Merge branch 'terraform-google-modules:master' into inputRuleLimit

.github/workflows/lint.yaml

@@ -44,5 +44,11 @@ jobs:
             REGISTRY=$(grep "REGISTRY_URL := " $MAKEFILE | cut -d\  -f3)
             echo dev-tools=${REGISTRY}/${IMAGE}:${VERSION} >> "$GITHUB_OUTPUT"
           fi
-      - run: docker run --rm -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} module-swapper
-      - run: docker run --rm -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} /usr/local/bin/test_lint.sh
+      - run: docker run --rm -e ENABLE_BPMETADATA -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} module-swapper
+        env:
+          ENABLE_BPMETADATA: 1
+
+      - run: docker run --rm -e ENABLE_BPMETADATA -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} /usr/local/bin/test_lint.sh
+        env:
+          ENABLE_BPMETADATA: 1
+

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.23
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -3,7 +3,7 @@
 This Terraform module makes it easier to manage [organization policies](https://cloud.google.com/resource-manager/docs/organization-policy/overview) for your Google Cloud environment, particularly when you want to have exclusion rules. This module will allow you to set a top-level org policy and then disable it on individual projects or folders easily.
 
 ## Compatibility
-This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue.
+This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform >=1.3, please open an issue.
  If you haven't
 [upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
 0.12.x-compatible version of this module, the last released version
@@ -79,20 +79,20 @@ No outputs.
 
 ## Requirements
 ### Terraform plugins
-- [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
-- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) >= v2.5.0
+- [Terraform](https://www.terraform.io/downloads.html) >= 1.3
+- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) >= v3.53
 
 ### Permissions
 In order to execute this module, the Service Account you run as must have the **Organization Policy Administrator** (`roles/orgpolicy.PolicyAdmin`) role.
 
 ## Install
 ### Terraform
-Be sure you have the correct Terraform version (0.12.x), you can choose the binary here:
+Be sure you have the correct Terraform version (>= 1.3.x), you can choose the binary here:
 - https://releases.hashicorp.com/terraform/
 
 ### Terraform plugins
 
-- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) >= v2.5.0
+- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) >= v3.53
 
 
 ### Fast install (optional)

build/int.cloudbuild.yaml

@@ -53,7 +53,7 @@ steps:
  # Boolean Org Enforce Example Test
 - id: create all
   waitFor:
-    - sleep
+    - create
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestVersion2BooleanOrgEnforce --test-dir test/integration --stage init --verbose']
 - id: converge org-policy-v2
@@ -76,4 +76,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.23'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.23'

metadata.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2022-2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,109 +19,108 @@ metadata:
   annotations:
     config.kubernetes.io/local-config: "true"
 spec:
-  title: Google Cloud Organization Policy Terraform Module
-  source:
-    repo: https://github.com/terraform-google-modules/terraform-google-org-policy.git
-    sourceType: git
-  version: 5.4.0
-  actuationTool:
-    type: Terraform
-    version: '>= 0.13'
-  subBlueprints:
-  - name: bucket_policy_only
-    location: modules/bucket_policy_only
-  - name: domain_restricted_sharing
-    location: modules/domain_restricted_sharing
-  - name: org_policy_v2
-    location: modules/org_policy_v2
-  - name: restrict_vm_external_ips
-    location: modules/restrict_vm_external_ips
-  - name: skip_default_network
-    location: modules/skip_default_network
-  examples:
-  - name: basic_org_policies
-    location: examples/basic_org_policies
-  - name: boolean_org_exclude
-    location: examples/boolean_org_exclude
-  - name: boolean_project_allow
-    location: examples/boolean_project_allow
-  - name: list_folder_deny
-    location: examples/list_folder_deny
-  - name: list_org_exclude
-    location: examples/list_org_exclude
-  - name: v2_boolean_org_enforce
-    location: examples/v2_boolean_org_enforce
-  variables:
-  - name: allow
-    description: (Only for list constraints) List of values which should be allowed
-    type: list(string)
-    default:
-    - ""
-    required: false
-  - name: allow_list_length
-    description: The number of elements in the allow list
-    type: number
-    default: 0
-    required: false
-  - name: constraint
-    description: The constraint to be applied
-    type: string
-    required: true
-  - name: deny
-    description: (Only for list constraints) List of values which should be denied
-    type: list(string)
-    default:
-    - ""
-    required: false
-  - name: deny_list_length
-    description: The number of elements in the deny list
-    type: number
-    default: 0
-    required: false
-  - name: enforce
-    description: If boolean constraint, whether the policy is enforced at the root; if list constraint, whether to deny all (true) or allow all
-    type: bool
-    required: false
-  - name: exclude_folders
-    description: Set of folders to exclude from the policy
-    type: set(string)
-    default: []
-    required: false
-  - name: exclude_projects
-    description: Set of projects to exclude from the policy
-    type: set(string)
-    default: []
-    required: false
-  - name: folder_id
-    description: The folder id for putting the policy
-    type: string
-    required: false
-  - name: organization_id
-    description: The organization id for putting the policy
-    type: string
-    required: false
-  - name: policy_for
-    description: 'Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`.'
-    type: string
-    required: true
-  - name: policy_type
-    description: The constraint type to work with (either 'boolean' or 'list')
-    type: string
-    default: list
-    required: false
-  - name: project_id
-    description: The project id for putting the policy
-    type: string
-    required: false
-  roles:
-  - level: Project
+  info:
+    title: Google Cloud Organization Policy Terraform Module
+    source:
+      repo: https://github.com/terraform-google-modules/terraform-google-org-policy.git
+      sourceType: git
+    version: 5.4.0
+    actuationTool:
+      flavor: Terraform
+      version: ">= 1.3"
+    description: {}
+  content:
+    subBlueprints:
+      - name: bucket_policy_only
+        location: modules/bucket_policy_only
+      - name: domain_restricted_sharing
+        location: modules/domain_restricted_sharing
+      - name: org_policy_v2
+        location: modules/org_policy_v2
+      - name: restrict_vm_external_ips
+        location: modules/restrict_vm_external_ips
+      - name: skip_default_network
+        location: modules/skip_default_network
+    examples:
+      - name: basic_org_policies
+        location: examples/basic_org_policies
+      - name: boolean_org_exclude
+        location: examples/boolean_org_exclude
+      - name: boolean_project_allow
+        location: examples/boolean_project_allow
+      - name: list_folder_deny
+        location: examples/list_folder_deny
+      - name: list_org_exclude
+        location: examples/list_org_exclude
+      - name: v2_boolean_org_enforce
+        location: examples/v2_boolean_org_enforce
+  interfaces:
+    variables:
+      - name: policy_for
+        description: "Resource hierarchy node to apply the policy to: can be one of `organization`, `folder`, or `project`."
+        varType: string
+        required: true
+      - name: organization_id
+        description: The organization id for putting the policy
+        varType: string
+      - name: folder_id
+        description: The folder id for putting the policy
+        varType: string
+      - name: project_id
+        description: The project id for putting the policy
+        varType: string
+      - name: enforce
+        description: If boolean constraint, whether the policy is enforced at the root; if list constraint, whether to deny all (true) or allow all
+        varType: bool
+      - name: allow
+        description: (Only for list constraints) List of values which should be allowed
+        varType: list(string)
+        defaultValue:
+          - ""
+      - name: deny
+        description: (Only for list constraints) List of values which should be denied
+        varType: list(string)
+        defaultValue:
+          - ""
+      - name: exclude_folders
+        description: Set of folders to exclude from the policy
+        varType: set(string)
+        defaultValue: []
+      - name: exclude_projects
+        description: Set of projects to exclude from the policy
+        varType: set(string)
+        defaultValue: []
+      - name: constraint
+        description: The constraint to be applied
+        varType: string
+        required: true
+      - name: policy_type
+        description: The constraint type to work with (either 'boolean' or 'list')
+        varType: string
+        defaultValue: list
+      - name: allow_list_length
+        description: The number of elements in the allow list
+        varType: number
+        defaultValue: 0
+      - name: deny_list_length
+        description: The number of elements in the deny list
+        varType: number
+        defaultValue: 0
+  requirements:
     roles:
-    - roles/orgpolicy.policyAdmin
-  - level: Project
-    roles:
-    - roles/owner
-  services:
-  - cloudresourcemanager.googleapis.com
-  - storage-api.googleapis.com
-  - serviceusage.googleapis.com
-  - orgpolicy.googleapis.com
+      - level: Project
+        roles:
+          - roles/orgpolicy.policyAdmin
+      - level: Project
+        roles:
+          - roles/owner
+    services:
+      - cloudresourcemanager.googleapis.com
+      - storage-api.googleapis.com
+      - serviceusage.googleapis.com
+      - orgpolicy.googleapis.com
+    providerVersions:
+      - source: hashicorp/google
+        version: ">= 3.53, < 7"
+      - source: hashicorp/null
+        version: ">= 2.1"