feat(TPG>=5.33)!: add support for setting cloud armor tier of the pro…

…ject (#921)
terraform-google-modules · Jun 14, 2024 · 895b501 · 895b501
1 parent 6e5e388
commit 895b501
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ There are multiple examples included in the [examples](./examples/) folder but s
 ```hcl
 module "project-factory" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 16.0"
 
   name                 = "pf-test-1"
   random_project_id    = true
@@ -132,6 +132,7 @@ determining that location is as follows:
 | budget\_display\_name | The display name of the budget. If not set defaults to `Budget For <projects[0]|All Projects>` | `string` | `null` | no |
 | budget\_labels | A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget. | `map(string)` | `{}` | no |
 | budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | `list(string)` | `[]` | no |
+| cloud\_armor\_tier | Managed protection tier to be set. Possible values are: CA\_STANDARD, CA\_ENTERPRISE\_PAYGO | `string` | `null` | no |
 | consumer\_quotas | The quotas configuration you want to override for the project. | <pre>list(object({<br>    service    = string,<br>    metric     = string,<br>    dimensions = map(string),<br>    limit      = string,<br>    value      = string,<br>  }))</pre> | `[]` | no |
 | create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
 | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
@@ -199,8 +200,8 @@ determining that location is as follows:
 -   [gcloud sdk](https://cloud.google.com/sdk/install) >= 269.0.0
 -   [jq](https://stedolan.github.io/jq/) >= 1.6
 -   [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
--   [terraform-provider-google] plugin >= 5.22
--   [terraform-provider-google-beta] plugin >= 5.22
+-   [terraform-provider-google] plugin >= 5.33
+-   [terraform-provider-google-beta] plugin >= 5.33
 -   [terraform-provider-gsuite] plugin ~> 0.1.x if GSuite functionality is desired
 
 ### Permissions

diff --git a/docs/upgrading_to_project_factory_v16.0.md b/docs/upgrading_to_project_factory_v16.0.md
@@ -0,0 +1,7 @@
+# Upgrading to Project Factory v16.0
+
+The v16.0 release of Project Factory is a backwards incompatible release.
+
+### Google Cloud Platform Provider upgrade
+
+The Project Factory module now requires version `5.33` or higher of the Google Cloud Platform Provider and `5.33` or higher of the Google Cloud Platform Beta Provider.
diff --git a/main.tf b/main.tf
@@ -70,6 +70,7 @@ module "project-factory" {
   vpc_service_control_sleep_duration = var.vpc_service_control_sleep_duration
   default_network_tier               = var.default_network_tier
   tag_binding_values                 = var.tag_binding_values
+  cloud_armor_tier                   = var.cloud_armor_tier
 }
 
 /******************************************

diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
@@ -388,3 +388,14 @@ resource "google_tags_tag_binding" "bindings" {
   parent    = "//cloudresourcemanager.googleapis.com/projects/${google_project.main.number}"
   tag_value = "tagValues/${each.value}"
 }
+
+/******************************************
+  Cloud Armor tier of the project
+ *****************************************/
+
+resource "google_compute_project_cloud_armor_tier" "cloud_armor_tier_config" {
+  count = var.cloud_armor_tier == null ? 0 : 1
+
+  project          = var.project_id
+  cloud_armor_tier = var.cloud_armor_tier
+}
diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
@@ -270,3 +270,9 @@ variable "tag_binding_values" {
   type        = list(string)
   default     = []
 }
+
+variable "cloud_armor_tier" {
+  description = "Managed protection tier to be set. Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO"
+  type        = string
+  default     = null
+}
diff --git a/modules/core_project_factory/versions.tf b/modules/core_project_factory/versions.tf
@@ -20,11 +20,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 5.22, < 6"
+      version = ">= 5.33, < 6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 5.22, < 6"
+      version = ">= 5.33, < 6"
     }
     null = {
       source  = "hashicorp/null"

diff --git a/variables.tf b/variables.tf
@@ -359,3 +359,10 @@ variable "tag_binding_values" {
   type        = list(string)
   default     = []
 }
+
+
+variable "cloud_armor_tier" {
+  description = "Managed protection tier to be set. Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO"
+  type        = string
+  default     = null
+}
diff --git a/versions.tf b/versions.tf
@@ -19,11 +19,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 5.22, < 6"
+      version = ">= 5.33, < 6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 5.22, < 6"
+      version = ">= 5.33, < 6"
     }
   }
   provider_meta "google" {