diff --git a/modules/project/README.md b/modules/project/README.md index 01a5c5fff..ebb7a5521 100644 --- a/modules/project/README.md +++ b/modules/project/README.md @@ -2267,27 +2267,27 @@ module "project" { | [custom_role_id](outputs.tf#L33) | Map of custom role IDs created in the project. | | | [custom_roles](outputs.tf#L38) | Map of custom roles resources created in the project. | | | [default_service_accounts](outputs.tf#L43) | Emails of the default service accounts for this project. | | -| [id](outputs.tf#L51) | Project id. | | -| [kms_autokeys](outputs.tf#L69) | KMS Autokey key ids. | | -| [name](outputs.tf#L76) | Project name. | | -| [network_tag_keys](outputs.tf#L88) | Tag key resources. | | -| [network_tag_values](outputs.tf#L97) | Tag value resources. | | -| [notification_channel_names](outputs.tf#L105) | Notification channel names. | | -| [notification_channels](outputs.tf#L113) | Full notification channel objects. | | -| [number](outputs.tf#L118) | Project number. | | -| [organization_policies_ids](outputs.tf#L133) | Map of ORGANIZATION_POLICIES => ID in the organization. | | -| [project_id](outputs.tf#L140) | Project id. | | -| [quota_configs](outputs.tf#L158) | Quota configurations. | | -| [quotas](outputs.tf#L169) | Quota resources. | | -| [scc_custom_sha_modules_ids](outputs.tf#L174) | Map of SCC CUSTOM SHA MODULES => ID in the project. | | -| [service_agents](outputs.tf#L179) | List of all (active) service agents for this project. | | -| [services](outputs.tf#L188) | Service APIs to enable in the project. | | -| [sink_writer_identities](outputs.tf#L197) | Writer identities created for each sink. | | -| [tag_keys](outputs.tf#L204) | Tag key resources. | | -| [tag_values](outputs.tf#L213) | Tag value resources. | | -| [workload_identity_pool_ids](outputs.tf#L221) | Workload identity provider ids. | | -| [workload_identity_provider_ids](outputs.tf#L228) | Workload identity provider attributes. | | -| [workload_identity_providers](outputs.tf#L236) | Workload identity provider attributes. | | +| [id](outputs.tf#L48) | Project id. | | +| [kms_autokeys](outputs.tf#L66) | KMS Autokey key ids. | | +| [name](outputs.tf#L73) | Project name. | | +| [network_tag_keys](outputs.tf#L85) | Tag key resources. | | +| [network_tag_values](outputs.tf#L94) | Tag value resources. | | +| [notification_channel_names](outputs.tf#L102) | Notification channel names. | | +| [notification_channels](outputs.tf#L110) | Full notification channel objects. | | +| [number](outputs.tf#L115) | Project number. | | +| [organization_policies_ids](outputs.tf#L130) | Map of ORGANIZATION_POLICIES => ID in the organization. | | +| [project_id](outputs.tf#L137) | Project id. | | +| [quota_configs](outputs.tf#L155) | Quota configurations. | | +| [quotas](outputs.tf#L166) | Quota resources. | | +| [scc_custom_sha_modules_ids](outputs.tf#L171) | Map of SCC CUSTOM SHA MODULES => ID in the project. | | +| [service_agents](outputs.tf#L176) | List of all (active) service agents for this project. | | +| [services](outputs.tf#L185) | Service APIs to enable in the project. | | +| [sink_writer_identities](outputs.tf#L194) | Writer identities created for each sink. | | +| [tag_keys](outputs.tf#L201) | Tag key resources. | | +| [tag_values](outputs.tf#L210) | Tag value resources. | | +| [workload_identity_pool_ids](outputs.tf#L218) | Workload identity provider ids. | | +| [workload_identity_provider_ids](outputs.tf#L225) | Workload identity provider attributes. | | +| [workload_identity_providers](outputs.tf#L233) | Workload identity provider attributes. | | ## Fixtures diff --git a/modules/project/outputs.tf b/modules/project/outputs.tf index 2ce6ceae5..1fa7b32b8 100644 --- a/modules/project/outputs.tf +++ b/modules/project/outputs.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2026 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,10 +42,7 @@ output "custom_roles" { output "default_service_accounts" { description = "Emails of the default service accounts for this project." - value = { - compute = "${local.project.number}-compute@developer.gserviceaccount.com" - gae = "${local.project.project_id}@appspot.gserviceaccount.com" - } + value = local.default_service_accounts } output "id" { diff --git a/modules/project/service-agents.tf b/modules/project/service-agents.tf index 1a1927df1..2345eb546 100644 --- a/modules/project/service-agents.tf +++ b/modules/project/service-agents.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2026 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -125,6 +125,23 @@ locals { try(var.project_reuse.attributes.services_enabled, []) )) : s if !contains(local._u_unavailable_si, s) ] + + + default_service_accounts = ( + var.universe == null + ? { + compute = "${local.project.number}-compute@developer.gserviceaccount.com" + gae = "${local.project.project_id}@appspot.gserviceaccount.com" + } + : { + compute = "${local.project.number}-compute@developer.${local._u_domain}iam.gserviceaccount.com" + gae = format( + "%s@appspot.%siam.gserviceaccount.com", + trimprefix(local.project.project_id, "${var.universe.prefix}:"), + local._u_domain + ) + } + ) } data "google_storage_project_service_account" "gcs_sa" { diff --git a/tests/modules/project/service_agents_universe.yaml b/tests/modules/project/service_agents_universe.yaml index 01c270777..867520006 100644 --- a/tests/modules/project/service_agents_universe.yaml +++ b/tests/modules/project/service_agents_universe.yaml @@ -1,4 +1,4 @@ -# Copyright 2025 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -76,8 +76,8 @@ values: outputs: default_service_accounts: - compute: 12345-compute@developer.gserviceaccount.com - gae: alpha:my-project@appspot.gserviceaccount.com + compute: 12345-compute@developer.alpha-system.iam.gserviceaccount.com + gae: my-project@appspot.alpha-system.iam.gserviceaccount.com id: alpha:my-project name: my-project number: 12345