diff --git a/modules/secure-serverless-harness/main.tf b/modules/secure-serverless-harness/main.tf index 91f34b28..316fad1b 100644 --- a/modules/secure-serverless-harness/main.tf +++ b/modules/secure-serverless-harness/main.tf @@ -99,7 +99,7 @@ resource "google_artifact_registry_repository" "repo" { kms_key_name = module.artifact_registry_kms.keys[var.key_name] depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -112,7 +112,7 @@ resource "google_artifact_registry_repository_iam_member" "member" { member = "serviceAccount:${each.value.cloud_serverless_service_identity_email}" depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -135,7 +135,7 @@ module "artifact_registry_kms" { key_protection_level = var.key_protection_level depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -146,7 +146,7 @@ resource "google_project_service_identity" "artifact_sa" { service = "artifactregistry.googleapis.com" depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -167,6 +167,6 @@ module "cloudfunction_source_bucket" { depends_on = [ module.artifact_registry_kms, - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } diff --git a/modules/secure-serverless-harness/network.tf b/modules/secure-serverless-harness/network.tf index 2e1d9bec..81e65e94 100644 --- a/modules/secure-serverless-harness/network.tf +++ b/modules/secure-serverless-harness/network.tf @@ -79,7 +79,7 @@ module "network" { depends_on = [ module.network_project, module.serverless_project, - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -90,7 +90,7 @@ resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" { service_project = each.value depends_on = [ module.serverless_project, - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -105,6 +105,6 @@ resource "google_dns_policy" "default_policy" { network_url = each.value.network_self_link } depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } diff --git a/modules/secure-serverless-harness/outputs.tf b/modules/secure-serverless-harness/outputs.tf index 251be85c..d097ab57 100644 --- a/modules/secure-serverless-harness/outputs.tf +++ b/modules/secure-serverless-harness/outputs.tf @@ -19,7 +19,7 @@ output "serverless_folder_id" { description = "The folder created to alocate Serverless infra." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -28,7 +28,7 @@ output "network_project_id" { description = "Project ID of the project created to host the Cloud Run Network." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -37,7 +37,7 @@ output "serverless_project_ids" { description = "Project ID of the projects created to deploy Cloud Run." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -46,7 +46,7 @@ output "serverless_project_numbers" { description = "Project number of the projects created to deploy Cloud Run." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -55,7 +55,7 @@ output "security_project_id" { description = "Project ID of the project created for KMS and Artifact Register." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -64,7 +64,7 @@ output "security_project_number" { description = "Project number of the project created for KMS and Artifact Register." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -73,7 +73,7 @@ output "service_account_email" { description = "The email of the Service Account created to be used by Cloud Serverless." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -82,7 +82,7 @@ output "service_vpc" { description = "The network created for Cloud Serverless." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -91,7 +91,7 @@ output "service_subnet" { description = "The sub-network name created in harness." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -100,7 +100,7 @@ output "artifact_registry_repository_id" { description = "The Artifact Registry Repository full identifier where the images should be stored." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -109,7 +109,7 @@ output "artifact_registry_repository_name" { description = "The Artifact Registry Repository last part of the repository name where the images should be stored." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -118,7 +118,7 @@ output "cloud_serverless_service_identity_email" { description = "The Cloud Run Service Identity email." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -127,7 +127,7 @@ output "restricted_service_perimeter_name" { description = "Service Perimeter name." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -136,7 +136,7 @@ output "restricted_access_level_name" { description = "Access level name." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } @@ -145,6 +145,6 @@ output "cloudfunction_source_bucket" { description = "Cloud Function Source Bucket." depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } diff --git a/modules/secure-serverless-harness/private_service_connect.tf b/modules/secure-serverless-harness/private_service_connect.tf index edff55db..df49ac3e 100644 --- a/modules/secure-serverless-harness/private_service_connect.tf +++ b/modules/secure-serverless-harness/private_service_connect.tf @@ -24,6 +24,6 @@ module "private_service_connect" { private_service_connect_ip = var.private_service_connect_ip forwarding_rule_target = "vpc-sc" depends_on = [ - time_sleep.wait_90_seconds + time_sleep.wait_180_seconds ] } diff --git a/modules/secure-serverless-harness/service_perimeter.tf b/modules/secure-serverless-harness/service_perimeter.tf index 1f09cae7..7089e282 100644 --- a/modules/secure-serverless-harness/service_perimeter.tf +++ b/modules/secure-serverless-harness/service_perimeter.tf @@ -220,13 +220,14 @@ resource "google_access_context_manager_service_perimeter_resource" "service_per ] } -resource "time_sleep" "wait_90_seconds" { +resource "time_sleep" "wait_180_seconds" { depends_on = [ google_access_context_manager_service_perimeter_resource.service_perimeter_security_resource, google_access_context_manager_service_perimeter_resource.service_perimeter_serverless_resource, - google_access_context_manager_service_perimeter_resource.service_perimeter_network_resource + google_access_context_manager_service_perimeter_resource.service_perimeter_network_resource, + module.access_level_members ] - create_duration = "90s" - destroy_duration = "90s" + create_duration = "180s" + destroy_duration = "180s" } diff --git a/modules/service-project-factory/main.tf b/modules/service-project-factory/main.tf index a5ad6c8c..6619ec72 100644 --- a/modules/service-project-factory/main.tf +++ b/modules/service-project-factory/main.tf @@ -38,6 +38,10 @@ module "service_accounts" { project_id = module.serverless_project.project_id prefix = "sa" names = [replace(lower(var.serverless_type), "_", "-")] + + depends_on = [ + module.serverless_project + ] } resource "google_project_iam_member" "cloud_run_sa_roles" { @@ -59,6 +63,7 @@ resource "google_service_account_iam_member" "identity_service_account_user" { role = "roles/iam.serviceAccountUser" member = "serviceAccount:${google_project_service_identity.serverless_sa.email}" } + resource "google_project_service_identity" "cloudbuild_sa" { provider = google-beta