From c7ba3f40de6650fe4f63f351c850cb91af9206cb Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Thu, 6 Feb 2020 14:17:47 +0100 Subject: [PATCH] New project variable to prevent deletion of default network (#32) * New project variable to prevent deletion of default network This is a workaround to fix terraform-google-modules/cloud-foundation-fabric#31 while the GCP terraform provider is fixed * Add TODOs to remove workarounds in the project module * Fix Cloud Build files --- .ci/cloudbuild.lint.yaml | 2 +- .ci/cloudbuild.test.yaml | 6 +++--- modules/project/README.md | 1 + modules/project/main.tf | 15 +++++++++------ modules/project/variables.tf | 8 ++++++++ 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/.ci/cloudbuild.lint.yaml b/.ci/cloudbuild.lint.yaml index c88a13b34c..8c4a51a13d 100644 --- a/.ci/cloudbuild.lint.yaml +++ b/.ci/cloudbuild.lint.yaml @@ -14,7 +14,7 @@ steps: - - name: "python:3-alpine" + - name: "python:3-alpine3.10" id: "boilerplate" args: ["/workspace/.ci/scripts/check_boilerplate.py", "/workspace"] - name: "wata727/tflint" diff --git a/.ci/cloudbuild.test.yaml b/.ci/cloudbuild.test.yaml index 24de3dfad4..7936fdc6cd 100644 --- a/.ci/cloudbuild.test.yaml +++ b/.ci/cloudbuild.test.yaml @@ -13,7 +13,7 @@ # limitations under the License. steps: - - name: python:3-alpine + - name: python:3-alpine3.10 id: prepare entrypoint: sh args: @@ -25,7 +25,7 @@ steps: rm terraform_${_TERRAFORM_VERSION}_linux_amd64.zip && chmod 755 /builder/home/.local/bin/terraform # TODO(ludoo): split into two triggers with different filters - - name: python:3-alpine + - name: python:3-alpine3.10 id: test-foundations entrypoint: pytest args: @@ -33,7 +33,7 @@ steps: - tests/foundations env: - PATH=/usr/local/bin:/usr/bin:/bin:/builder/home/.local/bin - - name: python:3-alpine + - name: python:3-alpine3.10 id: test-infrastructure entrypoint: pytest args: diff --git a/modules/project/README.md b/modules/project/README.md index e4a5ef9d7e..c0da33f4fd 100644 --- a/modules/project/README.md +++ b/modules/project/README.md @@ -41,6 +41,7 @@ module "project" { | *oslogin* | Enable OS Login. | bool | | false | | *oslogin_admins* | List of IAM-style identities that will be granted roles necessary for OS Login administrators. | list(string) | | [] | | *oslogin_users* | List of IAM-style identities that will be granted roles necessary for OS Login users. | list(string) | | [] | +| *prevent_default_network_deletion* | Prevent deletion of default network. Use this if your organization has skipDefaultNetworkCreation enforced. | bool | | false | | *services* | Service APIs to enable. | list(string) | | [] | ## Outputs diff --git a/modules/project/main.tf b/modules/project/main.tf index 345d92c68a..0a5e0a5ffb 100644 --- a/modules/project/main.tf +++ b/modules/project/main.tf @@ -34,12 +34,15 @@ locals { } resource "google_project" "project" { - org_id = local.parent_type == "organizations" ? local.parent_id : "" - folder_id = local.parent_type == "folders" ? local.parent_id : "" - project_id = "${var.prefix}-${var.name}" - name = "${var.prefix}-${var.name}" - billing_account = var.billing_account - auto_create_network = var.auto_create_network + org_id = local.parent_type == "organizations" ? local.parent_id : "" + folder_id = local.parent_type == "folders" ? local.parent_id : "" + project_id = "${var.prefix}-${var.name}" + name = "${var.prefix}-${var.name}" + billing_account = var.billing_account + # TODO: Once terraform-providers/terraform-provider-google#3582 is + # fixed, we remove the condition and just use + # var.auto_create_network + auto_create_network = var.prevent_default_network_deletion ? null : var.auto_create_network labels = var.labels } diff --git a/modules/project/variables.tf b/modules/project/variables.tf index 6d71978d69..6cdf2963c3 100644 --- a/modules/project/variables.tf +++ b/modules/project/variables.tf @@ -106,3 +106,11 @@ variable "services" { type = list(string) default = [] } + +# TODO: Once terraform-providers/terraform-provider-google#3582 is +# fixed, we can remove this variable +variable "prevent_default_network_deletion" { + description = "Prevent deletion of default network (use this if your organization has skipDefaultNetworkCreation enforced)" + type = bool + default = false +}