Fixes based on comments on the PR

data-solutions/cmek-via-centralized-kms/README.md

@@ -35,21 +35,23 @@ This sample creates several distinct groups of resources:
 | name | description | type | required | default |
 |---|---|:---: |:---:|:---:|
 | billing_account | Billing account id used as default for new projects. | <code title="">string</code> | ✓ |  |
-| projects_parent | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id. | <code title="">string</code> | ✓ |  |
+| root_node | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id. | <code title="">string</code> | ✓ |  |
+| *location* | The location where resources will be deployed. | <code title="">string</code> |  | <code title="">europe</code> |
 | *project_kms_name* | Name for the new KMS Project. | <code title="">string</code> |  | <code title="">my-project-kms-001</code> |
 | *project_service_name* | Name for the new Service Project. | <code title="">string</code> |  | <code title="">my-project-service-001</code> |
-| *resource_location* | The location where resources will be deployed. | <code title="">string</code> |  | <code title="">europe</code> |
-| *resource_region* | The region where resources will be deployed. | <code title="">string</code> |  | <code title="">europe-west1</code> |
-| *resource_zone* | The zone where resources will be deployed. | <code title="">string</code> |  | <code title="">europe-west1-b</code> |
+| *region* | The region where resources will be deployed. | <code title="">string</code> |  | <code title="">europe-west1</code> |
 | *vpc_ip_cidr_range* | Ip range used in the subnet deployef in the Service Project. | <code title="">string</code> |  | <code title="">10.0.0.0/20</code> |
 | *vpc_name* | Name of the VPC created in the Service Project. | <code title="">string</code> |  | <code title="">local</code> |
 | *vpc_subnet_name* | Name of the subnet created in the Service Project. | <code title="">string</code> |  | <code title="">subnet</code> |
+| *zone* | The zone where resources will be deployed. | <code title="">string</code> |  | <code title="">europe-west1-b</code> |
 
 ## Outputs
 
 | name | description | sensitive |
 |---|---|:---:|
-| buckets_keys | GCS Buckets Cloud KMS crypto keys. |  |
+| bucket | GCS Bucket Cloud KMS crypto keys. |  |
+| bucket_keys | GCS Bucket Cloud KMS crypto keys. |  |
 | projects | Project ids. |  |
-| vms_keys | GCE VMs Cloud KMS crypto keys. |  |
+| vm | GCE VMs. |  |
+| vm_keys | GCE VM Cloud KMS crypto keys. |  |
 <!-- END TFDOC -->

data-solutions/cmek-via-centralized-kms/main.tf

@@ -19,7 +19,7 @@
 module "project-service" {
   source          = "../../modules/project"
   name            = var.project_service_name
-  parent          = var.projects_parent
+  parent          = var.root_node
   billing_account = var.billing_account
   services = [
     "compute.googleapis.com",
@@ -32,7 +32,7 @@ module "project-service" {
 module "project-kms" {
   source          = "../../modules/project"
   name            = var.project_kms_name
-  parent          = var.projects_parent
+  parent          = var.root_node
   billing_account = var.billing_account
   services = [
     "cloudkms.googleapis.com",
@@ -53,7 +53,7 @@ module "vpc" {
     {
       ip_cidr_range      = var.vpc_ip_cidr_range
       name               = var.vpc_subnet_name
-      region             = var.resource_region
+      region             = var.region
       secondary_ip_range = {}
     }
   ]
@@ -65,7 +65,6 @@ module "vpc-firewall" {
   network              = module.vpc.name
   admin_ranges_enabled = true
   admin_ranges         = [var.vpc_ip_cidr_range]
-  ssh_source_ranges    = ["0.0.0.0/0"]
 }
 
 ###############################################################################
@@ -77,7 +76,7 @@ module "kms" {
   project_id = module.project-kms.project_id
   keyring = {
     name     = "my-keyring",
-    location = var.resource_location
+    location = var.location
   }
   keys = { key-gce = null, key-gcs = null }
   key_iam_roles = {
@@ -104,12 +103,12 @@ module "kms" {
 module "kms_vm_example" {
   source     = "../../modules/compute-vm"
   project_id = module.project-service.project_id
-  region     = var.resource_region
-  zone       = var.resource_zone
+  region     = var.region
+  zone       = var.zone
   name       = "kms-vm"
   network_interfaces = [{
     network    = module.vpc.self_link,
-    subnetwork = module.vpc.subnet_self_links["${var.resource_region}/subnet"],
+    subnetwork = module.vpc.subnet_self_links["${var.region}/subnet"],
     nat        = false,
     addresses  = null
   }]

data-solutions/cmek-via-centralized-kms/outputs.tf

@@ -12,6 +12,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+output "bucket" {
+  description = "GCS Bucket Cloud KMS crypto keys."
+  value = {
+    for bucket in module.kms-gcs.buckets :
+    bucket.name => bucket.url
+  }
+}
+
+output "bucket_keys" {
+  description = "GCS Bucket Cloud KMS crypto keys."
+  value = {
+    for bucket in module.kms-gcs.buckets :
+    bucket.name => bucket.encryption
+  }
+}
+
 output "projects" {
   description = "Project ids."
   value = {
@@ -20,18 +36,18 @@ output "projects" {
   }
 }
 
-output "vms_keys" {
-  description = "GCE VMs Cloud KMS crypto keys."
+output "vm" {
+  description = "GCE VMs."
+  value = {
+    for instance in concat(module.kms_vm_example.instances) :
+    instance.name => instance.network_interface.0.network_ip
+  }
+}
+
+output "vm_keys" {
+  description = "GCE VM Cloud KMS crypto keys."
   value = {
     for instance in module.kms_vm_example.instances :
     instance.name => instance.boot_disk.0.kms_key_self_link
   }
 }
-
-output "buckets_keys" {
-  description = "GCS Buckets Cloud KMS crypto keys."
-  value = {
-    for bucket in module.kms-gcs.buckets :
-    bucket.name => bucket.encryption
-  }
-}

data-solutions/cmek-via-centralized-kms/variables.tf

@@ -18,6 +18,12 @@ variable "billing_account" {
   type        = string
 }
 
+variable "location" {
+  description = "The location where resources will be deployed."
+  type        = string
+  default     = "europe"
+}
+
 variable "project_service_name" {
   description = "Name for the new Service Project."
   type        = string
@@ -30,27 +36,15 @@ variable "project_kms_name" {
   default     = "my-project-kms-001"
 }
 
-variable "projects_parent" {
-  description = "The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id."
-  type        = string
-}
-
-variable "resource_location" {
-  description = "The location where resources will be deployed."
-  type        = string
-  default     = "europe"
-}
-
-variable "resource_region" {
+variable "region" {
   description = "The region where resources will be deployed."
   type        = string
   default     = "europe-west1"
 }
 
-variable "resource_zone" {
-  description = "The zone where resources will be deployed."
+variable "root_node" {
+  description = "The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id."
   type        = string
-  default     = "europe-west1-b"
 }
 
 variable "vpc_name" {
@@ -70,3 +64,9 @@ variable "vpc_ip_cidr_range" {
   type        = string
   default     = "10.0.0.0/20"
 }
+
+variable "zone" {
+  description = "The zone where resources will be deployed."
+  type        = string
+  default     = "europe-west1-b"
+}

data-solutions/cmek-via-centralized-kms/versions.tf

@@ -13,5 +13,5 @@
 # limitations under the License.
 
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.12.6"
 }