Project factory additions, project module reuse implementation (#2899)

* add support for buckets

* add project-level interpolation for own SAs

* docs

* project reuse changes

* fix example

* tfdoc

* update check documentation tool

* fast tests

* blueprints

* typo

fast/addons/1-resman-tenants/tenant-fast-automation.tf

@@ -88,10 +88,16 @@ module "tenant-automation-project" {
 
 
 module "tenant-automation-project-iam" {
-  source         = "../../../modules/project"
-  for_each       = local.fast_tenants
-  name           = module.tenant-automation-project[each.key].project_id
-  project_create = false
+  source   = "../../../modules/project"
+  for_each = local.fast_tenants
+  name     = module.tenant-automation-project[each.key].project_id
+  project_reuse = {
+    use_data_source = false
+    project_attributes = {
+      name   = module.tenant-automation-project[each.key].name
+      number = module.tenant-automation-project[each.key].number
+    }
+  }
   # human (groups) IAM bindings
   iam_by_principals = {
     (each.value.principals.gcp-devops) = [

fast/addons/2-networking-ngfw/main.tf

@@ -22,10 +22,10 @@ locals {
 }
 
 module "project" {
-  source         = "../../../modules/project"
-  count          = var._fast_debug.skip_datasources == true ? 0 : 1
-  name           = local.aliased_project_id
-  project_create = false
+  source        = "../../../modules/project"
+  count         = var._fast_debug.skip_datasources == true ? 0 : 1
+  name          = local.aliased_project_id
+  project_reuse = {}
   service_agents_config = {
     services_enabled = [
       "networksecurity.googleapis.com"

fast/addons/2-networking-swp/main.tf

@@ -36,10 +36,10 @@ locals {
 }
 
 module "project" {
-  source         = "../../../modules/project"
-  count          = var._fast_debug.skip_datasources == true ? 0 : 1
-  name           = local.aliased_project_id
-  project_create = false
+  source        = "../../../modules/project"
+  count         = var._fast_debug.skip_datasources == true ? 0 : 1
+  name          = local.aliased_project_id
+  project_reuse = {}
   service_agents_config = {
     services_enabled = [
       "networksecurity.googleapis.com"

fast/stages/1-resman/tenant-root.tf

@@ -32,10 +32,10 @@ module "root-folder" {
 }
 
 module "automation-project" {
-  source         = "../../../modules/project"
-  count          = var.root_node != null ? 1 : 0
-  name           = var.automation.project_id
-  project_create = false
+  source        = "../../../modules/project"
+  count         = var.root_node != null ? 1 : 0
+  name          = var.automation.project_id
+  project_reuse = {}
   # do not assign tagViewer or tagUser roles here on tag keys and values as
   # they are managed authoritatively and will break multitenant stages
   tags = merge(local.tags, {

fast/stages/2-project-factory/README.md

@@ -370,6 +370,7 @@ The approach is not shown here but reasonably easy to implement. The main projec
 
 | name | description | sensitive | consumers |
 |---|---|:---:|---|
-| [projects](outputs.tf#L32) | Created projects. |  |  |
-| [service_accounts](outputs.tf#L46) | Created service accounts. |  |  |
+| [buckets](outputs.tf#L32) | Created buckets. |  |  |
+| [projects](outputs.tf#L39) | Created projects. |  |  |
+| [service_accounts](outputs.tf#L53) | Created service accounts. |  |  |
 <!-- END TFDOC -->

fast/stages/2-project-factory/outputs.tf

@@ -29,6 +29,13 @@ locals {
   }
 }
 
+output "buckets" {
+  description = "Created buckets."
+  value = {
+    for k, v in module.projects.buckets : k => v
+  }
+}
+
 output "projects" {
   description = "Created projects."
   value = {
@@ -47,8 +54,8 @@ output "service_accounts" {
   description = "Created service accounts."
   value = {
     for k, v in module.projects.service_accounts : k => {
-      email      = v.email
-      iam_emanil = v.iam_email
+      email     = v.email
+      iam_email = v.iam_email
     }
   }
 }