feat!: add Terraform 0.13 constraint and module attribution (#134)

* feat!: add Terraform 0.13 constraint and module attribution * fix authoritative tests Co-authored-by: bharathkkb <bharathkrishnakb@gmail.com>
terraform-google-modules · Mar 22, 2021 · 1bd58cf · 1bd58cf
1 parent 1e5d793
commit 1bd58cf
Show file tree

Hide file tree

Showing 53 changed files with 658 additions and 177 deletions.
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

diff --git a/README.md b/README.md
@@ -13,11 +13,10 @@ This is a collection of submodules that make it easier to non-destructively mana
 * [Subnets IAM](modules/subnets_iam)
 
 ## Compatibility
-
-This module is meant for use with Terraform 0.12. If you haven't
-[upgraded][terraform-0.12-upgrade] and need a Terraform 0.11.x-compatible
-version of this module, the last released version intended for Terraform 0.11.x
-is [1.1.1][v1.1.1].
+This module is meant for use with Terraform 0.13. If you haven't
+[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
+0.12.x-compatible version of this module, the last released version
+intended for Terraform 0.12.x is [v6.4.1](https://registry.terraform.io/modules/terraform-google-modules/-iam/google/v6.4.1).
 
 ## Upgrading
 
@@ -124,7 +123,7 @@ Set the specified variable on the module call to choose the resources to affect.
 
 ### Terraform plugins
 
-- [Terraform](https://www.terraform.io/downloads.html) 0.12
+- [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
 - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) 2.5
 - [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) 2.5
 

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -305,4 +305,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml
@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
diff --git a/examples/billing_account/README.md b/examples/billing_account/README.md
@@ -6,9 +6,9 @@ This example illustrates how to use the `billing_accounts_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| billing\_account\_id | Billing Account ID to apply IAM bindings | string | n/a | yes |
-| project\_id | Project ID for the module | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| billing\_account\_id | Billing Account ID to apply IAM bindings | `string` | n/a | yes |
+| project\_id | Project ID for the module | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/examples/custom_role_org/README.md b/examples/custom_role_org/README.md
@@ -6,8 +6,8 @@ This example illustrates how to use the `custom_role_iam` submodule to create a
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| org\_id | Variable for Organization ID. | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| org\_id | Variable for Organization ID. | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/examples/custom_role_project/README.md b/examples/custom_role_project/README.md
@@ -6,8 +6,8 @@ This example illustrates how to use the `custom_role_iam` submodule to create a
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| project\_id | Variable for Project ID. | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| project\_id | Variable for Project ID. | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/examples/folder/README.md b/examples/folder/README.md
@@ -6,12 +6,16 @@ This example illustrates how to use the `folders_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| folder\_one | The first folder ID to apply IAM bindings | string | n/a | yes |
-| folder\_two | The second folder ID to apply IAM bindings | string | n/a | yes |
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| folder\_one | The first folder ID to apply IAM bindings | `string` | n/a | yes |
+| folder\_two | The second folder ID to apply IAM bindings | `string` | n/a | yes |
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
diff --git a/examples/kms_crypto_key/README.md b/examples/kms_crypto_key/README.md
@@ -6,11 +6,15 @@ This example illustrates how to use the `kms_crypto_keys_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| kms\_crypto\_key\_one | First kms_cripto_key to add the IAM policies/bindings | string | n/a | yes |
-| kms\_crypto\_key\_two | Second kms_cripto_key to add the IAM policies/bindings | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| kms\_crypto\_key\_one | First kms\_cripto\_key to add the IAM policies/bindings | `string` | n/a | yes |
+| kms\_crypto\_key\_two | Second kms\_cripto\_key to add the IAM policies/bindings | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/kms_key_ring/README.md b/examples/kms_key_ring/README.md
@@ -6,11 +6,15 @@ This example illustrates how to use the `kms_key_rings_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| kms\_key\_ring\_one | First kms_ring to add the IAM policies/bindings | string | n/a | yes |
-| kms\_key\_ring\_two | First kms_ring to add the IAM policies/bindings | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| kms\_key\_ring\_one | First kms\_ring to add the IAM policies/bindings | `string` | n/a | yes |
+| kms\_key\_ring\_two | First kms\_ring to add the IAM policies/bindings | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/member_iam/README.md b/examples/member_iam/README.md
@@ -12,8 +12,8 @@ This example illustrates how to use the `member_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| project\_id | Project id | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| project\_id | Project id | `string` | n/a | yes |
 
 ## Outputs
 

diff --git a/examples/member_iam/main.tf b/examples/member_iam/main.tf
@@ -18,11 +18,11 @@
   Provider configuration
  *****************************************/
 provider "google" {
-  version = "~> 2.19"
+  version = "~> 3.53"
 }
 
 provider "google-beta" {
-  version = "~> 2.19"
+  version = "~> 3.53"
 }
 
 resource "google_service_account" "member_iam_test" {

diff --git a/examples/member_iam/versions.tf b/examples/member_iam/versions.tf
@@ -15,5 +15,5 @@
  */
 
 terraform {
-  required_version = "~> 0.12.6"
+  required_version = ">= 0.12"
 }
diff --git a/examples/organization/README.md b/examples/organization/README.md
@@ -6,11 +6,15 @@ This example illustrates how to use the `organizations_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| organization\_one | First organization to add the IAM policies/bindings | string | n/a | yes |
-| organization\_two | Second organization to add the IAM policies/bindings | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| organization\_one | First organization to add the IAM policies/bindings | `string` | n/a | yes |
+| organization\_two | Second organization to add the IAM policies/bindings | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/project/README.md b/examples/project/README.md
@@ -6,11 +6,15 @@ This example illustrates how to use the `projects_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| project\_one | First project id to add the IAM policies/bindings | string | n/a | yes |
-| project\_two | Second project id to add the IAM policies/bindings | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| project\_one | First project id to add the IAM policies/bindings | `string` | n/a | yes |
+| project\_two | Second project id to add the IAM policies/bindings | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/project_conditions/README.md b/examples/project_conditions/README.md
@@ -6,11 +6,15 @@ This example illustrates how to use the `projects_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| project\_one | First project id to add the IAM policies/bindings | string | n/a | yes |
-| project\_two | Second project id to add the IAM policies/bindings | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| project\_one | First project id to add the IAM policies/bindings | `string` | n/a | yes |
+| project\_two | Second project id to add the IAM policies/bindings | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/pubsub_subscription/README.md b/examples/pubsub_subscription/README.md
@@ -6,12 +6,16 @@ This example illustrates how to use the `pubsub_subscriptions_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| pubsub\_subscription\_one | First pubsub subscription name to add the IAM policies/bindings | string | n/a | yes |
-| pubsub\_subscription\_project | Project id of the pub/sub subscription | string | n/a | yes |
-| pubsub\_subscription\_two | Second pubsub subscription name to add the IAM policies/bindings | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| pubsub\_subscription\_one | First pubsub subscription name to add the IAM policies/bindings | `string` | n/a | yes |
+| pubsub\_subscription\_project | Project id of the pub/sub subscription | `string` | n/a | yes |
+| pubsub\_subscription\_two | Second pubsub subscription name to add the IAM policies/bindings | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/pubsub_subscription/main.tf b/examples/pubsub_subscription/main.tf
@@ -18,11 +18,11 @@
   Provider configuration
  *****************************************/
 provider "google" {
-  version = "~> 2.7"
+  version = "~> 3.53"
 }
 
 provider "google-beta" {
-  version = "~> 2.7"
+  version = "~> 3.53"
 }
 
 /******************************************

diff --git a/examples/pubsub_topic/README.md b/examples/pubsub_topic/README.md
@@ -6,12 +6,16 @@ This example illustrates how to use the `pubsub_topics_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| pubsub\_topic\_one | First pubsub topic to add the IAM policies/bindings | string | n/a | yes |
-| pubsub\_topic\_project | Project id of the pub/sub topic | string | n/a | yes |
-| pubsub\_topic\_two | Second pubsub topic to add the IAM policies/bindings | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| pubsub\_topic\_one | First pubsub topic to add the IAM policies/bindings | `string` | n/a | yes |
+| pubsub\_topic\_project | Project id of the pub/sub topic | `string` | n/a | yes |
+| pubsub\_topic\_two | Second pubsub topic to add the IAM policies/bindings | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/pubsub_topic/main.tf b/examples/pubsub_topic/main.tf
@@ -18,11 +18,11 @@
   Provider configuration
  *****************************************/
 provider "google" {
-  version = "~> 2.7"
+  version = "~> 3.53"
 }
 
 provider "google-beta" {
-  version = "~> 2.7"
+  version = "~> 3.53"
 }
 
 /******************************************

diff --git a/examples/service_account/README.md b/examples/service_account/README.md
@@ -6,14 +6,18 @@ This example illustrates how to use the `service_accounts_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| credentials\_file\_path | Path to the service account | string | n/a | yes |
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| service\_account\_one | First service Account to add the IAM policies/bindings | string | n/a | yes |
-| service\_account\_project | Project id of the service account | string | n/a | yes |
-| service\_account\_two | First service Account to add the IAM policies/bindings | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| credentials\_file\_path | Path to the service account | `any` | n/a | yes |
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| service\_account\_one | First service Account to add the IAM policies/bindings | `string` | n/a | yes |
+| service\_account\_project | Project id of the service account | `string` | n/a | yes |
+| service\_account\_two | First service Account to add the IAM policies/bindings | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
diff --git a/examples/stackdriver_agent_roles/README.md b/examples/stackdriver_agent_roles/README.md
@@ -13,8 +13,12 @@ Applies the roles necessary to write metrics and logs to Stackdriver to a given
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| project | GCP project in which you wish to grant roles to the service account | string | n/a | yes |
-| service\_account\_email | The service account email to enable Stackdriver agent roles on | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| project | GCP project in which you wish to grant roles to the service account | `string` | n/a | yes |
+| service\_account\_email | The service account email to enable Stackdriver agent roles on | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/storage_bucket/README.md b/examples/storage_bucket/README.md
@@ -6,11 +6,15 @@ This example illustrates how to use the `storage_buckets_iam` submodule
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| group\_email | Email for group to receive roles (ex. group@example.com) | string | n/a | yes |
-| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | string | n/a | yes |
-| storage\_bucket\_one | First name of a GCS bucket to add the IAM policies/bindings | string | n/a | yes |
-| storage\_bucket\_two | Second name of a GCS bucket to add the IAM policies/bindings | string | n/a | yes |
-| user\_email | Email for group to receive roles (Ex. user@example.com) | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
+| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
+| storage\_bucket\_one | First name of a GCS bucket to add the IAM policies/bindings | `string` | n/a | yes |
+| storage\_bucket\_two | Second name of a GCS bucket to add the IAM policies/bindings | `string` | n/a | yes |
+| user\_email | Email for group to receive roles (Ex. user@example.com) | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->