
 
 ### Permissions

build/int.cloudbuild.yaml

@@ -188,7 +188,7 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.20'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.21'
 options:
   machineType: 'N1_HIGHCPU_8'
   env:

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.20'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.21'

docs/upgrading_to_project_factory_v16.0.md

@@ -0,0 +1,7 @@
+# Upgrading to Project Factory v16.0
+
+The v16.0 release of Project Factory is a backwards incompatible release.
+
+### Google Cloud Platform Provider upgrade
+
+The Project Factory module now requires version `5.33` or higher of the Google Cloud Platform Provider and `5.33` or higher of the Google Cloud Platform Beta Provider.

examples/app_engine/main.tf

@@ -22,7 +22,7 @@ resource "random_string" "suffix" {
 
 module "app-engine-project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   name              = "appeng-${random_string.suffix.result}"
   random_project_id = true
@@ -36,7 +36,7 @@ module "app-engine-project" {
 
 module "app-engine" {
   source  = "terraform-google-modules/project-factory/google//modules/app_engine"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   project_id  = module.app-engine-project.project_id
   location_id = "us-east4"

examples/budget_project/main.tf

@@ -22,7 +22,7 @@ resource "random_string" "suffix" {
 
 module "budget_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   name                     = "budget-project-${random_string.suffix.result}"
   random_project_id        = true
@@ -49,7 +49,7 @@ resource "google_pubsub_topic" "budget" {
 
 module "additional_budget" {
   source  = "terraform-google-modules/project-factory/google//modules/budget"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   billing_account        = var.billing_account
   projects               = [var.parent_project_id, module.budget_project.project_id]

examples/essential_contacts/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   name              = "pf-ci-test-ec-${var.random_string_for_testing}"
   random_project_id = true

examples/fabric_project/main.tf

@@ -27,7 +27,7 @@ resource "random_string" "prefix" {
 
 module "fabric-project" {
   source  = "terraform-google-modules/project-factory/google//modules/fabric-project"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   activate_apis   = var.activate_apis
   billing_account = var.billing_account

examples/gke_shared_vpc/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   random_project_id    = true
   name                 = "sample-gke-shared-project"

examples/group_project/main.tf

@@ -29,7 +29,7 @@ provider "gsuite" {
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   random_project_id = true
   name              = "group-sample-project"

examples/project-hierarchy/main.tf

@@ -33,7 +33,7 @@ resource "google_folder" "prod" {
 
 module "project-prod-gke" {
   source  = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   random_project_id = true
   name              = "hierarchy-sample-prod-gke"
@@ -44,7 +44,7 @@ module "project-prod-gke" {
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google//modules/gsuite_enabled"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   random_project_id = true
   name              = "hierarchy-sample-factory"

examples/project_services/main.tf

@@ -19,7 +19,7 @@
  *****************************************/
 module "project-services" {
   source  = "terraform-google-modules/project-factory/google//modules/project_services"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   project_id                  = var.project_id
   enable_apis                 = var.enable

examples/quota_project/main.tf

@@ -26,7 +26,7 @@ resource "random_string" "suffix" {
 
 module "quota-project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   name              = "pf-ci-test-quota-${random_string.suffix.result}"
   random_project_id = true

examples/shared_vpc/main.tf

@@ -24,7 +24,7 @@ locals {
  *****************************************/
 module "host-project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   random_project_id              = true
   name                           = var.host_project_name
@@ -93,7 +93,7 @@ module "vpc" {
  *****************************************/
 module "service-project" {
   source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   name              = var.service_project_name
   random_project_id = false
@@ -120,7 +120,7 @@ module "service-project" {
  *****************************************/
 module "service-project-b" {
   source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   name              = "b-${var.service_project_name}"
   random_project_id = false
@@ -154,7 +154,7 @@ module "service-project-b" {
  *****************************************/
 module "service-project-c" {
   source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   name              = "c-${var.service_project_name}"
   random_project_id = false

examples/simple_project/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   random_project_id       = true
   name                    = "simple-sample-project"

examples/tags_project/main.tf

@@ -16,7 +16,7 @@
 
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 14.0"
+  version = "~> 15.0"
 
   random_project_id       = true
   name                    = "simple-tag-project"

main.tf

@@ -71,6 +71,7 @@ module "project-factory" {
   vpc_service_control_sleep_duration = var.vpc_service_control_sleep_duration
   default_network_tier               = var.default_network_tier
   tag_binding_values                 = var.tag_binding_values
+  cloud_armor_tier                   = var.cloud_armor_tier
 }
 
 /******************************************

metadata.yaml

@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
     sourceType: git
-  version: 15.0.0
+  version: 15.0.1
   actuationTool:
     type: Terraform
     version: '>=0.13.0'

modules/budget/metadata.yaml

@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
     sourceType: git
-  version: 15.0.0
+  version: 15.0.1
   actuationTool:
     type: Terraform
     version: '>= 0.13'

modules/budget/versions.tf

@@ -25,9 +25,9 @@ terraform {
   }
 
   provider_meta "google" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:budget/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:budget/v15.0.1"
   }
   provider_meta "google-beta" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:budget/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:budget/v15.0.1"
   }
 }

modules/core_project_factory/main.tf

@@ -143,10 +143,11 @@ resource "google_project_default_service_accounts" "default_service_accounts" {
   Default Service Account configuration
  *****************************************/
 resource "google_service_account" "default_service_account" {
-  count        = var.create_project_sa ? 1 : 0
-  account_id   = var.project_sa_name
-  display_name = "${var.name} Project Service Account"
-  project      = google_project.main.project_id
+  count                        = var.create_project_sa ? 1 : 0
+  account_id                   = var.project_sa_name
+  display_name                 = "${var.name} Project Service Account"
+  project                      = google_project.main.project_id
+  create_ignore_already_exists = true
 }
 
 /**************************************************
@@ -394,3 +395,14 @@ resource "google_tags_tag_binding" "bindings" {
   parent    = "//cloudresourcemanager.googleapis.com/projects/${google_project.main.number}"
   tag_value = "tagValues/${each.value}"
 }
+
+/******************************************
+  Cloud Armor tier of the project
+ *****************************************/
+
+resource "google_compute_project_cloud_armor_tier" "cloud_armor_tier_config" {
+  count = var.cloud_armor_tier == null ? 0 : 1
+
+  project          = var.project_id
+  cloud_armor_tier = var.cloud_armor_tier
+}

modules/core_project_factory/variables.tf

@@ -278,3 +278,9 @@ variable "tag_binding_values" {
   type        = list(string)
   default     = []
 }
+
+variable "cloud_armor_tier" {
+  description = "Managed protection tier to be set. Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO"
+  type        = string
+  default     = null
+}

modules/core_project_factory/versions.tf

@@ -20,11 +20,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 5.22, < 6"
+      version = ">= 5.33, < 6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 5.22, < 6"
+      version = ">= 5.33, < 6"
     }
     null = {
       source  = "hashicorp/null"

modules/essential_contacts/metadata.yaml

@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
     sourceType: git
-  version: 15.0.0
+  version: 15.0.1
   actuationTool:
     type: Terraform
     version: '>= 0.13'

modules/essential_contacts/versions.tf

@@ -27,9 +27,9 @@ terraform {
     }
   }
   provider_meta "google" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:essential_contacts/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:essential_contacts/v15.0.1"
   }
   provider_meta "google-beta" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:essential_contacts/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:essential_contacts/v15.0.1"
   }
 }

modules/fabric-project/metadata.yaml

@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
     sourceType: git
-  version: 15.0.0
+  version: 15.0.1
   actuationTool:
     type: Terraform
     version: '>= 0.13'

modules/fabric-project/versions.tf

@@ -24,9 +24,9 @@ terraform {
     }
   }
   provider_meta "google" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:fabric-project/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:fabric-project/v15.0.1"
   }
   provider_meta "google-beta" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:fabric-project/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:fabric-project/v15.0.1"
   }
 }

modules/gsuite_enabled/metadata.yaml

@@ -23,7 +23,7 @@ spec:
   source:
     repo: https://github.com/terraform-google-modules/terraform-google-project-factory.git
     sourceType: git
-  version: 15.0.0
+  version: 15.0.1
   actuationTool:
     type: Terraform
     version: '>= 0.13'

modules/gsuite_enabled/versions.tf

@@ -31,9 +31,9 @@ terraform {
     }
   }
   provider_meta "google" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:gsuite_enabled/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:gsuite_enabled/v15.0.1"
   }
   provider_meta "google-beta" {
-    module_name = "blueprints/terraform/terraform-google-project-factory:gsuite_enabled/v15.0.0"
+    module_name = "blueprints/terraform/terraform-google-project-factory:gsuite_enabled/v15.0.1"
   }
 }