fix: empty project_id in google_project data source (#8)

A validation change hashicorp/terraform-provider-google#12846 was introduced in version `4.42.0` of the google provider. This validation makes all our GCP modules to fail with: ``` │ Error: "" project_id must be 6 to 30 with lowercase letters, digits, hyphens and start with a letter. Trailing hyphens are prohibited. │ │ with module.gcp_project_gke_audit_log.data.google_project.selected, │ on .terraform/modules/gcp_project_gke_audit_log/main.tf line 96, in data "google_project" "selected": │ 96: project_id = var.project_id ``` To solve this issue we are avoiding using the `google_project` data source when we know the `project_id` that was provided by the user. If the user does not provide a `project_id`, then we use the data source to discover the project from the google provider. Signed-off-by: Salim Afiune Maya <afiune@lacework.net> Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
lacework · Nov 15, 2022 · e49c511 · e49c511
1 parent 2974c7f
commit e49c511
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 15 deletions.
diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
 locals {
   org_integration = var.integration_type == "ORGANIZATION"
-  project_id = data.google_project.selected.project_id
+  project_id      = length(var.project_id) > 0 ? var.project_id : data.google_project.selected.project_id
   sink_name = length(var.existing_sink_name) > 0 ? var.existing_sink_name : (
     local.org_integration ? "${var.prefix}-${var.organization_id}-lacework-sink-${random_id.uniq.hex}" : "${var.prefix}-lacework-sink-${random_id.uniq.hex}"
   )
@@ -29,9 +29,7 @@ resource "random_id" "uniq" {
   byte_length = 4
 }
 
-data "google_project" "selected" {
-  project_id = var.project_id
-}
+data "google_project" "selected" {}
 
 resource "google_project_service" "required_apis" {
   for_each = var.required_apis
@@ -57,10 +55,10 @@ resource "google_pubsub_topic" "lacework_topic" {
 }
 
 resource "google_pubsub_topic_iam_binding" "topic_publisher" {
-  members = local.logging_sink_writer_identity
-  role    = "roles/pubsub.publisher"
-  project = local.project_id
-  topic   = google_pubsub_topic.lacework_topic.name
+  members    = local.logging_sink_writer_identity
+  role       = "roles/pubsub.publisher"
+  project    = local.project_id
+  topic      = google_pubsub_topic.lacework_topic.name
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
@@ -71,7 +69,7 @@ resource "google_pubsub_subscription" "lacework_subscription" {
   ack_deadline_seconds       = 300
   message_retention_duration = "432000s"
   labels                     = merge(var.labels, var.pubsub_subscription_labels)
-  depends_on = [google_pubsub_topic.lacework_topic]
+  depends_on                 = [google_pubsub_topic.lacework_topic]
 }
 
 resource "google_logging_project_sink" "lacework_project_sink" {
@@ -81,7 +79,7 @@ resource "google_logging_project_sink" "lacework_project_sink" {
   destination            = "pubsub.googleapis.com/${google_pubsub_topic.lacework_topic.id}"
   unique_writer_identity = true
 
-  filter = local.log_filter
+  filter     = local.log_filter
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
@@ -92,7 +90,7 @@ resource "google_logging_organization_sink" "lacework_organization_sink" {
   destination      = "pubsub.googleapis.com/${google_pubsub_topic.lacework_topic.id}"
   include_children = true
 
-  filter = local.log_filter
+  filter     = local.log_filter
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
@@ -101,7 +99,7 @@ resource "google_pubsub_subscription_iam_binding" "lacework" {
   role         = "roles/pubsub.subscriber"
   members      = ["serviceAccount:${local.service_account_json_key.client_email}"]
   subscription = google_pubsub_subscription.lacework_subscription.name
-  depends_on = [google_pubsub_subscription.lacework_subscription]
+  depends_on   = [google_pubsub_subscription.lacework_subscription]
 }
 
 resource "google_project_iam_audit_config" "project_audit_logs" {
@@ -119,8 +117,8 @@ resource "google_project_iam_audit_config" "project_audit_logs" {
 }
 
 resource "google_organization_iam_audit_config" "organization_audit_logs" {
-  count = local.org_integration ? 1 : 0
-  org_id = var.organization_id
+  count   = local.org_integration ? 1 : 0
+  org_id  = var.organization_id
   service = "container.googleapis.com"
   audit_log_config {
     log_type = "ADMIN_READ"

diff --git a/versions.tf b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.15.1"
 
   required_providers {
-    google = ">= 4.4.0, < 4.41.0"
+    google = ">= 4.4.0, < 5.0.0"
     time   = "~> 0.6"
     lacework = {
       source  = "lacework/lacework"