From 66bbaeb85420236ca771a15fffa453ad9e851ad7 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 13 Jan 2026 10:34:59 +0100
Subject: [PATCH] fix observability in stage 0 (#3646)

---
 .../datasets/classic/defaults.yaml            |  6 +--
 .../datasets/hardened/defaults.yaml           |  6 +--
 fast/stages/0-org-setup/main.tf               |  6 +--
 fast/stages/0-org-setup/observability.tf      | 52 +++++++++----------
 .../0-org-setup/schemas/defaults.schema.json  | 16 ++++++
 .../0-org-setup/schemas/defaults.schema.md    |  4 ++
 .../s0_org_setup/data-hardened/defaults.yaml  |  6 +--
 7 files changed, 56 insertions(+), 40 deletions(-)

diff --git a/fast/stages/0-org-setup/datasets/classic/defaults.yaml b/fast/stages/0-org-setup/datasets/classic/defaults.yaml
index 20572f443..ae1c16a48 100644
--- a/fast/stages/0-org-setup/datasets/classic/defaults.yaml
+++ b/fast/stages/0-org-setup/datasets/classic/defaults.yaml
@@ -22,6 +22,9 @@ global:
     domain: fast-test-00.example.com
     id: 1234567890
     customer_id: abcd123456
+observability:
+  project_id: $project_ids:log-0
+  number: $project_numbers:log-0
 projects:
   defaults:
     # prefix must be unique and less than 9 characters
@@ -30,9 +33,6 @@ projects:
       bigquery: $locations:primary
       logging: $locations:primary
       storage: $locations:primary
-    observability:
-      project_id: $project_ids:log-0
-      project_number: $project_numbers:log-0
   overrides: {}
 context:
   # you can populate context variables here for use in YAML replacements
diff --git a/fast/stages/0-org-setup/datasets/hardened/defaults.yaml b/fast/stages/0-org-setup/datasets/hardened/defaults.yaml
index 20572f443..ae1c16a48 100644
--- a/fast/stages/0-org-setup/datasets/hardened/defaults.yaml
+++ b/fast/stages/0-org-setup/datasets/hardened/defaults.yaml
@@ -22,6 +22,9 @@ global:
     domain: fast-test-00.example.com
     id: 1234567890
     customer_id: abcd123456
+observability:
+  project_id: $project_ids:log-0
+  number: $project_numbers:log-0
 projects:
   defaults:
     # prefix must be unique and less than 9 characters
@@ -30,9 +33,6 @@ projects:
       bigquery: $locations:primary
       logging: $locations:primary
       storage: $locations:primary
-    observability:
-      project_id: $project_ids:log-0
-      project_number: $project_numbers:log-0
   overrides: {}
 context:
   # you can populate context variables here for use in YAML replacements
diff --git a/fast/stages/0-org-setup/main.tf b/fast/stages/0-org-setup/main.tf
index e9fd20f77..ee51ab4fc 100644
--- a/fast/stages/0-org-setup/main.tf
+++ b/fast/stages/0-org-setup/main.tf
@@ -31,6 +31,7 @@ locals {
   })
   defaults = {
     billing_account = try(local._defaults.global.billing_account, null)
+    observability   = try(local._defaults.observability, null)
     organization = (
       try(local._defaults.global.organization.id, null) == null
       ? null
@@ -41,11 +42,6 @@ locals {
       local.project_defaults.overrides.prefix,
       null
     )
-    observability = try(
-      local.project_defaults.defaults.observability,
-      local.project_defaults.overrides.observability,
-      null
-    )
   }
   iam_principals = merge(
     local.org_iam_principals,
diff --git a/fast/stages/0-org-setup/observability.tf b/fast/stages/0-org-setup/observability.tf
index ebc855d4f..460c2cb9f 100644
--- a/fast/stages/0-org-setup/observability.tf
+++ b/fast/stages/0-org-setup/observability.tf
@@ -16,47 +16,47 @@
 
 
 locals {
-  _observability_project = (
-    try(local.project_defaults.defaults.observability, null) != null ||
-    try(local.project_defaults.overrides.observability, null) != null
-    ) ? {
-    project_id     = local.defaults.observability.project_id
-    project_number = local.defaults.observability.project_number
-  } : {}
-
-  observability_project_id = try(lookup(
-    module.factory.project_ids,
-    replace(local._observability_project.project_id, "$project_ids:", ""),
-    local._observability_project.project_id
-  ), null)
-
-  observability_project_number = try(lookup(
-    module.factory.project_numbers,
-    replace(local._observability_project.project_number, "$project_numbers:", ""),
-    local._observability_project.project_number
-  ), null)
+  ob_project = {
+    project_id = try(
+      replace(local.defaults.observability.project_id, "$project_ids:", ""), null
+    )
+    number = try(
+      replace(local.defaults.observability.number, "$project_numbers:", ""), null
+    )
+  }
 }
 
 module "projects-observability" {
   source = "../../../modules/project"
-  count  = length(local._observability_project) > 0 ? 1 : 0
-
-  name = local.observability_project_id
+  count = (
+    local.ob_project.project_id != null && local.ob_project.number != null ? 1 : 0
+  )
+  name = lookup(
+    module.factory.project_ids,
+    local.ob_project.project_id,
+    local.ob_project.project_id
+  )
   project_reuse = {
     use_data_source = false
     attributes = {
-      name   = local.observability_project_id
-      number = local.observability_project_number
+      name = lookup(
+        module.factory.project_ids,
+        local.ob_project.project_id,
+        local.ob_project.project_id
+      )
+      number = lookup(
+        module.factory.project_numbers,
+        local.ob_project.number,
+        local.ob_project.number
+      )
     }
   }
-
   context = merge(local.ctx, {
     folder_ids  = module.factory.folder_ids
     kms_keys    = module.factory.kms_keys
     log_buckets = module.factory.log_buckets
     project_ids = module.factory.project_ids
   })
-
   factories_config = {
     observability = var.factories_config.observability
   }
diff --git a/fast/stages/0-org-setup/schemas/defaults.schema.json b/fast/stages/0-org-setup/schemas/defaults.schema.json
index 00d1e4168..3f61f05f5 100644
--- a/fast/stages/0-org-setup/schemas/defaults.schema.json
+++ b/fast/stages/0-org-setup/schemas/defaults.schema.json
@@ -35,6 +35,22 @@
         "organization"
       ]
     },
+    "observability": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "project_id",
+        "number"
+      ],
+      "properties": {
+        "project_id": {
+          "type": "string"
+        },
+        "number": {
+          "type": "string"
+        }
+      }
+    },
     "projects": {
       "type": "object",
       "additionalProperties": false,
diff --git a/fast/stages/0-org-setup/schemas/defaults.schema.md b/fast/stages/0-org-setup/schemas/defaults.schema.md
index 00eb67e28..336eb607e 100644
--- a/fast/stages/0-org-setup/schemas/defaults.schema.md
+++ b/fast/stages/0-org-setup/schemas/defaults.schema.md
@@ -14,6 +14,10 @@
     - **customer_id**: *string*
     - **domain**: *string*
     - ⁺**id**: *integer*
+- **observability**: *object*
+  <br>*additional properties: false*
+  - ⁺**project_id**: *string*
+  - ⁺**number**: *string*
 - **projects**: *object*
   <br>*additional properties: false*
   - **defaults**: *object*
diff --git a/tests/fast/stages/s0_org_setup/data-hardened/defaults.yaml b/tests/fast/stages/s0_org_setup/data-hardened/defaults.yaml
index 3cea6693e..f9807b091 100644
--- a/tests/fast/stages/s0_org_setup/data-hardened/defaults.yaml
+++ b/tests/fast/stages/s0_org_setup/data-hardened/defaults.yaml
@@ -22,6 +22,9 @@ global:
     domain: example.org
     id: 1234567890
     customer_id: abcd123456
+observability:
+  project_id: $project_ids:log-0
+  number: $project_numbers:log-0
 projects:
   defaults:
     prefix: ft0
@@ -29,9 +32,6 @@ projects:
       bigquery: $locations:primary
       logging: $locations:primary
       storage: $locations:primary
-    observability:
-      project_id: $project_ids:log-0
-      project_number: $project_numbers:log-0
   overrides: {}
 output_files:
   local_path: /tmp/fast-config