Add support for CMEK in logging bucket, big query dataset and gke notifications (#3558)

2025-12-04 17:01:32 +07:00
parent ad9b71442a
commit 171a2c6690
23 changed files with 199 additions and 93 deletions
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
--- a/modules/project-factory/projects-bigquery.tf
+++ b/modules/project-factory/projects-bigquery.tf
@@ -18,11 +18,12 @@ locals {
  projects_bigquery_datasets = flatten([
    for k, v in local.projects_input : [
      for name, opts in lookup(v, "datasets", {}) : {
-        project_key   = k
-        project_name  = v.name
-        id            = name
-        friendly_name = lookup(opts, "friendly_name", null)
-        location      = lookup(opts, "location", null)
+        project_key    = k
+        project_name   = v.name
+        id             = name
+        encryption_key = lookup(opts, "encryption_key", null)
+        friendly_name  = lookup(opts, "friendly_name", null)
+        location       = lookup(opts, "location", null)
      }
    ]
  ])
@@ -33,7 +34,7 @@ module "bigquery-datasets" {
  for_each = {
    for k in local.projects_bigquery_datasets : "${k.project_key}/${k.id}" => k
  }
-  project_id = module.projects[each.value.project_key].project_id
+  project_id = module.projects-iam[each.value.project_key].project_id
  id         = each.value.id
  context = merge(local.ctx, {
    iam_principals = merge(
@@ -46,7 +47,8 @@ module "bigquery-datasets" {
    locations   = local.ctx.locations
    project_ids = local.ctx_project_ids
  })
-  friendly_name = each.value.friendly_name
+  encryption_key = each.value.encryption_key
+  friendly_name  = each.value.friendly_name
  location = coalesce(
    local.data_defaults.overrides.locations.bigquery,
    lookup(each.value, "location", null),
--- a/modules/project-factory/projects-buckets.tf
+++ b/modules/project-factory/projects-buckets.tf
@@ -62,7 +62,7 @@ module "buckets" {
  for_each = {
    for k in local.projects_buckets : "${k.project_key}/${k.name}" => k
  }
-  project_id     = module.projects[each.value.project_key].project_id
+  project_id     = module.projects-iam[each.value.project_key].project_id
  prefix         = each.value.prefix
  name           = "${each.value.project_name}-${each.value.name}"
  bucket_create  = each.value.create
--- a/modules/project-factory/variables-projects.tf
+++ b/modules/project-factory/variables-projects.tf
@@ -154,8 +154,9 @@ variable "projects" {
    })), {})
    contacts = optional(map(list(string)), {})
    datasets = optional(map(object({
-      friendly_name = optional(string)
-      location      = optional(string)
+      encryption_key = optional(string)
+      friendly_name  = optional(string)
+      location       = optional(string)
    })), {})
    iam = optional(map(list(string)), {})
    iam_bindings = optional(map(object({