Merge pull request #805 from GoogleCloudPlatform/jccb/project-apis
Change `modules/project` service_config default
This commit is contained in:
Julio Castillo
GitHub
commit
c5216c7ec3
|
|
@ -29,10 +29,6 @@ module "project" {
|
|||
"cloudfunctions.googleapis.com",
|
||||
"compute.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false,
|
||||
disable_dependent_services = false
|
||||
}
|
||||
custom_roles = {
|
||||
(local.role_name) = [
|
||||
"compute.instances.list",
|
||||
|
|
|
|||
|
|
@ -30,10 +30,6 @@ module "project" {
|
|||
"dns.googleapis.com",
|
||||
"servicedirectory.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false,
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
module "vpc" {
|
||||
|
|
|
|||
|
|
@ -29,10 +29,6 @@ module "project" {
|
|||
parent = var.folder_id
|
||||
prefix = var.prefix
|
||||
services = var.project_services
|
||||
service_config = {
|
||||
disable_on_destroy = false,
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
module "vpc" {
|
||||
|
|
|
|||
|
|
@ -33,10 +33,6 @@ module "project" {
|
|||
services = [
|
||||
"compute.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
project_create = var.project_create != null
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -30,10 +30,6 @@ module "project" {
|
|||
services = [
|
||||
"compute.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
module "service-account-image-builder" {
|
||||
|
|
|
|||
|
|
@ -30,10 +30,6 @@ module "project" {
|
|||
"compute.googleapis.com",
|
||||
"cloudfunctions.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false,
|
||||
disable_dependent_services = false
|
||||
}
|
||||
iam = {
|
||||
"roles/monitoring.metricWriter" = [module.cf.service_account_iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -77,9 +77,6 @@ module "project" {
|
|||
"storage.googleapis.com",
|
||||
"storage-component.googleapis.com",
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false, disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
module "vpc" {
|
||||
|
|
|
|||
|
|
@ -49,11 +49,6 @@ module "project" {
|
|||
bq = [try(local.service_encryption_keys.bq, null)]
|
||||
storage = [try(local.service_encryption_keys.storage, null)]
|
||||
}
|
||||
|
||||
service_config = {
|
||||
disable_on_destroy = false,
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
|
|
|
|||
|
|
@ -129,9 +129,6 @@ module "project" {
|
|||
host_project = local.shared_vpc_project
|
||||
service_identity_iam = {}
|
||||
}
|
||||
service_config = {
|
||||
disable_on_destroy = false, disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "shared_vpc" {
|
||||
|
|
|
|||
|
|
@ -53,7 +53,4 @@ module "project" {
|
|||
host_project = var.shared_vpc_project_id
|
||||
service_identity_iam = {}
|
||||
}
|
||||
service_config = {
|
||||
disable_on_destroy = false, disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,10 +44,6 @@ module "gke-project-0" {
|
|||
],
|
||||
var.project_services
|
||||
)
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
shared_vpc_service_config = {
|
||||
attach = true
|
||||
host_project = var.vpc_config.host_project_id
|
||||
|
|
|
|||
|
|
@ -40,10 +40,6 @@ module "project" {
|
|||
"compute.googleapis.com",
|
||||
"container.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false,
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
################################################################################
|
||||
|
|
|
|||
|
|
@ -45,10 +45,6 @@ module "project" {
|
|||
"compute.googleapis.com",
|
||||
"dns.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
# tftest skip
|
||||
|
|
|
|||
|
|
@ -28,10 +28,6 @@ module "project" {
|
|||
"compute.googleapis.com",
|
||||
"dns.googleapis.com"
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
# test VM in landing region 1
|
||||
|
|
|
|||
|
|
@ -31,10 +31,6 @@ module "project" {
|
|||
"compute.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
]
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
module "service-accounts" {
|
||||
|
|
|
|||
|
|
@ -24,10 +24,6 @@ module "project" {
|
|||
project_create = var.project_create == null ? false : true
|
||||
billing_account = try(var.project_create.billing_account_id, null)
|
||||
parent = try(var.project_create.parent, null)
|
||||
service_config = {
|
||||
disable_dependent_services = false
|
||||
disable_on_destroy = false
|
||||
}
|
||||
services = [
|
||||
"cloudfunctions.googleapis.com",
|
||||
"cloudbuild.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "landing-project" {
|
|||
name = "prod-net-landing-0"
|
||||
parent = var.folder_ids.networking-prod
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "dev-spoke-project" {
|
|||
name = "dev-net-spoke-0"
|
||||
parent = var.folder_ids.networking-dev
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "prod-spoke-project" {
|
|||
name = "prod-net-spoke-0"
|
||||
parent = var.folder_ids.networking-prod
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "landing-project" {
|
|||
name = "prod-net-landing-0"
|
||||
parent = var.folder_ids.networking-prod
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "dev-spoke-project" {
|
|||
name = "dev-net-spoke-0"
|
||||
parent = var.folder_ids.networking-dev
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"container.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "prod-spoke-project" {
|
|||
name = "prod-net-spoke-0"
|
||||
parent = var.folder_ids.networking-prod
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"container.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "landing-project" {
|
|||
name = "prod-net-landing-0"
|
||||
parent = var.folder_ids.networking-prod
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"compute.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "dev-spoke-project" {
|
|||
name = "dev-net-spoke-0"
|
||||
parent = var.folder_ids.networking-dev
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"container.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -22,10 +22,6 @@ module "prod-spoke-project" {
|
|||
name = "prod-net-spoke-0"
|
||||
parent = var.folder_ids.networking-prod
|
||||
prefix = var.prefix
|
||||
service_config = {
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
services = [
|
||||
"container.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
|
|
|
|||
|
|
@ -386,7 +386,7 @@ output "compute_robot" {
|
|||
| [policy_list](variables.tf#L168) | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map(object({ inherit_from_parent = bool suggested_value = string status = bool values = list(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [prefix](variables.tf#L180) | Prefix used to generate project id and name. | <code>string</code> | | <code>null</code> |
|
||||
| [project_create](variables.tf#L186) | Create project. When set to false, uses a data source to reference existing project. | <code>bool</code> | | <code>true</code> |
|
||||
| [service_config](variables.tf#L192) | Configure service API activation. | <code title="object({ disable_on_destroy = bool disable_dependent_services = bool })">object({…})</code> | | <code title="{ disable_on_destroy = true disable_dependent_services = true }">{…}</code> |
|
||||
| [service_config](variables.tf#L192) | Configure service API activation. | <code title="object({ disable_on_destroy = bool disable_dependent_services = bool })">object({…})</code> | | <code title="{ disable_on_destroy = false disable_dependent_services = false }">{…}</code> |
|
||||
| [service_encryption_key_ids](variables.tf#L204) | Cloud KMS encryption key in {SERVICE => [KEY_URL]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [service_perimeter_bridges](variables.tf#L211) | Name of VPC-SC Bridge perimeters to add project into. See comment in the variables file for format. | <code>list(string)</code> | | <code>null</code> |
|
||||
| [service_perimeter_standard](variables.tf#L218) | Name of VPC-SC Standard perimeter to add project into. See comment in the variables file for format. | <code>string</code> | | <code>null</code> |
|
||||
|
|
@ -403,8 +403,8 @@ output "compute_robot" {
|
|||
| [custom_roles](outputs.tf#L17) | Ids of the created custom roles. | |
|
||||
| [name](outputs.tf#L25) | Project name. | |
|
||||
| [number](outputs.tf#L38) | Project number. | |
|
||||
| [project_id](outputs.tf#L51) | Project id. | |
|
||||
| [service_accounts](outputs.tf#L70) | Product robot service accounts in project. | |
|
||||
| [sink_writer_identities](outputs.tf#L86) | Writer identities created for each sink. | |
|
||||
| [project_id](outputs.tf#L56) | Project id. | |
|
||||
| [service_accounts](outputs.tf#L76) | Product robot service accounts in project. | |
|
||||
| [sink_writer_identities](outputs.tf#L92) | Writer identities created for each sink. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -42,9 +42,14 @@ output "number" {
|
|||
google_project_organization_policy.boolean,
|
||||
google_project_organization_policy.list,
|
||||
google_project_service.project_services,
|
||||
google_compute_shared_vpc_host_project.shared_vpc_host,
|
||||
google_compute_shared_vpc_service_project.shared_vpc_service,
|
||||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_project_iam_member.shared_vpc_host_robots,
|
||||
google_kms_crypto_key_iam_member.service_identity_cmek
|
||||
google_kms_crypto_key_iam_member.service_identity_cmek,
|
||||
google_project_service_identity.jit_si,
|
||||
google_project_service_identity.servicenetworking,
|
||||
google_project_iam_member.servicenetworking
|
||||
]
|
||||
}
|
||||
|
||||
|
|
@ -62,6 +67,7 @@ output "project_id" {
|
|||
google_compute_shared_vpc_service_project.service_projects,
|
||||
google_project_iam_member.shared_vpc_host_robots,
|
||||
google_kms_crypto_key_iam_member.service_identity_cmek,
|
||||
google_project_service_identity.jit_si,
|
||||
google_project_service_identity.servicenetworking,
|
||||
google_project_iam_member.servicenetworking
|
||||
]
|
||||
|
|
|
|||
|
|
@ -196,8 +196,8 @@ variable "service_config" {
|
|||
disable_dependent_services = bool
|
||||
})
|
||||
default = {
|
||||
disable_on_destroy = true
|
||||
disable_dependent_services = true
|
||||
disable_on_destroy = false
|
||||
disable_dependent_services = false
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue