diff --git a/README.md b/README.md index ab439f46..8719b72f 100644 --- a/README.md +++ b/README.md @@ -162,6 +162,7 @@ determining that location is as follows: | usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | `string` | `""` | no | | vpc\_service\_control\_attach\_enabled | Whether the project will be attached to a VPC Service Control Perimeter | `bool` | `false` | no | | vpc\_service\_control\_perimeter\_name | The name of a VPC Service Control Perimeter to add the created project to | `string` | `null` | no | +| vpc\_service\_control\_sleep\_duration | The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter. VPC-SC is eventually consistent. | `string` | `"5s"` | no | ## Outputs diff --git a/main.tf b/main.tf index f9e13520..4193db31 100644 --- a/main.tf +++ b/main.tf @@ -66,6 +66,7 @@ module "project-factory" { disable_dependent_services = var.disable_dependent_services vpc_service_control_attach_enabled = var.vpc_service_control_attach_enabled vpc_service_control_perimeter_name = var.vpc_service_control_perimeter_name + vpc_service_control_sleep_duration = var.vpc_service_control_sleep_duration default_network_tier = var.default_network_tier } diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index 4409acb8..3715a2a4 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -108,10 +108,10 @@ module "project_services" { /****************************************** Shared VPC configuration *****************************************/ -resource "time_sleep" "wait_5_seconds" { +resource "time_sleep" "wait_5_seconds" { #TODO rename resource in the next breaking change. count = var.vpc_service_control_attach_enabled ? 1 : 0 depends_on = [google_access_context_manager_service_perimeter_resource.service_perimeter_attachment[0], google_project_service.enable_access_context_manager[0]] - create_duration = "5s" + create_duration = var.vpc_service_control_sleep_duration } resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" { diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf index d6d66142..fd8d62df 100644 --- a/modules/core_project_factory/variables.tf +++ b/modules/core_project_factory/variables.tf @@ -240,6 +240,12 @@ variable "vpc_service_control_perimeter_name" { default = null } +variable "vpc_service_control_sleep_duration" { + description = "The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter. VPC-SC is eventually consistent." + type = string + default = "5s" +} + variable "default_network_tier" { description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers." type = string diff --git a/variables.tf b/variables.tf index 2611bca2..5663c957 100644 --- a/variables.tf +++ b/variables.tf @@ -299,6 +299,12 @@ variable "vpc_service_control_perimeter_name" { default = null } +variable "vpc_service_control_sleep_duration" { + description = "The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter. VPC-SC is eventually consistent." + type = string + default = "5s" +} + variable "grant_services_security_admin_role" { description = "Whether or not to grant Kubernetes Engine Service Agent the Security Admin role on the host project so it can manage firewall rules" type = bool