From a85d64724105e183eae62eb5cfb1c67b6a862c4d Mon Sep 17 00:00:00 2001 From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com> Date: Thu, 20 Feb 2020 14:18:08 +0800 Subject: [PATCH 1/6] add use_tf_var_google_credentials_env_var variable --- README.md | 1 + main.tf | 59 ++++++++++++----------- modules/core_project_factory/main.tf | 9 ++-- modules/core_project_factory/variables.tf | 6 +++ variables.tf | 6 +++ 5 files changed, 49 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 7261abfc..25c9eca5 100644 --- a/README.md +++ b/README.md @@ -146,6 +146,7 @@ determining that location is as follows: | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no | | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | +| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run `gcloud auth activate-service-account` with (optional) | bool | `"false"` | no | ## Outputs diff --git a/main.tf b/main.tf index 4563b1ea..29539d2c 100644 --- a/main.tf +++ b/main.tf @@ -28,35 +28,36 @@ module "gsuite_group" { module "project-factory" { source = "./modules/core_project_factory" - group_email = module.gsuite_group.email - group_role = var.group_role - lien = var.lien - manage_group = var.group_name != "" ? "true" : "false" - random_project_id = var.random_project_id - org_id = var.org_id - name = var.name - project_id = var.project_id - shared_vpc = var.shared_vpc - shared_vpc_enabled = var.shared_vpc != "" - billing_account = var.billing_account - folder_id = var.folder_id - sa_role = var.sa_role - activate_apis = var.activate_apis - usage_bucket_name = var.usage_bucket_name - usage_bucket_prefix = var.usage_bucket_prefix - credentials_path = var.credentials_path - impersonate_service_account = var.impersonate_service_account - shared_vpc_subnets = var.shared_vpc_subnets - labels = var.labels - bucket_project = var.bucket_project - bucket_name = var.bucket_name - bucket_location = var.bucket_location - auto_create_network = var.auto_create_network - disable_services_on_destroy = var.disable_services_on_destroy - default_service_account = var.default_service_account - disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path - pip_executable_path = var.pip_executable_path + group_email = module.gsuite_group.email + group_role = var.group_role + lien = var.lien + manage_group = var.group_name != "" ? "true" : "false" + random_project_id = var.random_project_id + org_id = var.org_id + name = var.name + project_id = var.project_id + shared_vpc = var.shared_vpc + shared_vpc_enabled = var.shared_vpc != "" + billing_account = var.billing_account + folder_id = var.folder_id + sa_role = var.sa_role + activate_apis = var.activate_apis + usage_bucket_name = var.usage_bucket_name + usage_bucket_prefix = var.usage_bucket_prefix + credentials_path = var.credentials_path + impersonate_service_account = var.impersonate_service_account + shared_vpc_subnets = var.shared_vpc_subnets + labels = var.labels + bucket_project = var.bucket_project + bucket_name = var.bucket_name + bucket_location = var.bucket_location + auto_create_network = var.auto_create_network + disable_services_on_destroy = var.disable_services_on_destroy + default_service_account = var.default_service_account + disable_dependent_services = var.disable_dependent_services + python_interpreter_path = var.python_interpreter_path + pip_executable_path = var.pip_executable_path + use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var } /****************************************** diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index bb0de28d..7b633894 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -160,7 +160,8 @@ module "gcloud_delete" { source = "terraform-google-modules/gcloud/google" version = "~> 0.5.0" - enabled = var.default_service_account == "delete" + enabled = var.default_service_account == "delete" + use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh" create_cmd_body = <<-EOT @@ -185,7 +186,8 @@ module "gcloud_deprivilege" { source = "terraform-google-modules/gcloud/google" version = "~> 0.5.0" - enabled = var.default_service_account == "deprivilege" + enabled = var.default_service_account == "deprivilege" + use_tf_google_credentials_env_var = use_tf_google_credentials_env_var create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh" create_cmd_body = <<-EOT @@ -210,7 +212,8 @@ module "gcloud_disable" { source = "terraform-google-modules/gcloud/google" version = "~> 0.5.0" - enabled = var.default_service_account == "disable" + enabled = var.default_service_account == "disable" + use_tf_google_credentials_env_var = use_tf_google_credentials_env_var create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh" create_cmd_body = <<-EOT diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf index a05eb30c..fe917a37 100644 --- a/modules/core_project_factory/variables.tf +++ b/modules/core_project_factory/variables.tf @@ -183,3 +183,9 @@ variable "pip_executable_path" { type = string default = "pip3" } + +variable "use_tf_google_credentials_env_var" { + description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." + type = string + default = false +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 52709f90..ea09833f 100644 --- a/variables.tf +++ b/variables.tf @@ -179,6 +179,12 @@ variable "pip_executable_path" { default = "pip3" } +variable "use_tf_google_credentials_env_var" { + description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." + type = string + default = false +} + variable "budget_amount" { description = "The amount to use for a budget alert" type = number From 74c4c00137127b04c5033f57bd86182c7d0e3969 Mon Sep 17 00:00:00 2001 From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com> Date: Mon, 24 Feb 2020 10:36:50 +0800 Subject: [PATCH 2/6] fix use_tf_var_google_credentials_env_var variable type --- modules/core_project_factory/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf index fe917a37..12fceb8c 100644 --- a/modules/core_project_factory/variables.tf +++ b/modules/core_project_factory/variables.tf @@ -186,6 +186,6 @@ variable "pip_executable_path" { variable "use_tf_google_credentials_env_var" { description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." - type = string + type = bool default = false -} \ No newline at end of file +} From 3b02e4464294488351cba34b72389ed1c1b4edfd Mon Sep 17 00:00:00 2001 From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com> Date: Mon, 24 Feb 2020 10:40:42 +0800 Subject: [PATCH 3/6] add use tf_var_google_credentials_env_var to variant modules --- modules/gsuite_enabled/main.tf | 55 +++++++++++++++-------------- modules/gsuite_enabled/variables.tf | 6 ++++ modules/shared_vpc/main.tf | 55 +++++++++++++++-------------- modules/shared_vpc/variables.tf | 6 ++++ 4 files changed, 68 insertions(+), 54 deletions(-) diff --git a/modules/gsuite_enabled/main.tf b/modules/gsuite_enabled/main.tf index 5e1f2b7b..f6763d1e 100644 --- a/modules/gsuite_enabled/main.tf +++ b/modules/gsuite_enabled/main.tf @@ -71,33 +71,34 @@ module "project-factory" { ), 0, ) - group_role = var.group_role - lien = var.lien - manage_group = var.group_name != "" || var.create_group - random_project_id = var.random_project_id - org_id = var.org_id - name = var.name - project_id = var.project_id - shared_vpc = var.shared_vpc - shared_vpc_enabled = var.shared_vpc_enabled - billing_account = var.billing_account - folder_id = var.folder_id - sa_role = var.sa_role - activate_apis = var.activate_apis - usage_bucket_name = var.usage_bucket_name - usage_bucket_prefix = var.usage_bucket_prefix - credentials_path = var.credentials_path - impersonate_service_account = var.impersonate_service_account - shared_vpc_subnets = var.shared_vpc_subnets - labels = var.labels - bucket_project = var.bucket_project - bucket_name = var.bucket_name - bucket_location = var.bucket_location - auto_create_network = var.auto_create_network - disable_services_on_destroy = var.disable_services_on_destroy - default_service_account = var.default_service_account - disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path + group_role = var.group_role + lien = var.lien + manage_group = var.group_name != "" || var.create_group + random_project_id = var.random_project_id + org_id = var.org_id + name = var.name + project_id = var.project_id + shared_vpc = var.shared_vpc + shared_vpc_enabled = var.shared_vpc_enabled + billing_account = var.billing_account + folder_id = var.folder_id + sa_role = var.sa_role + activate_apis = var.activate_apis + usage_bucket_name = var.usage_bucket_name + usage_bucket_prefix = var.usage_bucket_prefix + credentials_path = var.credentials_path + impersonate_service_account = var.impersonate_service_account + shared_vpc_subnets = var.shared_vpc_subnets + labels = var.labels + bucket_project = var.bucket_project + bucket_name = var.bucket_name + bucket_location = var.bucket_location + auto_create_network = var.auto_create_network + disable_services_on_destroy = var.disable_services_on_destroy + default_service_account = var.default_service_account + disable_dependent_services = var.disable_dependent_services + python_interpreter_path = var.python_interpreter_path + use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var } /****************************************** diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf index 274fef17..fea2e8b6 100644 --- a/modules/gsuite_enabled/variables.tf +++ b/modules/gsuite_enabled/variables.tf @@ -194,3 +194,9 @@ variable "budget_alert_spent_percents" { type = list(number) default = [0.5, 0.7, 1.0] } + +variable "use_tf_google_credentials_env_var" { + description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." + type = bool + default = false +} diff --git a/modules/shared_vpc/main.tf b/modules/shared_vpc/main.tf index b343f06e..d2287345 100755 --- a/modules/shared_vpc/main.tf +++ b/modules/shared_vpc/main.tf @@ -28,33 +28,34 @@ module "gsuite_group" { module "project-factory" { source = "../core_project_factory" - group_email = module.gsuite_group.email - group_role = var.group_role - lien = var.lien - manage_group = var.group_name != "" ? "true" : "false" - random_project_id = var.random_project_id - org_id = var.org_id - name = var.name - project_id = var.project_id - shared_vpc = var.shared_vpc - shared_vpc_enabled = true - billing_account = var.billing_account - folder_id = var.folder_id - sa_role = var.sa_role - activate_apis = var.activate_apis - usage_bucket_name = var.usage_bucket_name - usage_bucket_prefix = var.usage_bucket_prefix - credentials_path = var.credentials_path - shared_vpc_subnets = var.shared_vpc_subnets - labels = var.labels - bucket_project = var.bucket_project - bucket_name = var.bucket_name - bucket_location = var.bucket_location - auto_create_network = var.auto_create_network - disable_services_on_destroy = var.disable_services_on_destroy - default_service_account = var.default_service_account - disable_dependent_services = var.disable_dependent_services - python_interpreter_path = var.python_interpreter_path + group_email = module.gsuite_group.email + group_role = var.group_role + lien = var.lien + manage_group = var.group_name != "" ? "true" : "false" + random_project_id = var.random_project_id + org_id = var.org_id + name = var.name + project_id = var.project_id + shared_vpc = var.shared_vpc + shared_vpc_enabled = true + billing_account = var.billing_account + folder_id = var.folder_id + sa_role = var.sa_role + activate_apis = var.activate_apis + usage_bucket_name = var.usage_bucket_name + usage_bucket_prefix = var.usage_bucket_prefix + credentials_path = var.credentials_path + shared_vpc_subnets = var.shared_vpc_subnets + labels = var.labels + bucket_project = var.bucket_project + bucket_name = var.bucket_name + bucket_location = var.bucket_location + auto_create_network = var.auto_create_network + disable_services_on_destroy = var.disable_services_on_destroy + default_service_account = var.default_service_account + disable_dependent_services = var.disable_dependent_services + python_interpreter_path = var.python_interpreter_path + use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var } /****************************************** diff --git a/modules/shared_vpc/variables.tf b/modules/shared_vpc/variables.tf index 8a91170a..85511dcc 100755 --- a/modules/shared_vpc/variables.tf +++ b/modules/shared_vpc/variables.tf @@ -188,3 +188,9 @@ variable "budget_alert_spent_percents" { type = list(number) default = [0.5, 0.7, 1.0] } + +variable "use_tf_google_credentials_env_var" { + description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." + type = bool + default = false +} From 084abcbe485e9b6839a991f0098e92b70653e33f Mon Sep 17 00:00:00 2001 From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com> Date: Mon, 2 Mar 2020 10:59:06 +0800 Subject: [PATCH 4/6] update docs :memo: --- README.md | 2 +- modules/gsuite_enabled/README.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 750a3c1d..ca600981 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ determining that location is as follows: | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no | | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | -| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run `gcloud auth activate-service-account` with (optional) | bool | `"false"` | no | +| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | string | `"false"` | no | ## Outputs diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md index 32adccdb..86e3093a 100644 --- a/modules/gsuite_enabled/README.md +++ b/modules/gsuite_enabled/README.md @@ -92,6 +92,7 @@ The roles granted are specifically: | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no | | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | +| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | bool | `"false"` | no | ## Outputs From 13648ca27b75a48569a6948510a7aa7f193be85b Mon Sep 17 00:00:00 2001 From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com> Date: Tue, 3 Mar 2020 15:46:57 +0800 Subject: [PATCH 5/6] fix bugs :bug: --- modules/core_project_factory/main.tf | 4 ++-- variables.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index 7b633894..762f0daa 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -187,7 +187,7 @@ module "gcloud_deprivilege" { version = "~> 0.5.0" enabled = var.default_service_account == "deprivilege" - use_tf_google_credentials_env_var = use_tf_google_credentials_env_var + use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh" create_cmd_body = <<-EOT @@ -213,7 +213,7 @@ module "gcloud_disable" { version = "~> 0.5.0" enabled = var.default_service_account == "disable" - use_tf_google_credentials_env_var = use_tf_google_credentials_env_var + use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh" create_cmd_body = <<-EOT diff --git a/variables.tf b/variables.tf index 5d5636ce..622207ee 100644 --- a/variables.tf +++ b/variables.tf @@ -181,7 +181,7 @@ variable "pip_executable_path" { variable "use_tf_google_credentials_env_var" { description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with." - type = string + type = bool default = false } From b3c640a34bafb7078224af13e436acc117321bc4 Mon Sep 17 00:00:00 2001 From: Gabriel Aguilar-Svensk <gabriel.a.svensk@gmail.com> Date: Tue, 3 Mar 2020 15:47:29 +0800 Subject: [PATCH 6/6] regenerate docs :memo: --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ca600981..c1d0efc9 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ determining that location is as follows: | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no | | usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no | | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no | -| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | string | `"false"` | no | +| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | bool | `"false"` | no | ## Outputs