Increases propagation time

GoogleCloudPlatform · Apr 25, 2023 · 7bbffea · 7bbffea
1 parent a9a8297
commit 7bbffea
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 28 deletions.
diff --git a/modules/secure-serverless-harness/main.tf b/modules/secure-serverless-harness/main.tf
@@ -99,7 +99,7 @@ resource "google_artifact_registry_repository" "repo" {
   kms_key_name  = module.artifact_registry_kms.keys[var.key_name]
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -112,7 +112,7 @@ resource "google_artifact_registry_repository_iam_member" "member" {
   member     = "serviceAccount:${each.value.cloud_serverless_service_identity_email}"
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -135,7 +135,7 @@ module "artifact_registry_kms" {
   key_protection_level = var.key_protection_level
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -146,7 +146,7 @@ resource "google_project_service_identity" "artifact_sa" {
   service = "artifactregistry.googleapis.com"
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -167,6 +167,6 @@ module "cloudfunction_source_bucket" {
 
   depends_on = [
     module.artifact_registry_kms,
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
diff --git a/modules/secure-serverless-harness/network.tf b/modules/secure-serverless-harness/network.tf
@@ -79,7 +79,7 @@ module "network" {
   depends_on = [
     module.network_project,
     module.serverless_project,
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -90,7 +90,7 @@ resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" {
   service_project = each.value
   depends_on = [
     module.serverless_project,
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -105,6 +105,6 @@ resource "google_dns_policy" "default_policy" {
     network_url = each.value.network_self_link
   }
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
diff --git a/modules/secure-serverless-harness/outputs.tf b/modules/secure-serverless-harness/outputs.tf
@@ -19,7 +19,7 @@ output "serverless_folder_id" {
   description = "The folder created to alocate Serverless infra."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -28,7 +28,7 @@ output "network_project_id" {
   description = "Project ID of the project created to host the Cloud Run Network."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -37,7 +37,7 @@ output "serverless_project_ids" {
   description = "Project ID of the projects created to deploy Cloud Run."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -46,7 +46,7 @@ output "serverless_project_numbers" {
   description = "Project number of the projects created to deploy Cloud Run."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -55,7 +55,7 @@ output "security_project_id" {
   description = "Project ID of the project created for KMS and Artifact Register."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -64,7 +64,7 @@ output "security_project_number" {
   description = "Project number of the project created for KMS and Artifact Register."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -73,7 +73,7 @@ output "service_account_email" {
   description = "The email of the Service Account created to be used by Cloud Serverless."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -82,7 +82,7 @@ output "service_vpc" {
   description = "The network created for Cloud Serverless."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -91,7 +91,7 @@ output "service_subnet" {
   description = "The sub-network name created in harness."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -100,7 +100,7 @@ output "artifact_registry_repository_id" {
   description = "The Artifact Registry Repository full identifier where the images should be stored."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -109,7 +109,7 @@ output "artifact_registry_repository_name" {
   description = "The Artifact Registry Repository last part of the repository name where the images should be stored."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -118,7 +118,7 @@ output "cloud_serverless_service_identity_email" {
   description = "The Cloud Run Service Identity email."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -127,7 +127,7 @@ output "restricted_service_perimeter_name" {
   description = "Service Perimeter name."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -136,7 +136,7 @@ output "restricted_access_level_name" {
   description = "Access level name."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
 
@@ -145,6 +145,6 @@ output "cloudfunction_source_bucket" {
   description = "Cloud Function Source Bucket."
 
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
diff --git a/modules/secure-serverless-harness/private_service_connect.tf b/modules/secure-serverless-harness/private_service_connect.tf
@@ -24,6 +24,6 @@ module "private_service_connect" {
   private_service_connect_ip = var.private_service_connect_ip
   forwarding_rule_target     = "vpc-sc"
   depends_on = [
-    time_sleep.wait_90_seconds
+    time_sleep.wait_180_seconds
   ]
 }
diff --git a/modules/secure-serverless-harness/service_perimeter.tf b/modules/secure-serverless-harness/service_perimeter.tf
@@ -220,13 +220,14 @@ resource "google_access_context_manager_service_perimeter_resource" "service_per
   ]
 }
 
-resource "time_sleep" "wait_90_seconds" {
+resource "time_sleep" "wait_180_seconds" {
   depends_on = [
     google_access_context_manager_service_perimeter_resource.service_perimeter_security_resource,
     google_access_context_manager_service_perimeter_resource.service_perimeter_serverless_resource,
-    google_access_context_manager_service_perimeter_resource.service_perimeter_network_resource
+    google_access_context_manager_service_perimeter_resource.service_perimeter_network_resource,
+    module.access_level_members
   ]
 
-  create_duration  = "90s"
-  destroy_duration = "90s"
+  create_duration  = "180s"
+  destroy_duration = "180s"
 }
diff --git a/modules/service-project-factory/main.tf b/modules/service-project-factory/main.tf
@@ -38,6 +38,10 @@ module "service_accounts" {
   project_id = module.serverless_project.project_id
   prefix     = "sa"
   names      = [replace(lower(var.serverless_type), "_", "-")]
+
+  depends_on = [
+    module.serverless_project
+  ]
 }
 
 resource "google_project_iam_member" "cloud_run_sa_roles" {
@@ -59,6 +63,7 @@ resource "google_service_account_iam_member" "identity_service_account_user" {
   role               = "roles/iam.serviceAccountUser"
   member             = "serviceAccount:${google_project_service_identity.serverless_sa.email}"
 }
+
 resource "google_project_service_identity" "cloudbuild_sa" {
   provider = google-beta