diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md
index 35ea83723..777187a3f 100644
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
@@ -428,6 +428,8 @@ service_accounts:
- automation/rw
automation:
project: test-pf-teams-iac-0
+ # prefix used for automation resources can be explicitly set if needed
+ # prefix: test-pf-dev-tb-0-0
service_accounts:
rw:
description: Team B app 0 read/write automation sa.
diff --git a/modules/project-factory/automation.tf b/modules/project-factory/automation.tf
index ed124988c..3c4b96152 100644
--- a/modules/project-factory/automation.tf
+++ b/modules/project-factory/automation.tf
@@ -21,8 +21,11 @@ locals {
for k, v in local.projects :
k => merge(try(v.automation.bucket, {}), {
automation_project = v.automation.project
- prefix = v.prefix
- project_name = v.name
+ prefix = coalesce(
+ try(v.automation.prefix, null),
+ "${v.prefix}-${v.name}"
+ )
+ project_name = v.name
}) if try(v.automation.bucket, null) != null
}
automation_sa = flatten([
@@ -30,9 +33,12 @@ locals {
for ks, kv in try(v.automation.service_accounts, {}) : merge(kv, {
automation_project = v.automation.project
name = ks
- prefix = v.prefix
- project = k
- project_name = v.name
+ prefix = coalesce(
+ try(v.automation.prefix, null),
+ "${v.prefix}-${v.name}"
+ )
+ project = k
+ project_name = v.name
})
]
])
@@ -45,7 +51,7 @@ module "automation-bucket" {
# from the IAM dependency in the outputs of the main project
project_id = each.value.automation_project
prefix = each.value.prefix
- name = "${each.value.project_name}-tf-state"
+ name = "tf-state"
encryption_key = lookup(each.value, "encryption_key", null)
iam = {
for k, v in lookup(each.value, "iam", {}) : k => [
@@ -113,7 +119,7 @@ module "automation-service-accounts" {
# from the IAM dependency in the outputs of the main project
project_id = each.value.automation_project
prefix = each.value.prefix
- name = "${each.value.project_name}-${each.value.name}"
+ name = each.value.name
description = lookup(each.value, "description", null)
display_name = lookup(
each.value,
diff --git a/modules/project-factory/schemas/project.schema.json b/modules/project-factory/schemas/project.schema.json
index 5dab3da3e..312dc2799 100644
--- a/modules/project-factory/schemas/project.schema.json
+++ b/modules/project-factory/schemas/project.schema.json
@@ -11,6 +11,9 @@
"project"
],
"properties": {
+ "prefix": {
+ "type": "string"
+ },
"project": {
"type": "string"
},
diff --git a/modules/project-factory/schemas/project.schema.md b/modules/project-factory/schemas/project.schema.md
index 795929797..ebd629ffc 100644
--- a/modules/project-factory/schemas/project.schema.md
+++ b/modules/project-factory/schemas/project.schema.md
@@ -8,6 +8,7 @@
- **automation**: *object*
*additional properties: false*
+ - **prefix**: *string*
- ⁺**project**: *string*
- **bucket**: *reference([bucket](#refs-bucket))*
- **service_accounts**: *object*
@@ -86,6 +87,7 @@
- **iam_self_roles**: *array*
- items: *string*
- **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))*
+ - **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))*
- **service_encryption_key_ids**: *object*
*additional properties: false*
- **`^[a-z-]+\.googleapis\.com$`**: *array*