GoogleCloudPlatform · gtsorbo · Jun 1, 2023 · May 31, 2023
@@ -86,6 +86,7 @@ module "secure_cloud_run_harness" {
 | serverless\_type | The type of resource to be used. It supports only CLOUD\_RUN or CLOUD\_FUNCTION | `string` | n/a | yes |
 | service\_account\_project\_roles | Common roles to apply to the Cloud Serverless service account in the serverless project. | `map(list(string))` | `{}` | no |
 | subnet\_ip | The CDIR IP range of the subnetwork. | `string` | n/a | yes |
+| time\_to\_wait\_vpc\_sc\_propagation | The time to wait VPC-SC propagation when applying and destroying. | `string` | `"180s"` | no |
 | use\_shared\_vpc | Defines if the network created will be a single or shared vpc. | `bool` | `false` | no |
 | vpc\_name | The name of the network. | `string` | n/a | yes |
 

@@ -98,7 +98,7 @@ resource "google_artifact_registry_repository" "repo" {
   kms_key_name  = module.artifact_registry_kms.keys[var.key_name]
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -111,7 +111,7 @@ resource "google_artifact_registry_repository_iam_member" "member" {
   member     = "serviceAccount:${each.value.cloud_serverless_service_identity_email}"
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -134,7 +134,7 @@ module "artifact_registry_kms" {
   key_protection_level = var.key_protection_level
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -145,7 +145,7 @@ resource "google_project_service_identity" "artifact_sa" {
   service = "artifactregistry.googleapis.com"
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -166,6 +166,6 @@ module "cloudfunction_source_bucket" {
 
   depends_on = [
     module.artifact_registry_kms,
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
@@ -79,7 +79,7 @@ module "network" {
   depends_on = [
     module.network_project,
     module.serverless_project,
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -91,7 +91,7 @@ resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" {
   depends_on = [
     module.serverless_project,
     local.network_projects,
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -106,6 +106,6 @@ resource "google_dns_policy" "default_policy" {
     network_url = each.value.network_self_link
   }
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
@@ -19,7 +19,7 @@ output "serverless_folder_id" {
   description = "The folder created to alocate Serverless infra."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -28,7 +28,7 @@ output "network_project_id" {
   description = "Project ID of the project created to host the Cloud Run Network."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -37,7 +37,7 @@ output "serverless_project_ids" {
   description = "Project ID of the projects created to deploy Cloud Run."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -46,7 +46,7 @@ output "serverless_project_numbers" {
   description = "Project number of the projects created to deploy Cloud Run."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -55,7 +55,7 @@ output "security_project_id" {
   description = "Project ID of the project created for KMS and Artifact Register."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -64,7 +64,7 @@ output "security_project_number" {
   description = "Project number of the project created for KMS and Artifact Register."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -73,7 +73,7 @@ output "service_account_email" {
   description = "The email of the Service Account created to be used by Cloud Serverless."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -82,7 +82,7 @@ output "service_vpc" {
   description = "The network created for Cloud Serverless."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -91,7 +91,7 @@ output "service_subnet" {
   description = "The sub-network name created in harness."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -100,7 +100,7 @@ output "artifact_registry_repository_id" {
   description = "The Artifact Registry Repository full identifier where the images should be stored."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -109,7 +109,7 @@ output "artifact_registry_repository_name" {
   description = "The Artifact Registry Repository last part of the repository name where the images should be stored."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -118,7 +118,7 @@ output "cloud_serverless_service_identity_email" {
   description = "The Cloud Run Service Identity email."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -127,7 +127,7 @@ output "restricted_service_perimeter_name" {
   description = "Service Perimeter name."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -136,7 +136,7 @@ output "restricted_access_level_name" {
   description = "Access level name."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
 
@@ -145,6 +145,6 @@ output "cloudfunction_source_bucket" {
   description = "Cloud Function Source Bucket."
 
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
@@ -24,6 +24,6 @@ module "private_service_connect" {
   private_service_connect_ip = var.private_service_connect_ip
   forwarding_rule_target     = "vpc-sc"
   depends_on = [
-    time_sleep.wait_180_seconds
+    time_sleep.wait_vpc_sc_propagation
   ]
 }
@@ -220,14 +220,15 @@ resource "google_access_context_manager_service_perimeter_resource" "service_per
   ]
 }
 
-resource "time_sleep" "wait_180_seconds" {
+resource "time_sleep" "wait_vpc_sc_propagation" {
   depends_on = [
     google_access_context_manager_service_perimeter_resource.service_perimeter_security_resource,
     google_access_context_manager_service_perimeter_resource.service_perimeter_serverless_resource,
     google_access_context_manager_service_perimeter_resource.service_perimeter_network_resource,
-    module.access_level_members
+    module.access_level_members,
+    module.regular_service_perimeter
   ]
 
-  create_duration  = "180s"
-  destroy_duration = "180s"
+  create_duration  = var.time_to_wait_vpc_sc_propagation
+  destroy_duration = var.time_to_wait_vpc_sc_propagation
 }
@@ -225,3 +225,9 @@ variable "dns_enable_logging" {
   description = "Toggle DNS logging for VPC DNS."
   default     = true
 }
+
+variable "time_to_wait_vpc_sc_propagation" {
+  type        = string
+  description = "The time to wait VPC-SC propagation when applying and destroying."
+  default     = "180s"
+}