Rename FAST stages preparing for eventual deprecation (#3298)

* renames * links * readme * docs * update pf modules tests for renames * condition_vars context in modules * data platform dataset * fix links in stage 3 docs * schema changes * schema docs * tfdoc * update duplicates check * fast legacy tests * legacy schema * fix tests
2025-09-04 08:24:11 +02:00
parent 1f59fd6bc7
commit bc6950e205
475 changed files with 8947 additions and 11694 deletions
--- a/modules/folder/README.md
+++ b/modules/folder/README.md
@@ -171,7 +171,7 @@ module "folder" {
    org_policies = "configs/org-policies/"
  }
  context = {
-    org_policies = {
+    condition_vars = {
      tags = {
        my_conditional_tag = "tagKeys/1234"
      }
@@ -425,7 +425,7 @@ module "folder" {
 |---|---|:---:|:---:|:---:|
 | [assured_workload_config](variables.tf#L17) | Create AssuredWorkloads folder instead of regular folder when value is provided. Incompatible with folder_create=false. | <code title="object&#40;&#123;&#10;  compliance_regime         &#61; string&#10;  display_name              &#61; string&#10;  location                  &#61; string&#10;  organization              &#61; string&#10;  enable_sovereign_controls &#61; optional&#40;bool&#41;&#10;  labels                    &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  partner                   &#61; optional&#40;string&#41;&#10;  partner_permissions &#61; optional&#40;object&#40;&#123;&#10;    assured_workloads_monitoring &#61; optional&#40;bool&#41;&#10;    data_logs_viewer             &#61; optional&#40;bool&#41;&#10;    service_access_approver      &#61; optional&#40;bool&#41;&#10;  &#125;&#41;&#41;&#10;  violation_notifications_enabled &#61; optional&#40;bool&#41;&#10;&#10;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
 | [contacts](variables.tf#L70) | List of essential contacts for this resource. Must be in the form EMAIL -> [NOTIFICATION_TYPES]. Valid notification types are ALL, SUSPENSION, SECURITY, TECHNICAL, BILLING, LEGAL, PRODUCT_UPDATES. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [context](variables.tf#L78) | Context-specific interpolations. | <code title="object&#40;&#123;&#10;  custom_roles   &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  folder_ids     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  iam_principals &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  org_policies   &#61; optional&#40;map&#40;map&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  tag_values     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [context](variables.tf#L78) | Context-specific interpolations. | <code title="object&#40;&#123;&#10;  condition_vars &#61; optional&#40;map&#40;map&#40;string&#41;&#41;, &#123;&#125;&#41;&#10;  custom_roles   &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  folder_ids     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  iam_principals &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;  tag_values     &#61; optional&#40;map&#40;string&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [deletion_protection](variables.tf#L91) | Deletion protection setting for this folder. | <code>bool</code> |  | <code>false</code> |
 | [factories_config](variables.tf#L97) | Paths to data files and folders that enable factory functionality. | <code title="object&#40;&#123;&#10;  org_policies &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [firewall_policy](variables.tf#L106) | Hierarchical firewall policy to associate to this folder. | <code title="object&#40;&#123;&#10;  name   &#61; string&#10;  policy &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
--- a/modules/folder/iam.tf
+++ b/modules/folder/iam.tf
@@ -66,7 +66,9 @@ resource "google_folder_iam_binding" "bindings" {
  dynamic "condition" {
    for_each = each.value.condition == null ? [] : [""]
    content {
-      expression  = each.value.condition.expression
+      expression = templatestring(
+        each.value.condition.expression, var.context.condition_vars
+      )
      title       = each.value.condition.title
      description = each.value.condition.description
    }
@@ -83,7 +85,9 @@ resource "google_folder_iam_member" "bindings" {
  dynamic "condition" {
    for_each = each.value.condition == null ? [] : [""]
    content {
-      expression  = each.value.condition.expression
+      expression = templatestring(
+        each.value.condition.expression, var.context.condition_vars
+      )
      title       = each.value.condition.title
      description = each.value.condition.description
    }
--- a/modules/folder/main.tf
+++ b/modules/folder/main.tf
@@ -18,7 +18,7 @@ locals {
  ctx = {
    for k, v in var.context : k => {
      for kk, vv in v : "${local.ctx_p}${k}:${kk}" => vv
-    }
+    } if k != "condition_vars"
  }
  ctx_p = "$"
  folder_id = (
--- a/modules/folder/organization-policies.tf
+++ b/modules/folder/organization-policies.tf
@@ -34,7 +34,7 @@ locals {
            all = try(r.allow.all, null)
            values = (
              can(r.allow.values)
-              ? [for x in r.allow.values : templatestring(x, var.context.org_policies)]
+              ? [for x in r.allow.values : templatestring(x, var.context.condition_vars)]
              : null
            )
          } : null
@@ -42,7 +42,7 @@ locals {
            all = try(r.deny.all, null)
            values = (
              can(r.deny.values)
-              ? [for x in r.deny.values : templatestring(x, var.context.org_policies)]
+              ? [for x in r.deny.values : templatestring(x, var.context.condition_vars)]
              : null
            )
          } : null
@@ -50,28 +50,28 @@ locals {
          condition = {
            description = (
              can(r.condition.description)
-              ? templatestring(r.condition.description, var.context.org_policies)
+              ? templatestring(r.condition.description, var.context.condition_vars)
              : null
            )
            expression = (
              can(r.condition.expression)
-              ? templatestring(r.condition.expression, var.context.org_policies)
+              ? templatestring(r.condition.expression, var.context.condition_vars)
              : null
            )
            location = (
              can(r.condition.location)
-              ? templatestring(r.condition.location, var.context.org_policies)
+              ? templatestring(r.condition.location, var.context.condition_vars)
              : null
            )
            title = (
              can(r.condition.title)
-              ? templatestring(r.condition.title, var.context.org_policies)
+              ? templatestring(r.condition.title, var.context.condition_vars)
              : null
            )
          }
          parameters = (
            can(r.parameters)
-            ? templatestring(r.parameters, var.context.org_policies)
+            ? templatestring(r.parameters, var.context.condition_vars)
            : null
          )
        }
--- a/modules/folder/variables.tf
+++ b/modules/folder/variables.tf
@@ -78,10 +78,10 @@ variable "contacts" {
 variable "context" {
  description = "Context-specific interpolations."
  type = object({
+    condition_vars = optional(map(map(string)), {})
    custom_roles   = optional(map(string), {})
    folder_ids     = optional(map(string), {})
    iam_principals = optional(map(string), {})
-    org_policies   = optional(map(map(string)), {})
    tag_values     = optional(map(string), {})
  })
  default  = {}