fix variable and add depends on

Author: mariammartins

0-bootstrap/cb.tf

@@ -131,7 +131,7 @@ module "tf_source" {
   }
 
   # Remove after github.com/terraform-google-modules/terraform-google-bootstrap/issues/160
-  depends_on = [module.seed_bootstrap]
+  depends_on = [module.seed_bootstrap, module.organization_policies_type_boolean]
 }
 
 module "tf_private_pool" {

0-bootstrap/main.tf

@@ -99,6 +99,5 @@ module "seed_bootstrap" {
 
   sa_org_iam_permissions = []
 
-  depends_on = [module.required_group]
+  depends_on = [module.required_group, module.organization_policies_type_boolean]
 }
-

0-bootstrap/org_policy.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

1-org/envs/shared/README.md

@@ -3,7 +3,6 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| auto\_create\_network | Control whether the 'default' network will be created in the project. | `bool` | `true` | no |
 | billing\_export\_dataset\_location | The location of the dataset for billing data export. | `string` | `null` | no |
 | create\_access\_context\_manager\_access\_policy | Whether to create access context manager access policy. | `bool` | `true` | no |
 | create\_unique\_tag\_key | Creates unique organization-wide tag keys by adding a random suffix to each key. | `bool` | `false` | no |

1-org/envs/shared/projects.tf

@@ -44,7 +44,7 @@ module "org_audit_logs" {
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
 
   labels = {
     environment       = "common"
@@ -78,7 +78,7 @@ module "org_billing_export" {
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
 
   labels = {
     environment       = "common"
@@ -112,7 +112,8 @@ module "common_kms" {
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
   activate_apis            = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
+
 
   labels = {
     environment       = "common"
@@ -147,7 +148,8 @@ module "org_secrets" {
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
   activate_apis            = ["logging.googleapis.com", "secretmanager.googleapis.com", "billingbudgets.googleapis.com"]
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
+
 
   labels = {
     environment       = "common"
@@ -181,7 +183,8 @@ module "interconnect" {
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
   activate_apis            = ["billingbudgets.googleapis.com", "compute.googleapis.com"]
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
+
 
   labels = {
     environment       = "network"
@@ -215,7 +218,8 @@ module "scc_notifications" {
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
   activate_apis            = ["logging.googleapis.com", "pubsub.googleapis.com", "securitycenter.googleapis.com", "billingbudgets.googleapis.com", "cloudkms.googleapis.com"]
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
+
 
   labels = {
     environment       = "common"
@@ -248,7 +252,8 @@ module "dns_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
+
 
   activate_apis = [
     "compute.googleapis.com",
@@ -291,7 +296,8 @@ module "base_network_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
+
 
   activate_apis = [
     "compute.googleapis.com",
@@ -342,7 +348,8 @@ module "restricted_network_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
-  auto_create_network      = var.auto_create_network
+  auto_create_network      = true
+
 
   activate_apis = [
     "compute.googleapis.com",

1-org/envs/shared/variables.tf

@@ -193,9 +193,3 @@ variable "tfc_org_name" {
   type        = string
   default     = ""
 }
-
-variable "auto_create_network" {
-  description = "Control whether the 'default' network will be created in the project."
-  type        = bool
-  default     = true
-}

1-org/modules/network/main.tf

@@ -29,7 +29,7 @@ module "base_shared_vpc_host_project" {
   billing_account             = var.billing_account
   folder_id                   = var.folder_id
   disable_services_on_destroy = false
-  auto_create_network         = var.auto_create_network
+  auto_create_network         = true
 
   activate_apis = [
     "compute.googleapis.com",
@@ -66,7 +66,7 @@ module "restricted_shared_vpc_host_project" {
   billing_account             = var.billing_account
   folder_id                   = var.folder_id
   disable_services_on_destroy = false
-  auto_create_network         = var.auto_create_network
+  auto_create_network         = true
 
   activate_apis = [
     "compute.googleapis.com",

1-org/modules/network/variables.tf

@@ -64,9 +64,3 @@ variable "project_budget" {
   })
   default = {}
 }
-
-variable "auto_create_network" {
-  description = "Control whether the 'default' network will be created in the project."
-  type        = bool
-  default     = true
-}

2-environments/modules/env_baseline/README.md

@@ -4,7 +4,6 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | assured\_workload\_configuration | Assured Workload configuration. See https://cloud.google.com/assured-workloads ."<br>  enabled: If the assured workload should be created.<br>  location: The location where the workload will be created.<br>  display\_name: User-assigned resource display name.<br>  compliance\_regime: Supported Compliance Regimes. See https://cloud.google.com/assured-workloads/docs/reference/rest/Shared.Types/ComplianceRegime .<br>  resource\_type: The type of resource. One of CONSUMER\_FOLDER, KEYRING, or ENCRYPTION\_KEYS\_PROJECT. | <pre>object({<br>    enabled           = optional(bool, false)<br>    location          = optional(string, "us-central1")<br>    display_name      = optional(string, "FEDRAMP-MODERATE")<br>    compliance_regime = optional(string, "FEDRAMP_MODERATE")<br>    resource_type     = optional(string, "CONSUMER_FOLDER")<br>  })</pre> | `{}` | no |
-| auto\_create\_network | Control whether the 'default' network will be created in the project. | `bool` | `true` | no |
 | env | The environment to prepare (ex. development) | `string` | n/a | yes |
 | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
 | project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    base_network_budget_amount                  = optional(number, 1000)<br>    base_network_alert_spent_percents           = optional(list(number), [1.2])<br>    base_network_alert_pubsub_topic             = optional(string, null)<br>    base_network_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_network_budget_amount            = optional(number, 1000)<br>    restricted_network_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_network_alert_pubsub_topic       = optional(string, null)<br>    restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    secret_budget_amount                        = optional(number, 1000)<br>    secret_alert_spent_percents                 = optional(list(number), [1.2])<br>    secret_alert_pubsub_topic                   = optional(string, null)<br>    secret_budget_alert_spend_basis             = optional(string, "FORECASTED_SPEND")<br>    kms_budget_amount                           = optional(number, 1000)<br>    kms_alert_spent_percents                    = optional(list(number), [1.2])<br>    kms_alert_pubsub_topic                      = optional(string, null)<br>    kms_budget_alert_spend_basis                = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |

2-environments/modules/env_baseline/kms.tf

@@ -33,7 +33,7 @@ module "env_kms" {
   disable_services_on_destroy = false
   depends_on                  = [time_sleep.wait_60_seconds]
   activate_apis               = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
-  auto_create_network         = var.auto_create_network
+  auto_create_network         = true
 
   labels = {
     environment       = var.env