From e49c511ef6442efd83cb4bae35090e92c9529cac Mon Sep 17 00:00:00 2001
From: Salim Afiune <afiune@lacework.net>
Date: Tue, 15 Nov 2022 08:00:10 -0800
Subject: [PATCH] fix: empty project_id in google_project data source (#8)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A validation change https://github.com/hashicorp/terraform-provider-google/pull/12846
was introduced in version `4.42.0` of the google provider. This
validation makes all our GCP modules to fail with:
```
│ Error: "" project_id must be 6 to 30 with lowercase letters, digits, hyphens and start with a letter. Trailing hyphens are prohibited.
│
│   with module.gcp_project_gke_audit_log.data.google_project.selected,
│   on .terraform/modules/gcp_project_gke_audit_log/main.tf line 96, in data "google_project" "selected":
│   96:   project_id = var.project_id
```

To solve this issue we are avoiding using the `google_project` data
source when we know the `project_id` that was provided by the user.

If the user does not provide a `project_id`, then we use the data
source to discover the project from the google provider.

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
---
 main.tf     | 26 ++++++++++++--------------
 versions.tf |  2 +-
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/main.tf b/main.tf
index eda1f4a..063947a 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,6 @@
 locals {
   org_integration = var.integration_type == "ORGANIZATION"
-  project_id = data.google_project.selected.project_id
+  project_id      = length(var.project_id) > 0 ? var.project_id : data.google_project.selected.project_id
   sink_name = length(var.existing_sink_name) > 0 ? var.existing_sink_name : (
     local.org_integration ? "${var.prefix}-${var.organization_id}-lacework-sink-${random_id.uniq.hex}" : "${var.prefix}-lacework-sink-${random_id.uniq.hex}"
   )
@@ -29,9 +29,7 @@ resource "random_id" "uniq" {
   byte_length = 4
 }
 
-data "google_project" "selected" {
-  project_id = var.project_id
-}
+data "google_project" "selected" {}
 
 resource "google_project_service" "required_apis" {
   for_each = var.required_apis
@@ -57,10 +55,10 @@ resource "google_pubsub_topic" "lacework_topic" {
 }
 
 resource "google_pubsub_topic_iam_binding" "topic_publisher" {
-  members = local.logging_sink_writer_identity
-  role    = "roles/pubsub.publisher"
-  project = local.project_id
-  topic   = google_pubsub_topic.lacework_topic.name
+  members    = local.logging_sink_writer_identity
+  role       = "roles/pubsub.publisher"
+  project    = local.project_id
+  topic      = google_pubsub_topic.lacework_topic.name
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
@@ -71,7 +69,7 @@ resource "google_pubsub_subscription" "lacework_subscription" {
   ack_deadline_seconds       = 300
   message_retention_duration = "432000s"
   labels                     = merge(var.labels, var.pubsub_subscription_labels)
-  depends_on = [google_pubsub_topic.lacework_topic]
+  depends_on                 = [google_pubsub_topic.lacework_topic]
 }
 
 resource "google_logging_project_sink" "lacework_project_sink" {
@@ -81,7 +79,7 @@ resource "google_logging_project_sink" "lacework_project_sink" {
   destination            = "pubsub.googleapis.com/${google_pubsub_topic.lacework_topic.id}"
   unique_writer_identity = true
 
-  filter = local.log_filter
+  filter     = local.log_filter
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
@@ -92,7 +90,7 @@ resource "google_logging_organization_sink" "lacework_organization_sink" {
   destination      = "pubsub.googleapis.com/${google_pubsub_topic.lacework_topic.id}"
   include_children = true
 
-  filter = local.log_filter
+  filter     = local.log_filter
   depends_on = [google_pubsub_topic.lacework_topic]
 }
 
@@ -101,7 +99,7 @@ resource "google_pubsub_subscription_iam_binding" "lacework" {
   role         = "roles/pubsub.subscriber"
   members      = ["serviceAccount:${local.service_account_json_key.client_email}"]
   subscription = google_pubsub_subscription.lacework_subscription.name
-  depends_on = [google_pubsub_subscription.lacework_subscription]
+  depends_on   = [google_pubsub_subscription.lacework_subscription]
 }
 
 resource "google_project_iam_audit_config" "project_audit_logs" {
@@ -119,8 +117,8 @@ resource "google_project_iam_audit_config" "project_audit_logs" {
 }
 
 resource "google_organization_iam_audit_config" "organization_audit_logs" {
-  count = local.org_integration ? 1 : 0
-  org_id = var.organization_id
+  count   = local.org_integration ? 1 : 0
+  org_id  = var.organization_id
   service = "container.googleapis.com"
   audit_log_config {
     log_type = "ADMIN_READ"
diff --git a/versions.tf b/versions.tf
index e79e0a7..993c404 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_version = ">= 0.15.1"
 
   required_providers {
-    google = ">= 4.4.0, < 4.41.0"
+    google = ">= 4.4.0, < 5.0.0"
     time   = "~> 0.6"
     lacework = {
       source  = "lacework/lacework"