update 4-projects README instruction and bump cloud function module version

mariammartins · mariammartins · commit f233219237f0 · 2025-10-16T12:09:33.000-03:00
diff --git a/1-org/envs/shared/folders.tf b/1-org/envs/shared/folders.tf
@@ -21,11 +21,11 @@
 resource "google_folder" "common" {
   display_name        = "${local.folder_prefix}-common"
   parent              = local.parent
-  deletion_protection = var.folder_deletion_protection // uncommnet after updating "GoogleCloudPlatform/cloud-functions/google" to provider v6
+  deletion_protection = var.folder_deletion_protection
 }
 
 resource "google_folder" "network" {
   display_name        = "${local.folder_prefix}-network"
   parent              = local.parent
-  deletion_protection = var.folder_deletion_protection // uncommnet after updating "GoogleCloudPlatform/cloud-functions/google" to provider v6
+  deletion_protection = var.folder_deletion_protection
 }
diff --git a/1-org/modules/cai-monitoring/main.tf b/1-org/modules/cai-monitoring/main.tf
@@ -140,12 +140,10 @@ resource "google_scc_v2_organization_source" "cai_monitoring" {
 }
 
 // Cloud Function
-//Using branch 'release-please--branches--main' due to Registry v0.6 incompability with Google Provider.
-//TODO: update to the latest Registry version when released.
+
 module "cloud_function" {
-  source = "git::https://github.com/GoogleCloudPlatform/terraform-google-cloud-functions.git?ref=release-please--branches--main"
-  # source  = "GoogleCloudPlatform/cloud-functions/google"
-  # version = "~> 0.6"
+  source  = "GoogleCloudPlatform/cloud-functions/google"
+  version = "~> 0.7"
 
   function_name         = "caiMonitoring"
   description           = "Check on the Organization for members (users, groups and service accounts) that contains the IAM roles listed."
diff --git a/4-projects/README.md b/4-projects/README.md
@@ -241,44 +241,6 @@ grep -rl 10.3.64.0 business_unit_2/ | xargs sed -i 's/10.3.64.0/10.4.64.0/g'
    sed -i'' -e "s/PRJ_APP_INFRA_ID/${cloudbuild_project_id}/" /envs/shared/service_control.tf
    ```
 
-1. Use `terraform output` to get the Bucket used for storing terraform state for stage 4-projects foundations pipelines in seed project.
-1. Use `gsutil cat` to get the project numbers of the SVPC and Peering projects in each environment (production, nonproduction, and development) for configuring the directional app infra policies.
-
-   ```bash
-   export projects_gcs_bucket_tfstate=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw projects_gcs_bucket_tfstate)
-   echo "projects_gcs_bucket_tfstate = ${projects_gcs_bucket_tfstate}"
-
-   export peering_project_number_dev=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/development/default.tfstate \
-   | jq -r '.outputs.peering_project_number.value')
-   echo "peering_project_number_dev = ${peering_project_number_dev}"
-   sed -i'' -e "s/PRJS_DEV_SAMPLE_PEERING_NUMBER/${peering_project_number_dev}/" envs/shared/service_control.tf
-
-   export peering_project_number_prod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/production/default.tfstate \
-   | jq -r '.outputs.peering_project_number.value')
-   echo "peering_project_number_prod = ${peering_project_number_prod}"
-   sed -i'' -e "s/PRJS_PROD_SAMPLE_PEERING_NUMBER/${peering_project_number_prod}/" envs/shared/service_control.tf
-
-   export peering_project_number_nonprod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/nonproduction/default.tfstate \
-   | jq -r '.outputs.peering_project_number.value')
-   echo "peering_project_number_nonprod = ${peering_project_number_nonprod}"
-   sed -i'' -e "s/PRJS_NONPROD_SAMPLE_PEERING_NUMBER/${peering_project_number_nonprod}/" envs/shared/service_control.tf
-
-   export shared_vpc_project_number_dev=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/development/default.tfstate \
-   | jq -r '.outputs.shared_vpc_project_number.value')
-   echo "shared_vpc_project_number_dev = ${shared_vpc_project_number_dev}"
-   sed -i'' -e "s/PRJS_DEV_SAMPLE_SVPC_NUMBER/${shared_vpc_project_number_dev}/" /envs/shared/service_control.tf
-
-   export shared_vpc_project_number_prod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/production/default.tfstate \
-   | jq -r '.outputs.shared_vpc_project_number.value')
-   echo "shared_vpc_project_number_prod = ${shared_vpc_project_number_prod}"
-   sed -i'' -e "s/PRJS_PROD_SAMPLE_SVPC_NUMBER/${shared_vpc_project_number_prod}/" /envs/shared/service_control.tf
-
-   export shared_vpc_project_number_nonprod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/nonproduction/default.tfstate \
-   | jq -r '.outputs.shared_vpc_project_number.value')
-   echo "shared_vpc_project_number_nonprod = ${shared_vpc_project_number_nonprod}"
-   sed -i'' -e "s/PRJS_NONPROD_SAMPLE_SVPC_NUMBER/${shared_vpc_project_number_nonprod}/" /envs/shared/service_control.tf
-   ```
-
 1. If you are deploying with VPC Service Controls in dry run mode, update the `required_egress_rule_app_infra_dry_run` and `required_ingress_rule_app_infra_dry_run` variables to true, if you are deploying with VPC Service Controls in enforced mode, update the `required_egress_rule_app_infra` and `required_ingress_rule_app_infra` variables to true in [service_control.tf](gcp-org/envs/shared/service_control.tf) file.
 
    ```bash
@@ -518,44 +480,6 @@ If you received any errors or made any changes to the Terraform config or any `.
    sed -i'' -e "s/PRJ_APP_INFRA_ID/${cloudbuild_project_id}/" /envs/shared/service_control.tf
    ```
 
-1. Use `terraform output` to get the Bucket used for storing terraform state for stage 4-projects foundations pipelines in seed project.
-1. Use `gsutil cat` to get the project numbers of the SVPC and Peering projects in each environment (production, nonproduction, and development) for configuring the directional app infra policies.
-
-   ```bash
-   export projects_gcs_bucket_tfstate=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -raw projects_gcs_bucket_tfstate)
-   echo "projects_gcs_bucket_tfstate = ${projects_gcs_bucket_tfstate}"
-
-   export peering_project_number_dev=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/development/default.tfstate \
-   | jq -r '.outputs.peering_project_number.value')
-   echo "peering_project_number_dev = ${peering_project_number_dev}"
-   sed -i'' -e "s/PRJS_DEV_SAMPLE_PEERING_NUMBER/${peering_project_number_dev}/" envs/shared/service_control.tf
-
-   export peering_project_number_prod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/production/default.tfstate \
-   | jq -r '.outputs.peering_project_number.value')
-   echo "peering_project_number_prod = ${peering_project_number_prod}"
-   sed -i'' -e "s/PRJS_PROD_SAMPLE_PEERING_NUMBER/${peering_project_number_prod}/" envs/shared/service_control.tf
-
-   export peering_project_number_nonprod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/nonproduction/default.tfstate \
-   | jq -r '.outputs.peering_project_number.value')
-   echo "peering_project_number_nonprod = ${peering_project_number_nonprod}"
-   sed -i'' -e "s/PRJS_NONPROD_SAMPLE_PEERING_NUMBER/${peering_project_number_nonprod}/" envs/shared/service_control.tf
-
-   export shared_vpc_project_number_dev=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/development/default.tfstate \
-   | jq -r '.outputs.shared_vpc_project_number.value')
-   echo "shared_vpc_project_number_dev = ${shared_vpc_project_number_dev}"
-   sed -i'' -e "s/PRJS_DEV_SAMPLE_SVPC_NUMBER/${shared_vpc_project_number_dev}/" /envs/shared/service_control.tf
-
-   export shared_vpc_project_number_prod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/production/default.tfstate \
-   | jq -r '.outputs.shared_vpc_project_number.value')
-   echo "shared_vpc_project_number_prod = ${shared_vpc_project_number_prod}"
-   sed -i'' -e "s/PRJS_PROD_SAMPLE_SVPC_NUMBER/${shared_vpc_project_number_prod}/" /envs/shared/service_control.tf
-
-   export shared_vpc_project_number_nonprod=$(gsutil cat gs://${projects_gcs_bucket_tfstate}/terraform/projects/business_unit_1/nonproduction/default.tfstate \
-   | jq -r '.outputs.shared_vpc_project_number.value')
-   echo "shared_vpc_project_number_nonprod = ${shared_vpc_project_number_nonprod}"
-   sed -i'' -e "s/PRJS_NONPROD_SAMPLE_SVPC_NUMBER/${shared_vpc_project_number_nonprod}/" /envs/shared/service_control.tf
-   ```
-
 1. If you are deploying with VPC Service Controls in dry run mode, update the `required_egress_rule_app_infra_dry_run` and `required_ingress_rule_app_infra_dry_run` variables to true, if you are deploying with VPC Service Controls in enforced mode, update the `required_egress_rule_app_infra` and `required_ingress_rule_app_infra` variables to true in [service_control.tf](gcp-org/envs/shared/service_control.tf) file.
 
    ```bash

Original file line number	Diff line number	Diff line change
`@@ -21,11 +21,11 @@`
`21`	`21`	`resource "google_folder" "common" {`
`22`	`22`	`display_name = "${local.folder_prefix}-common"`
`23`	`23`	`parent = local.parent`
`24`		`- deletion_protection = var.folder_deletion_protection // uncommnet after updating "GoogleCloudPlatform/cloud-functions/google" to provider v6`
	`24`	`+ deletion_protection = var.folder_deletion_protection`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`resource "google_folder" "network" {`
`28`	`28`	`display_name = "${local.folder_prefix}-network"`
`29`	`29`	`parent = local.parent`
`30`		`- deletion_protection = var.folder_deletion_protection // uncommnet after updating "GoogleCloudPlatform/cloud-functions/google" to provider v6`
	`30`	`+ deletion_protection = var.folder_deletion_protection`
`31`	`31`	`}`