Allow project name to be changed separately from project ID #154
Conversation
thefirstofthe300
requested review from
aaron-lane,
adrienthebo and
morgante
as code owners
thefirstofthe300
force-pushed
the
ds/import-projects
branch
from
02542e6 to
e0d5c4c
Compare
There was a problem hiding this comment.
The project_id interface needs to be added to the gsuite_enabled module.
We should test these changes against the minimal suite converged from the master branch. Are there any unexpected consequences just from updating? Can the name be changed without destroying resources?
I think you are referring to this change?
https://gist.github.com/thefirstofthe300/d72f2d563196e1fce1ab36b734e64fdb The minimal test converges properly. The full test suite recreates the project because the project ID changes. The precondition being rebuilt is due to an old container version being used and causing the shell command to fail. I'm going to be submitting a PR tomorrow to update the container and make targets since the targets themselves fail right now. |
|
Apologies: I missed the changes to With respect to testing the full suite, can you verify the impact of changing only the name? |
thefirstofthe300
force-pushed
the
ds/import-projects
branch
from
e0d5c4c to
039dd58
Compare
| s_account_fmt = "${format("serviceAccount:%s", google_service_account.default_service_account.email)}" | ||
| api_s_account = "${format("%[email protected]", local.project_number)}" | ||
| api_s_account = "${format("%[email protected]", google_project.main.number)}" |
There was a problem hiding this comment.
Why can't this continue to reference project_number?
There was a problem hiding this comment.
The net effect of this change is a no-op. It removes a level of indirection since local.project_number is referring to google_project.main.number. I see no purpose for continuing to use local.project_number. It makes things a bit more difficult to read so I would much prefer to remove it.
| @@ -26,18 +26,17 @@ resource "random_id" "random_project_id_suffix" { | |||
| *****************************************/ | |||
| locals { | |||
| group_id = "${var.manage_group ? format("group:%s", var.group_email) : ""}" | |||
| project_id = "${google_project.main.project_id}" | |||
| project_number = "${google_project.main.number}" | |||
There was a problem hiding this comment.
Why drop local.project_number?
There was a problem hiding this comment.
The local here is a level of indirection that is unnecessary, IMHO.
There was a problem hiding this comment.
It's easier to manage this in one place instead of having to update it on every resource.
modules/core_project_factory/main.tf
Outdated
| project_org_id = "${var.folder_id != "" ? "" : var.org_id}" | ||
| project_folder_id = "${var.folder_id != "" ? var.folder_id : ""}" | ||
| temp_project_id = "${var.random_project_id ? format("%s-%s",var.name,random_id.random_project_id_suffix.hex) : var.name}" | ||
| project_id = "${var.project_id == "" ? var.name : var.project_id}" |
There was a problem hiding this comment.
I think we should continue to have project_id reference the actual project created.
We can move the conditional check into the project ID itself.
There was a problem hiding this comment.
This local doesn't necessarily refer to the value that will be used to set the project's ID. I'll rename these variables to make the naming a bit more sane.
| @@ -104,7 +103,7 @@ resource "google_resource_manager_lien" "lien" { | |||
| resource "google_project_service" "project_services" { | |||
| count = "${length(var.activate_apis)}" | |||
|
|
|||
| project = "${local.project_id}" | |||
| project = "${google_project.main.project_id}" | |||
There was a problem hiding this comment.
We should keep local.project_id unless there's a reason we can't, similarly for all cases of this replacement.
There was a problem hiding this comment.
I am of the opinion that the project_id local should be removed or repurposed to make the project_id generation more clear. It also adds a layer of redirection that seems unnecessary so my comments on dropping the project_number local applies as well.
thefirstofthe300
force-pushed
the
ds/import-projects
branch
from
039dd58 to
1fbfbdd
Compare
| @@ -26,18 +26,17 @@ resource "random_id" "random_project_id_suffix" { | |||
| *****************************************/ | |||
| locals { | |||
| group_id = "${var.manage_group ? format("group:%s", var.group_email) : ""}" | |||
| project_id = "${google_project.main.project_id}" | |||
| project_number = "${google_project.main.number}" | |||
There was a problem hiding this comment.
The local here is a level of indirection that is unnecessary, IMHO.
| s_account_fmt = "${format("serviceAccount:%s", google_service_account.default_service_account.email)}" | ||
| api_s_account = "${format("%[email protected]", local.project_number)}" | ||
| api_s_account = "${format("%[email protected]", google_project.main.number)}" |
There was a problem hiding this comment.
The net effect of this change is a no-op. It removes a level of indirection since local.project_number is referring to google_project.main.number. I see no purpose for continuing to use local.project_number. It makes things a bit more difficult to read so I would much prefer to remove it.
| @@ -104,7 +103,7 @@ resource "google_resource_manager_lien" "lien" { | |||
| resource "google_project_service" "project_services" { | |||
| count = "${length(var.activate_apis)}" | |||
|
|
|||
| project = "${local.project_id}" | |||
| project = "${google_project.main.project_id}" | |||
There was a problem hiding this comment.
I am of the opinion that the project_id local should be removed or repurposed to make the project_id generation more clear. It also adds a layer of redirection that seems unnecessary so my comments on dropping the project_number local applies as well.
thefirstofthe300
force-pushed
the
ds/import-projects
branch
from
1fbfbdd to
a2f818d
Compare
thefirstofthe300
force-pushed
the
ds/import-projects
branch
from
a2f818d to
6b3182c
Compare
thefirstofthe300
force-pushed
the
ds/import-projects
branch
from
6b3182c to
07a4a56
Compare
| @@ -51,10 +63,6 @@ | |||
| end | |||
| end | |||
|
|
|||
| it "includes the Google App Engine API service account user" do | |||
There was a problem hiding this comment.
@thefirstofthe300 Please do not introduce completely unrelated changes into a different PR. Is this somehow related to the other functionality in this PR and I missed it?
thefirstofthe300
force-pushed
the
ds/import-projects
branch
from
8326d7e to
07a4a56
Compare
Fixes #132.