terraform-google-modules · apeabody · Mar 5, 2025 · Feb 26, 2025 · Feb 28, 2025 · Feb 28, 2025
@@ -533,6 +533,7 @@ The following steps will guide you through deploying without using Cloud Build.
 | parent\_folder | Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. | `string` | `""` | no |
 | project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_prefix | Name prefix to use for projects created. Should be the same in all steps. Max size is 3 characters. | `string` | `"prj"` | no |
+| workflow\_deletion\_protection | Whether Terraform will be prevented from destroying a workflow. When the field is set to true or unset in Terraform state, a `terraform apply` or `terraform destroy` that would delete the workflow will fail. When the field is set to false, deleting the workflow is allowed. | `bool` | `true` | no |
 
 ## Outputs
 

@@ -68,7 +68,7 @@ resource "random_string" "suffix" {
 
 module "gcp_projects_state_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   name          = "${var.bucket_prefix}-${module.seed_bootstrap.seed_project_id}-gcp-projects-tfstate"
   project_id    = module.seed_bootstrap.seed_project_id
@@ -84,7 +84,7 @@ module "gcp_projects_state_bucket" {
 
 module "tf_source" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_source"
-  version = "~> 9.0"
+  version = "~> 11.0"
 
   org_id                = var.org_id
   folder_id             = google_folder.bootstrap.id
@@ -164,7 +164,7 @@ module "tf_private_pool" {
 
 module "tf_cloud_builder" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_builder"
-  version = "~> 9.0"
+  version = "~> 11.0"
 
   project_id                   = module.tf_source.cloudbuild_project_id
   dockerfile_repo_uri          = module.tf_source.csr_repos[local.cloudbuilder_repo].url
@@ -177,6 +177,7 @@ module "tf_cloud_builder" {
   enable_worker_pool           = true
   worker_pool_id               = module.tf_private_pool.private_worker_pool_id
   bucket_name                  = "${var.bucket_prefix}-${module.tf_source.cloudbuild_project_id}-tf-cloudbuilder-build-logs"
+  workflow_deletion_protection = var.workflow_deletion_protection
 }
 
 module "bootstrap_csr_repo" {
@@ -215,7 +216,7 @@ module "build_terraform_image" {
 
 module "tf_workspace" {
   source   = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
-  version  = "~> 9.0"
+  version  = "~> 11.0"
   for_each = local.granular_sa
 
   project_id                = module.tf_source.cloudbuild_project_id

@@ -70,7 +70,7 @@ locals {
 
 module "gh_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gh"
   random_project_id = true
@@ -120,7 +120,7 @@ resource "google_service_account_iam_member" "self_impersonate" {
 
 module "gcp_projects_state_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   name          = "${var.bucket_prefix}-${module.seed_bootstrap.seed_project_id}-gcp-projects-tfstate"
   project_id    = module.seed_bootstrap.seed_project_id

@@ -81,7 +81,7 @@ provider "gitlab" {
 
 module "gitlab_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gl"
   random_project_id = true

@@ -45,7 +45,7 @@ resource "google_folder" "bootstrap" {
 
 module "seed_bootstrap" {
   source  = "terraform-google-modules/bootstrap/google"
-  version = "~> 9.0"
+  version = "~> 11.0"
 
   org_id                         = var.org_id
   folder_id                      = google_folder.bootstrap.id

@@ -20,7 +20,7 @@ locals {
 
 module "peered_network" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 9.0"
+  version = "~> 10.0"
   count   = var.private_worker_pool.create_peered_network ? 1 : 0
 
   project_id                             = var.project_id
@@ -90,7 +90,7 @@ resource "google_compute_network_peering_routes_config" "peering_routes" {
 
 module "firewall_rules" {
   source  = "terraform-google-modules/network/google//modules/firewall-rules"
-  version = "~> 9.0"
+  version = "~> 10.0"
   count   = var.private_worker_pool.enable_network_peering ? 1 : 0
 
   project_id   = var.project_id

@@ -29,7 +29,7 @@ resource "random_id" "suffix" {
 *******************************************/
 module "cicd_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   name                        = local.cicd_project_name
   random_project_id           = true
@@ -130,8 +130,9 @@ resource "google_tags_tag_value" "jenkins_agents" {
 }
 
 module "jenkins_firewall_rules" {
-  source      = "terraform-google-modules/network/google//modules/network-firewall-policy"
-  version     = "~> 9.0"
+  source  = "terraform-google-modules/network/google//modules/network-firewall-policy"
+  version = "~> 10.0"
+
   project_id  = module.cicd_project.project_id
   policy_name = "fp-${google_compute_network.jenkins_agents.name}-jenkins-firewall"
   description = "Jenkins Agent GCE network firewall rules."

@@ -34,7 +34,7 @@ resource "random_string" "suffix" {
 
 module "network" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   project_id                             = var.project_id
   network_name                           = var.network_name
@@ -96,7 +96,7 @@ resource "google_service_account" "tfc_agent_service_account" {
 
 module "tfc_agent_cluster" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster/"
-  version = "~> 34.0"
+  version = "~> 36.0"
 
   project_id         = var.project_id
   region             = var.region
@@ -372,7 +372,7 @@ resource "google_compute_firewall" "allow_private_api_egress" {
 
 module "private_service_connect" {
   source  = "terraform-google-modules/network/google//modules/private-service-connect"
-  version = "~> 9.1"
+  version = "~> 10.0"
 
   project_id                 = var.project_id
   dns_code                   = "dz-${local.vpc_name}"
@@ -394,7 +394,7 @@ resource "google_dns_policy" "default_policy" {
 
 module "hub" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/fleet-membership"
-  version = "~> 34.0"
+  version = "~> 36.0"
 
   project_id   = var.project_id
   location     = var.region

@@ -230,7 +230,7 @@ resource "tfe_run_trigger" "projects_bu2_shared_production" {
 
 module "tfc_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-tfc"
   random_project_id = true

@@ -108,6 +108,12 @@ variable "folder_deletion_protection" {
   default     = true
 }
 
+variable "workflow_deletion_protection" {
+  description = "Whether Terraform will be prevented from destroying a workflow. When the field is set to true or unset in Terraform state, a `terraform apply` or `terraform destroy` that would delete the workflow will fail. When the field is set to false, deleting the workflow is allowed."
+  type        = bool
+  default     = true
+}
+
 /* ----------------------------------------
     Specific to Groups creation
    ---------------------------------------- */

@@ -20,13 +20,13 @@ terraform {
     google = {
       // version 4.31.0 removed because of issue https://github.com/hashicorp/terraform-provider-google/issues/12226
       source  = "hashicorp/google"
-      version = ">= 3.50, != 4.31.0, <= 6.10"
+      version = ">= 3.50, != 4.31.0, < 7.0"
     }
 
     google-beta = {
       // version 4.31.0 removed because of issue https://github.com/hashicorp/terraform-provider-google/issues/12226
       source  = "hashicorp/google-beta"
-      version = ">= 3.50, != 4.31.0, <= 6.10"
+      version = ">= 3.50, != 4.31.0, < 7.0"
     }
 
     // Un-comment gitlab required_providers when using gitlab CI/CD

@@ -46,7 +46,7 @@ locals {
 
 module "organization_policies_type_boolean" {
   source   = "terraform-google-modules/org-policy/google"
-  version  = "~> 5.1"
+  version  = "~> 7.0"
   for_each = local.boolean_type_organization_policies
 
   organization_id = local.organization_id
@@ -63,7 +63,7 @@ module "organization_policies_type_boolean" {
 
 module "org_vm_external_ip_access" {
   source  = "terraform-google-modules/org-policy/google"
-  version = "~> 5.1"
+  version = "~> 7.0"
 
   organization_id = local.organization_id
   folder_id       = local.folder_id
@@ -75,7 +75,7 @@ module "org_vm_external_ip_access" {
 
 module "restrict_protocol_fowarding" {
   source  = "terraform-google-modules/org-policy/google"
-  version = "~> 5.1"
+  version = "~> 7.0"
 
   organization_id   = local.organization_id
   folder_id         = local.folder_id
@@ -99,7 +99,7 @@ resource "time_sleep" "wait_logs_export" {
 
 module "org_domain_restricted_sharing" {
   source  = "terraform-google-modules/org-policy/google//modules/domain_restricted_sharing"
-  version = "~> 5.1"
+  version = "~> 7.0"
 
   organization_id  = local.organization_id
   folder_id        = local.folder_id
@@ -117,7 +117,7 @@ module "org_domain_restricted_sharing" {
 
 module "domain_restricted_contacts" {
   source  = "terraform-google-modules/org-policy/google"
-  version = "~> 5.1"
+  version = "~> 7.0"
 
   organization_id   = local.organization_id
   folder_id         = local.folder_id
@@ -134,7 +134,7 @@ module "domain_restricted_contacts" {
 
 module "allowed_worker_pools" {
   source  = "terraform-google-modules/org-policy/google"
-  version = "~> 5.1"
+  version = "~> 7.0"
   count   = var.enforce_allowed_worker_pools && local.cloud_build_private_worker_pool_id != "" ? 1 : 0
 
   organization_id   = local.organization_id

@@ -34,7 +34,7 @@ locals {
 
 module "org_audit_logs" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -68,7 +68,7 @@ module "org_audit_logs" {
 
 module "org_billing_export" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -102,7 +102,7 @@ module "org_billing_export" {
 
 module "common_kms" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -137,7 +137,7 @@ module "common_kms" {
 
 module "org_secrets" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -171,7 +171,7 @@ module "org_secrets" {
 
 module "interconnect" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -205,7 +205,7 @@ module "interconnect" {
 
 module "scc_notifications" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -239,7 +239,7 @@ module "scc_notifications" {
 
 module "dns_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -281,7 +281,7 @@ module "dns_hub" {
 
 module "base_network_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
   count   = var.enable_hub_and_spoke ? 1 : 0
 
   random_project_id        = true
@@ -332,7 +332,7 @@ resource "google_project_iam_member" "network_sa_base" {
 
 module "restricted_network_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
   count   = var.enable_hub_and_spoke ? 1 : 0
 
   random_project_id        = true

@@ -71,7 +71,7 @@ data "archive_file" "function_source_zip" {
 
 module "cloudfunction_source_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id    = var.project_id
   name          = "bkt-cai-monitoring-${random_id.suffix.hex}-sources-${data.google_project.project.number}"

@@ -20,7 +20,7 @@
 
 module "base_shared_vpc_host_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id           = true
   random_project_id_length    = 4
@@ -57,7 +57,7 @@ module "base_shared_vpc_host_project" {
 
 module "restricted_shared_vpc_host_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id           = true
   random_project_id_length    = 4

@@ -21,7 +21,7 @@
 
 module "env_kms" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id           = true
   random_project_id_length    = 4

@@ -21,7 +21,7 @@
 
 module "env_secrets" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 17.0"
+  version = "~> 18.0"
 
   random_project_id           = true
   random_project_id_length    = 4

@@ -20,7 +20,7 @@
 
 module "dns_hub_vpc" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 9.0"
+  version = "~> 10.0"
 
   project_id                             = local.dns_hub_project_id
   network_name                           = "vpc-net-dns"