diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md
index db68d7a47..426342d08 100644
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
@@ -785,7 +785,7 @@ compute.disableSerialPortAccess:
| [data_overrides](variables.tf#L127) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} |
| [folders](variables-folders.tf#L17) | Folders data merged with factory data. | map(object({…})) | | {} |
| [notification_channels](variables-billing.tf#L17) | Notification channels used by budget alerts. | map(object({…})) | | {} |
-| [projects](variables-projects.tf#L17) | Projects data merged with factory data. | map(object({…})) | | {} |
+| [projects](variables-projects.tf#L17) | Projects data merged with factory data. | map(object({…})) | | {} |
## Outputs
diff --git a/modules/project-factory/projects-defaults.tf b/modules/project-factory/projects-defaults.tf
index 42ed77b35..94077b6a2 100644
--- a/modules/project-factory/projects-defaults.tf
+++ b/modules/project-factory/projects-defaults.tf
@@ -18,14 +18,14 @@
# local._projects_input: raw projects data
# outputs:
# local.data_defaults: normalized defaults/overrides
-# local.projects_input: normalized project data
+# local._projects_output: normalized project data
locals {
_data_defaults = {
defaults = try(var.data_defaults, {})
overrides = try(var.data_overrides, {})
}
- projects_input = {
+ _projects_output = {
# Semantics of the merges are:
# - if data_overrides. is not null, use this value
# - if _projects_inputs. is not null, use this value
@@ -187,7 +187,7 @@ locals {
_projects_uniqueness_validation = {
# will raise error, if the same project (derived from file name, or provided in the YAML file)
# is used more than once
- for k, v in local.projects_input :
+ for k, v in local._projects_output :
"${v.prefix != null ? v.prefix : ""}-${v.name}" => k
}
data_defaults = {
diff --git a/modules/project-factory/projects.tf b/modules/project-factory/projects.tf
index 18a3c09ae..0b0cb8cad 100644
--- a/modules/project-factory/projects.tf
+++ b/modules/project-factory/projects.tf
@@ -26,7 +26,7 @@ locals {
) if !endswith(f, "/.config.yaml")
}
_projects_input = {
- for k, v in merge(var.projects, local._folder_projects_raw, local._projects_raw) :
+ for k, v in merge(local._folder_projects_raw, local._projects_raw) :
basename(k) => merge(
try(local._templates_raw[v.project_template], {}),
v
@@ -55,6 +55,7 @@ locals {
log_buckets = {
for key, log_bucket in module.log-buckets : key => log_bucket.id
}
+ projects_input = merge(var.projects, local._projects_output)
}
resource "terraform_data" "project-preconditions" {
@@ -65,7 +66,7 @@ resource "terraform_data" "project-preconditions" {
try(v.project_template, null) == null ||
lookup(local._templates_raw, v.project_template, null) != null
])
- error_message = "Missing project templates referenced in factory projects."
+ error_message = "Missing project templates referenced in projects."
}
}
}
diff --git a/modules/project-factory/variables-projects.tf b/modules/project-factory/variables-projects.tf
index d1e5f9111..80ae2a27f 100644
--- a/modules/project-factory/variables-projects.tf
+++ b/modules/project-factory/variables-projects.tf
@@ -179,29 +179,6 @@ variable "projects" {
iam_by_principals = optional(map(list(string)), {})
labels = optional(map(string), {})
metric_scopes = optional(list(string), [])
- name = optional(string)
- org_policies = optional(map(object({
- inherit_from_parent = optional(bool) # for list policies only.
- reset = optional(bool)
- rules = optional(list(object({
- allow = optional(object({
- all = optional(bool)
- values = optional(list(string))
- }))
- deny = optional(object({
- all = optional(bool)
- values = optional(list(string))
- }))
- enforce = optional(bool) # for boolean policies only.
- condition = optional(object({
- description = optional(string)
- expression = optional(string)
- location = optional(string)
- title = optional(string)
- }), {})
- parameters = optional(string)
- })), [])
- })), {})
pam_entitlements = optional(map(object({
max_request_duration = string
eligible_users = list(string)
@@ -226,9 +203,31 @@ variable "projects" {
requester_email_recipients = optional(list(string))
}))
})), {})
- parent = optional(string)
- prefix = optional(string)
- project_template = optional(string)
+ name = optional(string)
+ org_policies = optional(map(object({
+ inherit_from_parent = optional(bool) # for list policies only.
+ reset = optional(bool)
+ rules = optional(list(object({
+ allow = optional(object({
+ all = optional(bool)
+ values = optional(list(string))
+ }))
+ deny = optional(object({
+ all = optional(bool)
+ values = optional(list(string))
+ }))
+ enforce = optional(bool) # for boolean policies only.
+ condition = optional(object({
+ description = optional(string)
+ expression = optional(string)
+ location = optional(string)
+ title = optional(string)
+ }), {})
+ parameters = optional(string)
+ })), [])
+ })), {})
+ parent = optional(string)
+ prefix = optional(string)
service_accounts = optional(map(object({
display_name = optional(string)
iam_self_roles = optional(list(string), [])