From e391a3ff7596b268ca6c9b6f9112c66e5a63cc53 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 30 May 2025 14:30:53 +0200 Subject: [PATCH] Allow explicit definition of automation prefix in project factory (#3124) * Allow explicit definition of automation prefix in project factory * update schema doc --- modules/project-factory/README.md | 2 ++ modules/project-factory/automation.tf | 20 ++++++++++++------- .../schemas/project.schema.json | 3 +++ .../project-factory/schemas/project.schema.md | 2 ++ 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md index 35ea83723..777187a3f 100644 --- a/modules/project-factory/README.md +++ b/modules/project-factory/README.md @@ -428,6 +428,8 @@ service_accounts: - automation/rw automation: project: test-pf-teams-iac-0 + # prefix used for automation resources can be explicitly set if needed + # prefix: test-pf-dev-tb-0-0 service_accounts: rw: description: Team B app 0 read/write automation sa. diff --git a/modules/project-factory/automation.tf b/modules/project-factory/automation.tf index ed124988c..3c4b96152 100644 --- a/modules/project-factory/automation.tf +++ b/modules/project-factory/automation.tf @@ -21,8 +21,11 @@ locals { for k, v in local.projects : k => merge(try(v.automation.bucket, {}), { automation_project = v.automation.project - prefix = v.prefix - project_name = v.name + prefix = coalesce( + try(v.automation.prefix, null), + "${v.prefix}-${v.name}" + ) + project_name = v.name }) if try(v.automation.bucket, null) != null } automation_sa = flatten([ @@ -30,9 +33,12 @@ locals { for ks, kv in try(v.automation.service_accounts, {}) : merge(kv, { automation_project = v.automation.project name = ks - prefix = v.prefix - project = k - project_name = v.name + prefix = coalesce( + try(v.automation.prefix, null), + "${v.prefix}-${v.name}" + ) + project = k + project_name = v.name }) ] ]) @@ -45,7 +51,7 @@ module "automation-bucket" { # from the IAM dependency in the outputs of the main project project_id = each.value.automation_project prefix = each.value.prefix - name = "${each.value.project_name}-tf-state" + name = "tf-state" encryption_key = lookup(each.value, "encryption_key", null) iam = { for k, v in lookup(each.value, "iam", {}) : k => [ @@ -113,7 +119,7 @@ module "automation-service-accounts" { # from the IAM dependency in the outputs of the main project project_id = each.value.automation_project prefix = each.value.prefix - name = "${each.value.project_name}-${each.value.name}" + name = each.value.name description = lookup(each.value, "description", null) display_name = lookup( each.value, diff --git a/modules/project-factory/schemas/project.schema.json b/modules/project-factory/schemas/project.schema.json index 5dab3da3e..312dc2799 100644 --- a/modules/project-factory/schemas/project.schema.json +++ b/modules/project-factory/schemas/project.schema.json @@ -11,6 +11,9 @@ "project" ], "properties": { + "prefix": { + "type": "string" + }, "project": { "type": "string" }, diff --git a/modules/project-factory/schemas/project.schema.md b/modules/project-factory/schemas/project.schema.md index 795929797..ebd629ffc 100644 --- a/modules/project-factory/schemas/project.schema.md +++ b/modules/project-factory/schemas/project.schema.md @@ -8,6 +8,7 @@ - **automation**: *object*
*additional properties: false* + - **prefix**: *string* - ⁺**project**: *string* - **bucket**: *reference([bucket](#refs-bucket))* - **service_accounts**: *object* @@ -86,6 +87,7 @@ - **iam_self_roles**: *array* - items: *string* - **iam_project_roles**: *reference([iam_project_roles](#refs-iam_project_roles))* + - **iam_sa_roles**: *reference([iam_sa_roles](#refs-iam_sa_roles))* - **service_encryption_key_ids**: *object*
*additional properties: false* - **`^[a-z-]+\.googleapis\.com$`**: *array*