From 7d008be2cbc9da9454aee8a54cb6afaec4a05210 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 11 Jun 2025 13:18:03 +0200 Subject: [PATCH] Allow configuring project key format in project factory (#3154) * Configurable project key in project-factory module * Configurable project key in project-factory module * add tests --- fast/stages/2-project-factory/README.md | 6 +- fast/stages/2-project-factory/variables.tf | 3 + modules/project-factory/README.md | 4 +- modules/project-factory/factory-projects.tf | 23 +- modules/project-factory/variables.tf | 7 +- .../hierarchy/team-a/_config.yaml | 21 ++ .../hierarchy/team-a/dev/_config.yaml | 22 ++ .../hierarchy/team-a/prod/_config.yaml | 19 ++ .../hierarchy/team-b/_config.yaml | 21 ++ .../hierarchy/team-b/dev/_config.yaml | 22 ++ .../hierarchy/team-b/prod/_config.yaml | 19 ++ .../key_ignores_path/projects/dev-tb-0.yaml | 21 ++ .../key_ignores_path/projects/prod-tb-0.yaml | 21 ++ .../projects/team-a/dev-ta-0.yaml | 21 ++ .../projects/team-a/prod-ta-0.yaml | 21 ++ .../project_factory/key_ignores_path.tfvars | 40 +++ .../project_factory/key_ignores_path.yaml | 238 ++++++++++++++++++ tests/modules/project_factory/tftest.yaml | 3 + 18 files changed, 518 insertions(+), 14 deletions(-) create mode 100644 tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/_config.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/dev/_config.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/prod/_config.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/_config.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/dev/_config.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/prod/_config.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/projects/dev-tb-0.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/projects/prod-tb-0.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/projects/team-a/dev-ta-0.yaml create mode 100644 tests/modules/project_factory/data/key_ignores_path/projects/team-a/prod-ta-0.yaml create mode 100644 tests/modules/project_factory/key_ignores_path.tfvars create mode 100644 tests/modules/project_factory/key_ignores_path.yaml diff --git a/fast/stages/2-project-factory/README.md b/fast/stages/2-project-factory/README.md index e62ec48f6..7f763ead8 100644 --- a/fast/stages/2-project-factory/README.md +++ b/fast/stages/2-project-factory/README.md @@ -355,17 +355,17 @@ The approach is not shown here but reasonably easy to implement. The main projec | [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap | | [billing_account](variables-fast.tf#L26) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | | [prefix](variables-fast.tf#L101) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-bootstrap | -| [factories_config](variables.tf#L17) | Configuration for YAML-based factories. | object({…}) | | {} | | +| [factories_config](variables.tf#L17) | Configuration for YAML-based factories. | object({…}) | | {} | | | [folder_ids](variables-fast.tf#L39) | Folders created in the resource management stage. | map(string) | | {} | 1-resman | | [groups](variables-fast.tf#L47) | Group names or IAM-format principals to grant organization-level permissions. If just the name is provided, the 'group:' principal and organization domain are interpolated. | map(string) | | {} | 0-bootstrap | | [host_project_ids](variables-fast.tf#L56) | Host project for the shared VPC. | map(string) | | {} | 2-networking | | [kms_keys](variables-fast.tf#L64) | KMS key ids. | map(string) | | {} | 2-security | | [locations](variables-fast.tf#L72) | Optional locations for GCS, BigQuery, and logging buckets created here. | object({…}) | | {} | 0-bootstrap | | [org_policy_tags](variables-fast.tf#L90) | Optional organization policy tag values. | object({…}) | | {} | 0-bootstrap | -| [outputs_location](variables.tf#L39) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string | | null | | +| [outputs_location](variables.tf#L42) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string | | null | | | [perimeters](variables-fast.tf#L82) | Optional VPC-SC perimeter ids. | map(string) | | {} | 1-vpcsc | | [service_accounts](variables-fast.tf#L111) | Automation service accounts in name => email format. | map(string) | | {} | 1-resman | -| [stage_name](variables.tf#L45) | FAST stage name. Used to separate output files across different factories. | string | | "2-project-factory" | | +| [stage_name](variables.tf#L48) | FAST stage name. Used to separate output files across different factories. | string | | "2-project-factory" | | | [tag_values](variables-fast.tf#L119) | FAST-managed resource manager tag values. | map(string) | | {} | 1-resman | ## Outputs diff --git a/fast/stages/2-project-factory/variables.tf b/fast/stages/2-project-factory/variables.tf index 29c9a9b35..76105d217 100644 --- a/fast/stages/2-project-factory/variables.tf +++ b/fast/stages/2-project-factory/variables.tf @@ -31,6 +31,9 @@ variable "factories_config" { tag_values = optional(map(string), {}) vpc_host_projects = optional(map(string), {}) }), {}) + projects_config = optional(object({ + key_ignores_path = optional(bool, false) + }), {}) }) nullable = false default = {} diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md index 45c738c63..707a15ad7 100644 --- a/modules/project-factory/README.md +++ b/modules/project-factory/README.md @@ -523,11 +523,11 @@ service_accounts: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [factories_config](variables.tf#L131) | Path to folder with YAML resource description data files. | object({…}) | ✓ | | +| [factories_config](variables.tf#L131) | Path to folder with YAML resource description data files. | object({…}) | ✓ | | | [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | object({…}) | | {} | | [data_merges](variables.tf#L73) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | object({…}) | | {} | | [data_overrides](variables.tf#L92) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} | -| [factories_data](variables.tf#L155) | Alternate factory data input allowing to use this module as a library. Merged with local YAML data. | object({…}) | | {} | +| [factories_data](variables.tf#L158) | Alternate factory data input allowing to use this module as a library. Merged with local YAML data. | object({…}) | | {} | ## Outputs diff --git a/modules/project-factory/factory-projects.tf b/modules/project-factory/factory-projects.tf index 10b465548..eb0996f39 100644 --- a/modules/project-factory/factory-projects.tf +++ b/modules/project-factory/factory-projects.tf @@ -31,10 +31,15 @@ locals { for f in try(fileset(local._project_path, "**/*.yaml"), []) : trimsuffix(f, ".yaml") => yamldecode(file("${local._project_path}/${f}")) } - _projects_input = merge( - local._hierarchy_projects_full_path, - local._projects_full_path - ) + _projects_input = { + for k, v in merge( + local._hierarchy_projects_full_path, local._projects_full_path + ) : ( + var.factories_config.projects_config.key_ignores_path == true + ? basename(k) + : k + ) => v + } _project_budgets = flatten([ for k, v in local._projects_input : [ for b in try(v.billing_budgets, []) : { @@ -48,9 +53,13 @@ locals { data_defaults = var.data_defaults } projects = { - for k, v in local._projects_output : k => merge({ - buckets = try(v.buckets, {}) - service_accounts = try(v.service_accounts, {}) + for k, v in local._projects_output : ( + var.factories_config.projects_config.key_ignores_path == true + ? basename(k) + : k + ) => merge({ + buckets = try(v.buckets, {}) + service_accounts = try(v.service_accounts, {}) }, v) } project_budgets = { diff --git a/modules/project-factory/variables.tf b/modules/project-factory/variables.tf index 452c0210a..36cb67cda 100644 --- a/modules/project-factory/variables.tf +++ b/modules/project-factory/variables.tf @@ -131,6 +131,8 @@ variable "data_overrides" { variable "factories_config" { description = "Path to folder with YAML resource description data files." type = object({ + folders_data_path = optional(string) + projects_data_path = optional(string) budgets = optional(object({ billing_account = string budgets_data_path = string @@ -146,8 +148,9 @@ variable "factories_config" { vpc_host_projects = optional(map(string), {}) notification_channels = optional(map(string), {}) }), {}) - folders_data_path = optional(string) - projects_data_path = optional(string) + projects_config = optional(object({ + key_ignores_path = optional(bool, false) + }), {}) }) nullable = false } diff --git a/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/_config.yaml b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/_config.yaml new file mode 100644 index 000000000..410d9e86f --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/_config.yaml @@ -0,0 +1,21 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../schemas/folder.schema.json + +name: Team A +parent: teams +# iam_by_principals: +# "group:team-a-admins@example.com": +# - roles/viewer diff --git a/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/dev/_config.yaml b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/dev/_config.yaml new file mode 100644 index 000000000..da77cb7f1 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/dev/_config.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../schemas/folder.schema.json + +name: Development +tag_bindings: + environment: environment/development +# iam_by_principals: +# "group:team-a-admins@example.com": +# - roles/editor diff --git a/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/prod/_config.yaml b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/prod/_config.yaml new file mode 100644 index 000000000..a7079ab36 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/prod/_config.yaml @@ -0,0 +1,19 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../schemas/folder.schema.json + +name: Production +tag_bindings: + environment: environment/production \ No newline at end of file diff --git a/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/_config.yaml b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/_config.yaml new file mode 100644 index 000000000..80d5faa67 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/_config.yaml @@ -0,0 +1,21 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../schemas/folder.schema.json + +name: Team B +parent: teams +# iam_by_principals: +# "group:team-b-admins@example.com": +# - roles/viewer diff --git a/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/dev/_config.yaml b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/dev/_config.yaml new file mode 100644 index 000000000..e50bb7308 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/dev/_config.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../schemas/folder.schema.json + +name: Development +tag_bindings: + environment: environment/development +# iam_by_principals: +# "group:team-b-admins@example.com": +# - roles/editor diff --git a/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/prod/_config.yaml b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/prod/_config.yaml new file mode 100644 index 000000000..a7079ab36 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/prod/_config.yaml @@ -0,0 +1,19 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../schemas/folder.schema.json + +name: Production +tag_bindings: + environment: environment/production \ No newline at end of file diff --git a/tests/modules/project_factory/data/key_ignores_path/projects/dev-tb-0.yaml b/tests/modules/project_factory/data/key_ignores_path/projects/dev-tb-0.yaml new file mode 100644 index 000000000..655c55547 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/projects/dev-tb-0.yaml @@ -0,0 +1,21 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../../../modules/project-factory/schemas/project.schema.json + +parent: team-b/dev +shared_vpc_service_config: + host_project: dev-spoke-0 + network_users: + - gcp-devops \ No newline at end of file diff --git a/tests/modules/project_factory/data/key_ignores_path/projects/prod-tb-0.yaml b/tests/modules/project_factory/data/key_ignores_path/projects/prod-tb-0.yaml new file mode 100644 index 000000000..dbb0ceb05 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/projects/prod-tb-0.yaml @@ -0,0 +1,21 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../../../modules/project-factory/schemas/project.schema.json + +parent: team-b/prod +shared_vpc_service_config: + host_project: prod-spoke-0 + network_users: + - gcp-devops \ No newline at end of file diff --git a/tests/modules/project_factory/data/key_ignores_path/projects/team-a/dev-ta-0.yaml b/tests/modules/project_factory/data/key_ignores_path/projects/team-a/dev-ta-0.yaml new file mode 100644 index 000000000..d6367411a --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/projects/team-a/dev-ta-0.yaml @@ -0,0 +1,21 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../../../../modules/project-factory/schemas/project.schema.json + +parent: team-a/dev +shared_vpc_service_config: + host_project: dev-spoke-0 + network_users: + - gcp-devops diff --git a/tests/modules/project_factory/data/key_ignores_path/projects/team-a/prod-ta-0.yaml b/tests/modules/project_factory/data/key_ignores_path/projects/team-a/prod-ta-0.yaml new file mode 100644 index 000000000..e8ac47ce9 --- /dev/null +++ b/tests/modules/project_factory/data/key_ignores_path/projects/team-a/prod-ta-0.yaml @@ -0,0 +1,21 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# yaml-language-server: $schema=../../../../../../../modules/project-factory/schemas/project.schema.json + +parent: team-a/prod +shared_vpc_service_config: + host_project: prod-spoke-0 + network_users: + - gcp-devops \ No newline at end of file diff --git a/tests/modules/project_factory/key_ignores_path.tfvars b/tests/modules/project_factory/key_ignores_path.tfvars new file mode 100644 index 000000000..80876e14b --- /dev/null +++ b/tests/modules/project_factory/key_ignores_path.tfvars @@ -0,0 +1,40 @@ +data_defaults = { + billing_account = "1245-5678-9012" + parent = "folders/1234" + storage_location = "EU" + contacts = { + "admin-default@example.org" = ["ALL"] + } + tag_bindings = { + name1 = "default-id1" + name2 = "default-id2" + } + services = [ + "default-service.googleapis.com" + ] +} +data_overrides = { + prefix = "test-pf" +} +factories_config = { + folders_data_path = "key_ignores_path/hierarchy" + projects_data_path = "key_ignores_path/projects" + projects_config = { + key_ignores_path = true + } + context = { + folder_ids = { + default = "folders/5678901234" + teams = "folders/5678901234" + } + iam_principals = { + gcp-devops = "group:gcp-devops@example.org" + } + tag_values = { + "org-policies/drs-allow-all" = "tagValues/123456" + } + vpc_host_projects = { + dev-spoke-0 = "test-pf-dev-net-spoke-0" + } + } +} diff --git a/tests/modules/project_factory/key_ignores_path.yaml b/tests/modules/project_factory/key_ignores_path.yaml new file mode 100644 index 000000000..4c5cb0ae4 --- /dev/null +++ b/tests/modules/project_factory/key_ignores_path.yaml @@ -0,0 +1,238 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.hierarchy-folder-lvl-1["team-a"].google_folder.folder[0]: + deletion_protection: false + display_name: Team A + parent: folders/5678901234 + tags: null + timeouts: null + module.hierarchy-folder-lvl-1["team-b"].google_folder.folder[0]: + deletion_protection: false + display_name: Team B + parent: folders/5678901234 + tags: null + timeouts: null + module.hierarchy-folder-lvl-2["team-a/dev"].google_folder.folder[0]: + deletion_protection: false + display_name: Development + tags: null + timeouts: null + module.hierarchy-folder-lvl-2["team-a/dev"].google_tags_tag_binding.binding["environment"]: + tag_value: environment/development + timeouts: null + module.hierarchy-folder-lvl-2["team-a/prod"].google_folder.folder[0]: + deletion_protection: false + display_name: Production + tags: null + timeouts: null + module.hierarchy-folder-lvl-2["team-a/prod"].google_tags_tag_binding.binding["environment"]: + tag_value: environment/production + timeouts: null + module.hierarchy-folder-lvl-2["team-b/dev"].google_folder.folder[0]: + deletion_protection: false + display_name: Development + tags: null + timeouts: null + module.hierarchy-folder-lvl-2["team-b/dev"].google_tags_tag_binding.binding["environment"]: + tag_value: environment/development + timeouts: null + module.hierarchy-folder-lvl-2["team-b/prod"].google_folder.folder[0]: + deletion_protection: false + display_name: Production + tags: null + timeouts: null + module.hierarchy-folder-lvl-2["team-b/prod"].google_tags_tag_binding.binding["environment"]: + tag_value: environment/production + timeouts: null + module.projects-iam["dev-ta-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]: + deletion_policy: null + host_project: test-pf-dev-net-spoke-0 + service_project: test-pf-dev-ta-0 + timeouts: null + module.projects-iam["dev-ta-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]: + condition: [] + member: group:gcp-devops@example.org + project: test-pf-dev-net-spoke-0 + role: roles/compute.networkUser + module.projects-iam["dev-tb-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]: + deletion_policy: null + host_project: test-pf-dev-net-spoke-0 + service_project: test-pf-dev-tb-0 + timeouts: null + module.projects-iam["dev-tb-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]: + condition: [] + member: group:gcp-devops@example.org + project: test-pf-dev-net-spoke-0 + role: roles/compute.networkUser + module.projects-iam["prod-ta-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]: + deletion_policy: null + host_project: prod-spoke-0 + service_project: test-pf-prod-ta-0 + timeouts: null + module.projects-iam["prod-ta-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]: + condition: [] + member: group:gcp-devops@example.org + project: prod-spoke-0 + role: roles/compute.networkUser + module.projects-iam["prod-tb-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]: + deletion_policy: null + host_project: prod-spoke-0 + service_project: test-pf-prod-tb-0 + timeouts: null + module.projects-iam["prod-tb-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]: + condition: [] + member: group:gcp-devops@example.org + project: prod-spoke-0 + role: roles/compute.networkUser + module.projects["dev-ta-0"].google_essential_contacts_contact.contact["admin-default@example.org"]: + email: admin-default@example.org + language_tag: en + notification_category_subscriptions: + - ALL + parent: projects/test-pf-dev-ta-0 + timeouts: null + module.projects["dev-ta-0"].google_project.project[0]: + auto_create_network: false + billing_account: 1245-5678-9012 + deletion_policy: DELETE + effective_labels: + goog-terraform-provisioned: 'true' + labels: null + name: test-pf-dev-ta-0 + project_id: test-pf-dev-ta-0 + tags: null + terraform_labels: + goog-terraform-provisioned: 'true' + timeouts: null + module.projects["dev-ta-0"].google_project_service.project_services["default-service.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-dev-ta-0 + service: default-service.googleapis.com + timeouts: null + module.projects["dev-ta-0"].google_tags_tag_binding.binding["name1"]: + tag_value: default-id1 + timeouts: null + module.projects["dev-ta-0"].google_tags_tag_binding.binding["name2"]: + tag_value: default-id2 + timeouts: null + module.projects["dev-tb-0"].google_essential_contacts_contact.contact["admin-default@example.org"]: + email: admin-default@example.org + language_tag: en + notification_category_subscriptions: + - ALL + parent: projects/test-pf-dev-tb-0 + timeouts: null + module.projects["dev-tb-0"].google_project.project[0]: + auto_create_network: false + billing_account: 1245-5678-9012 + deletion_policy: DELETE + effective_labels: + goog-terraform-provisioned: 'true' + labels: null + name: test-pf-dev-tb-0 + project_id: test-pf-dev-tb-0 + tags: null + terraform_labels: + goog-terraform-provisioned: 'true' + timeouts: null + module.projects["dev-tb-0"].google_project_service.project_services["default-service.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-dev-tb-0 + service: default-service.googleapis.com + timeouts: null + module.projects["dev-tb-0"].google_tags_tag_binding.binding["name1"]: + tag_value: default-id1 + timeouts: null + module.projects["dev-tb-0"].google_tags_tag_binding.binding["name2"]: + tag_value: default-id2 + timeouts: null + module.projects["prod-ta-0"].google_essential_contacts_contact.contact["admin-default@example.org"]: + email: admin-default@example.org + language_tag: en + notification_category_subscriptions: + - ALL + parent: projects/test-pf-prod-ta-0 + timeouts: null + module.projects["prod-ta-0"].google_project.project[0]: + auto_create_network: false + billing_account: 1245-5678-9012 + deletion_policy: DELETE + effective_labels: + goog-terraform-provisioned: 'true' + labels: null + name: test-pf-prod-ta-0 + project_id: test-pf-prod-ta-0 + tags: null + terraform_labels: + goog-terraform-provisioned: 'true' + timeouts: null + module.projects["prod-ta-0"].google_project_service.project_services["default-service.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prod-ta-0 + service: default-service.googleapis.com + timeouts: null + module.projects["prod-ta-0"].google_tags_tag_binding.binding["name1"]: + tag_value: default-id1 + timeouts: null + module.projects["prod-ta-0"].google_tags_tag_binding.binding["name2"]: + tag_value: default-id2 + timeouts: null + module.projects["prod-tb-0"].google_essential_contacts_contact.contact["admin-default@example.org"]: + email: admin-default@example.org + language_tag: en + notification_category_subscriptions: + - ALL + parent: projects/test-pf-prod-tb-0 + timeouts: null + module.projects["prod-tb-0"].google_project.project[0]: + auto_create_network: false + billing_account: 1245-5678-9012 + deletion_policy: DELETE + effective_labels: + goog-terraform-provisioned: 'true' + labels: null + name: test-pf-prod-tb-0 + project_id: test-pf-prod-tb-0 + tags: null + terraform_labels: + goog-terraform-provisioned: 'true' + timeouts: null + module.projects["prod-tb-0"].google_project_service.project_services["default-service.googleapis.com"]: + disable_dependent_services: false + disable_on_destroy: false + project: test-pf-prod-tb-0 + service: default-service.googleapis.com + timeouts: null + module.projects["prod-tb-0"].google_tags_tag_binding.binding["name1"]: + tag_value: default-id1 + timeouts: null + module.projects["prod-tb-0"].google_tags_tag_binding.binding["name2"]: + tag_value: default-id2 + timeouts: null + +counts: + google_compute_shared_vpc_service_project: 4 + google_essential_contacts_contact: 4 + google_folder: 6 + google_project: 4 + google_project_iam_member: 4 + google_project_service: 4 + google_tags_tag_binding: 12 + modules: 14 + resources: 38 diff --git a/tests/modules/project_factory/tftest.yaml b/tests/modules/project_factory/tftest.yaml index 9960eda2b..d47232354 100644 --- a/tests/modules/project_factory/tftest.yaml +++ b/tests/modules/project_factory/tftest.yaml @@ -24,3 +24,6 @@ tests: data_overrides_defaults: extra_dirs: - ../../tests/modules/project_factory/data/data_overrides_defaults/projects + key_ignores_path: + extra_dirs: + - ../../tests/modules/project_factory/data/key_ignores_path