terraform-google-modules
diff --git a/‎0-bootstrap/README.md‎
Lines changed: 2 additions & 0 deletions b/‎0-bootstrap/README.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎0-bootstrap/cb.tf‎
Lines changed: 30 additions & 3 deletions b/‎0-bootstrap/cb.tf‎
Lines changed: 30 additions & 3 deletions
diff --git a/‎0-bootstrap/github.tf.example‎
Lines changed: 3 additions & 1 deletion b/‎0-bootstrap/github.tf.example‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎0-bootstrap/gitlab.tf.example‎
Lines changed: 3 additions & 2 deletions b/‎0-bootstrap/gitlab.tf.example‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎0-bootstrap/groups.tf‎
Lines changed: 2 additions & 2 deletions b/‎0-bootstrap/groups.tf‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎0-bootstrap/jenkins.tf.example‎
Lines changed: 1 addition & 0 deletions b/‎0-bootstrap/jenkins.tf.example‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎0-bootstrap/main.tf‎
Lines changed: 5 additions & 3 deletions b/‎0-bootstrap/main.tf‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎0-bootstrap/modules/gitlab-oidc/versions.tf‎
Lines changed: 1 addition & 1 deletion b/‎0-bootstrap/modules/gitlab-oidc/versions.tf‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎0-bootstrap/modules/jenkins-agent/README.md‎
Lines changed: 1 addition & 0 deletions b/‎0-bootstrap/modules/jenkins-agent/README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎0-bootstrap/modules/jenkins-agent/main.tf‎
Lines changed: 3 additions & 1 deletion b/‎0-bootstrap/modules/jenkins-agent/main.tf‎
Lines changed: 3 additions & 1 deletion
@@ -523,12 +523,14 @@ The following steps will guide you through deploying without using Cloud Build.
 | default\_region\_2 | Secondary default region to create resources where applicable. | `string` | `"us-west1"` | no |
 | default\_region\_gcs | Case-Sensitive default region to create gcs resources where applicable. | `string` | `"US"` | no |
 | default\_region\_kms | Secondary default region to create kms resources where applicable. | `string` | `"us"` | no |
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | folder\_prefix | Name prefix to use for folders created. Should be the same in all steps. | `string` | `"fldr"` | no |
 | groups | Contain the details of the Groups to be created. | <pre>object({<br>    create_required_groups = optional(bool, false)<br>    create_optional_groups = optional(bool, false)<br>    billing_project        = optional(string, null)<br>    required_groups = object({<br>      group_org_admins     = string<br>      group_billing_admins = string<br>      billing_data_users   = string<br>      audit_data_users     = string<br>    })<br>    optional_groups = optional(object({<br>      gcp_security_reviewer    = optional(string, "")<br>      gcp_network_viewer       = optional(string, "")<br>      gcp_scc_admin            = optional(string, "")<br>      gcp_global_secrets_admin = optional(string, "")<br>      gcp_kms_admin            = optional(string, "")<br>    }), {})<br>  })</pre> | n/a | yes |
 | initial\_group\_config | Define the group configuration when it is initialized. Valid values are: WITH\_INITIAL\_OWNER, EMPTY and INITIAL\_GROUP\_CONFIG\_UNSPECIFIED. | `string` | `"WITH_INITIAL_OWNER"` | no |
 | org\_id | GCP Organization ID | `string` | n/a | yes |
 | org\_policy\_admin\_role | Additional Org Policy Admin role for admin group. You can use this for testing purposes. | `bool` | `false` | no |
 | parent\_folder | Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. | `string` | `""` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_prefix | Name prefix to use for projects created. Should be the same in all steps. Max size is 3 characters. | `string` | `"prj"` | no |
 
 ## Outputs
 
@@ -66,9 +66,25 @@ resource "random_string" "suffix" {
   upper   = false
 }
 
+module "gcp_projects_state_bucket" {
+  source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
+  version = "~> 8.0"
+
+  name          = "${var.bucket_prefix}-${module.seed_bootstrap.seed_project_id}-gcp-projects-tfstate"
+  project_id    = module.seed_bootstrap.seed_project_id
+  location      = var.default_region
+  force_destroy = var.bucket_force_destroy
+
+  encryption = {
+    default_kms_key_name = local.state_bucket_kms_key
+  }
+
+  depends_on = [module.seed_bootstrap.gcs_bucket_tfstate]
+}
+
 module "tf_source" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_source"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   org_id                = var.org_id
   folder_id             = google_folder.bootstrap.id
@@ -78,6 +94,8 @@ module "tf_source" {
   group_org_admins      = var.groups.required_groups.group_org_admins
   buckets_force_destroy = var.bucket_force_destroy
 
+  project_deletion_policy = var.project_deletion_policy
+
   activate_apis = [
     "serviceusage.googleapis.com",
     "servicenetworking.googleapis.com",
@@ -116,6 +134,15 @@ module "tf_source" {
   depends_on = [module.seed_bootstrap]
 }
 
+resource "google_project_service_identity" "workflows_identity" {
+  provider = google-beta
+
+  project = module.tf_source.cloudbuild_project_id
+  service = "workflows.googleapis.com"
+
+  depends_on = [module.tf_source]
+}
+
 module "tf_private_pool" {
   source = "./modules/cb-private-pool"
 
@@ -137,7 +164,7 @@ module "tf_private_pool" {
 
 module "tf_cloud_builder" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_builder"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id                   = module.tf_source.cloudbuild_project_id
   dockerfile_repo_uri          = module.tf_source.csr_repos[local.cloudbuilder_repo].url
@@ -188,7 +215,7 @@ module "build_terraform_image" {
 
 module "tf_workspace" {
   source   = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
-  version  = "~> 8.0"
+  version  = "~> 9.0"
   for_each = local.granular_sa
 
   project_id                = module.tf_source.cloudbuild_project_id
 
@@ -70,7 +70,7 @@ locals {
 
 module "gh_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gh"
   random_project_id = true
@@ -87,6 +87,8 @@ module "gh_cicd" {
     "cloudresourcemanager.googleapis.com",
     "iamcredentials.googleapis.com",
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "gh_oidc" {
 
@@ -81,7 +81,7 @@ provider "gitlab" {
 
 module "gitlab_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gl"
   random_project_id = true
@@ -100,8 +100,9 @@ module "gitlab_cicd" {
     "sts.googleapis.com",
     "dns.googleapis.com",
     "secretmanager.googleapis.com",
-
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "gitlab_oidc" {
 
@@ -34,7 +34,7 @@ data "google_organization" "org" {
 
 module "required_group" {
   source   = "terraform-google-modules/group/google"
-  version  = "~> 0.6"
+  version  = "~> 0.7"
   for_each = local.required_groups_to_create
 
   id                   = each.value
@@ -46,7 +46,7 @@ module "required_group" {
 
 module "optional_group" {
   source   = "terraform-google-modules/group/google"
-  version  = "~> 0.6"
+  version  = "~> 0.7"
   for_each = local.optional_groups_to_create
 
   id                   = each.value
 
@@ -46,6 +46,7 @@ module "jenkins_bootstrap" {
   tunnel0_bgp_session_range                = var.tunnel0_bgp_session_range
   tunnel1_bgp_peer_address                 = var.tunnel1_bgp_peer_address
   tunnel1_bgp_session_range                = var.tunnel1_bgp_session_range
+  project_deletion_policy                  = var.project_deletion_policy
 }
 
 resource "google_organization_iam_member" "org_jenkins_sa_browser" {
 
@@ -38,13 +38,14 @@ locals {
 }
 
 resource "google_folder" "bootstrap" {
-  display_name = "${var.folder_prefix}-bootstrap"
-  parent       = local.parent
+  display_name        = "${var.folder_prefix}-bootstrap"
+  parent              = local.parent
+  deletion_protection = var.folder_deletion_protection
 }
 
 module "seed_bootstrap" {
   source  = "terraform-google-modules/bootstrap/google"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   org_id                         = var.org_id
   folder_id                      = google_folder.bootstrap.id
@@ -64,6 +65,7 @@ module "seed_bootstrap" {
   encrypt_gcs_bucket_tfstate     = true
   key_rotation_period            = "7776000s"
   kms_prevent_destroy            = !var.bucket_tfstate_kms_force_destroy
+  project_deletion_policy        = var.project_deletion_policy
 
   project_labels = {
     environment       = "bootstrap"
 
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.64, < 6"
+      version = ">= 3.64, < 7"
     }
   }
 
 
@@ -68,6 +68,7 @@ module "jenkins_bootstrap" {
 | on\_prem\_vpn\_public\_ip\_address | The public IP Address of the Jenkins Controller. | `string` | n/a | yes |
 | on\_prem\_vpn\_public\_ip\_address2 | The secondpublic IP Address of the Jenkins Controller. | `string` | n/a | yes |
 | org\_id | GCP Organization ID | `string` | n/a | yes |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_labels | Labels to apply to the project. | `map(string)` | `{}` | no |
 | project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
 | router\_asn | BGP ASN for cloud routes. | `number` | `"64515"` | no |
 
@@ -29,7 +29,7 @@ resource "random_id" "suffix" {
 *******************************************/
 module "cicd_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name                        = local.cicd_project_name
   random_project_id           = true
@@ -40,6 +40,8 @@ module "cicd_project" {
   billing_account             = var.billing_account
   activate_apis               = local.activate_apis
   labels                      = var.project_labels
+
+  deletion_policy = var.project_deletion_policy
 }
 
 /******************************************
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ locals {`
`70`	`70`
`71`	`71`	`module "gh_cicd" {`
`72`	`72`	`source = "terraform-google-modules/project-factory/google"`
`73`		`- version = "~> 15.0"`
	`73`	`+ version = "~> 17.0"`
`74`	`74`
`75`	`75`	`name = "${var.project_prefix}-b-cicd-wif-gh"`
`76`	`76`	`random_project_id = true`
`@@ -87,6 +87,8 @@ module "gh_cicd" {`
`87`	`87`	`"cloudresourcemanager.googleapis.com",`
`88`	`88`	`"iamcredentials.googleapis.com",`
`89`	`89`	`]`
	`90`	`+`
	`91`	`+ deletion_policy = var.project_deletion_policy`
`90`	`92`	`}`
`91`	`93`
`92`	`94`	`module "gh_oidc" {`
Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ module "jenkins_bootstrap" {`
`46`	`46`	`tunnel0_bgp_session_range = var.tunnel0_bgp_session_range`
`47`	`47`	`tunnel1_bgp_peer_address = var.tunnel1_bgp_peer_address`
`48`	`48`	`tunnel1_bgp_session_range = var.tunnel1_bgp_session_range`
	`49`	`+ project_deletion_policy = var.project_deletion_policy`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`resource "google_organization_iam_member" "org_jenkins_sa_browser" {`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ terraform {`
`20`	`20`
`21`	`21`	`google = {`
`22`	`22`	`source = "hashicorp/google"`
`23`		`- version = ">= 3.64, < 6"`
	`23`	`+ version = ">= 3.64, < 7"`
`24`	`24`	`}`
`25`	`25`	`}`
`26`	`26`