kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fast-dev

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2026-02-09 09:03:16 +00:00
parent 465ab5499a bcca9e44ac
commit 6ca86ed94f
9 changed files with 116 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
fast/stages/fast-links.sh
View File

@@ -1,5 +1,5 @@
#!/bin/bash
# Copyright 2024 Google LLC
#!/bin/env bash
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

2
modules/net-vlan-attachment/README.md
View File

@@ -613,6 +613,7 @@ module "example-va-a" {
description = "example-va-a vlan attachment"
peer_asn = "65001"
router_config = {
asn = 16550
create = true
}
partner_interconnect_config = {
@@ -630,6 +631,7 @@ module "example-va-b" {
description = "example-va-b vlan attachment"
peer_asn = "65001"
router_config = {
asn = 16550
create = true
}
partner_interconnect_config = {

43
modules/project-factory/README.md
View File

File diff suppressed because one or more lines are too long

2
modules/project-factory/main.tf
View File

@@ -39,7 +39,7 @@ resource "terraform_data" "defaults_preconditions" {
}
# precondition {
# condition = local.projects_input == null
# error_message = yamlencode(var.context.condition_vars)
# error_message = jsonencode(local.ctx_tag_values)
# }
}
}

43
modules/project-factory/projects.tf
View File

@@ -49,6 +49,23 @@ locals {
}
ctx_project_ids = merge(local.ctx.project_ids, local.project_ids)
ctx_project_numbers = merge(local.ctx.project_numbers, local.project_numbers)
# cross-project tag contexts, keyed on project name
ctx_tag_keys = merge(local.ctx.tag_keys, {
for k, v in merge([
for pk, pv in local.projects_input : {
for tk, tv in module.projects[pk].tag_keys :
"${pv.name}/${tk}" => tv.id
}
]...) : k => v
})
ctx_tag_values = merge(local.ctx.tag_values, {
for k, v in merge([
for pk, pv in local.projects_input : {
for tk, tv in module.projects[pk].tag_values :
"${pv.name}/${tk}" => tv.id
}
]...) : k => v
})
project_ids = {
for k, v in module.projects : k => v.project_id
}
@@ -130,10 +147,10 @@ module "projects" {
each.value.services,
var.data_merges.services
))
tag_bindings = merge(
each.value.tag_bindings, var.data_merges.tag_bindings
)
tags = each.value.tags
tags = each.value.tags
tags_config = {
ignore_iam = true
}
universe = each.value.universe
vpc_sc = each.value.vpc_sc
workload_identity_pools = each.value.workload_identity_pools
@@ -142,7 +159,8 @@ module "projects" {
module "projects-iam" {
source = "../project"
for_each = local.projects_input
name = module.projects[each.key].project_id
name = each.value.name
prefix = each.value.prefix
project_reuse = {
use_data_source = false
attributes = {
@@ -163,6 +181,8 @@ module "projects-iam" {
local.ctx.project_ids,
{ for k, v in module.projects : k => v.project_id }
)
tag_keys = local.ctx_tag_keys
tag_values = local.ctx_tag_values
})
factories_config = {
# we do anything that can refer to IAM and custom roles in this call
@@ -186,5 +206,16 @@ module "projects-iam" {
)
shared_vpc_host_config = each.value.shared_vpc_host_config
shared_vpc_service_config = each.value.shared_vpc_service_config
universe = each.value.universe
tag_bindings = merge(
each.value.tag_bindings, var.data_merges.tag_bindings
)
tags = each.value.tags
tags_config = {
force_context_ids = true
}
universe = each.value.universe
# we use explicit depends_on as this allows us passing name and prefix
depends_on = [
module.projects
]
}

1
modules/project-factory/variables.tf
View File

@@ -30,6 +30,7 @@ variable "context" {
project_numbers = optional(map(string), {})
pubsub_topics = optional(map(string), {})
storage_buckets = optional(map(string), {})
tag_keys = optional(map(string), {})
tag_values = optional(map(string), {})
vpc_host_projects = optional(map(string), {})
vpc_sc_perimeters = optional(map(string), {})

4
modules/project/tags.tf
View File

@@ -46,7 +46,7 @@ locals {
tags = {
for k, v in local._tags_merged : k => {
id = v.id != null ? v.id : (
var.tags_config.force_context_ids == true ? "$tag_keys:${k}" : null
var.tags_config.force_context_ids == true ? "$tag_keys:${var.name}/${k}" : null
)
description = v.description
iam = var.tags_config.ignore_iam == true ? {} : {
@@ -64,7 +64,7 @@ locals {
values = {
for vk, vv in v.values : vk => {
id = vv.id != null ? vv.id : (
var.tags_config.force_context_ids == true ? "$tag_values:${k}/${vk}" : null
var.tags_config.force_context_ids == true ? "$tag_values:${var.name}/${k}/${vk}" : null
)
description = vv.description
iam = var.tags_config.ignore_iam == true ? {} : {

17
tests/modules/project_factory/examples/example.yaml
View File

@@ -357,6 +357,14 @@ values:
: condition: []
project: $project_ids:dev-spoke-0
role: roles/container.hostServiceAgentUser
module.project-factory.module.projects-iam["dev-ta-app0-be"].google_tags_tag_binding.binding["context"]:
tag_value: tagValues/654321
timeouts: null
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_tags_tag_value_iam_binding.default["my-tag-key-1/my-value-2:roles/resourcemanager.tagUser"]
: condition: []
members:
- user:user@example.com
role: roles/resourcemanager.tagUser
module.project-factory.module.projects-iam["dev-tb-app0-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
project: test-pf-dev-tb-app0-0
timeouts: null
@@ -478,10 +486,8 @@ values:
project: test-pf-dev-ta-app0-be
service: pubsub.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_binding.binding["context"]:
tag_value: tagValues/654321
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_key.default["my-tag-key-1"]:
allowed_values_regex: null
description: Managed by the Terraform project-factory module.
parent: projects/test-pf-dev-ta-app0-be
purpose: null
@@ -496,11 +502,6 @@ values:
description: My value 3
short_name: my-value-2
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_value_iam_binding.default["my-tag-key-1/my-value-2:roles/resourcemanager.tagUser"]
: condition: []
members:
- user:user@example.com
role: roles/resourcemanager.tagUser
module.project-factory.module.projects["dev-tb-app0-0"].data.google_storage_project_service_account.gcs_sa[0]:
project: test-pf-dev-tb-app0-0
user_project: null

50
tests/modules/project_factory/examples/test-1.yaml
View File

@@ -21,6 +21,19 @@ values:
member: user:user1@example.com
project: foo-test-0
role: roles/viewer
? module.project-factory.module.projects-iam["test-0"].google_tags_tag_value_iam_binding.default["context/project-factory:roles/resourcemanager.tagUser"]
: condition: []
members:
- serviceAccount:tag-test@test-1.iam.gserviceaccount.com
- user:user1@example.com
role: roles/resourcemanager.tagUser
module.project-factory.module.projects-iam["test-1"].google_tags_tag_binding.binding["org-level"]:
tag_value: tagValues/1234567890
timeouts: null
module.project-factory.module.projects-iam["test-1"].google_tags_tag_binding.binding["project-level"]:
# tag_value is undefined at plan time as it depends on the tag
# tag_value: $tag_values:test-0/context/project-factory
timeouts: null
module.project-factory.module.projects["test-0"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-ABCDEF
@@ -83,23 +96,18 @@ values:
project: foo-test-0
service: container.googleapis.com
timeouts: null
module.project-factory.module.projects["test-0"].google_tags_tag_key.default["allow-key-creation"]:
module.project-factory.module.projects["test-0"].google_tags_tag_key.default["context"]:
allowed_values_regex: null
description: Allow key creation for automation service account
description: Test org-level tag value shadowing.
parent: projects/foo-test-0
purpose: null
purpose_data: null
short_name: allow-key-creation
short_name: context
timeouts: null
module.project-factory.module.projects["test-0"].google_tags_tag_value.default["allow-key-creation/allow"]:
description: Allow key creation
short_name: allow
module.project-factory.module.projects["test-0"].google_tags_tag_value.default["context/project-factory"]:
description: Test value.
short_name: project-factory
timeouts: null
? module.project-factory.module.projects["test-0"].google_tags_tag_value_iam_binding.default["allow-key-creation/allow:roles/resourcemanager.tagUser"]
: condition: []
members:
- $iam_principals:service_accounts/tags-iam-test/automation/rw
role: roles/resourcemanager.tagUser
module.project-factory.module.projects["test-1"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-ABCDEF
@@ -144,9 +152,6 @@ values:
: project: test-1
service: contactcenteraiplatform.googleapis.com
timeouts: null
module.project-factory.module.projects["test-1"].google_tags_tag_binding.binding["test"]:
tag_value: $tag_values/
timeouts: null
module.project-factory.module.projects["test-2"].data.google_storage_project_service_account.gcs_sa[0]:
project: bar-test-2
user_project: null
@@ -190,6 +195,16 @@ values:
project: bar-test-2
service: storage.googleapis.com
timeouts: null
module.project-factory.module.service-accounts["test-1/tag-test"].google_service_account.service_account[0]:
account_id: tag-test
create_ignore_already_exists: null
description: null
disabled: false
display_name: Terraform-managed.
email: tag-test@test-1.iam.gserviceaccount.com
member: serviceAccount:tag-test@test-1.iam.gserviceaccount.com
project: test-1
timeouts: null
module.project-factory.terraform_data.defaults_preconditions:
input: null
output: null
@@ -204,11 +219,12 @@ counts:
google_project_iam_member: 6
google_project_service: 10
google_project_service_identity: 3
google_service_account: 1
google_storage_project_service_account: 1
google_tags_tag_binding: 1
google_tags_tag_binding: 2
google_tags_tag_key: 1
google_tags_tag_value: 1
google_tags_tag_value_iam_binding: 1
modules: 5
resources: 29
modules: 7
resources: 31
terraform_data: 2