diff --git a/r/google_project.html.markdown b/r/google_project.html.markdown
old mode 100644
new mode 100755
index fda89dab..3112042a
--- a/r/google_project.html.markdown
+++ b/r/google_project.html.markdown
@@ -8,29 +8,24 @@ description: |-
# google\_project
-Allows management of an existing Google Cloud Platform project, and is
-currently limited to adding or modifying the IAM Policy for the project.
+Allows creation and management of a Google Cloud Platform project and its
+associated enabled services/APIs.
-When adding a policy to a project, the policy will be merged with the
-project's existing policy. The policy is always specified in a
-`google_iam_policy` data source and referenced from the project's
-`policy_data` attribute.
+Projects created with this resource must be associated with an Organization.
+See the [Organization documentation](https://cloud.google.com/resource-manager/docs/quickstart) for more details.
+
+The service account used to run Terraform when creating a `google_project`
+resource must have `roles/resourcemanager.projectCreator`. See the
+[Access Control for Organizations Using IAM](https://cloud.google.com/resource-manager/docs/access-control-org)
+doc for more information.
## Example Usage
```js
resource "google_project" "my_project" {
- id = "your-project-id"
- policy_data = "${data.google_iam_policy.admin.policy_data}"
-}
-
-data "google_iam_policy" "admin" {
- binding {
- role = "roles/storage.objectViewer"
- members = [
- "user:evandbrown@gmail.com",
- ]
- }
+ project_id = "your-project-id"
+ org_id = "1234567"
+ services = ["compute_component", "storage-component-json.googleapis.com", "iam.googleapis.com"]
}
```
@@ -38,24 +33,55 @@ data "google_iam_policy" "admin" {
The following arguments are supported:
-* `id` - (Required) The project ID.
- Changing this forces a new project to be referenced.
+* `project_id` - (Optional) The project ID.
+ Changing this forces a new project to be created. If this attribute is not
+ set, `id` must be set. As `id` is deprecated, consider this attribute
+ required. If you are using `project_id` and creating a new project, the
+ `org_id` and `name` attributes are also required.
-* `policy` - (Optional) The `google_iam_policy` data source that represents
- the IAM policy that will be applied to the project. The policy will be
- merged with any existing policy applied to the project.
+* `id` - (Deprecated) The project ID.
+ This attribute has unexpected behaviour and probably does not work
+ as users would expect; it has been deprecated, and will be removed in future
+ versions of Terraform. The `project_id` attribute should be used instead. See
+ [below](#id-field) for more information about its behaviour.
- Changing this updates the policy.
+* `project_id` - (Required) The project ID.
+ Changing this forces a new project to be created.
- Deleting this removes the policy, but leaves the original project policy
- intact. If there are overlapping `binding` entries between the original
- project policy and the data source policy, they will be removed.
+* `org_id` - (Optional) The numeric ID of the organization this project belongs to.
+ This is required if you are creating a new project.
+ Changing this forces a new project to be created.
+
+* `name` - (Optional) The display name of the project.
+ This is required if you are creating a new project.
+
+* `services` - (Optional) The services/APIs that are enabled for this project.
+ For a list of available services, run `gcloud beta service-management list`
+
+* `skip_delete` - (Optional) If true, the Terraform resource can be deleted
+ without deleting the Project via the Google API.
+
+* `policy_data` - (Deprecated) The IAM policy associated with the project.
+ This argument is no longer supported, and will be removed in a future version
+ of Terraform. It should be replaced with a `google_project_iam_policy` resource.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
-* `name` - The name of the project.
-
* `number` - The numeric identifier of the project.
+* `policy_etag` - (Deprecated) The etag of the project's IAM policy, used to
+ determine if the IAM policy has changed. Please use `google_project_iam_policy`'s
+ `etag` property instead; future versions of Terraform will remove the `policy_etag`
+ attribute
+
+## ID Field
+
+In previous versions of Terraform, `google_project` resources used an `id` field in
+config files to specify the project ID. Unfortunately, due to limitations in Terraform,
+this field always looked empty to Terraform. Terraform fell back on using the project
+the Google Cloud provider is configured with. If you're using the `id` field in your
+configurations, know that it is being ignored, and its value will always be seen as the
+ID of the project being used to authenticate Terraform's requests. You should move to the
+`project_id` field as soon as possible.
diff --git a/r/google_project_iam_policy.html.markdown b/r/google_project_iam_policy.html.markdown
new file mode 100644
index 00000000..a62c0273
--- /dev/null
+++ b/r/google_project_iam_policy.html.markdown
@@ -0,0 +1,69 @@
+---
+layout: "google"
+page_title: "Google: google_project_iam_policy"
+sidebar_current: "docs-google-project-iam-policy"
+description: |-
+ Allows management of an IAM policy for a Google Cloud Platform project.
+---
+
+# google\_project\_iam\_policy
+
+Allows creation and management of an IAM policy for an existing Google Cloud
+Platform project.
+
+## Example Usage
+
+```js
+resource "google_project_iam_policy" "project" {
+ project = "your-project-id"
+ policy_data = "${data.google_iam_policy.admin.policy_data}"
+}
+
+data "google_iam_policy" "admin" {
+ binding {
+ role = "roles/editor"
+ members = [
+ "user:jane@example.com",
+ ]
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `project` - (Required) The project ID.
+ Changing this forces a new project to be created.
+
+* `policy_data` - (Required) The `google_iam_policy` data source that represents
+ the IAM policy that will be applied to the project. The policy will be
+ merged with any existing policy applied to the project.
+
+ Changing this updates the policy.
+
+ Deleting this removes the policy, but leaves the original project policy
+ intact. If there are overlapping `binding` entries between the original
+ project policy and the data source policy, they will be removed.
+
+* `authoritative` - (Optional) A boolean value indicating if this policy
+ should overwrite any existing IAM policy on the project. When set to true,
+ **any policies not in your config file will be removed**. This can **lock
+ you out** of your project until an Organization Administrator grants you
+ access again, so please exercise caution. If this argument is `true` and you
+ want to delete the resource, you must set the `disable_project` argument to
+ `true`, acknowledging that the project will be inaccessible to anyone but the
+ Organization Admins, as it will no longer have an IAM policy.
+
+* `disable_project` - (Optional) A boolean value that must be set to `true`
+ if you want to delete a `google_project_iam_policy` that is authoritative.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are
+exported:
+
+* `etag` - (Computed) The etag of the project's IAM policy.
+
+* `restore_policy` - (Computed) The IAM policy that will be resotred when a
+ non-authoritative policy resource is deleted.
diff --git a/r/google_project_services.html.markdown b/r/google_project_services.html.markdown
new file mode 100644
index 00000000..4d16c857
--- /dev/null
+++ b/r/google_project_services.html.markdown
@@ -0,0 +1,32 @@
+---
+layout: "google"
+page_title: "Google: google_project_services"
+sidebar_current: "docs-google-project-services"
+description: |-
+ Allows management of API services for a Google Cloud Platform project.
+---
+
+# google\_project\_services
+
+Allows management of enabled API services for an existing Google Cloud
+Platform project. Services in an existing project that are not defined
+in the config will be removed.
+
+## Example Usage
+
+```js
+resource "google_project_services" "project" {
+ project_id = "your-project-id"
+ services = ["iam.googleapis.com", "cloudresourcemanager.googleapis.com"]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `project_id` - (Required) The project ID.
+ Changing this forces a new project to be created.
+
+* `services` - (Required) The list of services that are enabled. Supports
+ update.