fix: Support passing service project number to shared_vpc_access to b…

…e Terraform 0.13 compatible (#500)
terraform-google-modules · Nov 24, 2020 · 825d07b · 825d07b
1 parent a3deaad
commit 825d07b
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 9 deletions.
diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf
@@ -56,7 +56,7 @@ module "host-project" {
  *****************************************/
 module "vpc" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 2.1.0"
+  version = "~> 2.5.0"
 
   project_id                             = module.host-project.project_id
   network_name                           = var.network_name

diff --git a/modules/shared_vpc/main.tf b/modules/shared_vpc/main.tf
@@ -62,11 +62,13 @@ module "project-factory" {
   Setting API service accounts for shared VPC
  *****************************************/
 module "shared_vpc_access" {
-  source             = "../shared_vpc_access"
-  host_project_id    = var.shared_vpc
-  service_project_id = module.project-factory.project_id
-  active_apis        = module.project-factory.enabled_apis
-  shared_vpc_subnets = var.shared_vpc_subnets
+  source                 = "../shared_vpc_access"
+  host_project_id        = var.shared_vpc
+  service_project_id     = module.project-factory.project_id
+  active_apis            = module.project-factory.enabled_apis
+  shared_vpc_subnets     = var.shared_vpc_subnets
+  service_project_number = module.project-factory.project_number
+  lookup_project_numbers = false
 }
 
 /******************************************

diff --git a/modules/shared_vpc_access/README.md b/modules/shared_vpc_access/README.md
@@ -30,7 +30,9 @@ module "shared_vpc_access" {
 | active\_apis | The list of active apis on the service project. If api is not active this module will not try to activate it | `list(string)` | `[]` | no |
 | grant\_services\_security\_admin\_role | Whether or not to grant Kubernetes Engine Service Agent the Security Admin role on the host project so it can manage firewall rules | `bool` | `false` | no |
 | host\_project\_id | The ID of the host project which hosts the shared VPC | `string` | n/a | yes |
+| lookup\_project\_numbers | Whether to look up the project numbers from data sources. If false, `service_project_number` will be used instead. | `bool` | `true` | no |
 | service\_project\_id | The ID of the service project | `string` | n/a | yes |
+| service\_project\_number | Project number of the service project. Will be used if `lookup_service_project_number` is false. | `string` | `null` | no |
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project\_id/regions/$region/subnetworks/$subnet\_id) | `list(string)` | `[]` | no |
 
 ## Outputs

diff --git a/modules/shared_vpc_access/main.tf b/modules/shared_vpc_access/main.tf
@@ -15,14 +15,16 @@
  */
 
 data "google_project" "service_project" {
+  count      = var.lookup_project_numbers ? 1 : 0
   project_id = var.service_project_id
 }
 
 locals {
+  service_project_number = var.lookup_project_numbers ? data.google_project.service_project[0].number : var.service_project_number
   apis = {
-    "container.googleapis.com" : format("service-%[email protected]", data.google_project.service_project.number),
-    "dataproc.googleapis.com" : format("service-%[email protected]", data.google_project.service_project.number),
-    "dataflow.googleapis.com" : format("service-%[email protected]", data.google_project.service_project.number),
+    "container.googleapis.com" : format("service-%[email protected]", local.service_project_number),
+    "dataproc.googleapis.com" : format("service-%[email protected]", local.service_project_number),
+    "dataflow.googleapis.com" : format("service-%[email protected]", local.service_project_number),
   }
   gke_shared_vpc_enabled = contains(var.active_apis, "container.googleapis.com")
   active_apis            = setintersection(keys(local.apis), var.active_apis)

diff --git a/modules/shared_vpc_access/variables.tf b/modules/shared_vpc_access/variables.tf
@@ -24,6 +24,18 @@ variable "service_project_id" {
   type        = string
 }
 
+variable "service_project_number" {
+  description = "Project number of the service project. Will be used if `lookup_service_project_number` is false."
+  type        = string
+  default     = null
+}
+
+variable "lookup_project_numbers" {
+  description = "Whether to look up the project numbers from data sources. If false, `service_project_number` will be used instead."
+  type        = bool
+  default     = true
+}
+
 variable "shared_vpc_subnets" {
   description = "List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id)"
   type        = list(string)