terraform-google-modules · bharathkkb · Mar 18, 2021 · Mar 14, 2021
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

diff --git a/README.md b/README.md
@@ -3,9 +3,10 @@
 This Terraform module makes it easier to manage [organization policies](https://cloud.google.com/resource-manager/docs/organization-policy/overview) for your Google Cloud environment, particularly when you want to have exclusion rules. This module will allow you to set a top-level org policy and then disable it on individual projects or folders easily.
 
 ## Compatibility
-This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) and
-need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x
-is [1.0.0](https://github.com/terraform-google-modules/terraform-google-org-policy/releases/tag/v1.0.0).
+This module is meant for use with Terraform 0.13. If you haven't
+[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
+0.12.x-compatible version of this module, the last released version
+intended for Terraform 0.12.x is [v4.0.0](https://registry.terraform.io/modules/terraform-google-modules/-org-policy/google/v4.0.0).
 
 ## Usage
 Many examples are included in the [examples](./examples/) folder, but simple usage is as follows:
@@ -14,7 +15,7 @@ Many examples are included in the [examples](./examples/) folder, but simple usa
 module "org-policy" {
   source            = "terraform-google-modules/org-policy/google"
   version           = "~> 3.0.2"
-  
+
   constraint        = "constraints/serviceuser.services"
   policy_type       = "list"
   organization_id   = "123456789"
@@ -49,26 +50,30 @@ To control module's behavior, change variables' values regarding the following:
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| allow | (Only for list constraints) List of values which should be allowed | list(string) | `<list>` | no |
-| allow\_list\_length | The number of elements in the allow list | number | `"0"` | no |
-| constraint | The constraint to be applied | string | n/a | yes |
-| deny | (Only for list constraints) List of values which should be denied | list(string) | `<list>` | no |
-| deny\_list\_length | The number of elements in the deny list | number | `"0"` | no |
-| enforce | If boolean constraint, whether the policy is enforced at the root; if list constraint, whether to deny all (true) or allow all | bool | `"null"` | no |
-| exclude\_folders | Set of folders to exclude from the policy | set(string) | `<list>` | no |
-| exclude\_projects | Set of projects to exclude from the policy | set(string) | `<list>` | no |
-| folder\_id | The folder id for putting the policy | string | `"null"` | no |
-| organization\_id | The organization id for putting the policy | string | `"null"` | no |
-| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | string | n/a | yes |
-| policy\_type | The constraint type to work with (either 'boolean' or 'list') | string | `"list"` | no |
-| project\_id | The project id for putting the policy | string | `"null"` | no |
+|------|-------------|------|---------|:--------:|
+| allow | (Only for list constraints) List of values which should be allowed | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| allow\_list\_length | The number of elements in the allow list | `number` | `0` | no |
+| constraint | The constraint to be applied | `string` | n/a | yes |
+| deny | (Only for list constraints) List of values which should be denied | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| deny\_list\_length | The number of elements in the deny list | `number` | `0` | no |
+| enforce | If boolean constraint, whether the policy is enforced at the root; if list constraint, whether to deny all (true) or allow all | `bool` | `null` | no |
+| exclude\_folders | Set of folders to exclude from the policy | `set(string)` | `[]` | no |
+| exclude\_projects | Set of projects to exclude from the policy | `set(string)` | `[]` | no |
+| folder\_id | The folder id for putting the policy | `string` | `null` | no |
+| organization\_id | The organization id for putting the policy | `string` | `null` | no |
+| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | `string` | n/a | yes |
+| policy\_type | The constraint type to work with (either 'boolean' or 'list') | `string` | `"list"` | no |
+| project\_id | The project id for putting the policy | `string` | `null` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Requirements
 ### Terraform plugins
-- [Terraform](https://www.terraform.io/downloads.html) >= 0.12.0
+- [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
 - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) >= v2.5.0
 
 ### Permissions

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml
@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
diff --git a/examples/basic_org_policies/README.md b/examples/basic_org_policies/README.md
@@ -10,9 +10,13 @@ This example shows how to set a basic list of [organization policies](https://cl
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| domains\_to\_allow | The list of domains to allow users from | list(string) | n/a | yes |
-| organization\_id | The organization id for putting the policy | string | n/a | yes |
-| vms\_to\_allow | The list of VMs are allowed to use external IP, every element of the list must be identified by the VM instance name, in the form: projects/PROJECT_ID/zones/ZONE/instances/INSTANCE | list(string) | `<list>` | no |
+|------|-------------|------|---------|:--------:|
+| domains\_to\_allow | The list of domains to allow users from | `list(string)` | n/a | yes |
+| organization\_id | The organization id for putting the policy | `string` | n/a | yes |
+| vms\_to\_allow | The list of VMs are allowed to use external IP, every element of the list must be identified by the VM instance name, in the form: projects/PROJECT\_ID/zones/ZONE/instances/INSTANCE | `list(string)` | `[]` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/boolean_org_exclude/README.md b/examples/boolean_org_exclude/README.md
@@ -19,8 +19,12 @@ module "folder-disable-serial-port-access-enforce-with-excludes" {
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| excluded\_folder\_id | ID of a folder to exclude from the policy | string | n/a | yes |
-| organization\_id | The organization id for putting the policy | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| excluded\_folder\_id | ID of a folder to exclude from the policy | `string` | n/a | yes |
+| organization\_id | The organization id for putting the policy | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/boolean_org_exclude/main.tf b/examples/boolean_org_exclude/main.tf
@@ -18,7 +18,7 @@
   Provider configuration
  *****************************************/
 provider "google" {
-  version = "~> 3.36.0"
+  version = "~> 3.53"
 }
 
 /******************************************

diff --git a/examples/boolean_project_allow/README.md b/examples/boolean_project_allow/README.md
@@ -7,7 +7,11 @@ It disables enforcement of the `compute.disableSerialPortAccess` constraint on t
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| project\_id | The project ID to apply the policy to | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| project\_id | The project ID to apply the policy to | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/boolean_project_allow/main.tf b/examples/boolean_project_allow/main.tf
@@ -18,7 +18,7 @@
   Provider configuration
  *****************************************/
 provider "google" {
-  version = "~> 3.36.0"
+  version = "~> 3.53"
 }
 
 /******************************************

diff --git a/examples/list_folder_deny/README.md b/examples/list_folder_deny/README.md
@@ -5,7 +5,11 @@ This example shows how a list constraint can be applied to disallow certain serv
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| folder\_id | The folder id for putting the policy | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| folder\_id | The folder id for putting the policy | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/list_folder_deny/main.tf b/examples/list_folder_deny/main.tf
@@ -18,7 +18,7 @@
   Provider configuration
  *****************************************/
 provider "google" {
-  version = "~> 3.36.0"
+  version = "~> 3.53"
 }
 
 /******************************************

diff --git a/examples/list_org_exclude/README.md b/examples/list_org_exclude/README.md
@@ -8,8 +8,12 @@ Specifically, it sets a trusted image policy so only images from a trusted image
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| image\_project\_id | The ID of a project to trust images from | string | n/a | yes |
-| organization\_id | The organization id for putting the policy | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| image\_project\_id | The ID of a project to trust images from | `string` | n/a | yes |
+| organization\_id | The organization id for putting the policy | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/list_org_exclude/main.tf b/examples/list_org_exclude/main.tf
@@ -18,7 +18,7 @@
   Provider configuration
  *****************************************/
 provider "google" {
-  version = "~> 3.36.0"
+  version = "~> 3.53"
 }
 
 /******************************************

diff --git a/modules/bucket_policy_only/README.md b/modules/bucket_policy_only/README.md
@@ -6,12 +6,16 @@ This Terraform module allows to set a `Uniform Bucket-level Access` [Organizatio
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| exclude\_folders | List of folders to exclude from the policy | list(string) | `<list>` | no |
-| exclude\_projects | List of projects to exclude from the policy | list(string) | `<list>` | no |
-| folder\_id | The folder id for putting the policy | string | `"null"` | no |
-| organization\_id | The organization id for putting the policy | string | `"null"` | no |
-| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | string | n/a | yes |
-| project\_id | The project id for putting the policy | string | `"null"` | no |
+|------|-------------|------|---------|:--------:|
+| exclude\_folders | List of folders to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| exclude\_projects | List of projects to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| folder\_id | The folder id for putting the policy | `string` | `null` | no |
+| organization\_id | The organization id for putting the policy | `string` | `null` | no |
+| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | `string` | n/a | yes |
+| project\_id | The project id for putting the policy | `string` | `null` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/bucket_policy_only/versions.tf b/modules/bucket_policy_only/versions.tf
@@ -0,0 +1,31 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
+  }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/terraform-google-org-policy:bucket_policy_only/v1.0.0"
+  }
+
+}
diff --git a/modules/domain_restricted_sharing/README.md b/modules/domain_restricted_sharing/README.md
@@ -6,13 +6,17 @@ This Terraform module allows to set a `Domain Restricted Sharing` [Organization
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| domains\_to\_allow | The list of domains to allow users from | list(string) | n/a | yes |
-| exclude\_folders | List of folders to exclude from the policy | list(string) | `<list>` | no |
-| exclude\_projects | List of projects to exclude from the policy | list(string) | `<list>` | no |
-| folder\_id | The folder id for putting the policy | string | `"null"` | no |
-| organization\_id | The organization id for putting the policy | string | `"null"` | no |
-| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | string | n/a | yes |
-| project\_id | The project id for putting the policy | string | `"null"` | no |
+|------|-------------|------|---------|:--------:|
+| domains\_to\_allow | The list of domains to allow users from | `list(string)` | n/a | yes |
+| exclude\_folders | List of folders to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| exclude\_projects | List of projects to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| folder\_id | The folder id for putting the policy | `string` | `null` | no |
+| organization\_id | The organization id for putting the policy | `string` | `null` | no |
+| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | `string` | n/a | yes |
+| project\_id | The project id for putting the policy | `string` | `null` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/domain_restricted_sharing/versions.tf b/modules/domain_restricted_sharing/versions.tf
@@ -0,0 +1,31 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
+  }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/terraform-google-org-policy:domain_restricted_sharing/v1.0.0"
+  }
+
+}
diff --git a/modules/restrict_vm_external_ips/README.md b/modules/restrict_vm_external_ips/README.md
@@ -6,13 +6,17 @@ This Terraform module allows to set an `Allowed External IPs for VM instances` [
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| exclude\_folders | List of folders to exclude from the policy | list(string) | `<list>` | no |
-| exclude\_projects | List of projects to exclude from the policy | list(string) | `<list>` | no |
-| folder\_id | The folder id for putting the policy | string | `"null"` | no |
-| organization\_id | The organization id for putting the policy | string | `"null"` | no |
-| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | string | n/a | yes |
-| project\_id | The project id for putting the policy | string | `"null"` | no |
-| vms\_to\_allow | The list of VMs are allowed to use external IP, every element of the list must be identified by the VM instance name, in the form: projects/PROJECT_ID/zones/ZONE/instances/INSTANCE | list(string) | `<list>` | no |
+|------|-------------|------|---------|:--------:|
+| exclude\_folders | List of folders to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| exclude\_projects | List of projects to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| folder\_id | The folder id for putting the policy | `string` | `null` | no |
+| organization\_id | The organization id for putting the policy | `string` | `null` | no |
+| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | `string` | n/a | yes |
+| project\_id | The project id for putting the policy | `string` | `null` | no |
+| vms\_to\_allow | The list of VMs are allowed to use external IP, every element of the list must be identified by the VM instance name, in the form: projects/PROJECT\_ID/zones/ZONE/instances/INSTANCE | `list(string)` | `[]` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/restrict_vm_external_ips/versions.tf b/modules/restrict_vm_external_ips/versions.tf
@@ -0,0 +1,31 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
+  }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/terraform-google-org-policy:restrict_vm_external_ips/v1.0.0"
+  }
+
+}
diff --git a/modules/skip_default_network/README.md b/modules/skip_default_network/README.md
@@ -6,12 +6,16 @@ This Terraform module allows to set a `Skip Default Network Creation` [Organizat
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| exclude\_folders | List of folders to exclude from the policy | list(string) | `<list>` | no |
-| exclude\_projects | List of projects to exclude from the policy | list(string) | `<list>` | no |
-| folder\_id | The folder id for putting the policy | string | `"null"` | no |
-| organization\_id | The organization id for putting the policy | string | `"null"` | no |
-| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | string | n/a | yes |
-| project\_id | The project id for putting the policy | string | `"null"` | no |
+|------|-------------|------|---------|:--------:|
+| exclude\_folders | List of folders to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| exclude\_projects | List of projects to exclude from the policy | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
+| folder\_id | The folder id for putting the policy | `string` | `null` | no |
+| organization\_id | The organization id for putting the policy | `string` | `null` | no |
+| policy\_for | Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`. | `string` | n/a | yes |
+| project\_id | The project id for putting the policy | `string` | `null` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->