From 2df6bc61933e121fa69c7f5a344a907988b98646 Mon Sep 17 00:00:00 2001
From: omazin <osmansimf@rambler.ru>
Date: Wed, 18 Dec 2019 11:12:41 +0300
Subject: [PATCH 1/4] Fix typo. Fix #334.

---
 CHANGELOG.md                                       |  9 +++++++--
 README.md                                          |  2 +-
 docs/TROUBLESHOOTING.md                            |  2 +-
 examples/simple_project/README.md                  |  2 +-
 examples/simple_project/variables.tf               |  2 +-
 modules/core_project_factory/main.tf               |  8 ++++----
 .../scripts/modify-service-account.sh              | 14 +++++++-------
 modules/core_project_factory/variables.tf          |  2 +-
 modules/gsuite_enabled/README.md                   |  2 +-
 modules/gsuite_enabled/variables.tf                |  2 +-
 modules/shared_vpc/variables.tf                    |  2 +-
 variables.tf                                       |  2 +-
 12 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e9b1b7f16..4d24050c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,10 @@ Extending the adopted spec, each change should have a link to its corresponding
 - The `python_interpreter_path` variable which can be altered to support execution in a Windows environment. [#265]
 - Support for importing existing projects. [#138]
 
+### Changed
+
+- Fixed typo in `default_service_account` variable's default value from `depriviledge` to `deprivilege`. [#342]
+
 ## [6.0.0] - 2019-11-26
 
 6.0.0 is a backwards incompatible release. See the [upgrade guide](./docs/upgrading_to_project_factory_v6.0.md) for details.
@@ -112,7 +116,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 ### Fixed
 
-- Precoditions script handles projects with a large number of enabled APIs. [#220]
+- Preconditions script handles projects with a large number of enabled APIs. [#220]
 
 ## [2.3.0] - 2019-05-28
 
@@ -120,7 +124,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 - Feature that toggles authoritative management of project services. [#213]
 - Option that provides ability to choose the region of the bucket [#207]
-- Added option to depriviledge or keep default compute service account. [#186]
+- Added option to deprivilege or keep default compute service account. [#186]
 
 ### Fixed
 
@@ -280,6 +284,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 [0.2.1]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v0.1.0...v0.2.0
 
+[#342]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/342
 [#313]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/313
 [#300]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/300
 [#309]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/309
diff --git a/README.md b/README.md
index e715f732a..25a5caf16 100644
--- a/README.md
+++ b/README.md
@@ -122,7 +122,7 @@ determining that location is as follows:
 | bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `""` | no |
 | bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no |
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no |
-| default\_service\_account | Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`. | string | `"disable"` | no |
+| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | string | `"disable"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | bool | `"true"` | no |
 | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no |
 | domain | The domain name (optional). | string | `""` | no |
diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md
index d524fb4a7..e21dbd6ba 100644
--- a/docs/TROUBLESHOOTING.md
+++ b/docs/TROUBLESHOOTING.md
@@ -251,7 +251,7 @@ requires that the default compute service account be in place in the project.
 In order to deploy an App Engine Flex application into a project created by Project Factory,
 the default service account must not be disabled (as is the default behavior) or deleted. To prevent the
 default service account from being deleted, ensure that the `default_service_account` input
-is set to either `depriviledge` or `keep`.
+is set to either `deprivilege` or `keep`.
 
 - - -
 ### Seed project missing APIs
diff --git a/examples/simple_project/README.md b/examples/simple_project/README.md
index 404275635..5e98f618c 100644
--- a/examples/simple_project/README.md
+++ b/examples/simple_project/README.md
@@ -15,7 +15,7 @@ Expected variables:
 |------|-------------|:----:|:-----:|:-----:|
 | billing\_account | The ID of the billing account to associate this project with | string | n/a | yes |
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no |
-| default\_service\_account | Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`. | string | n/a | yes |
+| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | string | n/a | yes |
 | organization\_id | The organization id for the associated services | string | n/a | yes |
 
 ## Outputs
diff --git a/examples/simple_project/variables.tf b/examples/simple_project/variables.tf
index 9bfe288c8..0e1a8789c 100644
--- a/examples/simple_project/variables.tf
+++ b/examples/simple_project/variables.tf
@@ -28,6 +28,6 @@ variable "credentials_path" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
 }
 
diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
index 0ae87f054..5624b7a02 100644
--- a/modules/core_project_factory/main.tf
+++ b/modules/core_project_factory/main.tf
@@ -209,10 +209,10 @@ EOD
 }
 
 /*********************************************
-  Default compute service account depriviledge
+  Default compute service account deprivilege
  ********************************************/
-resource "null_resource" "depriviledge_default_compute_service_account" {
-  count = var.default_service_account == "depriviledge" ? 1 : 0
+resource "null_resource" "deprivilege_default_compute_service_account" {
+  count = var.default_service_account == "deprivilege" ? 1 : 0
 
   provisioner "local-exec" {
     command    = <<EOD
@@ -221,7 +221,7 @@ ${path.module}/scripts/modify-service-account.sh \
   --sa_id='${data.null_data_source.default_service_account.outputs["email"]}' \
   --credentials_path='${var.credentials_path}' \
   --impersonate-service-account='${var.impersonate_service_account}' \
-  --action='depriviledge'
+  --action='deprivilege'
 EOD
     on_failure = "continue"
   }
diff --git a/modules/core_project_factory/scripts/modify-service-account.sh b/modules/core_project_factory/scripts/modify-service-account.sh
index 847123513..1a34a1a4d 100755
--- a/modules/core_project_factory/scripts/modify-service-account.sh
+++ b/modules/core_project_factory/scripts/modify-service-account.sh
@@ -72,8 +72,8 @@ delete_sa() {
   fi
 }
 
-# Function to depriviledge the default service account.
-depriviledge_sa() {
+# Function to deprivilege the default service account.
+deprivilege_sa() {
   EDITORS_LIST_COMMAND="gcloud projects get-iam-policy $PROJECT_ID \
   --flatten=bindings[].members \
   --format=table(bindings.role,bindings.members) \
@@ -81,14 +81,14 @@ depriviledge_sa() {
   EDITORS_LIST=$(${EDITORS_LIST_COMMAND} || exit 1)
 
   if [[ $EDITORS_LIST = *"$SA_ID"* ]]; then
-      echo "Depriviledge service account $SA_ID in project $PROJECT_ID"
+      echo "Deprivilege service account $SA_ID in project $PROJECT_ID"
       SA_DEPRIV_COMMAND="gcloud projects remove-iam-policy-binding $PROJECT_ID \
       --member=serviceAccount:$SA_ID \
       --role=roles/editor \
       --project=$PROJECT_ID $APPEND_IMPERSONATE"
       ${SA_DEPRIV_COMMAND}
   else
-      echo "Service account not listed. It appears to have already been depriviledged."
+      echo "Service account not listed. It appears to have already been deprivileged."
   fi
 }
 
@@ -113,10 +113,10 @@ disable_sa() {
 # Perform specified action of default service account.
 case $SA_ACTION in
   delete)
-      depriviledge_sa
+      deprivilege_sa
       delete_sa ;;
-  depriviledge)
-      depriviledge_sa ;;
+  deprivilege)
+      deprivilege_sa ;;
   disable)
       disable_sa ;;
   keep)
diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
index f81366ebd..f19859599 100644
--- a/modules/core_project_factory/variables.tf
+++ b/modules/core_project_factory/variables.tf
@@ -156,7 +156,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }
diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md
index 21d74260a..741306357 100644
--- a/modules/gsuite_enabled/README.md
+++ b/modules/gsuite_enabled/README.md
@@ -67,7 +67,7 @@ The roles granted are specifically:
 | bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no |
 | create\_group | Whether to create the group or not | bool | `"false"` | no |
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no |
-| default\_service\_account | Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`. | string | `"disable"` | no |
+| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | string | `"disable"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | string | `"true"` | no |
 | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no |
 | domain | The domain name (optional). | string | `""` | no |
diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf
index 912f29772..05b6a48a3 100644
--- a/modules/gsuite_enabled/variables.tf
+++ b/modules/gsuite_enabled/variables.tf
@@ -154,7 +154,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }
diff --git a/modules/shared_vpc/variables.tf b/modules/shared_vpc/variables.tf
index 3d2ff4d6c..423443b82 100755
--- a/modules/shared_vpc/variables.tf
+++ b/modules/shared_vpc/variables.tf
@@ -148,7 +148,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }
diff --git a/variables.tf b/variables.tf
index 9e4bf3202..3c83f34e2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -156,7 +156,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }

From bbaa10edc8c87f846ef77c4a8fa772c34c4dae13 Mon Sep 17 00:00:00 2001
From: omazin <osmansimf@rambler.ru>
Date: Wed, 18 Dec 2019 11:19:20 +0300
Subject: [PATCH 2/4] Update change log.

---
 CHANGELOG.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d24050c1..a675cf87d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,7 +15,8 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 ### Changed
 
-- Fixed typo in `default_service_account` variable's default value from `depriviledge` to `deprivilege`. [#342]
+- When deleting a service account, deprivilege first to remove IAM binding [#341]
+- Fixed typo in `default_service_account` variable's default value from `depriviledge` to `deprivilege`. [#345]
 
 ## [6.0.0] - 2019-11-26
 
@@ -284,7 +285,8 @@ Extending the adopted spec, each change should have a link to its corresponding
 [0.2.1]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v0.1.0...v0.2.0
 
-[#342]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/342
+[#345]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/345
+[#341]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/341
 [#313]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/313
 [#300]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/300
 [#309]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/309

From 411771ad4671e98081cbf1e795db46a39278958c Mon Sep 17 00:00:00 2001
From: Aaron Lane <10655063+aaron-lane@users.noreply.github.com>
Date: Wed, 18 Dec 2019 11:10:53 -0500
Subject: [PATCH 3/4] Move #345 to Fixed in CHANGELOG

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a675cf87d..bc24daec9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,9 @@ Extending the adopted spec, each change should have a link to its corresponding
 ### Changed
 
 - When deleting a service account, deprivilege first to remove IAM binding [#341]
+
+### Fixed
+
 - Fixed typo in `default_service_account` variable's default value from `depriviledge` to `deprivilege`. [#345]
 
 ## [6.0.0] - 2019-11-26

From d9fa967186e07d4800cac7e385b9cbdd165c0be9 Mon Sep 17 00:00:00 2001
From: Aaron Lane <10655063+aaron-lane@users.noreply.github.com>
Date: Wed, 18 Dec 2019 11:24:57 -0500
Subject: [PATCH 4/4] Add #324, #331, #338, 6.1.0 to CHANGELOG

---
 CHANGELOG.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc24daec9..d5e17d42a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 ## [Unreleased]
 
+## [6.1.0] - 2019-12-18
+
 ### Added
 
 - The `python_interpreter_path` variable which can be altered to support execution in a Windows environment. [#265]
@@ -16,10 +18,13 @@ Extending the adopted spec, each change should have a link to its corresponding
 ### Changed
 
 - When deleting a service account, deprivilege first to remove IAM binding [#341]
+- The preconditions script checks for the existence of `gcloud`. [#331]
+- The service account setup script only requests the specified project. [#338]
 
 ### Fixed
 
 - Fixed typo in `default_service_account` variable's default value from `depriviledge` to `deprivilege`. [#345]
+- The `feature_settings` variable on the `app_engine` submodule has a valid default. [#324]
 
 ## [6.0.0] - 2019-11-26
 
@@ -256,7 +261,8 @@ Extending the adopted spec, each change should have a link to its corresponding
 ### ADDED
 - This is the initial release of the Project Factory Module.
 
-[Unreleased]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v6.0.0...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v6.1.0...HEAD
+[6.1.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v6.0.0...v6.1.0
 [6.0.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v5.0.0...v6.0.0
 [5.0.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v4.0.1...v5.0.0
 [4.0.1]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v4.0.0...v4.0.1
@@ -290,6 +296,9 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 [#345]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/345
 [#341]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/341
+[#338]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/338
+[#331]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/331
+[#324]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/324
 [#313]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/313
 [#300]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/300
 [#309]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/309