public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-21 09:15:57 +00:00
Code Issues Projects Releases Wiki Activity

providers/google: Support managing projects

Browse Source 
Add support for creating, updating, and deleting projects, as well as
their enabled services and their IAM policies.

Various concessions were made for backwards compatibility, and will be
removed in 0.9 or 0.10.
This commit is contained in:
Evan Brown 2016-11-22 22:55:40 -08:00 committed by Paddy
parent 6cb049139c
commit 622783c762
3 changed files with 155 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
r/google_project.html.markdown Normal file → Executable file
View File

@ -8,29 +8,24 @@ description: |-
# google\_project
Allows management of an existing Google Cloud Platform project, and is
currently limited to adding or modifying the IAM Policy for the project.
Allows creation and management of a Google Cloud Platform project and its
associated enabled services/APIs.
When adding a policy to a project, the policy will be merged with the
project's existing policy. The policy is always specified in a
`google_iam_policy` data source and referenced from the project's
`policy_data` attribute.
Projects created with this resource must be associated with an Organization.
See the [Organization documentation](https://cloud.google.com/resource-manager/docs/quickstart) for more details.
The service account used to run Terraform when creating a `google_project`
resource must have `roles/resourcemanager.projectCreator`. See the
[Access Control for Organizations Using IAM](https://cloud.google.com/resource-manager/docs/access-control-org)
doc for more information.
## Example Usage
```js
resource "google_project" "my_project" {
id = "your-project-id"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
data "google_iam_policy" "admin" {
binding {
role = "roles/storage.objectViewer"
members = [
"user:evandbrown@gmail.com",
]
}
project_id = "your-project-id"
org_id = "1234567"
services = ["compute_component", "storage-component-json.googleapis.com", "iam.googleapis.com"]
}
```
@ -38,24 +33,55 @@ data "google_iam_policy" "admin" {
The following arguments are supported:
* `id` - (Required) The project ID.
Changing this forces a new project to be referenced.
* `project_id` - (Optional) The project ID.
Changing this forces a new project to be created. If this attribute is not
set, `id` must be set. As `id` is deprecated, consider this attribute
required. If you are using `project_id` and creating a new project, the
`org_id` and `name` attributes are also required.
* `policy` - (Optional) The `google_iam_policy` data source that represents
the IAM policy that will be applied to the project. The policy will be
merged with any existing policy applied to the project.
* `id` - (Deprecated) The project ID.
This attribute has unexpected behaviour and probably does not work
as users would expect; it has been deprecated, and will be removed in future
versions of Terraform. The `project_id` attribute should be used instead. See
[below](#id-field) for more information about its behaviour.
Changing this updates the policy.
* `project_id` - (Required) The project ID.
Changing this forces a new project to be created.
Deleting this removes the policy, but leaves the original project policy
intact. If there are overlapping `binding` entries between the original
project policy and the data source policy, they will be removed.
* `org_id` - (Optional) The numeric ID of the organization this project belongs to.
This is required if you are creating a new project.
Changing this forces a new project to be created.
* `name` - (Optional) The display name of the project.
This is required if you are creating a new project.
* `services` - (Optional) The services/APIs that are enabled for this project.
For a list of available services, run `gcloud beta service-management list`
* `skip_delete` - (Optional) If true, the Terraform resource can be deleted
without deleting the Project via the Google API.
* `policy_data` - (Deprecated) The IAM policy associated with the project.
This argument is no longer supported, and will be removed in a future version
of Terraform. It should be replaced with a `google_project_iam_policy` resource.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `name` - The name of the project.
* `number` - The numeric identifier of the project.
* `policy_etag` - (Deprecated) The etag of the project's IAM policy, used to
determine if the IAM policy has changed. Please use `google_project_iam_policy`'s
`etag` property instead; future versions of Terraform will remove the `policy_etag`
attribute
## ID Field
In previous versions of Terraform, `google_project` resources used an `id` field in
config files to specify the project ID. Unfortunately, due to limitations in Terraform,
this field always looked empty to Terraform. Terraform fell back on using the project
the Google Cloud provider is configured with. If you're using the `id` field in your
configurations, know that it is being ignored, and its value will always be seen as the
ID of the project being used to authenticate Terraform's requests. You should move to the
`project_id` field as soon as possible.

69
r/google_project_iam_policy.html.markdown Normal file
View File

@ -0,0 +1,69 @@
---
layout: "google"
page_title: "Google: google_project_iam_policy"
sidebar_current: "docs-google-project-iam-policy"
description: |-
Allows management of an IAM policy for a Google Cloud Platform project.
---
# google\_project\_iam\_policy
Allows creation and management of an IAM policy for an existing Google Cloud
Platform project.
## Example Usage
```js
resource "google_project_iam_policy" "project" {
project = "your-project-id"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
data "google_iam_policy" "admin" {
binding {
role = "roles/editor"
members = [
"user:jane@example.com",
]
}
}
```
## Argument Reference
The following arguments are supported:
* `project` - (Required) The project ID.
Changing this forces a new project to be created.
* `policy_data` - (Required) The `google_iam_policy` data source that represents
the IAM policy that will be applied to the project. The policy will be
merged with any existing policy applied to the project.
Changing this updates the policy.
Deleting this removes the policy, but leaves the original project policy
intact. If there are overlapping `binding` entries between the original
project policy and the data source policy, they will be removed.
* `authoritative` - (Optional) A boolean value indicating if this policy
should overwrite any existing IAM policy on the project. When set to true,
**any policies not in your config file will be removed**. This can **lock
you out** of your project until an Organization Administrator grants you
access again, so please exercise caution. If this argument is `true` and you
want to delete the resource, you must set the `disable_project` argument to
`true`, acknowledging that the project will be inaccessible to anyone but the
Organization Admins, as it will no longer have an IAM policy.
* `disable_project` - (Optional) A boolean value that must be set to `true`
if you want to delete a `google_project_iam_policy` that is authoritative.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `etag` - (Computed) The etag of the project's IAM policy.
* `restore_policy` - (Computed) The IAM policy that will be resotred when a
non-authoritative policy resource is deleted.

32
r/google_project_services.html.markdown Normal file
View File

@ -0,0 +1,32 @@
---
layout: "google"
page_title: "Google: google_project_services"
sidebar_current: "docs-google-project-services"
description: |-
Allows management of API services for a Google Cloud Platform project.
---
# google\_project\_services
Allows management of enabled API services for an existing Google Cloud
Platform project. Services in an existing project that are not defined
in the config will be removed.
## Example Usage
```js
resource "google_project_services" "project" {
project_id = "your-project-id"
services = ["iam.googleapis.com", "cloudresourcemanager.googleapis.com"]
}
```
## Argument Reference
The following arguments are supported:
* `project_id` - (Required) The project ID.
Changing this forces a new project to be created.
* `services` - (Required) The list of services that are enabled. Supports
update.