From a85d64724105e183eae62eb5cfb1c67b6a862c4d Mon Sep 17 00:00:00 2001
From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com>
Date: Thu, 20 Feb 2020 14:18:08 +0800
Subject: [PATCH 1/6] add use_tf_var_google_credentials_env_var variable

---
 README.md                                 |  1 +
 main.tf                                   | 59 ++++++++++++-----------
 modules/core_project_factory/main.tf      |  9 ++--
 modules/core_project_factory/variables.tf |  6 +++
 variables.tf                              |  6 +++
 5 files changed, 49 insertions(+), 32 deletions(-)

diff --git a/README.md b/README.md
index 7261abfc..25c9eca5 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,7 @@ determining that location is as follows:
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no |
 | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
 | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
+| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run `gcloud auth activate-service-account` with (optional) | bool | `"false"` | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index 4563b1ea..29539d2c 100644
--- a/main.tf
+++ b/main.tf
@@ -28,35 +28,36 @@ module "gsuite_group" {
 module "project-factory" {
   source = "./modules/core_project_factory"
 
-  group_email                 = module.gsuite_group.email
-  group_role                  = var.group_role
-  lien                        = var.lien
-  manage_group                = var.group_name != "" ? "true" : "false"
-  random_project_id           = var.random_project_id
-  org_id                      = var.org_id
-  name                        = var.name
-  project_id                  = var.project_id
-  shared_vpc                  = var.shared_vpc
-  shared_vpc_enabled          = var.shared_vpc != ""
-  billing_account             = var.billing_account
-  folder_id                   = var.folder_id
-  sa_role                     = var.sa_role
-  activate_apis               = var.activate_apis
-  usage_bucket_name           = var.usage_bucket_name
-  usage_bucket_prefix         = var.usage_bucket_prefix
-  credentials_path            = var.credentials_path
-  impersonate_service_account = var.impersonate_service_account
-  shared_vpc_subnets          = var.shared_vpc_subnets
-  labels                      = var.labels
-  bucket_project              = var.bucket_project
-  bucket_name                 = var.bucket_name
-  bucket_location             = var.bucket_location
-  auto_create_network         = var.auto_create_network
-  disable_services_on_destroy = var.disable_services_on_destroy
-  default_service_account     = var.default_service_account
-  disable_dependent_services  = var.disable_dependent_services
-  python_interpreter_path     = var.python_interpreter_path
-  pip_executable_path         = var.pip_executable_path
+  group_email                       = module.gsuite_group.email
+  group_role                        = var.group_role
+  lien                              = var.lien
+  manage_group                      = var.group_name != "" ? "true" : "false"
+  random_project_id                 = var.random_project_id
+  org_id                            = var.org_id
+  name                              = var.name
+  project_id                        = var.project_id
+  shared_vpc                        = var.shared_vpc
+  shared_vpc_enabled                = var.shared_vpc != ""
+  billing_account                   = var.billing_account
+  folder_id                         = var.folder_id
+  sa_role                           = var.sa_role
+  activate_apis                     = var.activate_apis
+  usage_bucket_name                 = var.usage_bucket_name
+  usage_bucket_prefix               = var.usage_bucket_prefix
+  credentials_path                  = var.credentials_path
+  impersonate_service_account       = var.impersonate_service_account
+  shared_vpc_subnets                = var.shared_vpc_subnets
+  labels                            = var.labels
+  bucket_project                    = var.bucket_project
+  bucket_name                       = var.bucket_name
+  bucket_location                   = var.bucket_location
+  auto_create_network               = var.auto_create_network
+  disable_services_on_destroy       = var.disable_services_on_destroy
+  default_service_account           = var.default_service_account
+  disable_dependent_services        = var.disable_dependent_services
+  python_interpreter_path           = var.python_interpreter_path
+  pip_executable_path               = var.pip_executable_path
+  use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
 }
 
 /******************************************
diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
index bb0de28d..7b633894 100644
--- a/modules/core_project_factory/main.tf
+++ b/modules/core_project_factory/main.tf
@@ -160,7 +160,8 @@ module "gcloud_delete" {
   source  = "terraform-google-modules/gcloud/google"
   version = "~> 0.5.0"
 
-  enabled = var.default_service_account == "delete"
+  enabled                           = var.default_service_account == "delete"
+  use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
 
   create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
   create_cmd_body       = <<-EOT
@@ -185,7 +186,8 @@ module "gcloud_deprivilege" {
   source  = "terraform-google-modules/gcloud/google"
   version = "~> 0.5.0"
 
-  enabled = var.default_service_account == "deprivilege"
+  enabled                           = var.default_service_account == "deprivilege"
+  use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
 
   create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
   create_cmd_body       = <<-EOT
@@ -210,7 +212,8 @@ module "gcloud_disable" {
   source  = "terraform-google-modules/gcloud/google"
   version = "~> 0.5.0"
 
-  enabled = var.default_service_account == "disable"
+  enabled                           = var.default_service_account == "disable"
+  use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
 
   create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
   create_cmd_body       = <<-EOT
diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
index a05eb30c..fe917a37 100644
--- a/modules/core_project_factory/variables.tf
+++ b/modules/core_project_factory/variables.tf
@@ -183,3 +183,9 @@ variable "pip_executable_path" {
   type        = string
   default     = "pip3"
 }
+
+variable "use_tf_google_credentials_env_var" {
+  description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
+  type        = string
+  default     = false
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 52709f90..ea09833f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -179,6 +179,12 @@ variable "pip_executable_path" {
   default     = "pip3"
 }
 
+variable "use_tf_google_credentials_env_var" {
+  description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
+  type        = string
+  default     = false
+}
+
 variable "budget_amount" {
   description = "The amount to use for a budget alert"
   type        = number

From 74c4c00137127b04c5033f57bd86182c7d0e3969 Mon Sep 17 00:00:00 2001
From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com>
Date: Mon, 24 Feb 2020 10:36:50 +0800
Subject: [PATCH 2/6] fix use_tf_var_google_credentials_env_var variable type

---
 modules/core_project_factory/variables.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
index fe917a37..12fceb8c 100644
--- a/modules/core_project_factory/variables.tf
+++ b/modules/core_project_factory/variables.tf
@@ -186,6 +186,6 @@ variable "pip_executable_path" {
 
 variable "use_tf_google_credentials_env_var" {
   description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
-  type        = string
+  type        = bool
   default     = false
-}
\ No newline at end of file
+}

From 3b02e4464294488351cba34b72389ed1c1b4edfd Mon Sep 17 00:00:00 2001
From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com>
Date: Mon, 24 Feb 2020 10:40:42 +0800
Subject: [PATCH 3/6] add use tf_var_google_credentials_env_var to variant
 modules

---
 modules/gsuite_enabled/main.tf      | 55 +++++++++++++++--------------
 modules/gsuite_enabled/variables.tf |  6 ++++
 modules/shared_vpc/main.tf          | 55 +++++++++++++++--------------
 modules/shared_vpc/variables.tf     |  6 ++++
 4 files changed, 68 insertions(+), 54 deletions(-)

diff --git a/modules/gsuite_enabled/main.tf b/modules/gsuite_enabled/main.tf
index 5e1f2b7b..f6763d1e 100644
--- a/modules/gsuite_enabled/main.tf
+++ b/modules/gsuite_enabled/main.tf
@@ -71,33 +71,34 @@ module "project-factory" {
     ),
     0,
   )
-  group_role                  = var.group_role
-  lien                        = var.lien
-  manage_group                = var.group_name != "" || var.create_group
-  random_project_id           = var.random_project_id
-  org_id                      = var.org_id
-  name                        = var.name
-  project_id                  = var.project_id
-  shared_vpc                  = var.shared_vpc
-  shared_vpc_enabled          = var.shared_vpc_enabled
-  billing_account             = var.billing_account
-  folder_id                   = var.folder_id
-  sa_role                     = var.sa_role
-  activate_apis               = var.activate_apis
-  usage_bucket_name           = var.usage_bucket_name
-  usage_bucket_prefix         = var.usage_bucket_prefix
-  credentials_path            = var.credentials_path
-  impersonate_service_account = var.impersonate_service_account
-  shared_vpc_subnets          = var.shared_vpc_subnets
-  labels                      = var.labels
-  bucket_project              = var.bucket_project
-  bucket_name                 = var.bucket_name
-  bucket_location             = var.bucket_location
-  auto_create_network         = var.auto_create_network
-  disable_services_on_destroy = var.disable_services_on_destroy
-  default_service_account     = var.default_service_account
-  disable_dependent_services  = var.disable_dependent_services
-  python_interpreter_path     = var.python_interpreter_path
+  group_role                        = var.group_role
+  lien                              = var.lien
+  manage_group                      = var.group_name != "" || var.create_group
+  random_project_id                 = var.random_project_id
+  org_id                            = var.org_id
+  name                              = var.name
+  project_id                        = var.project_id
+  shared_vpc                        = var.shared_vpc
+  shared_vpc_enabled                = var.shared_vpc_enabled
+  billing_account                   = var.billing_account
+  folder_id                         = var.folder_id
+  sa_role                           = var.sa_role
+  activate_apis                     = var.activate_apis
+  usage_bucket_name                 = var.usage_bucket_name
+  usage_bucket_prefix               = var.usage_bucket_prefix
+  credentials_path                  = var.credentials_path
+  impersonate_service_account       = var.impersonate_service_account
+  shared_vpc_subnets                = var.shared_vpc_subnets
+  labels                            = var.labels
+  bucket_project                    = var.bucket_project
+  bucket_name                       = var.bucket_name
+  bucket_location                   = var.bucket_location
+  auto_create_network               = var.auto_create_network
+  disable_services_on_destroy       = var.disable_services_on_destroy
+  default_service_account           = var.default_service_account
+  disable_dependent_services        = var.disable_dependent_services
+  python_interpreter_path           = var.python_interpreter_path
+  use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
 }
 
 /******************************************
diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf
index 274fef17..fea2e8b6 100644
--- a/modules/gsuite_enabled/variables.tf
+++ b/modules/gsuite_enabled/variables.tf
@@ -194,3 +194,9 @@ variable "budget_alert_spent_percents" {
   type        = list(number)
   default     = [0.5, 0.7, 1.0]
 }
+
+variable "use_tf_google_credentials_env_var" {
+  description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
+  type        = bool
+  default     = false
+}
diff --git a/modules/shared_vpc/main.tf b/modules/shared_vpc/main.tf
index b343f06e..d2287345 100755
--- a/modules/shared_vpc/main.tf
+++ b/modules/shared_vpc/main.tf
@@ -28,33 +28,34 @@ module "gsuite_group" {
 module "project-factory" {
   source = "../core_project_factory"
 
-  group_email                 = module.gsuite_group.email
-  group_role                  = var.group_role
-  lien                        = var.lien
-  manage_group                = var.group_name != "" ? "true" : "false"
-  random_project_id           = var.random_project_id
-  org_id                      = var.org_id
-  name                        = var.name
-  project_id                  = var.project_id
-  shared_vpc                  = var.shared_vpc
-  shared_vpc_enabled          = true
-  billing_account             = var.billing_account
-  folder_id                   = var.folder_id
-  sa_role                     = var.sa_role
-  activate_apis               = var.activate_apis
-  usage_bucket_name           = var.usage_bucket_name
-  usage_bucket_prefix         = var.usage_bucket_prefix
-  credentials_path            = var.credentials_path
-  shared_vpc_subnets          = var.shared_vpc_subnets
-  labels                      = var.labels
-  bucket_project              = var.bucket_project
-  bucket_name                 = var.bucket_name
-  bucket_location             = var.bucket_location
-  auto_create_network         = var.auto_create_network
-  disable_services_on_destroy = var.disable_services_on_destroy
-  default_service_account     = var.default_service_account
-  disable_dependent_services  = var.disable_dependent_services
-  python_interpreter_path     = var.python_interpreter_path
+  group_email                       = module.gsuite_group.email
+  group_role                        = var.group_role
+  lien                              = var.lien
+  manage_group                      = var.group_name != "" ? "true" : "false"
+  random_project_id                 = var.random_project_id
+  org_id                            = var.org_id
+  name                              = var.name
+  project_id                        = var.project_id
+  shared_vpc                        = var.shared_vpc
+  shared_vpc_enabled                = true
+  billing_account                   = var.billing_account
+  folder_id                         = var.folder_id
+  sa_role                           = var.sa_role
+  activate_apis                     = var.activate_apis
+  usage_bucket_name                 = var.usage_bucket_name
+  usage_bucket_prefix               = var.usage_bucket_prefix
+  credentials_path                  = var.credentials_path
+  shared_vpc_subnets                = var.shared_vpc_subnets
+  labels                            = var.labels
+  bucket_project                    = var.bucket_project
+  bucket_name                       = var.bucket_name
+  bucket_location                   = var.bucket_location
+  auto_create_network               = var.auto_create_network
+  disable_services_on_destroy       = var.disable_services_on_destroy
+  default_service_account           = var.default_service_account
+  disable_dependent_services        = var.disable_dependent_services
+  python_interpreter_path           = var.python_interpreter_path
+  use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
 }
 
 /******************************************
diff --git a/modules/shared_vpc/variables.tf b/modules/shared_vpc/variables.tf
index 8a91170a..85511dcc 100755
--- a/modules/shared_vpc/variables.tf
+++ b/modules/shared_vpc/variables.tf
@@ -188,3 +188,9 @@ variable "budget_alert_spent_percents" {
   type        = list(number)
   default     = [0.5, 0.7, 1.0]
 }
+
+variable "use_tf_google_credentials_env_var" {
+  description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
+  type        = bool
+  default     = false
+}

From 084abcbe485e9b6839a991f0098e92b70653e33f Mon Sep 17 00:00:00 2001
From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com>
Date: Mon, 2 Mar 2020 10:59:06 +0800
Subject: [PATCH 4/6] update docs :memo:

---
 README.md                        | 2 +-
 modules/gsuite_enabled/README.md | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 750a3c1d..ca600981 100644
--- a/README.md
+++ b/README.md
@@ -146,7 +146,7 @@ determining that location is as follows:
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no |
 | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
 | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
-| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run `gcloud auth activate-service-account` with (optional) | bool | `"false"` | no |
+| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | string | `"false"` | no |
 
 ## Outputs
 
diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md
index 32adccdb..86e3093a 100644
--- a/modules/gsuite_enabled/README.md
+++ b/modules/gsuite_enabled/README.md
@@ -92,6 +92,7 @@ The roles granted are specifically:
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no |
 | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
 | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
+| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | bool | `"false"` | no |
 
 ## Outputs
 

From 13648ca27b75a48569a6948510a7aa7f193be85b Mon Sep 17 00:00:00 2001
From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com>
Date: Tue, 3 Mar 2020 15:46:57 +0800
Subject: [PATCH 5/6] fix bugs :bug:

---
 modules/core_project_factory/main.tf | 4 ++--
 variables.tf                         | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
index 7b633894..762f0daa 100644
--- a/modules/core_project_factory/main.tf
+++ b/modules/core_project_factory/main.tf
@@ -187,7 +187,7 @@ module "gcloud_deprivilege" {
   version = "~> 0.5.0"
 
   enabled                           = var.default_service_account == "deprivilege"
-  use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
+  use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
 
   create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
   create_cmd_body       = <<-EOT
@@ -213,7 +213,7 @@ module "gcloud_disable" {
   version = "~> 0.5.0"
 
   enabled                           = var.default_service_account == "disable"
-  use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
+  use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
 
   create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
   create_cmd_body       = <<-EOT
diff --git a/variables.tf b/variables.tf
index 5d5636ce..622207ee 100644
--- a/variables.tf
+++ b/variables.tf
@@ -181,7 +181,7 @@ variable "pip_executable_path" {
 
 variable "use_tf_google_credentials_env_var" {
   description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
-  type        = string
+  type        = bool
   default     = false
 }
 

From b3c640a34bafb7078224af13e436acc117321bc4 Mon Sep 17 00:00:00 2001
From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com>
Date: Tue, 3 Mar 2020 15:47:29 +0800
Subject: [PATCH 6/6] regenerate docs :memo:

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ca600981..c1d0efc9 100644
--- a/README.md
+++ b/README.md
@@ -146,7 +146,7 @@ determining that location is as follows:
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no |
 | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
 | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
-| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | string | `"false"` | no |
+| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | bool | `"false"` | no |
 
 ## Outputs