make extended shared vpc attributes optional in pf (#1796)

2023-10-23 15:45:48 +02:00
parent a93f08e833
commit 1ed48b556f
2 changed files with 10 additions and 4 deletions
--- a/blueprints/factories/project-factory/README.md
+++ b/blueprints/factories/project-factory/README.md
@@ -59,7 +59,7 @@ module "project-factory" {
    data_path = "data"
  }
 }
-# tftest modules=6 resources=14 files=prj-app-1,prj-app-2
+# tftest modules=6 resources=15 files=prj-app-1,prj-app-2
 ```

 ```yaml
@@ -94,6 +94,8 @@ org_policies:
  iam.disableServiceAccountKeyCreation:
    rules:
      - enforce: false
+shared_vpc_service_config:
+  host_project: foo-host

 # tftest-file id=prj-app-2 path=data/prj-app-2.yaml
 ```
--- a/blueprints/factories/project-factory/factory.tf
+++ b/blueprints/factories/project-factory/factory.tf
@@ -77,9 +77,13 @@ locals {
        try(v.services, null),
        var.data_defaults.services
      )
-      shared_vpc_service_config = coalesce(
-        try(v.shared_vpc_service_config, null),
-        var.data_defaults.shared_vpc_service_config
+      shared_vpc_service_config = (
+        try(v.shared_vpc_service_config, null) != null
+        ? merge(
+          { service_identity_iam = {}, service_iam_grants = [] },
+          v.shared_vpc_service_config
+        )
+        : var.data_defaults.shared_vpc_service_config
      )
      tag_bindings = coalesce(
        var.data_overrides.tag_bindings,