Replace "true"/"false" strings with bool values

README.md

@@ -31,7 +31,7 @@ module "project-factory" {
   version = "~> 10.1"
 
   name                 = "pf-test-1"
-  random_project_id    = "true"
+  random_project_id    = true
   org_id               = "1234567890"
   usage_bucket_name    = "pf-test-1-usage-report-bucket"
   usage_bucket_prefix  = "pf/test/1/integration"
@@ -128,7 +128,7 @@ determining that location is as follows:
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | `string` | `""` | no |
 | default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `string` | `"true"` | no |
+| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
 | domain | The domain name (optional). | `string` | `""` | no |
 | enable\_shared\_vpc\_host\_project | If this project is a shared VPC host project. If true, you must *not* set svpc\_host\_project\_id variable. Default is false. | `bool` | `false` | no |
 | folder\_id | The ID of a folder to host this project | `string` | `""` | no |

examples/project_services/main.tf

@@ -29,7 +29,7 @@ module "project-services" {
   source                      = "../../modules/project_services"
   project_id                  = var.project_id
   enable_apis                 = var.enable
-  disable_services_on_destroy = "true"
+  disable_services_on_destroy = true
 
   activate_apis = [
     "sqladmin.googleapis.com",

examples/shared_vpc/main.tf

@@ -105,7 +105,7 @@ module "service-project" {
   source = "../../modules/svpc_service_project"
 
   name              = var.service_project_name
-  random_project_id = "false"
+  random_project_id = false
 
   org_id          = var.organization_id
   folder_id       = var.folder_id
@@ -121,7 +121,7 @@ module "service-project" {
     "dataflow.googleapis.com",
   ]
 
-  disable_services_on_destroy = "false"
+  disable_services_on_destroy = false
 }
 
 /******************************************
@@ -131,7 +131,7 @@ module "service-project-b" {
   source = "../../modules/svpc_service_project"
 
   name              = "b-${var.service_project_name}"
-  random_project_id = "false"
+  random_project_id = false
 
   org_id          = var.organization_id
   folder_id       = var.folder_id
@@ -153,7 +153,7 @@ module "service-project-b" {
     ]
   }]
 
-  disable_services_on_destroy = "false"
+  disable_services_on_destroy = false
 }
 
 /******************************************

main.tf

@@ -31,7 +31,7 @@ module "project-factory" {
   group_email                        = module.gsuite_group.email
   group_role                         = var.group_role
   lien                               = var.lien
-  manage_group                       = var.group_name != "" ? "true" : "false"
+  manage_group                       = var.group_name != "" ? true : false
   random_project_id                  = var.random_project_id
   org_id                             = var.org_id
   name                               = var.name

modules/core_project_factory/main.tf

@@ -45,7 +45,7 @@ locals {
   activate_apis       = var.impersonate_service_account != "" ? concat(var.activate_apis, ["iamcredentials.googleapis.com"]) : var.activate_apis
   api_s_account_fmt   = format("serviceAccount:%s", local.api_s_account)
   project_bucket_name = var.bucket_name != "" ? var.bucket_name : format("%s-state", local.temp_project_id)
-  create_bucket       = var.bucket_project != "" ? "true" : "false"
+  create_bucket       = var.bucket_project != "" ? true : false
 
   shared_vpc_users = compact(
     [

modules/gsuite_enabled/README.md

@@ -13,13 +13,13 @@ module "project-factory" {
   version = "~> 10.1"
 
   billing_account   = "ABCDEF-ABCDEF-ABCDEF"
-  create_group      = "true"
+  create_group      = true
   credentials_path  = "${local.credentials_file_path}"
   group_name        = "test_sa_group"
   group_role        = "roles/editor"
   name              = "pf-test-1"
   org_id            = "1234567890"
-  random_project_id = "true"
+  random_project_id = true
   sa_group          = "test_sa_group@yourdomain.com"
   shared_vpc        = "shared_vpc_host_name"
 
@@ -40,7 +40,7 @@ The G Suite Enabled module will perform the following actions in
 addition to those of the root module:
 
 1. Create a new Google group for the project using `group_name` if
-   `create_group` is `"true"`.
+   `create_group` is `true`.
 1. Add the new default service account for the project to the
    `sa_group` in Google Groups, if specified.
 1. Add the Google APIs service account to the `api_sa_group`,
@@ -60,7 +60,7 @@ The roles granted are specifically:
 |------|-------------|------|---------|:--------:|
 | activate\_apis | The list of apis to activate within the project | `list(string)` | <pre>[<br>  "compute.googleapis.com"<br>]</pre> | no |
 | api\_sa\_group | A G Suite group to place the Google APIs Service Account for the project in | `string` | `""` | no |
-| auto\_create\_network | Create the default network | `string` | `"false"` | no |
+| auto\_create\_network | Create the default network | `bool` | `false` | no |
 | billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
 | bucket\_location | The location for a GCS bucket to create (optional) | `string` | `""` | no |
 | bucket\_name | A name for a GCS bucket to create (in the bucket\_project project), useful for Terraform state (optional) | `string` | `""` | no |
@@ -75,8 +75,8 @@ The roles granted are specifically:
 | create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | `string` | `""` | no |
 | default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
-| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `string` | `"true"` | no |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `string` | `"true"` | no |
+| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
+| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
 | domain | The domain name (optional). | `string` | `""` | no |
 | enable\_shared\_vpc\_host\_project | If this project is a shared VPC host project. If true, you must *not* set shared\_vpc variable. Default is false. | `bool` | `false` | no |
 | enable\_shared\_vpc\_service\_project | If shared VPC should be used | `bool` | `false` | no |
@@ -85,12 +85,12 @@ The roles granted are specifically:
 | group\_role | The role to give the controlling group (group\_name) over the project (defaults to project editor) | `string` | `"roles/editor"` | no |
 | impersonate\_service\_account | An optional service account to impersonate. If this service account is not specified, Terraform will fall back to credential file or Application Default Credentials. | `string` | `""` | no |
 | labels | Map of labels for project | `map(string)` | `{}` | no |
-| lien | Add a lien on the project to prevent accidental deletion | `string` | `"false"` | no |
+| lien | Add a lien on the project to prevent accidental deletion | `bool` | `false` | no |
 | name | The name for the project | `any` | n/a | yes |
 | org\_id | The organization ID. | `any` | n/a | yes |
 | project\_id | The ID to give the project. If not provided, the `name` will be used. | `string` | `""` | no |
 | project\_sa\_name | Default service account name for the project. | `string` | `"project-service-account"` | no |
-| random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `string` | `"false"` | no |
+| random\_project\_id | Adds a suffix of 4 random characters to the `project_id` | `bool` | `false` | no |
 | sa\_group | A G Suite group to place the default Service Account for the project in | `string` | `""` | no |
 | sa\_role | A role to give the default Service Account for the project (defaults to none) | `string` | `""` | no |
 | shared\_vpc | The ID of the host project which hosts the shared VPC | `string` | `""` | no |

modules/gsuite_enabled/variables.tf

@@ -16,13 +16,14 @@
 
 variable "lien" {
   description = "Add a lien on the project to prevent accidental deletion"
-  default     = "false"
-  type        = string
+  default     = false
+  type        = bool
 }
 
 variable "random_project_id" {
   description = "Adds a suffix of 4 random characters to the `project_id`"
-  default     = "false"
+  type        = bool
+  default     = false
 }
 
 variable "org_id" {
@@ -162,13 +163,14 @@ variable "api_sa_group" {
 
 variable "auto_create_network" {
   description = "Create the default network"
-  default     = "false"
+  type        = bool
+  default     = false
 }
 
 variable "disable_services_on_destroy" {
   description = "Whether project services will be disabled when the resources are destroyed"
-  default     = "true"
-  type        = string
+  type        = bool
+  default     = true
 }
 
 variable "default_service_account" {
@@ -177,12 +179,10 @@ variable "default_service_account" {
   type        = string
 }
 
-
-
 variable "disable_dependent_services" {
   description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed."
-  default     = "true"
-  type        = string
+  default     = true
+  type        = bool
 }
 
 variable "enable_shared_vpc_service_project" {

modules/project_services/README.md

@@ -41,8 +41,8 @@ See [examples/project_services](./examples/project_services) for a full example
 |------|-------------|------|---------|:--------:|
 | activate\_api\_identities | The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).<br>    APIs in this list will automatically be appended to `activate_apis`.<br>    Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).<br>    Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles. | <pre>list(object({<br>    api   = string<br>    roles = list(string)<br>  }))</pre> | `[]` | no |
 | activate\_apis | The list of apis to activate within the project | `list(string)` | `[]` | no |
-| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services | `string` | `"true"` | no |
-| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | `string` | `"true"` | no |
+| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services | `bool` | `true` | no |
+| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy | `bool` | `true` | no |
 | enable\_apis | Whether to actually enable the APIs. If false, this module is a no-op. | `bool` | `true` | no |
 | project\_id | The GCP project you want to enable APIs on | `any` | n/a | yes |
 

modules/project_services/variables.tf

@@ -45,12 +45,12 @@ variable "activate_api_identities" {
 
 variable "disable_services_on_destroy" {
   description = "Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy"
-  default     = "true"
-  type        = string
+  default     = true
+  type        = bool
 }
 
 variable "disable_dependent_services" {
   description = "Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services"
-  default     = "true"
-  type        = string
+  default     = true
+  type        = bool
 }

modules/svpc_service_project/README.md

@@ -10,7 +10,7 @@ module "service-project" {
   version = "~> 10.1"
 
   name                = "pf-test-1"
-  random_project_id   = "true"
+  random_project_id   = true
   org_id              = "1234567890"
   usage_bucket_name   = "pf-test-1-usage-report-bucket"
   usage_bucket_prefix = "pf/test/1/integration"

modules/svpc_service_project/main.tf

@@ -31,7 +31,7 @@ module "project-factory" {
   group_email                       = module.gsuite_group.email
   group_role                        = var.group_role
   lien                              = var.lien
-  manage_group                      = var.group_name != "" ? "true" : "false"
+  manage_group                      = var.group_name != "" ? true : false
   random_project_id                 = var.random_project_id
   org_id                            = var.org_id
   name                              = var.name

test/fixtures/full/main.tf

@@ -64,7 +64,7 @@ module "vpc" {
   project_id   = var.shared_vpc
 
   # The provided project must already be a Shared VPC host
-  shared_vpc_host = "false"
+  shared_vpc_host = false
 
   subnets = [
     {
@@ -99,7 +99,7 @@ module "project-factory" {
   source = "../../../modules/gsuite_enabled"
 
   name              = "pf-ci-test-full-name-${var.random_string_for_testing}"
-  random_project_id = "false"
+  random_project_id = false
   project_id        = "pf-ci-test-full-id-${var.random_string_for_testing}"
 
   domain                            = var.domain
@@ -116,7 +116,7 @@ module "project-factory" {
   shared_vpc_subnets                = local.shared_vpc_subnets
   sa_role                           = var.sa_role
   sa_group                          = var.sa_group
-  lien                              = "true"
+  lien                              = true
 
   activate_apis = [
     "compute.googleapis.com",
@@ -125,7 +125,7 @@ module "project-factory" {
   ]
 
   default_service_account     = "DELETE"
-  disable_services_on_destroy = "false"
+  disable_services_on_destroy = false
 }
 
 resource "google_service_account" "extra_service_account" {

test/fixtures/minimal/main.tf

@@ -45,7 +45,7 @@ module "project-factory" {
   ]
 
   default_service_account     = "DISABLE"
-  disable_services_on_destroy = "false"
+  disable_services_on_destroy = false
 }
 
 // Add a binding to the container service robot account to test that the

test/fixtures/shared_vpc_no_subnets/main.tf

@@ -46,7 +46,7 @@ module "project-factory" {
 
   name                              = "pf-ci-test-nosubnets-${var.random_string_for_testing}"
   project_id                        = "pf-ci-test-nosubnets-${var.random_string_for_testing}"
-  random_project_id                 = "false"
+  random_project_id                 = false
   domain                            = var.domain
   org_id                            = var.org_id
   folder_id                         = var.folder_id
@@ -63,5 +63,5 @@ module "project-factory" {
     "dataflow.googleapis.com",
   ]
 
-  disable_services_on_destroy = "false"
+  disable_services_on_destroy = false
 }

test/fixtures/vpc_sc_project/main.tf

@@ -60,9 +60,9 @@ module "project-factory" {
   ]
 
   default_service_account     = "DISABLE"
-  disable_services_on_destroy = "false"
+  disable_services_on_destroy = false
 
-  vpc_service_control_attach_enabled = "true"
+  vpc_service_control_attach_enabled = true
   vpc_service_control_perimeter_name = "accessPolicies/${var.policy_id}/servicePerimeters/${local.perimeter_name}"
 }
 

variables.tf

@@ -201,8 +201,8 @@ variable "lien" {
 
 variable "disable_services_on_destroy" {
   description = "Whether project services will be disabled when the resources are destroyed"
-  default     = "true"
-  type        = string
+  default     = true
+  type        = bool
 }
 
 variable "default_service_account" {