diff --git a/README.md b/README.md
index e107baf4..72fe71a8 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ module "project-factory" {
version = "~> 10.1"
name = "pf-test-1"
- random_project_id = "true"
+ random_project_id = true
org_id = "1234567890"
usage_bucket_name = "pf-test-1-usage-report-bucket"
usage_bucket_prefix = "pf/test/1/integration"
@@ -128,7 +128,7 @@ determining that location is as follows:
| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | `string` | `""` | no |
| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `string` | `"true"` | no |
+| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
| domain | The domain name (optional). | `string` | `""` | no |
| enable\_shared\_vpc\_host\_project | If this project is a shared VPC host project. If true, you must *not* set svpc\_host\_project\_id variable. Default is false. | `bool` | `false` | no |
| folder\_id | The ID of a folder to host this project | `string` | `""` | no |
diff --git a/examples/project_services/main.tf b/examples/project_services/main.tf
index 19ffc3fb..78a7679e 100644
--- a/examples/project_services/main.tf
+++ b/examples/project_services/main.tf
@@ -29,7 +29,7 @@ module "project-services" {
source = "../../modules/project_services"
project_id = var.project_id
enable_apis = var.enable
- disable_services_on_destroy = "true"
+ disable_services_on_destroy = true
activate_apis = [
"sqladmin.googleapis.com",
diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf
index 9f41bfff..420f5ba9 100644
--- a/examples/shared_vpc/main.tf
+++ b/examples/shared_vpc/main.tf
@@ -105,7 +105,7 @@ module "service-project" {
source = "../../modules/svpc_service_project"
name = var.service_project_name
- random_project_id = "false"
+ random_project_id = false
org_id = var.organization_id
folder_id = var.folder_id
@@ -121,7 +121,7 @@ module "service-project" {
"dataflow.googleapis.com",
]
- disable_services_on_destroy = "false"
+ disable_services_on_destroy = false
}
/******************************************
@@ -131,7 +131,7 @@ module "service-project-b" {
source = "../../modules/svpc_service_project"
name = "b-${var.service_project_name}"
- random_project_id = "false"
+ random_project_id = false
org_id = var.organization_id
folder_id = var.folder_id
@@ -153,7 +153,7 @@ module "service-project-b" {
]
}]
- disable_services_on_destroy = "false"
+ disable_services_on_destroy = false
}
/******************************************
diff --git a/main.tf b/main.tf
index 4097a002..dc52b14f 100644
--- a/main.tf
+++ b/main.tf
@@ -31,7 +31,7 @@ module "project-factory" {
group_email = module.gsuite_group.email
group_role = var.group_role
lien = var.lien
- manage_group = var.group_name != "" ? "true" : "false"
+ manage_group = var.group_name != "" ? true : false
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
index f4506f64..abf93554 100644
--- a/modules/core_project_factory/main.tf
+++ b/modules/core_project_factory/main.tf
@@ -45,7 +45,7 @@ locals {
activate_apis = var.impersonate_service_account != "" ? concat(var.activate_apis, ["iamcredentials.googleapis.com"]) : var.activate_apis
api_s_account_fmt = format("serviceAccount:%s", local.api_s_account)
project_bucket_name = var.bucket_name != "" ? var.bucket_name : format("%s-state", local.temp_project_id)
- create_bucket = var.bucket_project != "" ? "true" : "false"
+ create_bucket = var.bucket_project != "" ? true : false
shared_vpc_users = compact(
[
diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md
index b84f4878..7b7f37bb 100644
--- a/modules/gsuite_enabled/README.md
+++ b/modules/gsuite_enabled/README.md
@@ -13,13 +13,13 @@ module "project-factory" {
version = "~> 10.1"
billing_account = "ABCDEF-ABCDEF-ABCDEF"
- create_group = "true"
+ create_group = true
credentials_path = "${local.credentials_file_path}"
group_name = "test_sa_group"
group_role = "roles/editor"
name = "pf-test-1"
org_id = "1234567890"
- random_project_id = "true"
+ random_project_id = true
sa_group = "test_sa_group@yourdomain.com"
shared_vpc = "shared_vpc_host_name"
@@ -40,7 +40,7 @@ The G Suite Enabled module will perform the following actions in
addition to those of the root module:
1. Create a new Google group for the project using `group_name` if
- `create_group` is `"true"`.
+ `create_group` is `true`.
1. Add the new default service account for the project to the
`sa_group` in Google Groups, if specified.
1. Add the Google APIs service account to the `api_sa_group`,
@@ -60,7 +60,7 @@ The roles granted are specifically:
|------|-------------|------|---------|:--------:|
| activate\_apis | The list of apis to activate within the project | `list(string)` | [
"compute.googleapis.com"
]
| no |
| api\_sa\_group | A G Suite group to place the Google APIs Service Account for the project in | `string` | `""` | no |
-| auto\_create\_network | Create the default network | `string` | `"false"` | no |
+| auto\_create\_network | Create the default network | `bool` | `false` | no |
| billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
| bucket\_location | The location for a GCS bucket to create (optional) | `string` | `""` | no |
| bucket\_name | A name for a GCS bucket to create (in the bucket\_project project), useful for Terraform state (optional) | `string` | `""` | no |
@@ -75,8 +75,8 @@ The roles granted are specifically:
| create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
| credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | `string` | `""` | no |
| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
-| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `string` | `"true"` | no |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `string` | `"true"` | no |
+| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
+| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
| domain | The domain name (optional). | `string` | `""` | no |
| enable\_shared\_vpc\_host\_project | If this project is a shared VPC host project. If true, you must *not* set shared\_vpc variable. Default is false. | `bool` | `false` | no |
| enable\_shared\_vpc\_service\_project | If shared VPC should be used | `bool` | `false` | no |
@@ -85,12 +85,12 @@ The roles granted are specifically:
| group\_role | The role to give the controlling group (group\_name) over the project (defaults to project editor) | `string` | `"roles/editor"` | no |
| impersonate\_service\_account | An optional service account to impersonate. If this service account is not specified, Terraform will fall back to credential file or Application Default Credentials. | `string` | `""` | no |
| labels | Map of labels for project | `map(string)` | `{}` | no |
-| lien | Add a lien on the project to prevent accidental deletion | `string` | `"false"` | no |
+| lien | Add a lien on the project to prevent accidental deletion | `bool` | `false` | no |
| name | The name for the project | `any` | n/a | yes |
| org\_id | The organization ID. | `any` | n/a | yes |
| project\_id | The ID to give the project. If not provided, the `name` will be used. | `string` | `""` | no |
| project\_sa\_name | Default service account name for the project. | `string` | `"project-service-account"` | no |
-| random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `string` | `"false"` | no |
+| random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `bool` | `false` | no |
| sa\_group | A G Suite group to place the default Service Account for the project in | `string` | `""` | no |
| sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
| shared\_vpc | The ID of the host project which hosts the shared VPC | `string` | `""` | no |
diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf
index 03bba890..f80e78de 100644
--- a/modules/gsuite_enabled/variables.tf
+++ b/modules/gsuite_enabled/variables.tf
@@ -16,13 +16,14 @@
variable "lien" {
description = "Add a lien on the project to prevent accidental deletion"
- default = "false"
- type = string
+ default = false
+ type = bool
}
variable "random_project_id" {
description = "Adds a suffix of 4 random characters to the `project_id`"
- default = "false"
+ type = bool
+ default = false
}
variable "org_id" {
@@ -162,13 +163,14 @@ variable "api_sa_group" {
variable "auto_create_network" {
description = "Create the default network"
- default = "false"
+ type = bool
+ default = false
}
variable "disable_services_on_destroy" {
description = "Whether project services will be disabled when the resources are destroyed"
- default = "true"
- type = string
+ type = bool
+ default = true
}
variable "default_service_account" {
@@ -177,12 +179,10 @@ variable "default_service_account" {
type = string
}
-
-
variable "disable_dependent_services" {
description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed."
- default = "true"
- type = string
+ default = true
+ type = bool
}
variable "enable_shared_vpc_service_project" {
diff --git a/modules/project_services/README.md b/modules/project_services/README.md
index 4b58b865..be9af7bf 100644
--- a/modules/project_services/README.md
+++ b/modules/project_services/README.md
@@ -41,8 +41,8 @@ See [examples/project_services](./examples/project_services) for a full example
|------|-------------|------|---------|:--------:|
| activate\_api\_identities | The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).
APIs in this list will automatically be appended to `activate_apis`.
Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).
Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles. | list(object({
api = string
roles = list(string)
})) | `[]` | no |
| activate\_apis | The list of apis to activate within the project | `list(string)` | `[]` | no |
-| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services | `string` | `"true"` | no |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | `string` | `"true"` | no |
+| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services | `bool` | `true` | no |
+| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | `bool` | `true` | no |
| enable\_apis | Whether to actually enable the APIs. If false, this module is a no-op. | `bool` | `true` | no |
| project\_id | The GCP project you want to enable APIs on | `any` | n/a | yes |
diff --git a/modules/project_services/variables.tf b/modules/project_services/variables.tf
index 0b28ff3a..29e6bf81 100644
--- a/modules/project_services/variables.tf
+++ b/modules/project_services/variables.tf
@@ -45,12 +45,12 @@ variable "activate_api_identities" {
variable "disable_services_on_destroy" {
description = "Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy"
- default = "true"
- type = string
+ default = true
+ type = bool
}
variable "disable_dependent_services" {
description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services"
- default = "true"
- type = string
+ default = true
+ type = bool
}
diff --git a/modules/svpc_service_project/README.md b/modules/svpc_service_project/README.md
index f96895ef..ea0b32ba 100644
--- a/modules/svpc_service_project/README.md
+++ b/modules/svpc_service_project/README.md
@@ -10,7 +10,7 @@ module "service-project" {
version = "~> 10.1"
name = "pf-test-1"
- random_project_id = "true"
+ random_project_id = true
org_id = "1234567890"
usage_bucket_name = "pf-test-1-usage-report-bucket"
usage_bucket_prefix = "pf/test/1/integration"
diff --git a/modules/svpc_service_project/main.tf b/modules/svpc_service_project/main.tf
index 3a0a69ff..014f806e 100755
--- a/modules/svpc_service_project/main.tf
+++ b/modules/svpc_service_project/main.tf
@@ -31,7 +31,7 @@ module "project-factory" {
group_email = module.gsuite_group.email
group_role = var.group_role
lien = var.lien
- manage_group = var.group_name != "" ? "true" : "false"
+ manage_group = var.group_name != "" ? true : false
random_project_id = var.random_project_id
org_id = var.org_id
name = var.name
diff --git a/test/fixtures/full/main.tf b/test/fixtures/full/main.tf
index 7ea5f594..0e82ffc7 100644
--- a/test/fixtures/full/main.tf
+++ b/test/fixtures/full/main.tf
@@ -64,7 +64,7 @@ module "vpc" {
project_id = var.shared_vpc
# The provided project must already be a Shared VPC host
- shared_vpc_host = "false"
+ shared_vpc_host = false
subnets = [
{
@@ -99,7 +99,7 @@ module "project-factory" {
source = "../../../modules/gsuite_enabled"
name = "pf-ci-test-full-name-${var.random_string_for_testing}"
- random_project_id = "false"
+ random_project_id = false
project_id = "pf-ci-test-full-id-${var.random_string_for_testing}"
domain = var.domain
@@ -116,7 +116,7 @@ module "project-factory" {
shared_vpc_subnets = local.shared_vpc_subnets
sa_role = var.sa_role
sa_group = var.sa_group
- lien = "true"
+ lien = true
activate_apis = [
"compute.googleapis.com",
@@ -125,7 +125,7 @@ module "project-factory" {
]
default_service_account = "DELETE"
- disable_services_on_destroy = "false"
+ disable_services_on_destroy = false
}
resource "google_service_account" "extra_service_account" {
diff --git a/test/fixtures/minimal/main.tf b/test/fixtures/minimal/main.tf
index b94f1901..1cb95563 100644
--- a/test/fixtures/minimal/main.tf
+++ b/test/fixtures/minimal/main.tf
@@ -45,7 +45,7 @@ module "project-factory" {
]
default_service_account = "DISABLE"
- disable_services_on_destroy = "false"
+ disable_services_on_destroy = false
}
// Add a binding to the container service robot account to test that the
diff --git a/test/fixtures/shared_vpc_no_subnets/main.tf b/test/fixtures/shared_vpc_no_subnets/main.tf
index 047503f0..dc8d53cb 100644
--- a/test/fixtures/shared_vpc_no_subnets/main.tf
+++ b/test/fixtures/shared_vpc_no_subnets/main.tf
@@ -46,7 +46,7 @@ module "project-factory" {
name = "pf-ci-test-nosubnets-${var.random_string_for_testing}"
project_id = "pf-ci-test-nosubnets-${var.random_string_for_testing}"
- random_project_id = "false"
+ random_project_id = false
domain = var.domain
org_id = var.org_id
folder_id = var.folder_id
@@ -63,5 +63,5 @@ module "project-factory" {
"dataflow.googleapis.com",
]
- disable_services_on_destroy = "false"
+ disable_services_on_destroy = false
}
diff --git a/test/fixtures/vpc_sc_project/main.tf b/test/fixtures/vpc_sc_project/main.tf
index b3103db0..05a0c518 100644
--- a/test/fixtures/vpc_sc_project/main.tf
+++ b/test/fixtures/vpc_sc_project/main.tf
@@ -60,9 +60,9 @@ module "project-factory" {
]
default_service_account = "DISABLE"
- disable_services_on_destroy = "false"
+ disable_services_on_destroy = false
- vpc_service_control_attach_enabled = "true"
+ vpc_service_control_attach_enabled = true
vpc_service_control_perimeter_name = "accessPolicies/${var.policy_id}/servicePerimeters/${local.perimeter_name}"
}
diff --git a/variables.tf b/variables.tf
index 4a284b76..f88bc21a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -201,8 +201,8 @@ variable "lien" {
variable "disable_services_on_destroy" {
description = "Whether project services will be disabled when the resources are destroyed"
- default = "true"
- type = string
+ default = true
+ type = bool
}
variable "default_service_account" {