upgrade bootstrap and project-factory modules

Author: daniel-cit

0-bootstrap/cb.tf

@@ -86,7 +86,7 @@ module "gcp_projects_state_bucket" {
 
 module "tf_source" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_source"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   org_id                = var.org_id
   folder_id             = google_folder.bootstrap.id
@@ -96,6 +96,9 @@ module "tf_source" {
   group_org_admins      = var.groups.required_groups.group_org_admins
   buckets_force_destroy = var.bucket_force_destroy
 
+  project_deletion_policy = var.project_deletion_policy
+
+
   activate_apis = [
     "serviceusage.googleapis.com",
     "servicenetworking.googleapis.com",
@@ -155,7 +158,7 @@ module "tf_private_pool" {
 
 module "tf_cloud_builder" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_builder"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id                   = module.tf_source.cloudbuild_project_id
   dockerfile_repo_uri          = module.tf_source.csr_repos[local.cloudbuilder_repo].url
@@ -206,7 +209,7 @@ module "build_terraform_image" {
 
 module "tf_workspace" {
   source   = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
-  version  = "~> 8.0"
+  version  = "~> 9.0"
   for_each = local.granular_sa
 
   project_id                = module.tf_source.cloudbuild_project_id

0-bootstrap/github.tf.example

@@ -70,7 +70,7 @@ locals {
 
 module "gh_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gh"
   random_project_id = true
@@ -87,6 +87,8 @@ module "gh_cicd" {
     "cloudresourcemanager.googleapis.com",
     "iamcredentials.googleapis.com",
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "gh_oidc" {

0-bootstrap/gitlab.tf.example

@@ -81,7 +81,7 @@ provider "gitlab" {
 
 module "gitlab_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gl"
   random_project_id = true
@@ -100,8 +100,9 @@ module "gitlab_cicd" {
     "sts.googleapis.com",
     "dns.googleapis.com",
     "secretmanager.googleapis.com",
-
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "gitlab_oidc" {

0-bootstrap/jenkins.tf.example

@@ -46,6 +46,7 @@ module "jenkins_bootstrap" {
   tunnel0_bgp_session_range                = var.tunnel0_bgp_session_range
   tunnel1_bgp_peer_address                 = var.tunnel1_bgp_peer_address
   tunnel1_bgp_session_range                = var.tunnel1_bgp_session_range
+  project_deletion_policy                  = var.project_deletion_policy
 }
 
 resource "google_organization_iam_member" "org_jenkins_sa_browser" {

0-bootstrap/main.tf

@@ -41,7 +41,7 @@ resource "google_folder" "bootstrap" {
 
 module "seed_bootstrap" {
   source  = "terraform-google-modules/bootstrap/google"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   org_id                         = var.org_id
   folder_id                      = google_folder.bootstrap.id
@@ -61,6 +61,7 @@ module "seed_bootstrap" {
   encrypt_gcs_bucket_tfstate     = true
   key_rotation_period            = "7776000s"
   kms_prevent_destroy            = !var.bucket_tfstate_kms_force_destroy
+  project_deletion_policy        = var.project_deletion_policy
 
   project_labels = {
     environment       = "bootstrap"

0-bootstrap/modules/jenkins-agent/main.tf

@@ -29,7 +29,7 @@ resource "random_id" "suffix" {
 *******************************************/
 module "cicd_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name                        = local.cicd_project_name
   random_project_id           = true
@@ -40,6 +40,8 @@ module "cicd_project" {
   billing_account             = var.billing_account
   activate_apis               = local.activate_apis
   labels                      = var.project_labels
+
+  deletion_policy = var.project_deletion_policy
 }
 
 /******************************************

0-bootstrap/modules/jenkins-agent/variables.tf

@@ -39,6 +39,12 @@ variable "default_region" {
   default     = "us-central1"
 }
 
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
+
 /* ----------------------------------------
     Specific to CICD Project
    ---------------------------------------- */

0-bootstrap/terraform_cloud.tf.example

@@ -230,7 +230,7 @@ resource "tfe_run_trigger" "projects_bu2_shared_production" {
 
 module "tfc_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-tfc"
   random_project_id = true
@@ -251,6 +251,8 @@ module "tfc_cicd" {
     "gkehub.googleapis.com",
     "connectgateway.googleapis.com"
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "tfc-oidc" {

0-bootstrap/variables.tf

@@ -90,6 +90,12 @@ variable "bucket_tfstate_kms_force_destroy" {
   default     = false
 }
 
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
+
 /* ----------------------------------------
     Specific to Groups creation
    ---------------------------------------- */

1-org/envs/shared/projects.tf

@@ -34,7 +34,7 @@ locals {
 
 module "org_audit_logs" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -43,6 +43,7 @@ module "org_audit_logs" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -67,7 +68,7 @@ module "org_audit_logs" {
 
 module "org_billing_export" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -76,6 +77,7 @@ module "org_billing_export" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -100,7 +102,7 @@ module "org_billing_export" {
 
 module "common_kms" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -109,6 +111,7 @@ module "common_kms" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -134,7 +137,7 @@ module "common_kms" {
 
 module "org_secrets" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -143,6 +146,7 @@ module "org_secrets" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "secretmanager.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -167,7 +171,7 @@ module "org_secrets" {
 
 module "interconnect" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -176,6 +180,7 @@ module "interconnect" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["billingbudgets.googleapis.com", "compute.googleapis.com"]
 
   labels = {
@@ -200,7 +205,7 @@ module "interconnect" {
 
 module "scc_notifications" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -209,6 +214,7 @@ module "scc_notifications" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "pubsub.googleapis.com", "securitycenter.googleapis.com", "billingbudgets.googleapis.com", "cloudkms.googleapis.com"]
 
   labels = {
@@ -233,7 +239,7 @@ module "scc_notifications" {
 
 module "dns_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -242,6 +248,7 @@ module "dns_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",
@@ -274,7 +281,7 @@ module "dns_hub" {
 
 module "base_network_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
   count   = var.enable_hub_and_spoke ? 1 : 0
 
   random_project_id        = true
@@ -284,6 +291,7 @@ module "base_network_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",
@@ -324,7 +332,7 @@ resource "google_project_iam_member" "network_sa_base" {
 
 module "restricted_network_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
   count   = var.enable_hub_and_spoke ? 1 : 0
 
   random_project_id        = true
@@ -334,6 +342,7 @@ module "restricted_network_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",
@@ -373,6 +382,8 @@ module "base_restricted_environment_network" {
   project_prefix  = local.project_prefix
   folder_id       = google_folder.network.id
 
+  project_deletion_policy = var.project_deletion_policy
+
   env      = each.key
   env_code = each.value