From 31ac6ee094858c207fef237ec3128871cecd0e9d Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lcaggioni@google.com>
Date: Tue, 7 Jul 2020 10:49:06 +0200
Subject: [PATCH] Remove Project level VPC-SC handling. The configuration
 option is too limited (for example: no dry_run mode supported).

---
 modules/project/README.md    |  2 --
 modules/project/main.tf      | 15 ---------------
 modules/project/variables.tf | 22 ----------------------
 3 files changed, 39 deletions(-)

diff --git a/modules/project/README.md b/modules/project/README.md
index 8f861788..db182e04 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -103,8 +103,6 @@ module "project" {
 | *project_create* | Create project. When set to false, uses a data source to reference existing project. | <code title="">bool</code> |  | <code title="">true</code> |
 | *service_config* | Configure service API activation. | <code title="object&#40;&#123;&#10;disable_on_destroy         &#61; bool&#10;disable_dependent_services &#61; bool&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;disable_on_destroy         &#61; true&#10;disable_dependent_services &#61; true&#10;&#125;">...</code> |
 | *services* | Service APIs to enable. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
-| *vpc_sc_perimeter* | None | <code title="">string</code> |  | <code title="">null</code> |
-| *vpc_sc_perimeter_bridges* | None | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
 
 ## Outputs
 
diff --git a/modules/project/main.tf b/modules/project/main.tf
index b3bd29c8..a9239970 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -212,18 +212,3 @@ resource "google_project_organization_policy" "list" {
     }
   }
 }
-
-resource "google_access_context_manager_service_perimeter_resource" "standard" {
-  for_each       = toset([var.vpc_sc_perimeter])
-  perimeter_name = each.key
-  resource       = "projects/${google_project.project.number}"
-}
-
-resource "google_access_context_manager_service_perimeter_resource" "bridges" {
-  for_each       = toset(var.vpc_sc_perimeter_bridges)
-  perimeter_name = each.key
-  resource       = "projects/${google_project.project.number}"
-  depends_on = [
-    google_access_context_manager_service_perimeter_resource.standard,
-  ]  
-}
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index e7507037..44677620 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -138,25 +138,3 @@ variable "service_config" {
     disable_dependent_services = true
   }
 }
-
-variable "vpc_sc_perimeter" {
-  description = <<EOF
-    Name of the VPC-SC perimeter the project belongs to. Must be of the form accessPolicies/{policy_id}/servicePerimeters/{short_name}.
-    If this resource is used alongside a `google_access_context_manager_service_perimeter` resource, 
-    the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].resources] 
-    so they don't fight over which resources should be in the policy.
-  EOF
-  type        = string
-  default     = null
-}
-
-variable "vpc_sc_perimeter_bridges" {
-  description = <<EOF
-    List of VPC-SC perimeter bridges the project belongs to. Must be of the form accessPolicies/{policy_id}/servicePerimeters/{short_name}.
-    If this resource is used alongside a `google_access_context_manager_service_perimeter` resource, 
-    the service perimeter resource must have a lifecycle block with ignore_changes = [status[0].resources] 
-    so they don't fight over which resources should be in the policy.
-  EOF
-  type        = list(string)
-  default     = []
-}
\ No newline at end of file