Rename FAST stages preparing for eventual deprecation (#3298)

* renames

* links

* readme

* docs

* update pf modules tests for renames

* condition_vars context in modules

* data platform dataset

* fix links in stage 3 docs

* schema changes

* schema docs

* tfdoc

* update duplicates check

* fast legacy tests

* legacy schema

* fix tests

modules/project-factory/sample-data-1/folders/applications/.config.yaml

@@ -0,0 +1,23 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/folder.schema.json
+
+parent: "$folder_ids:default"
+name: Applications
+iam_by_principals:
+  "$iam_principals:devops":
+    - roles/owner
+    - roles/resourcemanager.folderAdmin
+    - roles/resourcemanager.projectCreator

modules/project-factory/sample-data-1/folders/applications/dev/.config.yaml

@@ -0,0 +1,20 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/folder.schema.json
+
+name: Development
+iam_by_principals:
+  "$iam_principals:app0-devs":
+    - roles/viewer

modules/project-factory/sample-data-1/folders/applications/prod/.config.yaml

@@ -0,0 +1,20 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../../schemas/folder.schema.json
+
+name: Production
+iam_by_principals:
+  "$iam_principals:app0-devs":
+    - roles/viewer

modules/project-factory/sample-data-1/folders/networking/.config.yaml

@@ -0,0 +1,37 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/folder.schema.json
+
+parent: "$folder_ids:default"
+name: Networking
+automation:
+  project: $project_ids:prod-iac-core-0
+  bucket:
+    name: tf-state
+  service_accounts:
+    iac-networking-ro: {}
+    iac-networking-rw: {}
+iam_by_principals:
+  "$iam_principals:network-admins":
+    - roles/owner
+    - roles/resourcemanager.folderAdmin
+    - roles/resourcemanager.projectCreator
+  "$iam_principals:service_accounts/networking/iac-networking-ro":
+    - roles/viewer
+    - roles/resourcemanager.folderViewer
+  "$iam_principals:service_accounts/networking/iac-networking-rw":
+    - roles/owner
+    - roles/resourcemanager.folderAdmin
+    - roles/resourcemanager.projectCreator

modules/project-factory/sample-data-1/folders/networking/dev-net-spoke-0.yaml

@@ -0,0 +1,32 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/project.schema.json
+
+iam_bindings_additive:
+  vm_default_logging:
+    member: "$iam_principals:service_accounts/dev-net-spoke-0/vm-default"
+    role: roles/logging.logWriter
+  vm_default_monitoring:
+    member: "$iam_principals:service_accounts/dev-net-spoke-0/vm-default"
+    role: roles/monitoring.metricWriter
+service_accounts:
+  vm-default:
+    display_name: VM default service account.
+services:
+  - compute.googleapis.com
+  - logging.googleapis.com
+  - monitoring.googleapis.com
+shared_vpc_host_config:
+  enabled: true

modules/project-factory/sample-data-1/folders/networking/prod-net-spoke-0.yaml

@@ -0,0 +1,32 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../../schemas/project.schema.json
+
+iam_bindings_additive:
+  vm_default_logging:
+    member: "$iam_principals:service_accounts/prod-net-spoke-0/vm-default"
+    role: roles/logging.logWriter
+  vm_default_monitoring:
+    member: "$iam_principals:service_accounts/prod-net-spoke-0/vm-default"
+    role: roles/monitoring.metricWriter
+service_accounts:
+  vm-default:
+    display_name: VM default service account.
+services:
+  - compute.googleapis.com
+  - logging.googleapis.com
+  - monitoring.googleapis.com
+shared_vpc_host_config:
+  enabled: true

modules/project-factory/sample-data-1/folders/prod-iac-core-0.yaml

@@ -0,0 +1,93 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# yaml-language-server: $schema=../../schemas/project.schema.json
+
+iam_by_principals:
+  $iam_principals:org-admins:
+    - roles/iam.serviceAccountTokenCreator
+    - roles/iam.workloadIdentityPoolAdmin
+  $iam_principals:service_accounts/prod-iac-core-0/iac-bootstrap-ro:
+    - roles/browser
+    - roles/cloudbuild.builds.viewer
+    - roles/iam.serviceAccountViewer
+    - roles/iam.workloadIdentityPoolViewer
+    - $custom_roles:storage_viewer
+    - roles/viewer
+  $iam_principals:service_accounts/prod-iac-core-0/iac-bootstrap-rw:
+    - roles/cloudbuild.builds.editor
+    - roles/iam.serviceAccountAdmin
+    - roles/iam.workloadIdentityPoolAdmin
+    - roles/owner
+    - roles/storage.admin
+buckets:
+  iac-bootstrap-state:
+    description: Terraform state for the org-level automation.
+    iam:
+      roles/storage.admin:
+        - $iam_principals:service_accounts/prod-iac-core-0/iac-bootstrap-rw
+      $custom_roles:storage_viewer:
+        - $iam_principals:service_accounts/prod-iac-core-0/iac-bootstrap-ro
+  iac-outputs:
+    description: Terraform state for the org-level automation.
+    iam:
+      roles/storage.admin:
+        - $iam_principals:service_accounts/prod-iac-core-0/iac-bootstrap-rw
+      $custom_roles:storage_viewer:
+        - $iam_principals:service_accounts/prod-iac-core-0/iac-bootstrap-ro
+service_accounts:
+  iac-bootstrap-ro:
+    display_name: IaC service account for bootstrap (read-only).
+  iac-bootstrap-rw:
+    display_name: IaC service account for bootstrap (read-write).
+  iac-vpcsc-ro:
+    display_name: IaC service account for vpc-sc (read-only).
+  iac-vpcsc-rw:
+    display_name: IaC service account for vpc-sc (read-write).
+org_policies:
+  iam.workloadIdentityPoolProviders:
+    rules:
+      - allow:
+          values:
+            - https://token.actions.githubusercontent.com
+            - https://gitlab.com
+            - https://app.terraform.io
+services:
+  - accesscontextmanager.googleapis.com
+  - bigquery.googleapis.com
+  - bigqueryreservation.googleapis.com
+  - bigquerystorage.googleapis.com
+  - billingbudgets.googleapis.com
+  - cloudasset.googleapis.com
+  - cloudbilling.googleapis.com
+  - cloudbuild.googleapis.com
+  - cloudkms.googleapis.com
+  - cloudquotas.googleapis.com
+  - cloudresourcemanager.googleapis.com
+  - compute.googleapis.com
+  - container.googleapis.com
+  - datacatalog.googleapis.com
+  - essentialcontacts.googleapis.com
+  - iam.googleapis.com
+  - iamcredentials.googleapis.com
+  - logging.googleapis.com
+  - monitoring.googleapis.com
+  - networksecurity.googleapis.com
+  - orgpolicy.googleapis.com
+  - pubsub.googleapis.com
+  - servicenetworking.googleapis.com
+  - serviceusage.googleapis.com
+  - storage-component.googleapis.com
+  - storage.googleapis.com
+  - sts.googleapis.com