Fix issues with FAST CI/CD support (#3454)

* wip, broken

* wip

* streamline locals

* tfdoc

* update yaml files

* refactor

tests/fast/stages/s0_org_setup/data-simple/cicd.yaml

@@ -14,6 +14,22 @@
 
 # yaml-language-server: $schema=../../../../../fast/stages/0-org-setup/schemas/cicd.schema.json
 
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/cicd.schema.json
+
 workload_identity_federation:
   pool_name: iac-0
   project: $project_ids:iac-0
@@ -28,20 +44,20 @@ workload_identity_federation:
       #   jwks_json_path:
 workflows:
   org-setup:
-    template: github
-    workload_identity_provider:
-      id: $wif_providers:github
-      audiences: []
+    provider_files:
+      apply: 0-org-setup-providers.tf
+      plan: 0-org-setup-providers-ro.tf
     repository:
-      name: org-setup
-      branch: main
-    output_files:
-      storage_bucket: $storage_buckets:iac-0/iac-outputs
-      providers:
-        apply: $output_files:providers/0-org-setup
-        plan: $output_files:providers/0-org-setup-ro
-      files:
-        - tfvars/0-boostrap.auto.tfvars.json
+      name: gh-org/gh-repo
+      type: github
+      apply_branches:
+        - master
+        - fast-dev
     service_accounts:
       apply: $iam_principals:service_accounts/iac-0/iac-org-cicd-rw
       plan: $iam_principals:service_accounts/iac-0/iac-org-cicd-ro
+    tfvars_files:
+      - 0-org-setup.auto.tfvars
+    workload_identity:
+      pool_id: $wif_pools:iac-0
+      audiences: []

tests/fast/stages/s0_org_setup/not-simple.yaml

@@ -277,24 +277,6 @@ values:
     source_md5hash: null
     temporary_hold: null
     timeouts: null
-  google_storage_bucket_object.workflows["org-setup"]:
-    bucket: ft0-prod-iac-core-0-iac-outputs
-    cache_control: null
-    content_disposition: null
-    content_encoding: null
-    content_language: null
-    customer_encryption: []
-    deletion_policy: null
-    detect_md5hash: different hash
-    event_based_hold: null
-    force_empty_content_type: null
-    metadata: null
-    name: workflows/org-setup.yaml
-    retention: []
-    source: null
-    source_md5hash: null
-    temporary_hold: null
-    timeouts: null
   local_file.providers["0-org-setup"]:
     content: "/**\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache\
       \ License, Version 2.0 (the \"License\");\n * you may not use this file except\
@@ -440,13 +422,6 @@ values:
     filename: /tmp/fast-config/tfvars/0-org-setup.auto.tfvars.json
     sensitive_content: null
     source: null
-  local_file.workflows["org-setup"]:
-    content_base64: null
-    directory_permission: '0777'
-    file_permission: '0644'
-    filename: /tmp/fast-config/workflows/org-setup.yaml
-    sensitive_content: null
-    source: null
   module.billing-accounts["default"].google_billing_account_iam_member.bindings["billing_admin_org_admins"]:
     billing_account_id: 012345-012345-012345
     condition: []
@@ -2846,6 +2821,7 @@ counts:
   google_project_service: 33
   google_project_service_identity: 9
   google_service_account: 14
+  google_service_account_iam_binding: 2
   google_service_account_iam_member: 4
   google_storage_bucket: 3
   google_storage_bucket_iam_binding: 4
@@ -2858,6 +2834,6 @@ counts:
   google_tags_tag_value: 5
   google_tags_tag_value_iam_binding: 4
   local_file: 9
-  modules: 46
-  resources: 309
+  modules: 48
+  resources: 311
   terraform_data: 2