Allow configuring project key format in project factory (#3154)

* Configurable project key in project-factory module

* Configurable project key in project-factory module

* add tests

fast/stages/2-project-factory/README.md

@@ -355,17 +355,17 @@ The approach is not shown here but reasonably easy to implement. The main projec
 | [automation](variables-fast.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object&#40;&#123;&#10;  outputs_bucket &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  | <code>0-bootstrap</code> |
 | [billing_account](variables-fast.tf#L26) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object&#40;&#123;&#10;  id           &#61; string&#10;  is_org_level &#61; optional&#40;bool, true&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  | <code>0-bootstrap</code> |
 | [prefix](variables-fast.tf#L101) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ |  | <code>0-bootstrap</code> |
-| [factories_config](variables.tf#L17) | Configuration for YAML-based factories. | <code title="object&#40;&#123;&#10;  folders_data_path  &#61; optional&#40;string, &#34;data&#47;hierarchy&#34;&#41;&#10;  projects_data_path &#61; optional&#40;string, &#34;data&#47;projects&#34;&#41;&#10;  budgets &#61; optional&#40;object&#40;&#123;&#10;    billing_account       &#61; string&#10;    budgets_data_path     &#61; optional&#40;string, &#34;data&#47;budgets&#34;&#41;&#10;    notification_channels &#61; optional&#40;map&#40;any&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;&#10;  context &#61; optional&#40;object&#40;&#123;&#10;    folder_ids        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    kms_keys          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    iam_principals    &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    tag_values        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    vpc_host_projects &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
+| [factories_config](variables.tf#L17) | Configuration for YAML-based factories. | <code title="object&#40;&#123;&#10;  folders_data_path  &#61; optional&#40;string, &#34;data&#47;hierarchy&#34;&#41;&#10;  projects_data_path &#61; optional&#40;string, &#34;data&#47;projects&#34;&#41;&#10;  budgets &#61; optional&#40;object&#40;&#123;&#10;    billing_account       &#61; string&#10;    budgets_data_path     &#61; optional&#40;string, &#34;data&#47;budgets&#34;&#41;&#10;    notification_channels &#61; optional&#40;map&#40;any&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;&#41;&#10;  context &#61; optional&#40;object&#40;&#123;&#10;    folder_ids        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    kms_keys          &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    iam_principals    &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    tag_values        &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;    vpc_host_projects &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;  projects_config &#61; optional&#40;object&#40;&#123;&#10;    key_ignores_path &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 | [folder_ids](variables-fast.tf#L39) | Folders created in the resource management stage. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>1-resman</code> |
 | [groups](variables-fast.tf#L47) | Group names or IAM-format principals to grant organization-level permissions. If just the name is provided, the 'group:' principal and organization domain are interpolated. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>0-bootstrap</code> |
 | [host_project_ids](variables-fast.tf#L56) | Host project for the shared VPC. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>2-networking</code> |
 | [kms_keys](variables-fast.tf#L64) | KMS key ids. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>2-security</code> |
 | [locations](variables-fast.tf#L72) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object&#40;&#123;&#10;  gcs &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> | <code>0-bootstrap</code> |
 | [org_policy_tags](variables-fast.tf#L90) | Optional organization policy tag values. | <code title="object&#40;&#123;&#10;  key_name &#61; optional&#40;string, &#34;org-policies&#34;&#41;&#10;  values   &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> | <code>0-bootstrap</code> |
-| [outputs_location](variables.tf#L39) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | <code>string</code> |  | <code>null</code> |  |
+| [outputs_location](variables.tf#L42) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | <code>string</code> |  | <code>null</code> |  |
 | [perimeters](variables-fast.tf#L82) | Optional VPC-SC perimeter ids. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>1-vpcsc</code> |
 | [service_accounts](variables-fast.tf#L111) | Automation service accounts in name => email format. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>1-resman</code> |
-| [stage_name](variables.tf#L45) | FAST stage name. Used to separate output files across different factories. | <code>string</code> |  | <code>&#34;2-project-factory&#34;</code> |  |
+| [stage_name](variables.tf#L48) | FAST stage name. Used to separate output files across different factories. | <code>string</code> |  | <code>&#34;2-project-factory&#34;</code> |  |
 | [tag_values](variables-fast.tf#L119) | FAST-managed resource manager tag values. | <code>map&#40;string&#41;</code> |  | <code>&#123;&#125;</code> | <code>1-resman</code> |
 
 ## Outputs

fast/stages/2-project-factory/variables.tf

@@ -31,6 +31,9 @@ variable "factories_config" {
       tag_values        = optional(map(string), {})
       vpc_host_projects = optional(map(string), {})
     }), {})
+    projects_config = optional(object({
+      key_ignores_path = optional(bool, false)
+    }), {})
   })
   nullable = false
   default  = {}

modules/project-factory/factory-projects.tf

@@ -31,10 +31,15 @@ locals {
     for f in try(fileset(local._project_path, "**/*.yaml"), []) :
     trimsuffix(f, ".yaml") => yamldecode(file("${local._project_path}/${f}"))
   }
-  _projects_input = merge(
+  _projects_input = {
-    local._hierarchy_projects_full_path,
+    for k, v in merge(
-    local._projects_full_path
+      local._hierarchy_projects_full_path, local._projects_full_path
-  )
+      ) : (
+      var.factories_config.projects_config.key_ignores_path == true
+      ? basename(k)
+      : k
+    ) => v
+  }
   _project_budgets = flatten([
     for k, v in local._projects_input : [
       for b in try(v.billing_budgets, []) : {
@@ -48,9 +53,13 @@ locals {
     data_defaults  = var.data_defaults
   }
   projects = {
-    for k, v in local._projects_output : k => merge({
+    for k, v in local._projects_output : (
-      buckets          = try(v.buckets, {})
+      var.factories_config.projects_config.key_ignores_path == true
-      service_accounts = try(v.service_accounts, {})
+      ? basename(k)
+      : k
+      ) => merge({
+        buckets          = try(v.buckets, {})
+        service_accounts = try(v.service_accounts, {})
     }, v)
   }
   project_budgets = {

modules/project-factory/variables.tf

@@ -131,6 +131,8 @@ variable "data_overrides" {
 variable "factories_config" {
   description = "Path to folder with YAML resource description data files."
   type = object({
+    folders_data_path  = optional(string)
+    projects_data_path = optional(string)
     budgets = optional(object({
       billing_account   = string
       budgets_data_path = string
@@ -146,8 +148,9 @@ variable "factories_config" {
       vpc_host_projects     = optional(map(string), {})
       notification_channels = optional(map(string), {})
     }), {})
-    folders_data_path  = optional(string)
+    projects_config = optional(object({
-    projects_data_path = optional(string)
+      key_ignores_path = optional(bool, false)
+    }), {})
   })
   nullable = false
 }

tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/_config.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/folder.schema.json
+
+name: Team A
+parent: teams
+# iam_by_principals:
+#   "group:team-a-admins@example.com":
+#     - roles/viewer

tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/dev/_config.yaml

@@ -0,0 +1,22 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/folder.schema.json
+
+name: Development
+tag_bindings:
+  environment: environment/development
+# iam_by_principals:
+#   "group:team-a-admins@example.com":
+#     - roles/editor

tests/modules/project_factory/data/key_ignores_path/hierarchy/team-a/prod/_config.yaml

@@ -0,0 +1,19 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/folder.schema.json
+
+name: Production
+tag_bindings:
+  environment: environment/production

tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/_config.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/folder.schema.json
+
+name: Team B
+parent: teams
+# iam_by_principals:
+#   "group:team-b-admins@example.com":
+#     - roles/viewer

tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/dev/_config.yaml

@@ -0,0 +1,22 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/folder.schema.json
+
+name: Development
+tag_bindings:
+  environment: environment/development
+# iam_by_principals:
+#   "group:team-b-admins@example.com":
+#     - roles/editor

tests/modules/project_factory/data/key_ignores_path/hierarchy/team-b/prod/_config.yaml

@@ -0,0 +1,19 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/folder.schema.json
+
+name: Production
+tag_bindings:
+  environment: environment/production

tests/modules/project_factory/data/key_ignores_path/projects/dev-tb-0.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../../../modules/project-factory/schemas/project.schema.json
+
+parent: team-b/dev
+shared_vpc_service_config:
+  host_project: dev-spoke-0
+  network_users:
+    - gcp-devops

tests/modules/project_factory/data/key_ignores_path/projects/prod-tb-0.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../../../modules/project-factory/schemas/project.schema.json
+
+parent: team-b/prod
+shared_vpc_service_config:
+  host_project: prod-spoke-0
+  network_users:
+    - gcp-devops

tests/modules/project_factory/data/key_ignores_path/projects/team-a/dev-ta-0.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../../../../modules/project-factory/schemas/project.schema.json
+
+parent: team-a/dev
+shared_vpc_service_config:
+  host_project: dev-spoke-0
+  network_users:
+    - gcp-devops

tests/modules/project_factory/data/key_ignores_path/projects/team-a/prod-ta-0.yaml

@@ -0,0 +1,21 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../../../../modules/project-factory/schemas/project.schema.json
+
+parent: team-a/prod
+shared_vpc_service_config:
+  host_project: prod-spoke-0
+  network_users:
+    - gcp-devops

tests/modules/project_factory/key_ignores_path.tfvars

@@ -0,0 +1,40 @@
+data_defaults = {
+  billing_account  = "1245-5678-9012"
+  parent           = "folders/1234"
+  storage_location = "EU"
+  contacts = {
+    "admin-default@example.org" = ["ALL"]
+  }
+  tag_bindings = {
+    name1 = "default-id1"
+    name2 = "default-id2"
+  }
+  services = [
+    "default-service.googleapis.com"
+  ]
+}
+data_overrides = {
+  prefix = "test-pf"
+}
+factories_config = {
+  folders_data_path  = "key_ignores_path/hierarchy"
+  projects_data_path = "key_ignores_path/projects"
+  projects_config = {
+    key_ignores_path = true
+  }
+  context = {
+    folder_ids = {
+      default = "folders/5678901234"
+      teams   = "folders/5678901234"
+    }
+    iam_principals = {
+      gcp-devops = "group:gcp-devops@example.org"
+    }
+    tag_values = {
+      "org-policies/drs-allow-all" = "tagValues/123456"
+    }
+    vpc_host_projects = {
+      dev-spoke-0 = "test-pf-dev-net-spoke-0"
+    }
+  }
+}

tests/modules/project_factory/key_ignores_path.yaml

@@ -0,0 +1,238 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.hierarchy-folder-lvl-1["team-a"].google_folder.folder[0]:
+    deletion_protection: false
+    display_name: Team A
+    parent: folders/5678901234
+    tags: null
+    timeouts: null
+  module.hierarchy-folder-lvl-1["team-b"].google_folder.folder[0]:
+    deletion_protection: false
+    display_name: Team B
+    parent: folders/5678901234
+    tags: null
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-a/dev"].google_folder.folder[0]:
+    deletion_protection: false
+    display_name: Development
+    tags: null
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-a/dev"].google_tags_tag_binding.binding["environment"]:
+    tag_value: environment/development
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-a/prod"].google_folder.folder[0]:
+    deletion_protection: false
+    display_name: Production
+    tags: null
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-a/prod"].google_tags_tag_binding.binding["environment"]:
+    tag_value: environment/production
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-b/dev"].google_folder.folder[0]:
+    deletion_protection: false
+    display_name: Development
+    tags: null
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-b/dev"].google_tags_tag_binding.binding["environment"]:
+    tag_value: environment/development
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-b/prod"].google_folder.folder[0]:
+    deletion_protection: false
+    display_name: Production
+    tags: null
+    timeouts: null
+  module.hierarchy-folder-lvl-2["team-b/prod"].google_tags_tag_binding.binding["environment"]:
+    tag_value: environment/production
+    timeouts: null
+  module.projects-iam["dev-ta-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]:
+    deletion_policy: null
+    host_project: test-pf-dev-net-spoke-0
+    service_project: test-pf-dev-ta-0
+    timeouts: null
+  module.projects-iam["dev-ta-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]:
+    condition: []
+    member: group:gcp-devops@example.org
+    project: test-pf-dev-net-spoke-0
+    role: roles/compute.networkUser
+  module.projects-iam["dev-tb-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]:
+    deletion_policy: null
+    host_project: test-pf-dev-net-spoke-0
+    service_project: test-pf-dev-tb-0
+    timeouts: null
+  module.projects-iam["dev-tb-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]:
+    condition: []
+    member: group:gcp-devops@example.org
+    project: test-pf-dev-net-spoke-0
+    role: roles/compute.networkUser
+  module.projects-iam["prod-ta-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]:
+    deletion_policy: null
+    host_project: prod-spoke-0
+    service_project: test-pf-prod-ta-0
+    timeouts: null
+  module.projects-iam["prod-ta-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]:
+    condition: []
+    member: group:gcp-devops@example.org
+    project: prod-spoke-0
+    role: roles/compute.networkUser
+  module.projects-iam["prod-tb-0"].google_compute_shared_vpc_service_project.shared_vpc_service[0]:
+    deletion_policy: null
+    host_project: prod-spoke-0
+    service_project: test-pf-prod-tb-0
+    timeouts: null
+  module.projects-iam["prod-tb-0"].google_project_iam_member.shared_vpc_host_iam["group:gcp-devops@example.org"]:
+    condition: []
+    member: group:gcp-devops@example.org
+    project: prod-spoke-0
+    role: roles/compute.networkUser
+  module.projects["dev-ta-0"].google_essential_contacts_contact.contact["admin-default@example.org"]:
+    email: admin-default@example.org
+    language_tag: en
+    notification_category_subscriptions:
+    - ALL
+    parent: projects/test-pf-dev-ta-0
+    timeouts: null
+  module.projects["dev-ta-0"].google_project.project[0]:
+    auto_create_network: false
+    billing_account: 1245-5678-9012
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    name: test-pf-dev-ta-0
+    project_id: test-pf-dev-ta-0
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.projects["dev-ta-0"].google_project_service.project_services["default-service.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-pf-dev-ta-0
+    service: default-service.googleapis.com
+    timeouts: null
+  module.projects["dev-ta-0"].google_tags_tag_binding.binding["name1"]:
+    tag_value: default-id1
+    timeouts: null
+  module.projects["dev-ta-0"].google_tags_tag_binding.binding["name2"]:
+    tag_value: default-id2
+    timeouts: null
+  module.projects["dev-tb-0"].google_essential_contacts_contact.contact["admin-default@example.org"]:
+    email: admin-default@example.org
+    language_tag: en
+    notification_category_subscriptions:
+    - ALL
+    parent: projects/test-pf-dev-tb-0
+    timeouts: null
+  module.projects["dev-tb-0"].google_project.project[0]:
+    auto_create_network: false
+    billing_account: 1245-5678-9012
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    name: test-pf-dev-tb-0
+    project_id: test-pf-dev-tb-0
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.projects["dev-tb-0"].google_project_service.project_services["default-service.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-pf-dev-tb-0
+    service: default-service.googleapis.com
+    timeouts: null
+  module.projects["dev-tb-0"].google_tags_tag_binding.binding["name1"]:
+    tag_value: default-id1
+    timeouts: null
+  module.projects["dev-tb-0"].google_tags_tag_binding.binding["name2"]:
+    tag_value: default-id2
+    timeouts: null
+  module.projects["prod-ta-0"].google_essential_contacts_contact.contact["admin-default@example.org"]:
+    email: admin-default@example.org
+    language_tag: en
+    notification_category_subscriptions:
+    - ALL
+    parent: projects/test-pf-prod-ta-0
+    timeouts: null
+  module.projects["prod-ta-0"].google_project.project[0]:
+    auto_create_network: false
+    billing_account: 1245-5678-9012
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    name: test-pf-prod-ta-0
+    project_id: test-pf-prod-ta-0
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.projects["prod-ta-0"].google_project_service.project_services["default-service.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-pf-prod-ta-0
+    service: default-service.googleapis.com
+    timeouts: null
+  module.projects["prod-ta-0"].google_tags_tag_binding.binding["name1"]:
+    tag_value: default-id1
+    timeouts: null
+  module.projects["prod-ta-0"].google_tags_tag_binding.binding["name2"]:
+    tag_value: default-id2
+    timeouts: null
+  module.projects["prod-tb-0"].google_essential_contacts_contact.contact["admin-default@example.org"]:
+    email: admin-default@example.org
+    language_tag: en
+    notification_category_subscriptions:
+    - ALL
+    parent: projects/test-pf-prod-tb-0
+    timeouts: null
+  module.projects["prod-tb-0"].google_project.project[0]:
+    auto_create_network: false
+    billing_account: 1245-5678-9012
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    name: test-pf-prod-tb-0
+    project_id: test-pf-prod-tb-0
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.projects["prod-tb-0"].google_project_service.project_services["default-service.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-pf-prod-tb-0
+    service: default-service.googleapis.com
+    timeouts: null
+  module.projects["prod-tb-0"].google_tags_tag_binding.binding["name1"]:
+    tag_value: default-id1
+    timeouts: null
+  module.projects["prod-tb-0"].google_tags_tag_binding.binding["name2"]:
+    tag_value: default-id2
+    timeouts: null
+
+counts:
+  google_compute_shared_vpc_service_project: 4
+  google_essential_contacts_contact: 4
+  google_folder: 6
+  google_project: 4
+  google_project_iam_member: 4
+  google_project_service: 4
+  google_tags_tag_binding: 12
+  modules: 14
+  resources: 38

tests/modules/project_factory/tftest.yaml

@@ -24,3 +24,6 @@ tests:
   data_overrides_defaults:
     extra_dirs:
       - ../../tests/modules/project_factory/data/data_overrides_defaults/projects
+  key_ignores_path:
+    extra_dirs:
+      - ../../tests/modules/project_factory/data/key_ignores_path