GoogleCloudPlatform · ludoo · Aug 19, 2019 · Aug 18, 2019 · Aug 19, 2019 · Aug 19, 2019
diff --git a/organization-bootstrap/environments/main.tf b/organization-bootstrap/environments/main.tf
@@ -20,10 +20,9 @@
 
 module "project-tf" {
   source  = "terraform-google-modules/project-factory/google//modules/fabric-project"
-  version = "3.1.0"
+  version = "3.2.0"
   #source          = "github.com/terraform-google-modules/terraform-google-project-factory//modules/fabric-project?ref=32a539a"
-  parent_type     = var.root_type
-  parent_id       = var.org_id
+  parent          = var.root_node
   billing_account = var.billing_account_id
   prefix          = var.prefix
   name            = "terraform"
@@ -38,21 +37,21 @@ module "service-accounts-tf-environments" {
   source             = "terraform-google-modules/service-accounts/google"
   version            = "2.0.0"
   project_id         = module.project-tf.project_id
-  org_id             = var.org_id
+  org_id             = var.organization_id
   billing_account_id = var.billing_account_id
   prefix             = var.prefix
   names              = var.environments
   grant_billing_role = true
   grant_xpn_roles    = true
-  generate_keys      = true
+  generate_keys      = var.generate_service_account_keys
 }
 
 # bootstrap Terraform state  GCS bucket
 
 module "gcs-tf-bootstrap" {
-  # source        = "terraform-google-modules/cloud-storage/google"
-  # version       = "2.0.0"
-  source     = "github.com/terraform-google-modules/terraform-google-cloud-storage?ref=e7243fd"
+  source  = "terraform-google-modules/cloud-storage/google"
+  version = "1.0.0"
+  # source     = "github.com/terraform-google-modules/terraform-google-cloud-storage?ref=e7243fd"
   project_id = module.project-tf.project_id
   prefix     = "${var.prefix}-tf"
   names      = ["tf-bootstrap"]
@@ -62,9 +61,9 @@ module "gcs-tf-bootstrap" {
 # per-environment Terraform state GCS buckets
 
 module "gcs-tf-environments" {
-  # source        = "terraform-google-modules/cloud-storage/google"
-  # version       = "2.0.0"
-  source          = "github.com/terraform-google-modules/terraform-google-cloud-storage?ref=e7243fd"
+  source  = "terraform-google-modules/cloud-storage/google"
+  version = "1.0.0"
+  # source     = "github.com/terraform-google-modules/terraform-google-cloud-storage?ref=e7243fd"
   project_id      = module.project-tf.project_id
   prefix          = "${var.prefix}-tf"
   names           = var.environments
@@ -85,9 +84,8 @@ module "gcs-tf-environments" {
 module "folders-top-level" {
   # source            = "terraform-google-modules/folders/google"
   # version           = "2.0.0"
-  source            = "github.com/terraform-google-modules/terraform-google-folders?ref=26db794564"
-  parent_type       = var.root_type
-  parent_id         = var.org_id
+  source            = "github.com/terraform-google-modules/terraform-google-folders?ref=2cd6a08"
+  parent            = var.root_node
   names             = var.environments
   set_roles         = true
   per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
@@ -107,9 +105,8 @@ module "folders-top-level" {
 
 module "project-audit" {
   source          = "terraform-google-modules/project-factory/google//modules/fabric-project"
-  version         = "3.1.0"
-  parent_type     = var.root_type
-  parent_id       = var.org_id
+  version         = "3.2.0"
+  parent          = var.root_node
   billing_account = var.billing_account_id
   prefix          = var.prefix
   name            = "audit"
@@ -136,7 +133,7 @@ module "log-sink-audit" {
   filter                 = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
   log_sink_name          = "logs-audit-${var.environments[0]}"
   parent_resource_type   = "folder"
-  parent_resource_id     = module.folders-top-level.ids[0]
+  parent_resource_id     = split("/", module.folders-top-level.ids_list[0])[1]
   include_children       = "true"
   unique_writer_identity = "true"
   destination_uri        = "${module.bq-audit-export.destination_uri}"
@@ -150,9 +147,8 @@ module "log-sink-audit" {
 
 module "project-shared-resources" {
   source          = "terraform-google-modules/project-factory/google//modules/fabric-project"
-  version         = "3.1.0"
-  parent_type     = var.root_type
-  parent_id       = var.org_id
+  version         = "3.2.0"
+  parent          = var.root_node
   billing_account = var.billing_account_id
   prefix          = var.prefix
   name            = "shared"

diff --git a/organization-bootstrap/environments/outputs.tf b/organization-bootstrap/environments/outputs.tf
@@ -24,17 +24,23 @@ output "bootstrap_tf_gcs_bucket" {
 
 output "environment_folders" {
   description = "Top-level environment folders."
-  value       = zipmap(var.environments, module.folders-top-level.ids)
+  value       = module.folders-top-level.ids
 }
 
 output "environment_tf_gcs_buckets" {
   description = "GCS buckets used for each environment Terraform state."
-  value       = zipmap(var.environments, module.gcs-tf-environments.names)
+  value       = module.gcs-tf-environments.names
+}
+
+output "environment_service_account_keys" {
+  description = "Service account keys used to run each environment Terraform modules."
+  sensitive   = true
+  value       = module.service-accounts-tf-environments.keys
 }
 
 output "environment_service_accounts" {
   description = "Service accounts used to run each environment Terraform modules."
-  value       = module.service-accounts-tf-environments
+  value       = module.service-accounts-tf-environments.emails
 }
 
 output "audit_logs_bq_dataset" {

diff --git a/organization-bootstrap/environments/variables.tf b/organization-bootstrap/environments/variables.tf
@@ -8,23 +8,28 @@ variable "environments" {
   type        = list(string)
 }
 
+variable "generate_service_account_keys" {
+  description = "Generate and store service account keys in the state file."
+  default     = false
+}
+
 variable "gcs_location" {
   description = "GCS bucket location."
   default     = "EU"
 }
 
-variable "prefix" {
-  description = "Prefix used for resources that need unique names."
+variable "organization_id" {
+  description = "Organization id."
   type        = string
 }
 
-variable "root_type" {
-  description = "Type of the root for the new hierarchy."
-  default     = "organization"
+variable "prefix" {
+  description = "Prefix used for resources that need unique names."
+  type        = string
 }
 
-variable "org_id" {
-  description = "Organization id."
+variable "root_node" {
+  description = "Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'."
   type        = string
 }