Merge remote-tracking branch 'origin/master' into fast-dev

2026-02-09 09:03:16 +00:00
parent 465ab5499a bcca9e44ac
commit 6ca86ed94f
9 changed files with 116 additions and 50 deletions
--- a/modules/net-vlan-attachment/README.md
+++ b/modules/net-vlan-attachment/README.md
@@ -613,6 +613,7 @@ module "example-va-a" {
  description = "example-va-a vlan attachment"
  peer_asn    = "65001"
  router_config = {
+    asn    = 16550
    create = true
  }
  partner_interconnect_config = {
@@ -630,6 +631,7 @@ module "example-va-b" {
  description = "example-va-b vlan attachment"
  peer_asn    = "65001"
  router_config = {
+    asn    = 16550
    create = true
  }
  partner_interconnect_config = {
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
--- a/modules/project-factory/main.tf
+++ b/modules/project-factory/main.tf
@@ -39,7 +39,7 @@ resource "terraform_data" "defaults_preconditions" {
    }
    # precondition {
    #   condition     = local.projects_input == null
-    #   error_message = yamlencode(var.context.condition_vars)
+    #   error_message = jsonencode(local.ctx_tag_values)
    # }
  }
 }
--- a/modules/project-factory/projects.tf
+++ b/modules/project-factory/projects.tf
@@ -49,6 +49,23 @@ locals {
  }
  ctx_project_ids     = merge(local.ctx.project_ids, local.project_ids)
  ctx_project_numbers = merge(local.ctx.project_numbers, local.project_numbers)
+  # cross-project tag contexts, keyed on project name
+  ctx_tag_keys = merge(local.ctx.tag_keys, {
+    for k, v in merge([
+      for pk, pv in local.projects_input : {
+        for tk, tv in module.projects[pk].tag_keys :
+        "${pv.name}/${tk}" => tv.id
+      }
+    ]...) : k => v
+  })
+  ctx_tag_values = merge(local.ctx.tag_values, {
+    for k, v in merge([
+      for pk, pv in local.projects_input : {
+        for tk, tv in module.projects[pk].tag_values :
+        "${pv.name}/${tk}" => tv.id
+      }
+    ]...) : k => v
+  })
  project_ids = {
    for k, v in module.projects : k => v.project_id
  }
@@ -130,10 +147,10 @@ module "projects" {
    each.value.services,
    var.data_merges.services
  ))
-  tag_bindings = merge(
-    each.value.tag_bindings, var.data_merges.tag_bindings
-  )
-  tags                    = each.value.tags
+  tags = each.value.tags
+  tags_config = {
+    ignore_iam = true
+  }
  universe                = each.value.universe
  vpc_sc                  = each.value.vpc_sc
  workload_identity_pools = each.value.workload_identity_pools
@@ -142,7 +159,8 @@ module "projects" {
 module "projects-iam" {
  source   = "../project"
  for_each = local.projects_input
-  name     = module.projects[each.key].project_id
+  name     = each.value.name
+  prefix   = each.value.prefix
  project_reuse = {
    use_data_source = false
    attributes = {
@@ -163,6 +181,8 @@ module "projects-iam" {
      local.ctx.project_ids,
      { for k, v in module.projects : k => v.project_id }
    )
+    tag_keys   = local.ctx_tag_keys
+    tag_values = local.ctx_tag_values
  })
  factories_config = {
    # we do anything that can refer to IAM and custom roles in this call
@@ -186,5 +206,16 @@ module "projects-iam" {
  )
  shared_vpc_host_config    = each.value.shared_vpc_host_config
  shared_vpc_service_config = each.value.shared_vpc_service_config
-  universe                  = each.value.universe
+  tag_bindings = merge(
+    each.value.tag_bindings, var.data_merges.tag_bindings
+  )
+  tags = each.value.tags
+  tags_config = {
+    force_context_ids = true
+  }
+  universe = each.value.universe
+  # we use explicit depends_on as this allows us passing name and prefix
+  depends_on = [
+    module.projects
+  ]
 }
--- a/modules/project-factory/variables.tf
+++ b/modules/project-factory/variables.tf
@@ -30,6 +30,7 @@ variable "context" {
    project_numbers       = optional(map(string), {})
    pubsub_topics         = optional(map(string), {})
    storage_buckets       = optional(map(string), {})
+    tag_keys              = optional(map(string), {})
    tag_values            = optional(map(string), {})
    vpc_host_projects     = optional(map(string), {})
    vpc_sc_perimeters     = optional(map(string), {})
--- a/modules/project/tags.tf
+++ b/modules/project/tags.tf
@@ -46,7 +46,7 @@ locals {
  tags = {
    for k, v in local._tags_merged : k => {
      id = v.id != null ? v.id : (
-        var.tags_config.force_context_ids == true ? "$tag_keys:${k}" : null
+        var.tags_config.force_context_ids == true ? "$tag_keys:${var.name}/${k}" : null
      )
      description = v.description
      iam = var.tags_config.ignore_iam == true ? {} : {
@@ -64,7 +64,7 @@ locals {
      values = {
        for vk, vv in v.values : vk => {
          id = vv.id != null ? vv.id : (
-            var.tags_config.force_context_ids == true ? "$tag_values:${k}/${vk}" : null
+            var.tags_config.force_context_ids == true ? "$tag_values:${var.name}/${k}/${vk}" : null
          )
          description = vv.description
          iam = var.tags_config.ignore_iam == true ? {} : {