chore: update desc of activate_api_identities (#475)

* update descs

* rm extra <

* update to latest image

* update lint image

Co-authored-by: Morgante Pell <[email protected]>

Author: umairidris

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.1
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -108,44 +108,44 @@ determining that location is as follows:
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| activate\_api\_identities | The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles). APIs in this list will automatically be appended to `activate_apis`. Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created). | object | `<list>` | no |
-| activate\_apis | The list of apis to activate within the project | list(string) | `<list>` | no |
-| auto\_create\_network | Create the default network | bool | `"false"` | no |
-| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes |
-| bucket\_location | The location for a GCS bucket to create (optional) | string | `"US"` | no |
-| bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `""` | no |
-| bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no |
-| bucket\_versioning | Enable versioning for a GCS bucket to create (optional) | bool | `"false"` | no |
-| budget\_alert\_pubsub\_topic | The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}` | string | `"null"` | no |
-| budget\_alert\_spent\_percents | A list of percentages of the budget to alert on when threshold is exceeded | list(number) | `<list>` | no |
-| budget\_amount | The amount to use for a budget alert | number | `"null"` | no |
-| budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | list(string) | `<list>` | no |
-| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no |
-| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | string | `"disable"` | no |
-| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | bool | `"true"` | no |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no |
-| domain | The domain name (optional). | string | `""` | no |
-| enable\_shared\_vpc\_host\_project | If this project is a shared VPC host project. If true, you must *not* set shared_vpc variable. Default is false. | bool | `"false"` | no |
-| folder\_id | The ID of a folder to host this project | string | `""` | no |
-| group\_name | A group to control the project by being assigned group_role (defaults to project editor) | string | `""` | no |
-| group\_role | The role to give the controlling group (group_name) over the project (defaults to project editor) | string | `"roles/editor"` | no |
-| impersonate\_service\_account | An optional service account to impersonate. This cannot be used with credentials_path. If this service account is not specified and credentials_path is absent, the module will use Application Default Credentials. | string | `""` | no |
-| labels | Map of labels for project | map(string) | `<map>` | no |
-| lien | Add a lien on the project to prevent accidental deletion | bool | `"false"` | no |
-| name | The name for the project | string | n/a | yes |
-| org\_id | The organization ID. | string | n/a | yes |
-| project\_id | The ID to give the project. If not provided, the `name` will be used. | string | `""` | no |
-| random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | bool | `"false"` | no |
-| sa\_role | A role to give the default Service Account for the project (defaults to none) | string | `""` | no |
-| shared\_vpc | The ID of the host project which hosts the shared VPC | string | `""` | no |
-| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project_id/regions/$region/subnetworks/$subnet_id) | list(string) | `<list>` | no |
-| skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud is already available outside the module) | bool | `"false"` | no |
-| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
-| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | string | `""` | no |
-| use\_tf\_google\_credentials\_env\_var | Use GOOGLE_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | bool | `"false"` | no |
-| vpc\_service\_control\_attach\_enabled | Whether the project will be attached to a VPC Service Control Perimeter | bool | `"false"` | no |
-| vpc\_service\_control\_perimeter\_name | The name of a VPC Service Control Perimeter to add the created project to | string | `"null"` | no |
+|------|-------------|------|---------|:--------:|
+| activate\_api\_identities | The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).<br>    APIs in this list will automatically be appended to `activate_apis`.<br>    Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).<br>    Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles. | <pre>list(object({<br>    api   = string<br>    roles = list(string)<br>  }))</pre> | `[]` | no |
+| activate\_apis | The list of apis to activate within the project | `list(string)` | <pre>[<br>  "compute.googleapis.com"<br>]</pre> | no |
+| auto\_create\_network | Create the default network | `bool` | `false` | no |
+| billing\_account | The ID of the billing account to associate this project with | `string` | n/a | yes |
+| bucket\_location | The location for a GCS bucket to create (optional) | `string` | `"US"` | no |
+| bucket\_name | A name for a GCS bucket to create (in the bucket\_project project), useful for Terraform state (optional) | `string` | `""` | no |
+| bucket\_project | A project to create a GCS bucket (bucket\_name) in, useful for Terraform state (optional) | `string` | `""` | no |
+| bucket\_versioning | Enable versioning for a GCS bucket to create (optional) | `bool` | `false` | no |
+| budget\_alert\_pubsub\_topic | The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}` | `string` | `null` | no |
+| budget\_alert\_spent\_percents | A list of percentages of the budget to alert on when threshold is exceeded | `list(number)` | <pre>[<br>  0.5,<br>  0.7,<br>  1<br>]</pre> | no |
+| budget\_amount | The amount to use for a budget alert | `number` | `null` | no |
+| budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | `list(string)` | `[]` | no |
+| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | `string` | `""` | no |
+| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
+| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
+| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `string` | `"true"` | no |
+| domain | The domain name (optional). | `string` | `""` | no |
+| enable\_shared\_vpc\_host\_project | If this project is a shared VPC host project. If true, you must *not* set shared\_vpc variable. Default is false. | `bool` | `false` | no |
+| folder\_id | The ID of a folder to host this project | `string` | `""` | no |
+| group\_name | A group to control the project by being assigned group\_role (defaults to project editor) | `string` | `""` | no |
+| group\_role | The role to give the controlling group (group\_name) over the project (defaults to project editor) | `string` | `"roles/editor"` | no |
+| impersonate\_service\_account | An optional service account to impersonate. This cannot be used with credentials\_path. If this service account is not specified and credentials\_path is absent, the module will use Application Default Credentials. | `string` | `""` | no |
+| labels | Map of labels for project | `map(string)` | `{}` | no |
+| lien | Add a lien on the project to prevent accidental deletion | `bool` | `false` | no |
+| name | The name for the project | `string` | n/a | yes |
+| org\_id | The organization ID. | `string` | n/a | yes |
+| project\_id | The ID to give the project. If not provided, the `name` will be used. | `string` | `""` | no |
+| random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `bool` | `false` | no |
+| sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
+| shared\_vpc | The ID of the host project which hosts the shared VPC | `string` | `""` | no |
+| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$project\_id/regions/$region/subnetworks/$subnet\_id) | `list(string)` | `[]` | no |
+| skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud is already available outside the module) | `bool` | `false` | no |
+| usage\_bucket\_name | Name of a GCS bucket to store GCE usage reports in (optional) | `string` | `""` | no |
+| usage\_bucket\_prefix | Prefix in the GCS bucket to store GCE usage reports in (optional) | `string` | `""` | no |
+| use\_tf\_google\_credentials\_env\_var | Use GOOGLE\_CREDENTIALS environment variable to run gcloud auth activate-service-account with. | `bool` | `false` | no |
+| vpc\_service\_control\_attach\_enabled | Whether the project will be attached to a VPC Service Control Perimeter | `bool` | `false` | no |
+| vpc\_service\_control\_perimeter\_name | The name of a VPC Service Control Perimeter to add the created project to | `string` | `null` | no |
 
 ## Outputs
 
@@ -156,12 +156,12 @@ determining that location is as follows:
 | budget\_name | The name of the budget if created |
 | domain | The organization's domain |
 | enabled\_apis | Enabled APIs in the project |
-| group\_email | The email of the G Suite group with group_name |
+| group\_email | The email of the G Suite group with group\_name |
 | project\_bucket\_self\_link | Project's bucket selfLink |
 | project\_bucket\_url | Project's bucket url |
-| project\_id |  |
-| project\_name |  |
-| project\_number |  |
+| project\_id | n/a |
+| project\_name | n/a |
+| project\_number | n/a |
 | service\_account\_display\_name | The display name of the default service account |
 | service\_account\_email | The email of the default service account |
 | service\_account\_id | The id of the default service account |

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.1'

examples/app_engine/README.md

@@ -16,17 +16,17 @@ Expected variables:
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes |
-| folder\_id | The ID of a folder to host this project. | string | `""` | no |
-| location\_id | The location to serve the app from. | string | `"us-east4"` | no |
-| org\_id | The organization ID. | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| billing\_account | The ID of the billing account to associate this project with | `string` | n/a | yes |
+| folder\_id | The ID of a folder to host this project. | `string` | `""` | no |
+| location\_id | The location to serve the app from. | `string` | `"us-east4"` | no |
+| org\_id | The organization ID. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| app\_name | Unique name of the app, usually apps/{PROJECT_ID}. |
+| app\_name | Unique name of the app, usually apps/{PROJECT\_ID}. |
 | default\_hostname | The default hostname for this app. |
 | location\_id | The location app engine is serving from |
 | project\_id | The project ID where app engine is created |

examples/budget_project/README.md

@@ -11,16 +11,16 @@ It will do the following:
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes |
-| budget\_alert\_spent\_percents | The list of percentages of the budget to alert on | list(number) | `<list>` | no |
-| budget\_amount | The amount to use for the budget | number | `"10"` | no |
-| budget\_credit\_types\_treatment | Specifies how credits should be treated when determining spend for threshold calculations | string | `"EXCLUDE_ALL_CREDITS"` | no |
-| budget\_services | A list of services to be included in the budget | list(string) | `<list>` | no |
-| folder\_id | The ID of a folder to host this project. | string | `""` | no |
-| location\_id | The location to serve the app from. | string | `"us-east4"` | no |
-| org\_id | The organization ID. | string | n/a | yes |
-| parent\_project\_id | The project_id of the parent project to add as an additional project for the budget | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| billing\_account | The ID of the billing account to associate this project with | `string` | n/a | yes |
+| budget\_alert\_spent\_percents | The list of percentages of the budget to alert on | `list(number)` | <pre>[<br>  0.7,<br>  0.8,<br>  0.9,<br>  1<br>]</pre> | no |
+| budget\_amount | The amount to use for the budget | `number` | `10` | no |
+| budget\_credit\_types\_treatment | Specifies how credits should be treated when determining spend for threshold calculations | `string` | `"EXCLUDE_ALL_CREDITS"` | no |
+| budget\_services | A list of services to be included in the budget | `list(string)` | <pre>[<br>  "6F81-5844-456A",<br>  "A1E8-BE35-7EBC"<br>]</pre> | no |
+| folder\_id | The ID of a folder to host this project. | `string` | `""` | no |
+| location\_id | The location to serve the app from. | `string` | `"us-east4"` | no |
+| org\_id | The organization ID. | `string` | n/a | yes |
+| parent\_project\_id | The project\_id of the parent project to add as an additional project for the budget | `string` | n/a | yes |
 
 ## Outputs
 
@@ -32,7 +32,7 @@ It will do the following:
 | budget\_credit\_types\_treatment | Specifies how credits should be treated when determining spend for threshold calculations |
 | budget\_services | A list of services to be included in the budget |
 | main\_budget\_name | The name of the budget created by the core project factory module |
-| parent\_project\_id | The project_id of the parent project to add as an additional project for the budget |
+| parent\_project\_id | The project\_id of the parent project to add as an additional project for the budget |
 | project\_id | The project ID created |
 | pubsub\_topic | The PubSub topic name created for budget alerts |
 

examples/fabric_project/README.md

@@ -6,13 +6,13 @@ This example illustrates how to create a simple project using the `fabric-projec
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| activate\_apis | Service APIs to enable. | list(string) | `<list>` | no |
-| billing\_account | Billing account id. | string | n/a | yes |
-| name | Project name, joined with prefix. | string | `"fabric-project"` | no |
-| owners | Optional list of IAM-format members to set as project owners. | list(string) | `<list>` | no |
-| parent | Organization or folder id, in the `organizations/nnn` or `folders/nnn` format. | string | n/a | yes |
-| prefix | Prefix prepended to project name, uses random id by default. | string | `""` | no |
+|------|-------------|------|---------|:--------:|
+| activate\_apis | Service APIs to enable. | `list(string)` | <pre>[<br>  "compute.googleapis.com"<br>]</pre> | no |
+| billing\_account | Billing account id. | `string` | n/a | yes |
+| name | Project name, joined with prefix. | `string` | `"fabric-project"` | no |
+| owners | Optional list of IAM-format members to set as project owners. | `list(string)` | `[]` | no |
+| parent | Organization or folder id, in the `organizations/nnn` or `folders/nnn` format. | `string` | n/a | yes |
+| prefix | Prefix prepended to project name, uses random id by default. | `string` | `""` | no |
 
 ## Outputs
 

examples/gke_shared_vpc/README.md

@@ -27,11 +27,15 @@ More information about GKE with Shared VPC can be found here: https://cloud.goog
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| billing\_account | billing account | string | n/a | yes |
-| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | n/a | yes |
-| org\_id | organization id | string | n/a | yes |
-| shared\_vpc | The ID of the host project which hosts the shared VPC | string | n/a | yes |
-| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list(string) | `<list>` | no |
+|------|-------------|------|---------|:--------:|
+| billing\_account | billing account | `any` | n/a | yes |
+| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | `any` | n/a | yes |
+| org\_id | organization id | `any` | n/a | yes |
+| shared\_vpc | The ID of the host project which hosts the shared VPC | `any` | n/a | yes |
+| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT\_ID/regions/$REGION/subnetworks/$SUBNET\_ID) | `list(string)` | `[]` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->