diff --git a/modules/project/README.md b/modules/project/README.md
index 8078c9d3b..eb7b37aa5 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -1621,7 +1621,8 @@ alerts:
| [skip_delete](variables.tf#L240) | Deprecated. Use deletion_policy. | bool | | null |
| [tag_bindings](variables-tags.tf#L81) | Tag bindings for this project, in key => tag value id format. | map(string) | | null |
| [tags](variables-tags.tf#L88) | Tags by key name. If `id` is provided, key or value creation is skipped. The `iam` attribute behaves like the similarly named one at module level. | map(object({…})) | | {} |
-| [vpc_sc](variables.tf#L252) | VPC-SC configuration for the project, use when `ignore_changes` for resources is set in the VPC-SC module. | object({…}) | | null |
+| [universe](variables.tf#L252) | GCP universe where deploy the project. This will be prepended to the project id. | string | | "" |
+| [vpc_sc](variables.tf#L259) | VPC-SC configuration for the project, use when `ignore_changes` for resources is set in the VPC-SC module. | object({…}) | | null |
## Outputs
diff --git a/modules/project/main.tf b/modules/project/main.tf
index 25d29fb0d..fa22a75bc 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -15,6 +15,7 @@
*/
locals {
+ # descriptive_name cannot contain colons, so we omit the universe from the default
descriptive_name = (
var.descriptive_name != null ? var.descriptive_name : "${local.prefix}${var.name}"
)
@@ -25,6 +26,7 @@ locals {
parent_type = var.parent == null ? null : split("/", var.parent)[0]
parent_id = var.parent == null ? null : split("/", var.parent)[1]
prefix = var.prefix == null ? "" : "${var.prefix}-"
+ project_id = "${local.universe}${local.prefix}${var.name}"
project = (
var.project_create ?
{
@@ -33,23 +35,24 @@ locals {
name = try(google_project.project[0].name, null)
}
: {
- project_id = "${local.prefix}${var.name}"
+ project_id = local.project_id
number = try(data.google_project.project[0].number, null)
name = try(data.google_project.project[0].name, null)
}
)
+ universe = var.universe == "" ? "" : "${var.universe}:"
}
data "google_project" "project" {
count = var.project_create ? 0 : 1
- project_id = "${local.prefix}${var.name}"
+ project_id = local.project_id
}
resource "google_project" "project" {
count = var.project_create ? 1 : 0
org_id = local.parent_type == "organizations" ? local.parent_id : null
folder_id = local.parent_type == "folders" ? local.parent_id : null
- project_id = "${local.prefix}${var.name}"
+ project_id = local.project_id
name = local.descriptive_name
billing_account = var.billing_account
auto_create_network = var.auto_create_network
diff --git a/modules/project/outputs.tf b/modules/project/outputs.tf
index 60134a446..6946164ff 100644
--- a/modules/project/outputs.tf
+++ b/modules/project/outputs.tf
@@ -28,7 +28,7 @@ output "custom_role_id" {
for k, v in google_project_iam_custom_role.roles :
# build the string manually so that role IDs can be used as map
# keys (useful for folder/organization/project-level iam bindings)
- (k) => "projects/${local.prefix}${var.name}/roles/${local.custom_roles[k].name}"
+ (k) => "projects/${local.project_id}/roles/${local.custom_roles[k].name}"
}
}
@@ -47,7 +47,7 @@ output "default_service_accounts" {
output "id" {
description = "Project id."
- value = "${local.prefix}${var.name}"
+ value = local.project_id
depends_on = [
google_project.project,
data.google_project.project,
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index 31ee76ff9..6dee667ad 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -249,6 +249,13 @@ variable "skip_delete" {
# }
}
+variable "universe" {
+ description = "GCP universe where deploy the project. This will be prepended to the project id."
+ type = string
+ default = ""
+ nullable = false
+}
+
variable "vpc_sc" {
description = "VPC-SC configuration for the project, use when `ignore_changes` for resources is set in the VPC-SC module."
type = object({
diff --git a/tests/modules/project/tftest.yaml b/tests/modules/project/tftest.yaml
index 08a41a5a4..038db7783 100644
--- a/tests/modules/project/tftest.yaml
+++ b/tests/modules/project/tftest.yaml
@@ -27,3 +27,4 @@ tests:
org_policies_list:
org_policies_boolean:
iam_by_principals_additive:
+ universe:
diff --git a/tests/modules/project/universe.tfvars b/tests/modules/project/universe.tfvars
new file mode 100644
index 000000000..ae61d499c
--- /dev/null
+++ b/tests/modules/project/universe.tfvars
@@ -0,0 +1,2 @@
+prefix = "foo"
+universe = "alpha"
diff --git a/tests/modules/project/universe.yaml b/tests/modules/project/universe.yaml
new file mode 100644
index 000000000..5f0c8c840
--- /dev/null
+++ b/tests/modules/project/universe.yaml
@@ -0,0 +1,26 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ google_project.project[0]:
+ name: foo-my-project
+ project_id: alpha:foo-my-project
+
+counts:
+ google_project: 1
+
+outputs:
+ id: alpha:foo-my-project
+ name: foo-my-project
+ project_id: foo-my-project