feat!: add Terraform 0.13 constraint and module attribution (#50)

* feat!: add Terraform 0.13 constraint and module attribution

* fmt

* Bump versions and fix IAM for testing

* regen docs

Co-authored-by: bharathkkb <bharathkrishnakb@gmail.com>
Co-authored-by: James Duncan <jdun@google.com>
Co-authored-by: Morgante Pell <morgantep@google.com>

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -3,11 +3,10 @@
 This modules makes it easy to set up a scheduled job to trigger events/run functions.
 
 ## Compatibility
-
-This module is meant for use with Terraform 0.12. If you haven't
-[upgraded](https://www.terraform.io/upgrade-guides/0-12.html) and need a Terraform 0.11.x-compatible
-version of this module, the last released version intended for Terraform 0.11.x
-is [v0.4.1](https://registry.terraform.io/modules/terraform-google-modules/scheduled-function/google/0.4.1).
+This module is meant for use with Terraform 0.13. If you haven't
+[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
+0.12.x-compatible version of this module, the last released version
+intended for Terraform 0.12.x is [v1.5.1](https://registry.terraform.io/modules/terraform-google-modules/-scheduled-function/google/v1.5.1).
 
 ## Usage
 You can go to the examples folder, however the usage of the module could be like this in your own main.tf file:
@@ -37,32 +36,32 @@ Then perform the following commands on the root folder:
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| bucket\_force\_destroy | When deleting the GCS bucket containing the cloud function, delete all objects in the bucket first. | bool | `"true"` | no |
-| bucket\_name | The name to apply to the bucket. Will default to a string of <project-id>-scheduled-function-XXXX> with XXXX being random characters. | string | `""` | no |
-| function\_available\_memory\_mb | The amount of memory in megabytes allotted for the function to use. | number | `"256"` | no |
-| function\_description | The description of the function. | string | `"Processes log export events provided through a Pub/Sub topic subscription."` | no |
-| function\_entry\_point | The name of a method in the function source which will be invoked when the function is executed. | string | n/a | yes |
-| function\_environment\_variables | A set of key/value environment variable pairs to assign to the function. | map(string) | `<map>` | no |
-| function\_event\_trigger\_failure\_policy\_retry | A toggle to determine if the function should be retried on failure. | bool | `"false"` | no |
-| function\_labels | A set of key/value label pairs to assign to the function. | map(string) | `<map>` | no |
-| function\_name | The name to apply to the function | string | n/a | yes |
-| function\_runtime | The runtime in which the function will be executed. | string | `"nodejs10"` | no |
-| function\_service\_account\_email | The service account to run the function as. | string | `""` | no |
-| function\_source\_archive\_bucket\_labels | A set of key/value label pairs to assign to the function source archive bucket. | map(string) | `<map>` | no |
-| function\_source\_dependent\_files | A list of any terraform created `local_file`s that the module will wait for before creating the archive. | object | `<list>` | no |
-| function\_source\_directory | The contents of this directory will be archived and used as the function source. | string | n/a | yes |
-| function\_timeout\_s | The amount of time in seconds allotted for the execution of the function. | number | `"60"` | no |
-| grant\_token\_creator | Specify true if you want to add token creator role to the default Pub/Sub SA | bool | `"false"` | no |
-| job\_description | Addition text to describe the job | string | `""` | no |
-| job\_name | The name of the scheduled job to run | string | `"null"` | no |
-| job\_schedule | The job frequency, in cron syntax | string | `"*/2 * * * *"` | no |
-| message\_data | The data to send in the topic message. | string | `"dGVzdA=="` | no |
-| project\_id | The ID of the project where the resources will be created | string | n/a | yes |
-| region | The region in which resources will be applied. | string | n/a | yes |
-| scheduler\_job | An existing Cloud Scheduler job instance | object | `"null"` | no |
-| time\_zone | The timezone to use in scheduler | string | `"Etc/UTC"` | no |
-| topic\_name | Name of pubsub topic connecting the scheduled job and the function | string | `"test-topic"` | no |
+|------|-------------|------|---------|:--------:|
+| bucket\_force\_destroy | When deleting the GCS bucket containing the cloud function, delete all objects in the bucket first. | `bool` | `true` | no |
+| bucket\_name | The name to apply to the bucket. Will default to a string of <project-id>-scheduled-function-XXXX> with XXXX being random characters. | `string` | `""` | no |
+| function\_available\_memory\_mb | The amount of memory in megabytes allotted for the function to use. | `number` | `256` | no |
+| function\_description | The description of the function. | `string` | `"Processes log export events provided through a Pub/Sub topic subscription."` | no |
+| function\_entry\_point | The name of a method in the function source which will be invoked when the function is executed. | `string` | n/a | yes |
+| function\_environment\_variables | A set of key/value environment variable pairs to assign to the function. | `map(string)` | `{}` | no |
+| function\_event\_trigger\_failure\_policy\_retry | A toggle to determine if the function should be retried on failure. | `bool` | `false` | no |
+| function\_labels | A set of key/value label pairs to assign to the function. | `map(string)` | `{}` | no |
+| function\_name | The name to apply to the function | `string` | n/a | yes |
+| function\_runtime | The runtime in which the function will be executed. | `string` | `"nodejs10"` | no |
+| function\_service\_account\_email | The service account to run the function as. | `string` | `""` | no |
+| function\_source\_archive\_bucket\_labels | A set of key/value label pairs to assign to the function source archive bucket. | `map(string)` | `{}` | no |
+| function\_source\_dependent\_files | A list of any terraform created `local_file`s that the module will wait for before creating the archive. | <pre>list(object({<br>    filename = string<br>    id       = string<br>  }))</pre> | `[]` | no |
+| function\_source\_directory | The contents of this directory will be archived and used as the function source. | `string` | n/a | yes |
+| function\_timeout\_s | The amount of time in seconds allotted for the execution of the function. | `number` | `60` | no |
+| grant\_token\_creator | Specify true if you want to add token creator role to the default Pub/Sub SA | `bool` | `false` | no |
+| job\_description | Addition text to describe the job | `string` | `""` | no |
+| job\_name | The name of the scheduled job to run | `string` | `null` | no |
+| job\_schedule | The job frequency, in cron syntax | `string` | `"*/2 * * * *"` | no |
+| message\_data | The data to send in the topic message. | `string` | `"dGVzdA=="` | no |
+| project\_id | The ID of the project where the resources will be created | `string` | n/a | yes |
+| region | The region in which resources will be applied. | `string` | n/a | yes |
+| scheduler\_job | An existing Cloud Scheduler job instance | `object({ name = string })` | `null` | no |
+| time\_zone | The timezone to use in scheduler | `string` | `"Etc/UTC"` | no |
+| topic\_name | Name of pubsub topic connecting the scheduled job and the function | `string` | `"test-topic"` | no |
 
 ## Outputs
 
@@ -82,7 +81,7 @@ These sections describe requirements for using this module.
 
 The following dependencies must be available:
 
-- [Terraform][terraform] v0.12
+- [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
 - [Terraform Provider for GCP][terraform-provider-gcp] plugin v2.14
 
 ### App Engine

build/int.cloudbuild.yaml

@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'

examples/logs-slack-alerts/README.md

@@ -16,14 +16,18 @@ If not using the default App Engine default service account (PROJECT_ID@appspot.
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| audit\_log\_table | BigQuery Table where logs are sent | string | n/a | yes |
-| dataset\_name | BigQuery Dataset where logs are sent | string | n/a | yes |
-| error\_message\_column | BigQuery Column in audit log table representing logging error | string | n/a | yes |
-| job\_schedule | The cron schedule for triggering the cloud function | string | `"55 * * * *"` | no |
-| project\_id | The project ID to host the network in | string | n/a | yes |
-| region | The region the project is in (App Engine specific) | string | `"us-central1"` | no |
-| slack\_webhook | Slack webhook to send alerts | string | n/a | yes |
-| time\_column | BigQuery Column in audit log table representing logging time | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| audit\_log\_table | BigQuery Table where logs are sent | `string` | n/a | yes |
+| dataset\_name | BigQuery Dataset where logs are sent | `string` | n/a | yes |
+| error\_message\_column | BigQuery Column in audit log table representing logging error | `string` | n/a | yes |
+| job\_schedule | The cron schedule for triggering the cloud function | `string` | `"55 * * * *"` | no |
+| project\_id | The project ID to host the network in | `string` | n/a | yes |
+| region | The region the project is in (App Engine specific) | `string` | `"us-central1"` | no |
+| slack\_webhook | Slack webhook to send alerts | `string` | n/a | yes |
+| time\_column | BigQuery Column in audit log table representing logging time | `string` | n/a | yes |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/pubsub_scheduled/README.md

@@ -9,9 +9,9 @@ More information is in the [root readme](../../README.md#app-engine).
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| project\_id | The project ID to host the network in | string | n/a | yes |
-| region | The region the project is in (App Engine specific) | string | `"us-central1"` | no |
+|------|-------------|------|---------|:--------:|
+| project\_id | The project ID to host the network in | `string` | n/a | yes |
+| region | The region the project is in (App Engine specific) | `string` | `"us-central1"` | no |
 
 ## Outputs
 

examples/pubsub_scheduled_multiple/README.md

@@ -9,9 +9,9 @@ More information is in the [root readme](../../README.md#app-engine).
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| project\_id | The project ID to host the network in | string | `"flask-app-254610"` | no |
-| region | The region the project is in (App Engine specific) | string | `"us-central1"` | no |
+|------|-------------|------|---------|:--------:|
+| project\_id | The project ID to host the network in | `string` | `"flask-app-254610"` | no |
+| region | The region the project is in (App Engine specific) | `string` | `"us-central1"` | no |
 
 ## Outputs
 

main.tf

@@ -58,7 +58,7 @@ resource "random_id" "suffix" {
 
 module "main" {
   source  = "terraform-google-modules/event-function/google"
-  version = "~> 1.2"
+  version = "~> 1.6"
 
   entry_point = var.function_entry_point
   event_trigger = {

modules/project_cleanup/README.md

@@ -20,19 +20,19 @@ The following services must be enabled on the project housing the cleanup functi
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| function\_timeout\_s | The amount of time in seconds allotted for the execution of the function. | number | `"500"` | no |
-| job\_schedule | Cleaner function run frequency, in cron syntax | string | `"*/5 * * * *"` | no |
-| max\_project\_age\_in\_hours | The maximum number of hours that a GCP project, selected by `target_tag_name` and `target_tag_value`, can exist | number | `"6"` | no |
-| organization\_id | The organization ID whose projects to clean up | string | n/a | yes |
-| project\_id | The project ID to host the scheduled function in | string | n/a | yes |
-| region | The region the project is in (App Engine specific) | string | n/a | yes |
-| target\_excluded\_labels | Map of project lablels that won't be deleted. | map(string) | `<map>` | no |
-| target\_folder\_id | Folder ID to delete all projects under. | string | `""` | no |
-| target\_included\_labels | Map of project lablels that will be deleted. | map(string) | `<map>` | no |
-| target\_tag\_name | The name of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead). | string | `""` | no |
-| target\_tag\_value | The value of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead). | string | `""` | no |
-| topic\_name | Name of pubsub topic connecting the scheduled projects cleanup function | string | `"pubsub_scheduled_project_cleaner"` | no |
+|------|-------------|------|---------|:--------:|
+| function\_timeout\_s | The amount of time in seconds allotted for the execution of the function. | `number` | `500` | no |
+| job\_schedule | Cleaner function run frequency, in cron syntax | `string` | `"*/5 * * * *"` | no |
+| max\_project\_age\_in\_hours | The maximum number of hours that a GCP project, selected by `target_tag_name` and `target_tag_value`, can exist | `number` | `6` | no |
+| organization\_id | The organization ID whose projects to clean up | `string` | n/a | yes |
+| project\_id | The project ID to host the scheduled function in | `string` | n/a | yes |
+| region | The region the project is in (App Engine specific) | `string` | n/a | yes |
+| target\_excluded\_labels | Map of project lablels that won't be deleted. | `map(string)` | `{}` | no |
+| target\_folder\_id | Folder ID to delete all projects under. | `string` | `""` | no |
+| target\_included\_labels | Map of project lablels that will be deleted. | `map(string)` | `{}` | no |
+| target\_tag\_name | The name of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead). | `string` | `""` | no |
+| target\_tag\_value | The value of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead). | `string` | `""` | no |
+| topic\_name | Name of pubsub topic connecting the scheduled projects cleanup function | `string` | `"pubsub_scheduled_project_cleaner"` | no |
 
 ## Outputs
 

modules/project_cleanup/versions.tf

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
+  }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/terraform-google-scheduled-function:project_cleanup/v1.0.0"
+  }
+
+}

test/setup/iam.tf

@@ -22,6 +22,8 @@ locals {
     "roles/cloudscheduler.admin",
     "roles/cloudfunctions.developer",
     "roles/iam.serviceAccountUser",
+    "roles/resourcemanager.projectIamAdmin",
+    "roles/pubsub.subscriber"
   ]
 }
 

test/setup/main.tf

@@ -16,14 +16,13 @@
 
 module "project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 9.0"
+  version = "~> 10.2"
 
-  name                 = "ci-scheduled-function"
-  random_project_id    = "true"
-  org_id               = var.org_id
-  folder_id            = var.folder_id
-  billing_account      = var.billing_account
-  skip_gcloud_download = true
+  name              = "ci-scheduled-function"
+  random_project_id = "true"
+  org_id            = var.org_id
+  folder_id         = var.folder_id
+  billing_account   = var.billing_account
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",
@@ -40,7 +39,7 @@ module "project" {
 
 module "app-engine" {
   source  = "terraform-google-modules/project-factory/google//modules/app_engine"
-  version = "~> 9.0"
+  version = "~> 10.2"
 
   location_id = "us-central"
 

test/setup/versions.tf

@@ -19,7 +19,7 @@ terraform {
 }
 
 provider "google" {
-  version = "~> 3.35"
+  version = "~> 3.53"
 }
 
 provider "google-beta" {

versions.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,5 +15,17 @@
  */
 
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
+  required_providers {
+
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
+  }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/terraform-google-scheduled-function/v1.0.0"
+  }
+
 }