GoogleCloudPlatform
diff --git a/‎Makefile
Lines changed: 1 addition & 1 deletion b/‎Makefile
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/secure-cloud-function-on-foundation-3-0-0.md
Lines changed: 3 additions & 3 deletions b/‎docs/secure-cloud-function-on-foundation-3-0-0.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎examples/cloud_function2_gcs_source/main.tf
Lines changed: 1 addition & 1 deletion b/‎examples/cloud_function2_gcs_source/main.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/cloud_function2_pubsub_trigger/main.tf
Lines changed: 2 additions & 2 deletions b/‎examples/cloud_function2_pubsub_trigger/main.tf
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/secure_cloud_function_bigquery_trigger/functions/bq-to-cf/go.mod
Lines changed: 1 addition & 1 deletion b/‎examples/secure_cloud_function_bigquery_trigger/functions/bq-to-cf/go.mod
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/secure_cloud_function_bigquery_trigger/main.tf
Lines changed: 11 additions & 9 deletions b/‎examples/secure_cloud_function_bigquery_trigger/main.tf
Lines changed: 11 additions & 9 deletions
diff --git a/‎examples/secure_cloud_function_internal_server/function/go.mod
Lines changed: 2 additions & 0 deletions b/‎examples/secure_cloud_function_internal_server/function/go.mod
Lines changed: 2 additions & 0 deletions
diff --git a/‎examples/secure_cloud_function_internal_server/internal_server.tf
Lines changed: 3 additions & 2 deletions b/‎examples/secure_cloud_function_internal_server/internal_server.tf
Lines changed: 3 additions & 2 deletions
diff --git a/‎examples/secure_cloud_function_internal_server/main.tf
Lines changed: 9 additions & 5 deletions b/‎examples/secure_cloud_function_internal_server/main.tf
Lines changed: 9 additions & 5 deletions
diff --git a/‎examples/secure_cloud_function_with_sql/README.md
Lines changed: 1 addition & 0 deletions b/‎examples/secure_cloud_function_with_sql/README.md
Lines changed: 1 addition & 0 deletions
@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.19
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.23
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 
 
@@ -1027,7 +1027,7 @@ will deployed in the Secure Cloud Function that will be created in step `5-app-i
     module "secure_web_proxy" {
       source  = "GoogleCloudPlatform/cloud-functions/google//modules/secure-web-proxy"
       count   = var.enable_scf ? 1 : 0
-      version = "~> 0.4.0"
+      version = "~> 0.6.0"
 
       project_id          = local.restricted_project_id
       region              = local.default_region
@@ -1270,11 +1270,11 @@ We consider that the `terraform-example-foundation` directory is at the same lev
       required_providers {
         google = {
           source  = "hashicorp/google"
-          version = "< 5.0"
+          version = "< 7.0"
         }
         google-beta = {
           source  = "hashicorp/google-beta"
-          version = "< 5.0"
+          version = "< 7.0"
         }
       }
       required_version = ">= 0.13"
 
@@ -29,7 +29,7 @@ resource "google_storage_bucket_object" "function-source" {
 
 module "cloud_functions2" {
   source  = "GoogleCloudPlatform/cloud-functions/google"
-  version = "~> 0.5"
+  version = "~> 0.6"
 
   project_id        = var.project_id
   function_name     = "function2-gcs-source-py"
 
@@ -29,15 +29,15 @@ resource "google_storage_bucket_object" "function-source" {
 
 module "pubsub" {
   source  = "terraform-google-modules/pubsub/google"
-  version = "~> 6.0"
+  version = "~> 7.0"
 
   topic      = "function2-topic"
   project_id = var.project_id
 }
 
 module "cloud_functions2" {
   source  = "GoogleCloudPlatform/cloud-functions/google"
-  version = "~> 0.5"
+  version = "~> 0.6"
 
   project_id        = var.project_id
   function_name     = "function2-pubsub-trigger-py"
 
@@ -1,6 +1,6 @@
 module example.com/module/helloworld
 
-go 1.18
+go 1.21
 
 require (
 	cloud.google.com/go/storage v1.29.0
 
@@ -32,7 +32,7 @@ resource "random_id" "random_folder_suffix" {
 
 module "secure_harness" {
   source  = "GoogleCloudPlatform/cloud-run/google//modules/secure-serverless-harness"
-  version = "~> 0.12.0"
+  version = "~> 0.17.2"
 
   billing_account                             = var.billing_account
   security_project_name                       = "prj-scf-security"
@@ -58,21 +58,23 @@ module "secure_harness" {
   base_serverless_api                         = "cloudfunctions.googleapis.com"
   use_shared_vpc                              = true
   time_to_wait_vpc_sc_propagation             = "300s"
+  project_deletion_policy                     = "DELETE"
+  folder_deletion_protection                  = false
 
   service_account_project_roles = {
     "prj-scf-bq-trigger" = ["roles/eventarc.eventReceiver", "roles/viewer", "roles/compute.networkViewer", "roles/run.invoker"]
   }
 
-  network_project_extra_apis = ["networksecurity.googleapis.com"]
+  network_project_extra_apis = ["compute.googleapis.com", "networksecurity.googleapis.com"]
 
   serverless_project_extra_apis = {
-    "prj-scf-bq-trigger" = ["networksecurity.googleapis.com", "cloudfunctions.googleapis.com", "cloudbuild.googleapis.com", "eventarc.googleapis.com", "eventarcpublishing.googleapis.com"]
+    "prj-scf-bq-trigger" = ["compute.googleapis.com", "networksecurity.googleapis.com", "cloudfunctions.googleapis.com", "cloudbuild.googleapis.com", "eventarc.googleapis.com", "eventarcpublishing.googleapis.com"]
   }
 }
 
 module "cloudfunction_source_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   project_id    = module.secure_harness.serverless_project_ids[0]
   name          = "bkt-${local.location}-${module.secure_harness.serverless_project_numbers[module.secure_harness.serverless_project_ids[0]]}-cfv2-zip-files"
@@ -124,7 +126,7 @@ data "google_bigquery_default_service_account" "bq_sa" {
 
 module "bigquery_kms" {
   source  = "terraform-google-modules/kms/google"
-  version = "~> 2.2"
+  version = "~> 4.0"
 
   project_id           = module.secure_harness.security_project_id
   location             = local.location
@@ -145,7 +147,7 @@ module "bigquery_kms" {
 
 module "bigquery" {
   source  = "terraform-google-modules/bigquery/google"
-  version = "~> 7.0"
+  version = "~> 10.0"
 
   dataset_id                  = "dst_secure_cloud_function"
   dataset_name                = "dst-secure-cloud-function"
@@ -222,7 +224,7 @@ resource "time_sleep" "wait_upload_certificate" {
 
 module "secure_web_proxy" {
   source  = "GoogleCloudPlatform/cloud-functions/google//modules/secure-web-proxy"
-  version = "~> 0.5"
+  version = "~> 0.6"
 
   project_id          = module.secure_harness.network_project_id[0]
   region              = local.region
@@ -271,7 +273,7 @@ resource "google_project_iam_member" "network_service_agent_editor" {
 
 module "secure_cloud_function" {
   source  = "GoogleCloudPlatform/cloud-functions/google//modules/secure-cloud-function"
-  version = "~> 0.5"
+  version = "~> 0.6"
 
   function_name             = "secure-cloud-function-bigquery"
   function_description      = "Logs when there is a new row in the BigQuery"
@@ -331,7 +333,7 @@ module "secure_cloud_function" {
         operator        = "match-path-pattern" # This allows path patterns to be used in the value field
     }]
   }
-  runtime     = "go118"
+  runtime     = "go121"
   entry_point = "HelloCloudFunction"
 
   depends_on = [
 
@@ -1,5 +1,7 @@
 module example.com/module/helloworld
 
+go 1.21
+
 require (
   github.com/GoogleCloudPlatform/functions-framework-go v1.6.1
 )
@@ -83,8 +83,9 @@ resource "google_compute_instance" "internal_server" {
 }
 
 module "internal_server_firewall_rule" {
-  source       = "terraform-google-modules/network/google//modules/firewall-rules"
-  version      = "~> 9.0"
+  source  = "terraform-google-modules/network/google//modules/firewall-rules"
+  version = "~> 11.0"
+
   project_id   = module.secure_harness.network_project_id[0]
   network_name = module.secure_harness.service_vpc[0].network.name
 
 
@@ -33,7 +33,7 @@ resource "random_id" "random_folder_suffix" {
 
 module "secure_harness" {
   source  = "GoogleCloudPlatform/cloud-run/google//modules/secure-serverless-harness"
-  version = "~> 0.12.0"
+  version = "~> 0.17.2"
 
   billing_account                             = var.billing_account
   security_project_name                       = "prj-scf-security"
@@ -59,6 +59,8 @@ module "secure_harness" {
   base_serverless_api                         = "cloudfunctions.googleapis.com"
   use_shared_vpc                              = true
   time_to_wait_vpc_sc_propagation             = "300s"
+  project_deletion_policy                     = "DELETE"
+  folder_deletion_protection                  = false
 
   service_account_project_roles = {
     "prj-scf-internal-server" = [
@@ -70,13 +72,15 @@ module "secure_harness" {
   }
 
   network_project_extra_apis = [
+    "compute.googleapis.com",
     "networksecurity.googleapis.com",
     "networkservices.googleapis.com",
     "certificatemanager.googleapis.com"
   ]
 
   serverless_project_extra_apis = {
     "prj-scf-internal-server" = [
+      "compute.googleapis.com",
       "opsconfigmonitoring.googleapis.com",
       "cloudfunctions.googleapis.com",
       "cloudbuild.googleapis.com",
@@ -89,7 +93,7 @@ module "secure_harness" {
 
 module "cloudfunction_source_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   project_id    = module.secure_harness.serverless_project_ids[0]
   name          = "bkt-${local.location}-${module.secure_harness.serverless_project_numbers[module.secure_harness.serverless_project_ids[0]]}-cfv2-zip-files"
@@ -165,7 +169,7 @@ resource "time_sleep" "wait_upload_certificate" {
 
 module "secure_web_proxy" {
   source  = "GoogleCloudPlatform/cloud-functions/google//modules/secure-web-proxy"
-  version = "~> 0.5"
+  version = "~> 0.6"
 
   project_id          = module.secure_harness.network_project_id[0]
   region              = local.region
@@ -212,7 +216,7 @@ resource "google_project_iam_member" "network_service_agent_editor" {
 
 module "secure_cloud_function" {
   source  = "GoogleCloudPlatform/cloud-functions/google//modules/secure-cloud-function"
-  version = "~> 0.5"
+  version = "~> 0.6"
 
   function_name             = "secure-function2-internal-server"
   function_description      = "Secure cloud function example"
@@ -257,7 +261,7 @@ module "secure_cloud_function" {
       attribute_value = module.cloudfunction_source_bucket.name
     }]
   }
-  runtime     = "go118"
+  runtime     = "go121"
   entry_point = "helloHTTP"
 
   depends_on = [
 
@@ -106,6 +106,7 @@ _Note: Please refer to [Secure Web Proxy documentation](../../docs/secure-web-pr
 | ingress\_policies | A list of all [ingress policies](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules#ingress-rules-reference), each list object has a `from` and `to` value that describes ingress\_from and ingress\_to.<br><br>Example: `[{ from={ sources={ resources=[], access_levels=[] }, identities=[], identity_type="ID_TYPE" }, to={ resources=[], operations={ "SRV_NAME"={ OP_TYPE=[] }}}}]`<br><br>Valid Values:<br>`ID_TYPE` = `null` or `IDENTITY_TYPE_UNSPECIFIED` (only allow indentities from list); `ANY_IDENTITY`; `ANY_USER_ACCOUNT`; `ANY_SERVICE_ACCOUNT`<br>`SRV_NAME` = "`*`" (allow all services) or [Specific Services](https://cloud.google.com/vpc-service-controls/docs/supported-products#supported_products)<br>`OP_TYPE` = [methods](https://cloud.google.com/vpc-service-controls/docs/supported-method-restrictions) or [permissions](https://cloud.google.com/vpc-service-controls/docs/supported-method-restrictions). | <pre>list(object({<br>    from = any<br>    to   = any<br>  }))</pre> | `[]` | no |
 | org\_id | The organization ID. | `string` | n/a | yes |
 | terraform\_service\_account | The e-mail of the service account who will impersionate when creating infrastructure. | `string` | n/a | yes |
+| time\_to\_wait\_service\_identity\_propagation | The time to wait for service identity propagation. | `string` | `"180s"` | no |
 
 ## Outputs
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`module example.com/module/helloworld`
`2`	`2`
	`3`	`+go 1.21`
	`4`	`+`
`3`	`5`	`require (`
`4`	`6`	`github.com/GoogleCloudPlatform/functions-framework-go v1.6.1`
`5`	`7`	`)`