Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add use_tf_var_google_credentials_env_var variable #377

Merged
merged 7 commits into from
Mar 3, 2020
Merged

Add use_tf_var_google_credentials_env_var variable #377

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a85d647
add use_tf_var_google_credentials_env_var variable
gaba-xyz Feb 20, 2020
74c4c00
fix use_tf_var_google_credentials_env_var variable type
gaba-xyz Feb 24, 2020
3b02e44
add use tf_var_google_credentials_env_var to variant modules
gaba-xyz Feb 24, 2020
15e65fe
Merge branch 'master' into feature/add-use-tf-var-google-credentials-…
morgante Feb 25, 2020
084abcb
update docs :memo:
gaba-xyz Mar 2, 2020
13648ca
fix bugs :bug:
gaba-xyz Mar 3, 2020
b3c640a
regenerate docs :memo:
gaba-xyz Mar 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ determining that location is as follows:
| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no |
| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run `gcloud auth activate-service-account` with (optional) | bool | `"false"` | no |

## Outputs

Expand Down
59 changes: 30 additions & 29 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,35 +28,36 @@ module "gsuite_group" {
module "project-factory" {
source = "./modules/core_project_factory"

group_email = module.gsuite_group.email
group_role = var.group_role
lien = var.lien
manage_group = var.group_name != "" ? "true" : "false"
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
project_id = var.project_id
shared_vpc = var.shared_vpc
shared_vpc_enabled = var.shared_vpc != ""
billing_account = var.billing_account
folder_id = var.folder_id
sa_role = var.sa_role
activate_apis = var.activate_apis
usage_bucket_name = var.usage_bucket_name
usage_bucket_prefix = var.usage_bucket_prefix
credentials_path = var.credentials_path
impersonate_service_account = var.impersonate_service_account
shared_vpc_subnets = var.shared_vpc_subnets
labels = var.labels
bucket_project = var.bucket_project
bucket_name = var.bucket_name
bucket_location = var.bucket_location
auto_create_network = var.auto_create_network
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
python_interpreter_path = var.python_interpreter_path
pip_executable_path = var.pip_executable_path
group_email = module.gsuite_group.email
group_role = var.group_role
lien = var.lien
manage_group = var.group_name != "" ? "true" : "false"
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
project_id = var.project_id
shared_vpc = var.shared_vpc
shared_vpc_enabled = var.shared_vpc != ""
billing_account = var.billing_account
folder_id = var.folder_id
sa_role = var.sa_role
activate_apis = var.activate_apis
usage_bucket_name = var.usage_bucket_name
usage_bucket_prefix = var.usage_bucket_prefix
credentials_path = var.credentials_path
impersonate_service_account = var.impersonate_service_account
shared_vpc_subnets = var.shared_vpc_subnets
labels = var.labels
bucket_project = var.bucket_project
bucket_name = var.bucket_name
bucket_location = var.bucket_location
auto_create_network = var.auto_create_network
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
python_interpreter_path = var.python_interpreter_path
pip_executable_path = var.pip_executable_path
use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
}

/******************************************
Expand Down
9 changes: 6 additions & 3 deletions modules/core_project_factory/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,8 @@ module "gcloud_delete" {
source = "terraform-google-modules/gcloud/google"
version = "~> 0.5.0"

enabled = var.default_service_account == "delete"
enabled = var.default_service_account == "delete"
use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var

create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
create_cmd_body = <<-EOT
Expand All @@ -185,7 +186,8 @@ module "gcloud_deprivilege" {
source = "terraform-google-modules/gcloud/google"
version = "~> 0.5.0"

enabled = var.default_service_account == "deprivilege"
enabled = var.default_service_account == "deprivilege"
use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var


create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
create_cmd_body = <<-EOT
Expand All @@ -210,7 +212,8 @@ module "gcloud_disable" {
source = "terraform-google-modules/gcloud/google"
version = "~> 0.5.0"

enabled = var.default_service_account == "disable"
enabled = var.default_service_account == "disable"
use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
use_tf_google_credentials_env_var = use_tf_google_credentials_env_var
use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var


create_cmd_entrypoint = "${path.module}/scripts/modify-service-account.sh"
create_cmd_body = <<-EOT
Expand Down
6 changes: 6 additions & 0 deletions modules/core_project_factory/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,3 +183,9 @@ variable "pip_executable_path" {
type = string
default = "pip3"
}

variable "use_tf_google_credentials_env_var" {
description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
type = bool
default = false
}
55 changes: 28 additions & 27 deletions modules/gsuite_enabled/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,33 +71,34 @@ module "project-factory" {
),
0,
)
group_role = var.group_role
lien = var.lien
manage_group = var.group_name != "" || var.create_group
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
project_id = var.project_id
shared_vpc = var.shared_vpc
shared_vpc_enabled = var.shared_vpc_enabled
billing_account = var.billing_account
folder_id = var.folder_id
sa_role = var.sa_role
activate_apis = var.activate_apis
usage_bucket_name = var.usage_bucket_name
usage_bucket_prefix = var.usage_bucket_prefix
credentials_path = var.credentials_path
impersonate_service_account = var.impersonate_service_account
shared_vpc_subnets = var.shared_vpc_subnets
labels = var.labels
bucket_project = var.bucket_project
bucket_name = var.bucket_name
bucket_location = var.bucket_location
auto_create_network = var.auto_create_network
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
python_interpreter_path = var.python_interpreter_path
group_role = var.group_role
lien = var.lien
manage_group = var.group_name != "" || var.create_group
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
project_id = var.project_id
shared_vpc = var.shared_vpc
shared_vpc_enabled = var.shared_vpc_enabled
billing_account = var.billing_account
folder_id = var.folder_id
sa_role = var.sa_role
activate_apis = var.activate_apis
usage_bucket_name = var.usage_bucket_name
usage_bucket_prefix = var.usage_bucket_prefix
credentials_path = var.credentials_path
impersonate_service_account = var.impersonate_service_account
shared_vpc_subnets = var.shared_vpc_subnets
labels = var.labels
bucket_project = var.bucket_project
bucket_name = var.bucket_name
bucket_location = var.bucket_location
auto_create_network = var.auto_create_network
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
python_interpreter_path = var.python_interpreter_path
use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
}

/******************************************
Expand Down
6 changes: 6 additions & 0 deletions modules/gsuite_enabled/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,3 +194,9 @@ variable "budget_alert_spent_percents" {
type = list(number)
default = [0.5, 0.7, 1.0]
}

variable "use_tf_google_credentials_env_var" {
description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
type = bool
default = false
}
55 changes: 28 additions & 27 deletions modules/shared_vpc/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,33 +28,34 @@ module "gsuite_group" {
module "project-factory" {
source = "../core_project_factory"

group_email = module.gsuite_group.email
group_role = var.group_role
lien = var.lien
manage_group = var.group_name != "" ? "true" : "false"
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
project_id = var.project_id
shared_vpc = var.shared_vpc
shared_vpc_enabled = true
billing_account = var.billing_account
folder_id = var.folder_id
sa_role = var.sa_role
activate_apis = var.activate_apis
usage_bucket_name = var.usage_bucket_name
usage_bucket_prefix = var.usage_bucket_prefix
credentials_path = var.credentials_path
shared_vpc_subnets = var.shared_vpc_subnets
labels = var.labels
bucket_project = var.bucket_project
bucket_name = var.bucket_name
bucket_location = var.bucket_location
auto_create_network = var.auto_create_network
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
python_interpreter_path = var.python_interpreter_path
group_email = module.gsuite_group.email
group_role = var.group_role
lien = var.lien
manage_group = var.group_name != "" ? "true" : "false"
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
project_id = var.project_id
shared_vpc = var.shared_vpc
shared_vpc_enabled = true
billing_account = var.billing_account
folder_id = var.folder_id
sa_role = var.sa_role
activate_apis = var.activate_apis
usage_bucket_name = var.usage_bucket_name
usage_bucket_prefix = var.usage_bucket_prefix
credentials_path = var.credentials_path
shared_vpc_subnets = var.shared_vpc_subnets
labels = var.labels
bucket_project = var.bucket_project
bucket_name = var.bucket_name
bucket_location = var.bucket_location
auto_create_network = var.auto_create_network
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
python_interpreter_path = var.python_interpreter_path
use_tf_google_credentials_env_var = var.use_tf_google_credentials_env_var
}

/******************************************
Expand Down
6 changes: 6 additions & 0 deletions modules/shared_vpc/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,3 +188,9 @@ variable "budget_alert_spent_percents" {
type = list(number)
default = [0.5, 0.7, 1.0]
}

variable "use_tf_google_credentials_env_var" {
description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
type = bool
default = false
}
6 changes: 6 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,12 @@ variable "pip_executable_path" {
default = "pip3"
}

variable "use_tf_google_credentials_env_var" {
description = "Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with."
type = string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
type = string
type = bool

default = false
}

variable "budget_amount" {
description = "The amount to use for a budget alert"
type = number
Expand Down