Address remaining pull request feedback

terraform-google-modules · Nov 20, 2019 · 428b228 · 428b228
1 parent 7719c16
commit 428b228
Show file tree

Hide file tree

Showing 16 changed files with 102 additions and 66 deletions.
diff --git a/README.md b/README.md
@@ -65,8 +65,8 @@ For the cloudbuild submodule, see the README [cloudbuild](./modules/cloudbuild).
 |------|-------------|
 | gcs\_bucket\_tfstate | Bucket used for storing terraform state for foundations pipelines in seed project. |
 | seed\_project\_id | Project where service accounts and core APIs will be enabled. |
-| terraform\_sa\_email | Email for privileged service account. |
-| terraform\_sa\_name | Fully qualified name for privileged service account. |
+| terraform\_sa\_email | Email for privileged service account for Terraform. |
+| terraform\_sa\_name | Fully qualified name for privileged service account for Terraform. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

diff --git a/examples/cloudbuild_enabled/README.md b/examples/cloudbuild_enabled/README.md
@@ -18,14 +18,14 @@ This example combines the Organization bootstrap module with the Cloud Build sub
 
 | Name | Description |
 |------|-------------|
-| cloudbuild\_project\_id |  |
-| csr\_repos |  |
-| gcs\_bucket\_cloudbuild\_artifacts |  |
-| gcs\_bucket\_tfstate |  |
-| kms\_crypto\_key |  |
-| kms\_keyring |  |
-| seed\_project\_id |  |
-| terraform\_sa\_email |  |
-| terraform\_sa\_name |  |
+| cloudbuild\_project\_id | Project where CloudBuild configuration and terraform container image will reside. |
+| csr\_repos | List of Cloud Source Repos created by the module, linked to Cloud Build triggers. |
+| gcs\_bucket\_cloudbuild\_artifacts | Bucket used to store Cloud/Build artefacts in CloudBuild project. |
+| gcs\_bucket\_tfstate | Bucket used for storing terraform state for foundations pipelines in seed project. |
+| kms\_crypto\_key | KMS key created by the module. |
+| kms\_keyring | KMS Keyring created by the module. |
+| seed\_project\_id | Project where service accounts and core APIs will be enabled. |
+| terraform\_sa\_email | Email for privileged service account for Terraform. |
+| terraform\_sa\_name | Fully qualified name for privileged service account for Terraform. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/cloudbuild_enabled/outputs.tf b/examples/cloudbuild_enabled/outputs.tf
@@ -15,37 +15,46 @@
  */
 
 output "seed_project_id" {
-  value = module.seed_bootstrap.seed_project_id
+  description = "Project where service accounts and core APIs will be enabled."
+  value       = module.seed_bootstrap.seed_project_id
 }
 
 output "terraform_sa_email" {
-  value = module.seed_bootstrap.terraform_sa_email
+  description = "Email for privileged service account for Terraform."
+  value       = module.seed_bootstrap.terraform_sa_email
 }
 
 output "terraform_sa_name" {
-  value = module.seed_bootstrap.terraform_sa_name
+  description = "Fully qualified name for privileged service account for Terraform."
+  value       = module.seed_bootstrap.terraform_sa_name
 }
 
 output "gcs_bucket_tfstate" {
-  value = module.seed_bootstrap.gcs_bucket_tfstate
+  description = "Bucket used for storing terraform state for foundations pipelines in seed project."
+  value       = module.seed_bootstrap.gcs_bucket_tfstate
 }
 
 output "cloudbuild_project_id" {
-  value = module.cloudbuild_bootstrap.cloudbuild_project_id
+  description = "Project where CloudBuild configuration and terraform container image will reside."
+  value       = module.cloudbuild_bootstrap.cloudbuild_project_id
 }
 
 output "gcs_bucket_cloudbuild_artifacts" {
-  value = module.cloudbuild_bootstrap.gcs_bucket_cloudbuild_artifacts
+  description = "Bucket used to store Cloud/Build artefacts in CloudBuild project."
+  value       = module.cloudbuild_bootstrap.gcs_bucket_cloudbuild_artifacts
 }
 
 output "csr_repos" {
-  value = module.cloudbuild_bootstrap.csr_repos
+  description = "List of Cloud Source Repos created by the module, linked to Cloud Build triggers."
+  value       = module.cloudbuild_bootstrap.csr_repos
 }
 
 output "kms_keyring" {
-  value = module.cloudbuild_bootstrap.kms_keyring
+  description = "KMS Keyring created by the module."
+  value       = module.cloudbuild_bootstrap.kms_keyring
 }
 
 output "kms_crypto_key" {
-  value = module.cloudbuild_bootstrap.kms_crypto_key
+  description = "KMS key created by the module."
+  value       = module.cloudbuild_bootstrap.kms_crypto_key
 }
diff --git a/examples/cloudbuild_enabled/variables.tf b/examples/cloudbuild_enabled/variables.tf
@@ -16,18 +16,22 @@
 
 variable "org_id" {
   description = "GCP Organization ID"
+  type        = string
 }
 
 variable "billing_account" {
   description = "The ID of the billing account to associate projects with."
+  type        = string
 }
 
 variable "group_org_admins" {
   description = "Google Group for GCP Organization Administrators"
+  type        = string
 }
 
 variable "group_billing_admins" {
   description = "Google Group for GCP Billing Administrators"
+  type        = string
 }
 
 variable "default_region" {

diff --git a/examples/simple/README.md b/examples/simple/README.md
@@ -18,9 +18,9 @@ This example demonstrates the simplest usage of the GCP organization bootstrap m
 
 | Name | Description |
 |------|-------------|
-| gcs\_bucket\_tfstate |  |
-| seed\_project\_id |  |
-| terraform\_sa\_email |  |
-| terraform\_sa\_name |  |
+| gcs\_bucket\_tfstate | Bucket used for storing terraform state for foundations pipelines in seed project. |
+| seed\_project\_id | Project where service accounts and core APIs will be enabled. |
+| terraform\_sa\_email | Email for privileged service account for Terraform. |
+| terraform\_sa\_name | Fully qualified name for privileged service account for Terraform. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/simple/outputs.tf b/examples/simple/outputs.tf
@@ -15,17 +15,21 @@
  */
 
 output "seed_project_id" {
-  value = module.seed_bootstrap.seed_project_id
+  description = "Project where service accounts and core APIs will be enabled."
+  value       = module.seed_bootstrap.seed_project_id
 }
 
 output "terraform_sa_email" {
-  value = module.seed_bootstrap.terraform_sa_email
+  description = "Email for privileged service account for Terraform."
+  value       = module.seed_bootstrap.terraform_sa_email
 }
 
 output "terraform_sa_name" {
-  value = module.seed_bootstrap.terraform_sa_name
+  description = "Fully qualified name for privileged service account for Terraform."
+  value       = module.seed_bootstrap.terraform_sa_name
 }
 
 output "gcs_bucket_tfstate" {
-  value = module.seed_bootstrap.gcs_bucket_tfstate
+  description = "Bucket used for storing terraform state for foundations pipelines in seed project."
+  value       = module.seed_bootstrap.gcs_bucket_tfstate
 }
diff --git a/examples/simple/variables.tf b/examples/simple/variables.tf
@@ -16,18 +16,22 @@
 
 variable "org_id" {
   description = "GCP Organization ID"
+  type        = string
 }
 
 variable "billing_account" {
   description = "The ID of the billing account to associate projects with."
+  type        = string
 }
 
 variable "group_org_admins" {
   description = "Google Group for GCP Organization Administrators"
+  type        = string
 }
 
 variable "group_billing_admins" {
   description = "Google Group for GCP Billing Administrators"
+  type        = string
 }
 
 variable "default_region" {

diff --git a/main.tf b/main.tf
@@ -61,10 +61,9 @@ resource "google_service_account" "org_terraform" {
  ***********************************************/
 
 resource "google_storage_bucket" "org_terraform_state" {
-  project       = module.seed_project.project_id
-  name          = format("%s-%s-%s", var.project_prefix, "tfstate", random_id.suffix.hex)
-  location      = var.default_region
-  force_destroy = true
+  project  = module.seed_project.project_id
+  name     = format("%s-%s-%s", var.project_prefix, "tfstate", random_id.suffix.hex)
+  location = var.default_region
 }
 
 /***********************************************

diff --git a/modules/cloudbuild/README.md b/modules/cloudbuild/README.md
@@ -70,10 +70,10 @@ Functional examples and sample Cloud Build definitions are included in the [exam
 | Name | Description |
 |------|-------------|
 | cloudbuild\_project\_id | Project where CloudBuild configuration and terraform container image will reside. |
-| csr\_repos |  |
+| csr\_repos | List of Cloud Source Repos created by the module, linked to Cloud Build triggers. |
 | gcs\_bucket\_cloudbuild\_artifacts | Bucket used to store Cloud/Build artefacts in CloudBuild project. |
-| kms\_crypto\_key |  |
-| kms\_keyring |  |
+| kms\_crypto\_key | KMS key created by the module. |
+| kms\_keyring | KMS Keyring created by the module. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

diff --git a/modules/cloudbuild/cloudbuild_builder/README.md b/modules/cloudbuild/cloudbuild_builder/README.md
@@ -1,14 +1,9 @@
-# [Terraform](https://www.terraform.io/docs) cloud builder
+# Terraform cloud builder
 
-## Terraform cloud builder
-This builder can be used to run the terraform tool in the GCE. From the Hashicorp Terraform [product page](https://www.terraform.io/):
-
-> HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source
-> tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code,
-> edited, reviewed, and versioned.
+This builder creates a [Terraform](https://www.terraform.io/) image for use in cloud build to run the [Cloud Foundation Toolkit](https://cloud.google.com/foundation-toolkit/) modules.
 
 ### Building this builder
-To build this builder, run the following command in this directory.
+This builder is automatically created if you use the cloudbuild terraform submodule. If you would like to build manually, run the following command in this directory.
 ```sh
 $ gcloud builds submit --config=cloudbuild.yaml
 ```
diff --git a/modules/cloudbuild/main.tf b/modules/cloudbuild/main.tf
@@ -74,10 +74,9 @@ resource "google_project_iam_member" "org_admins_cloudbuild_viewer" {
 *******************************************/
 
 resource "google_storage_bucket" "cloudbuild_artifacts" {
-  project       = module.cloudbuild_project.project_id
-  name          = format("%s-%s-%s", var.project_prefix, "cloudbuild-artifacts", random_id.suffix.hex)
-  location      = var.default_region
-  force_destroy = true
+  project  = module.cloudbuild_project.project_id
+  name     = format("%s-%s-%s", var.project_prefix, "cloudbuild-artifacts", random_id.suffix.hex)
+  location = var.default_region
 }
 
 /******************************************

diff --git a/modules/cloudbuild/outputs.tf b/modules/cloudbuild/outputs.tf
@@ -25,13 +25,16 @@ output "gcs_bucket_cloudbuild_artifacts" {
 }
 
 output "csr_repos" {
-  value = google_sourcerepo_repository.gcp_repo
+  description = "List of Cloud Source Repos created by the module, linked to Cloud Build triggers."
+  value       = google_sourcerepo_repository.gcp_repo
 }
 
 output "kms_keyring" {
-  value = google_kms_key_ring.tf_keyring
+  description = "KMS Keyring created by the module."
+  value       = google_kms_key_ring.tf_keyring
 }
 
 output "kms_crypto_key" {
-  value = google_kms_crypto_key.tf_key
+  description = "KMS key created by the module."
+  value       = google_kms_crypto_key.tf_key
 }
diff --git a/outputs.tf b/outputs.tf
@@ -28,12 +28,12 @@ output "seed_project_id" {
 *******************************************/
 
 output "terraform_sa_email" {
-  description = "Email for privileged service account."
+  description = "Email for privileged service account for Terraform."
   value       = google_service_account.org_terraform.email
 }
 
 output "terraform_sa_name" {
-  description = "Fully qualified name for privileged service account."
+  description = "Fully qualified name for privileged service account for Terraform."
   value       = google_service_account.org_terraform.name
 }
 

diff --git a/test/fixtures/cloudbuild_enabled/outputs.tf b/test/fixtures/cloudbuild_enabled/outputs.tf
@@ -15,41 +15,51 @@
  */
 
 output "group_org_admins" {
-  value = var.group_org_admins
+  description = "Google Group for GCP Organization Administrators"
+  value       = var.group_org_admins
 }
 
 output "seed_project_id" {
-  value = module.cloudbuild_enabled.seed_project_id
+  description = "Project where service accounts and core APIs will be enabled."
+  value       = module.cloudbuild_enabled.seed_project_id
 }
 
 output "terraform_sa_email" {
-  value = module.cloudbuild_enabled.terraform_sa_email
+  description = "Email for privileged service account for Terraform."
+  value       = module.cloudbuild_enabled.terraform_sa_email
 }
 
 output "terraform_sa_name" {
-  value = module.cloudbuild_enabled.terraform_sa_name
+  description = "Fully qualified name for privileged service account for Terraform."
+  value       = module.cloudbuild_enabled.terraform_sa_name
 }
 
 output "gcs_bucket_tfstate" {
-  value = module.cloudbuild_enabled.gcs_bucket_tfstate
+  description = "Bucket used for storing terraform state for foundations pipelines in seed project."
+  value       = module.cloudbuild_enabled.gcs_bucket_tfstate
 }
 
 output "cloudbuild_project_id" {
-  value = module.cloudbuild_enabled.cloudbuild_project_id
+  description = "Project where CloudBuild configuration and terraform container image will reside."
+  value       = module.cloudbuild_enabled.cloudbuild_project_id
 }
 
 output "gcs_bucket_cloudbuild_artifacts" {
-  value = module.cloudbuild_enabled.gcs_bucket_cloudbuild_artifacts
+  description = "Bucket used to store Cloud/Build artefacts in CloudBuild project."
+  value       = module.cloudbuild_enabled.gcs_bucket_cloudbuild_artifacts
 }
 
 output "csr_repos" {
-  value = module.cloudbuild_enabled.csr_repos
+  description = "List of Cloud Source Repos created by the module, linked to Cloud Build triggers."
+  value       = module.cloudbuild_enabled.csr_repos
 }
 
 output "kms_keyring" {
-  value = module.cloudbuild_enabled.kms_keyring
+  description = "KMS Keyring created by the module."
+  value       = module.cloudbuild_enabled.kms_keyring
 }
 
 output "kms_crypto_key" {
-  value = module.cloudbuild_enabled.kms_crypto_key
+  description = "KMS key created by the module."
+  value       = module.cloudbuild_enabled.kms_crypto_key
 }
diff --git a/test/fixtures/simple/outputs.tf b/test/fixtures/simple/outputs.tf
@@ -15,17 +15,21 @@
  */
 
 output "seed_project_id" {
-  value = module.simple.seed_project_id
+  description = "Project where service accounts and core APIs will be enabled."
+  value       = module.simple.seed_project_id
 }
 
 output "terraform_sa_email" {
-  value = module.simple.terraform_sa_email
+  description = "Email for privileged service account for Terraform."
+  value       = module.simple.terraform_sa_email
 }
 
 output "terraform_sa_name" {
-  value = module.simple.terraform_sa_name
+  description = "Fully qualified name for privileged service account for Terraform."
+  value       = module.simple.terraform_sa_name
 }
 
 output "gcs_bucket_tfstate" {
-  value = module.simple.gcs_bucket_tfstate
+  description = "Bucket used for storing terraform state for foundations pipelines in seed project."
+  value       = module.simple.gcs_bucket_tfstate
 }
diff --git a/test/setup/variables.tf b/test/setup/variables.tf
@@ -15,22 +15,27 @@
  */
 variable "org_id" {
   description = "The numeric organization id"
+  type        = string
 }
 
 variable "folder_id" {
   description = "The folder to deploy in"
+  type        = string
 }
 
 variable "billing_account" {
   description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ"
+  type        = string
 }
 
 variable "group_org_admins" {
   description = "Google Group for GCP Organization Administrators"
+  type        = string
 }
 
 variable "group_billing_admins" {
   description = "Google Group for GCP Billing Administrators"
+  type        = string
 }
 
 variable "default_region" {