kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add fourth folder level to project factory module (#3467)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-10-26 10:34:02 +01:00
committed by GitHub
parent 08e6c4196a
commit 56b213a047
3 changed files with 147 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
tests/modules/project_factory/examples/example.yaml
View File

@@ -37,6 +37,7 @@ values:
storage_class: STANDARD
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
uniform_bucket_level_access: true
versioning:
- enabled: false
@@ -46,6 +47,7 @@ values:
members:
- serviceAccount:dev-tb-app0-0-rw@test-pf-teams-iac-0.iam.gserviceaccount.com
role: roles/storage.objectCreator
timeouts: null
? module.project-factory.module.automation-bucket["dev-tb-app0-0/automation/tf-state"].google_storage_bucket_iam_binding.authoritative["roles/storage.objectViewer"]
: bucket: test-pf-dev-tb-app0-0-tf-state
condition: []
@@ -55,6 +57,7 @@ values:
- serviceAccount:dev-tb-app0-0-ro@test-pf-teams-iac-0.iam.gserviceaccount.com
- serviceAccount:dev-tb-app0-0-rw@test-pf-teams-iac-0.iam.gserviceaccount.com
role: roles/storage.objectViewer
timeouts: null
? module.project-factory.module.automation-service-accounts["dev-tb-app0-0/automation/ro"].google_service_account.service_account[0]
: account_id: dev-tb-app0-0-ro
create_ignore_already_exists: null
@@ -64,6 +67,7 @@ values:
email: dev-tb-app0-0-ro@test-pf-teams-iac-0.iam.gserviceaccount.com
member: serviceAccount:dev-tb-app0-0-ro@test-pf-teams-iac-0.iam.gserviceaccount.com
project: test-pf-teams-iac-0
timeouts: null
? module.project-factory.module.automation-service-accounts["dev-tb-app0-0/automation/rw"].google_service_account.service_account[0]
: account_id: dev-tb-app0-0-rw
create_ignore_already_exists: null
@@ -73,6 +77,7 @@ values:
email: dev-tb-app0-0-rw@test-pf-teams-iac-0.iam.gserviceaccount.com
member: serviceAccount:dev-tb-app0-0-rw@test-pf-teams-iac-0.iam.gserviceaccount.com
project: test-pf-teams-iac-0
timeouts: null
module.project-factory.module.billing-budgets[0].google_billing_budget.default["test-100"]:
all_updates_rule:
- disable_default_iam_recipients: true
@@ -101,6 +106,7 @@ values:
threshold_percent: 0.5
- spend_basis: CURRENT_SPEND
threshold_percent: 0.75
timeouts: null
module.project-factory.module.billing-budgets[0].google_monitoring_notification_channel.default["billing-default"]:
description: null
display_name: Budget email notification billing-default.
@@ -110,6 +116,7 @@ values:
email_address: gcp-billing-admins@example.org
project: foo-billing-audit
sensitive_labels: []
timeouts: null
type: email
user_labels: null
module.project-factory.module.folder-1-iam["team-a"].google_folder_iam_binding.authoritative["roles/viewer"]:
@@ -123,20 +130,24 @@ values:
display_name: Team A
parent: folders/5678901234
tags: null
timeouts: null
module.project-factory.module.folder-1["team-b"].google_folder.folder[0]:
deletion_protection: false
display_name: Team B
parent: folders/5678901234
tags: null
timeouts: null
module.project-factory.module.folder-1["team-c"].google_folder.folder[0]:
deletion_protection: false
display_name: Team C
parent: folders/5678901234
tags: null
timeouts: null
module.project-factory.module.folder-2["team-a/app-0"].google_folder.folder[0]:
deletion_protection: false
display_name: App 0
tags: null
timeouts: null
module.project-factory.module.folder-2["team-a/app-0"].google_org_policy_policy.default["compute.disableSerialPortAccess"]:
dry_run_spec: []
spec:
@@ -149,6 +160,7 @@ values:
enforce: 'FALSE'
parameters: null
values: []
timeouts: null
? module.project-factory.module.folder-2["team-a/app-0"].google_privileged_access_manager_entitlement.default["app-0-admins"]
: additional_notification_targets: []
approval_workflow:
@@ -176,16 +188,35 @@ values:
- not_mandatory: []
unstructured:
- {}
timeouts: null
module.project-factory.module.folder-2["team-b/app-0"].google_folder.folder[0]:
deletion_protection: false
display_name: App 0
tags: null
timeouts: null
module.project-factory.module.folder-2["team-b/app-0"].google_tags_tag_binding.binding["drs-allow-all"]:
tag_value: tagValues/123456
timeouts: null
module.project-factory.module.folder-2["team-c/apps"].google_folder.folder[0]:
deletion_protection: false
display_name: Apps
tags: null
timeouts: null
module.project-factory.module.folder-3["team-c/apps/test"].google_folder.folder[0]:
deletion_protection: false
display_name: Test
tags: null
timeouts: null
module.project-factory.module.folder-4["team-c/apps/test/app-x"].google_folder.folder[0]:
deletion_protection: false
display_name: App X
tags: null
timeouts: null
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_compute_shared_vpc_service_project.shared_vpc_service[0]
: deletion_policy: null
host_project: $project_ids:dev-spoke-0
service_project: test-pf-dev-ta-app0-be
timeouts: null
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_kms_crypto_key_iam_member.service_agent_cmek["key-0.compute-system"]
: condition: []
crypto_key_id: projects/kms-central-prj/locations/europe-west1/keyRings/my-keyring/cryptoKeys/ew1-compute
@@ -225,6 +256,7 @@ values:
- not_mandatory: []
unstructured:
- {}
timeouts: null
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_project_iam_binding.authoritative["roles/cloudkms.cryptoKeyEncrypterDecrypter"]
: condition: []
project: test-pf-dev-ta-app0-be
@@ -250,6 +282,7 @@ values:
role: roles/container.hostServiceAgentUser
module.project-factory.module.projects-iam["dev-tb-app0-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
project: test-pf-dev-tb-app0-0
timeouts: null
module.project-factory.module.projects-iam["dev-tb-app0-0"].google_project_iam_binding.authoritative["roles/owner"]:
condition: []
members:
@@ -274,12 +307,16 @@ values:
- serviceAccount:app-0-be@test-pf-dev-tb-app0-1.iam.gserviceaccount.com
project: test-pf-dev-tb-app0-1
role: roles/run.developer
module.project-factory.module.projects["dev-ta-app0-be"].data.google_storage_project_service_account.gcs_sa[0]:
project: test-pf-dev-ta-app0-be
user_project: null
module.project-factory.module.projects["dev-ta-app0-be"].google_essential_contacts_contact.contact["admin@example.org"]:
email: admin@example.org
language_tag: en
notification_category_subscriptions:
- ALL
parent: projects/test-pf-dev-ta-app0-be
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-BCDEF0
@@ -302,6 +339,7 @@ values:
environment: test
goog-terraform-provisioned: 'true'
team: team-a
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_project_iam_member.service_agents["compute-system"]:
condition: []
project: test-pf-dev-ta-app0-be
@@ -319,38 +357,47 @@ values:
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: compute.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_project_service.project_services["container.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: container.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: storage.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_project_service_identity.default["container.googleapis.com"]
: project: test-pf-dev-ta-app0-be
service: container.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_binding.binding["context"]:
tag_value: tagValues/654321
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_key.default["my-tag-key-1"]:
description: Managed by the Terraform project-factory module.
parent: projects/test-pf-dev-ta-app0-be
purpose: null
purpose_data: null
short_name: my-tag-key-1
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_value.default["my-tag-key-1/my-value-1"]:
description: My value 1
short_name: my-value-1
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_value.default["my-tag-key-1/my-value-2"]:
description: My value 3
short_name: my-value-2
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_value_iam_binding.default["my-tag-key-1/my-value-2:roles/resourcemanager.tagUser"]
: condition: []
members:
@@ -365,6 +412,7 @@ values:
notification_category_subscriptions:
- ALL
parent: projects/test-pf-dev-tb-app0-0
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project.project[0]:
auto_create_network: false
billing_account: 123456-123456-123456
@@ -381,6 +429,7 @@ values:
terraform_labels:
environment: test
goog-terraform-provisioned: 'true'
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project_iam_member.service_agents["serverless-robot-prod"]:
condition: []
project: test-pf-dev-tb-app0-0
@@ -390,25 +439,33 @@ values:
disable_on_destroy: false
project: test-pf-dev-tb-app0-0
service: run.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-tb-app0-0"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-0
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-0
service: storage.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project_service_identity.default["run.googleapis.com"]:
project: test-pf-dev-tb-app0-0
service: run.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].data.google_storage_project_service_account.gcs_sa[0]:
project: test-pf-dev-tb-app0-1
user_project: null
module.project-factory.module.projects["dev-tb-app0-1"].google_essential_contacts_contact.contact["admin@example.org"]:
email: admin@example.org
language_tag: en
notification_category_subscriptions:
- ALL
parent: projects/test-pf-dev-tb-app0-1
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-BCDEF0
@@ -431,6 +488,7 @@ values:
environment: test
goog-terraform-provisioned: 'true'
team: team-b
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].google_project_iam_member.service_agents["container-engine-robot"]:
condition: []
project: test-pf-dev-tb-app0-1
@@ -444,25 +502,33 @@ values:
disable_on_destroy: false
project: test-pf-dev-tb-app0-1
service: container.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-tb-app0-1"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-1
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-1
service: storage.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-tb-app0-1"].google_project_service_identity.default["container.googleapis.com"]
: project: test-pf-dev-tb-app0-1
service: container.googleapis.com
timeouts: null
module.project-factory.module.projects["teams-iac-0"].data.google_storage_project_service_account.gcs_sa[0]:
project: test-pf-teams-iac-0
user_project: null
module.project-factory.module.projects["teams-iac-0"].google_essential_contacts_contact.contact["admin@example.org"]:
email: admin@example.org
language_tag: en
notification_category_subscriptions:
- ALL
parent: projects/test-pf-teams-iac-0
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_org_policy_policy.default["compute.disableSerialPortAccess"]:
dry_run_spec: []
name: projects/test-pf-teams-iac-0/policies/compute.disableSerialPortAccess
@@ -477,6 +543,7 @@ values:
enforce: 'FALSE'
parameters: null
values: []
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-BCDEF0
@@ -494,6 +561,7 @@ values:
terraform_labels:
environment: test
goog-terraform-provisioned: 'true'
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project_iam_member.service_agents["container-engine-robot"]:
condition: []
project: test-pf-teams-iac-0
@@ -507,19 +575,23 @@ values:
disable_on_destroy: false
project: test-pf-teams-iac-0
service: container.googleapis.com
timeouts: null
? module.project-factory.module.projects["teams-iac-0"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-teams-iac-0
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-teams-iac-0
service: storage.googleapis.com
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project_service_identity.default["container.googleapis.com"]:
project: test-pf-teams-iac-0
service: container.googleapis.com
timeouts: null
? module.project-factory.module.service-accounts["dev-ta-app0-be/app-0-be"].google_project_iam_member.project-roles["$project_ids:dev-spoke-0-roles/compute.networkUser"]
: condition: []
project: $project_ids:dev-spoke-0
@@ -541,6 +613,7 @@ values:
email: app-0-be@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
member: serviceAccount:app-0-be@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
project: test-pf-dev-ta-app0-be
timeouts: null
? module.project-factory.module.service-accounts["dev-ta-app0-be/app-0-fe"].google_project_iam_member.project-roles["$project_ids:dev-spoke-0-roles/compute.networkUser"]
: condition: []
project: $project_ids:dev-spoke-0
@@ -562,6 +635,7 @@ values:
email: app-0-fe@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
member: serviceAccount:app-0-fe@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
project: test-pf-dev-ta-app0-be
timeouts: null
? module.project-factory.module.service-accounts["dev-tb-app0-0/vm-default"].google_project_iam_member.project-roles["$project_ids:dev-tb-app0-0-roles/logging.logWriter"]
: condition: []
project: test-pf-dev-tb-app0-0
@@ -579,6 +653,7 @@ values:
email: vm-default@test-pf-dev-tb-app0-0.iam.gserviceaccount.com
member: serviceAccount:vm-default@test-pf-dev-tb-app0-0.iam.gserviceaccount.com
project: test-pf-dev-tb-app0-0
timeouts: null
? module.project-factory.module.service-accounts["dev-tb-app0-1/app-0-be"].google_project_iam_member.project-roles["$project_ids:dev-tb-app0-1-roles/logging.logWriter"]
: condition: []
project: test-pf-dev-tb-app0-1
@@ -596,6 +671,7 @@ values:
email: app-0-be@test-pf-dev-tb-app0-1.iam.gserviceaccount.com
member: serviceAccount:app-0-be@test-pf-dev-tb-app0-1.iam.gserviceaccount.com
project: test-pf-dev-tb-app0-1
timeouts: null
? module.project-factory.module.service_accounts-iam["dev-tb-app0-0/vm-default"].google_service_account_iam_binding.authoritative["roles/iam.serviceAccountTokenCreator"]
: condition: []
members:
@@ -605,12 +681,13 @@ values:
input: null
output: null
triggers_replace: null
counts:
google_billing_budget: 1
google_compute_shared_vpc_host_project: 1
google_compute_shared_vpc_service_project: 1
google_essential_contacts_contact: 4
google_folder: 5
google_folder: 8
google_folder_iam_binding: 1
google_kms_crypto_key_iam_member: 2
google_monitoring_notification_channel: 1
@@ -630,6 +707,6 @@ counts:
google_tags_tag_key: 1
google_tags_tag_value: 2
google_tags_tag_value_iam_binding: 1
modules: 23
resources: 89
modules: 26
resources: 92
terraform_data: 1