diff --git a/README.md b/README.md index c0b7a09b..a4290e0a 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ There are multiple examples included in the [examples](./examples/) folder but s ```hcl module "project-factory" { source = "terraform-google-modules/project-factory/google" - version = "~> 15.0" + version = "~> 16.0" name = "pf-test-1" random_project_id = true @@ -132,6 +132,7 @@ determining that location is as follows: | budget\_display\_name | The display name of the budget. If not set defaults to `Budget For ` | `string` | `null` | no | | budget\_labels | A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget. | `map(string)` | `{}` | no | | budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | `list(string)` | `[]` | no | +| cloud\_armor\_tier | Managed protection tier to be set. Possible values are: CA\_STANDARD, CA\_ENTERPRISE\_PAYGO | `string` | `null` | no | | consumer\_quotas | The quotas configuration you want to override for the project. | 
list(object({
    service    = string,
    metric     = string,
    dimensions = map(string),
    limit      = string,
    value      = string,
  }))
| `[]` | no | | create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no | | default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no | @@ -199,8 +200,8 @@ determining that location is as follows: - [gcloud sdk](https://cloud.google.com/sdk/install) >= 269.0.0 - [jq](https://stedolan.github.io/jq/) >= 1.6 - [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0 -- [terraform-provider-google] plugin >= 5.22 -- [terraform-provider-google-beta] plugin >= 5.22 +- [terraform-provider-google] plugin >= 5.33 +- [terraform-provider-google-beta] plugin >= 5.33 - [terraform-provider-gsuite] plugin ~> 0.1.x if GSuite functionality is desired ### Permissions diff --git a/docs/upgrading_to_project_factory_v16.0.md b/docs/upgrading_to_project_factory_v16.0.md new file mode 100644 index 00000000..889d4aaf --- /dev/null +++ b/docs/upgrading_to_project_factory_v16.0.md @@ -0,0 +1,7 @@ +# Upgrading to Project Factory v16.0 + +The v16.0 release of Project Factory is a backwards incompatible release. + +### Google Cloud Platform Provider upgrade + +The Project Factory module now requires version `5.33` or higher of the Google Cloud Platform Provider and `5.33` or higher of the Google Cloud Platform Beta Provider. diff --git a/main.tf b/main.tf index c8a5a138..f3d443d8 100644 --- a/main.tf +++ b/main.tf @@ -70,6 +70,7 @@ module "project-factory" { vpc_service_control_sleep_duration = var.vpc_service_control_sleep_duration default_network_tier = var.default_network_tier tag_binding_values = var.tag_binding_values + cloud_armor_tier = var.cloud_armor_tier } /****************************************** diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf index dab015f6..bc07397c 100644 --- a/modules/core_project_factory/main.tf +++ b/modules/core_project_factory/main.tf @@ -388,3 +388,14 @@ resource "google_tags_tag_binding" "bindings" { parent = "//cloudresourcemanager.googleapis.com/projects/${google_project.main.number}" tag_value = "tagValues/${each.value}" } + +/****************************************** + Cloud Armor tier of the project + *****************************************/ + +resource "google_compute_project_cloud_armor_tier" "cloud_armor_tier_config" { + count = var.cloud_armor_tier == null ? 0 : 1 + + project = var.project_id + cloud_armor_tier = var.cloud_armor_tier +} diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf index 79b29e72..f298bb1d 100644 --- a/modules/core_project_factory/variables.tf +++ b/modules/core_project_factory/variables.tf @@ -270,3 +270,9 @@ variable "tag_binding_values" { type = list(string) default = [] } + +variable "cloud_armor_tier" { + description = "Managed protection tier to be set. Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO" + type = string + default = null +} diff --git a/modules/core_project_factory/versions.tf b/modules/core_project_factory/versions.tf index 2a9df785..ae8d364e 100644 --- a/modules/core_project_factory/versions.tf +++ b/modules/core_project_factory/versions.tf @@ -20,11 +20,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.22, < 6" + version = ">= 5.33, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.22, < 6" + version = ">= 5.33, < 6" } null = { source = "hashicorp/null" diff --git a/variables.tf b/variables.tf index c0b2a6ae..672ddf12 100644 --- a/variables.tf +++ b/variables.tf @@ -359,3 +359,10 @@ variable "tag_binding_values" { type = list(string) default = [] } + + +variable "cloud_armor_tier" { + description = "Managed protection tier to be set. Possible values are: CA_STANDARD, CA_ENTERPRISE_PAYGO" + type = string + default = null +} diff --git a/versions.tf b/versions.tf index bc5aa468..7455709c 100644 --- a/versions.tf +++ b/versions.tf @@ -19,11 +19,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.22, < 6" + version = ">= 5.33, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.22, < 6" + version = ">= 5.33, < 6" } } provider_meta "google" {