From d1f257bcb9657bf4344a31b80421334976f6cd45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= <wiktorn@google.com>
Date: Mon, 20 Oct 2025 11:32:03 +0000
Subject: [PATCH] align project-templates to new functions interface

---
 .../secops-anonymization-pipeline/README.md   |  6 ++---
 .../secops-anonymization-pipeline/main.tf     | 22 ++++++++++---------
 .../api-gateway/recipe-multi-region/README.md |  2 +-
 .../api-gateway/recipe-multi-region/main.tf   |  4 +++-
 4 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/fast/project-templates/secops-anonymization-pipeline/README.md b/fast/project-templates/secops-anonymization-pipeline/README.md
index 8be973103..1c78daa7a 100644
--- a/fast/project-templates/secops-anonymization-pipeline/README.md
+++ b/fast/project-templates/secops-anonymization-pipeline/README.md
@@ -22,7 +22,7 @@ The following diagram illustrates the high-level design of the solution, which c
 
 The use case is a SecOps deployment composed of 2 tenants (one for production and one for development/testing). There might be the need to export production data from the prod tenant and import them back in DEV (possibly anonymizing it) for rules and/or parser development, that is why this pipeline might be convenient for speeding up the data migration process.
 
-The solution is based on a custom Python script responsible for implementing the aforementioned logic. The script leverages the new [SecOps API Wrapper](https://github.com/google/secops-wrapper) available also in [PyPi](https://pypi.org/project/secops/). 
+The solution is based on a custom Python script responsible for implementing the aforementioned logic. The script leverages the new [SecOps API Wrapper](https://github.com/google/secops-wrapper) available also in [PyPi](https://pypi.org/project/secops/).
 
 ### Pipeline Steps
 
@@ -93,7 +93,7 @@ terraform apply
 
 #### Step 5: Test solution
 
-Test the solution triggering an export from the Cloud Scheduler page, after few hours (accoding to the size of the export) logs should be available on secops-export bucket. Please check for any issue during export using the corresponding APIs and the export ID.
+Test the solution triggering an export from the Cloud Scheduler page, after few hours (according to the size of the export) logs should be available on secops-export bucket. Please check for any issue during export using the corresponding APIs and the export ID.
 
 <!-- BEGIN TFDOC -->
 ## Variables
@@ -145,5 +145,5 @@ module "test" {
     secondary = "europe-west1"
   }
 }
-# tftest modules=7 resources=49
+# tftest modules=7 resources=51
 ```
diff --git a/fast/project-templates/secops-anonymization-pipeline/main.tf b/fast/project-templates/secops-anonymization-pipeline/main.tf
index fc39cc27f..046d49a19 100644
--- a/fast/project-templates/secops-anonymization-pipeline/main.tf
+++ b/fast/project-templates/secops-anonymization-pipeline/main.tf
@@ -123,16 +123,18 @@ module "anonymized-bucket" {
 }
 
 module "function" {
-  source                 = "../../../modules/cloud-function-v2"
-  project_id             = module.project.project_id
-  region                 = var.regions.primary
-  prefix                 = var.prefix
-  name                   = "secops-anonymization"
-  bucket_name            = "${var.project_id}-anonymization"
-  service_account_create = true
-  ingress_settings       = "ALLOW_INTERNAL_AND_GCLB"
-  build_worker_pool      = var.cloud_function_config.build_worker_pool_id
-  build_service_account  = var.cloud_function_config.build_sa != null ? var.cloud_function_config.build_sa : module.cloudbuild-sa.0.id
+  source      = "../../../modules/cloud-function-v2"
+  project_id  = module.project.project_id
+  region      = var.regions.primary
+  prefix      = var.prefix
+  name        = "secops-anonymization"
+  bucket_name = "${var.project_id}-anonymization"
+  service_account_config = {
+    create = true
+  }
+  ingress_settings      = "ALLOW_INTERNAL_AND_GCLB"
+  build_worker_pool     = var.cloud_function_config.build_worker_pool_id
+  build_service_account = var.cloud_function_config.build_sa != null ? var.cloud_function_config.build_sa : module.cloudbuild-sa.0.id
   bucket_config = {
     lifecycle_delete_age_days = 1
   }
diff --git a/modules/api-gateway/recipe-multi-region/README.md b/modules/api-gateway/recipe-multi-region/README.md
index 152bb1bf8..e2811f081 100644
--- a/modules/api-gateway/recipe-multi-region/README.md
+++ b/modules/api-gateway/recipe-multi-region/README.md
@@ -43,5 +43,5 @@ module "test" {
     number = 1234567890
   }
 }
-# tftest modules=8 resources=43
+# tftest modules=8 resources=47
 ```
diff --git a/modules/api-gateway/recipe-multi-region/main.tf b/modules/api-gateway/recipe-multi-region/main.tf
index e48dd364e..25a813b32 100644
--- a/modules/api-gateway/recipe-multi-region/main.tf
+++ b/modules/api-gateway/recipe-multi-region/main.tf
@@ -95,7 +95,9 @@ module "functions" {
     entry_point = "helloGET"
     runtime     = "nodejs22"
   }
-  service_account_create = true
+  service_account_config = {
+    create = true
+  }
   iam = {
     "roles/run.invoker" = [module.sa.iam_email]
   }