Add support for project templates to projects variable in project factory module (#3498)

* support project template in projects variable * variable defined projects go through normalization too
2025-11-03 10:53:14 +01:00
parent dddea78e49
commit ecbf890889
4 changed files with 32 additions and 32 deletions
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
--- a/modules/project-factory/projects-defaults.tf
+++ b/modules/project-factory/projects-defaults.tf
@@ -18,14 +18,14 @@
 #   local._projects_input: raw projects data
 # outputs:
 #   local.data_defaults: normalized defaults/overrides
-#   local._projects_output: normalized project data
+#   local.projects_input: normalized project data

 locals {
  _data_defaults = {
    defaults  = try(var.data_defaults, {})
    overrides = try(var.data_overrides, {})
  }
-  _projects_output = {
+  projects_input = {
    # Semantics of the merges are:
    #   - if data_overrides.<field> is not null, use this value
    #   - if  _projects_inputs.<field> is not null, use this value
@@ -187,7 +187,7 @@ locals {
  _projects_uniqueness_validation = {
    # will raise error, if the same project (derived from file name, or provided in the YAML file)
    # is used more than once
-    for k, v in local._projects_output :
+    for k, v in local.projects_input :
    "${v.prefix != null ? v.prefix : ""}-${v.name}" => k
  }
  data_defaults = {
--- a/modules/project-factory/projects.tf
+++ b/modules/project-factory/projects.tf
@@ -26,7 +26,7 @@ locals {
    ) if !endswith(f, "/.config.yaml")
  }
  _projects_input = {
-    for k, v in merge(local._folder_projects_raw, local._projects_raw) :
+    for k, v in merge(var.projects, local._folder_projects_raw, local._projects_raw) :
    basename(k) => merge(
      try(local._templates_raw[v.project_template], {}),
      v
@@ -55,7 +55,6 @@ locals {
  log_buckets = {
    for key, log_bucket in module.log-buckets : key => log_bucket.id
  }
-  projects_input = merge(var.projects, local._projects_output)
 }

 resource "terraform_data" "project-preconditions" {
@@ -66,7 +65,7 @@ resource "terraform_data" "project-preconditions" {
        try(v.project_template, null) == null ||
        lookup(local._templates_raw, v.project_template, null) != null
      ])
-      error_message = "Missing project templates referenced in projects."
+      error_message = "Missing project templates referenced in factory projects."
    }
  }
 }
--- a/modules/project-factory/variables-projects.tf
+++ b/modules/project-factory/variables-projects.tf
@@ -179,6 +179,29 @@ variable "projects" {
    iam_by_principals = optional(map(list(string)), {})
    labels            = optional(map(string), {})
    metric_scopes     = optional(list(string), [])
+    name              = optional(string)
+    org_policies = optional(map(object({
+      inherit_from_parent = optional(bool) # for list policies only.
+      reset               = optional(bool)
+      rules = optional(list(object({
+        allow = optional(object({
+          all    = optional(bool)
+          values = optional(list(string))
+        }))
+        deny = optional(object({
+          all    = optional(bool)
+          values = optional(list(string))
+        }))
+        enforce = optional(bool) # for boolean policies only.
+        condition = optional(object({
+          description = optional(string)
+          expression  = optional(string)
+          location    = optional(string)
+          title       = optional(string)
+        }), {})
+        parameters = optional(string)
+      })), [])
+    })), {})
    pam_entitlements = optional(map(object({
      max_request_duration = string
      eligible_users       = list(string)
@@ -203,31 +226,9 @@ variable "projects" {
        requester_email_recipients = optional(list(string))
      }))
    })), {})
-    name = optional(string)
-    org_policies = optional(map(object({
-      inherit_from_parent = optional(bool) # for list policies only.
-      reset               = optional(bool)
-      rules = optional(list(object({
-        allow = optional(object({
-          all    = optional(bool)
-          values = optional(list(string))
-        }))
-        deny = optional(object({
-          all    = optional(bool)
-          values = optional(list(string))
-        }))
-        enforce = optional(bool) # for boolean policies only.
-        condition = optional(object({
-          description = optional(string)
-          expression  = optional(string)
-          location    = optional(string)
-          title       = optional(string)
-        }), {})
-        parameters = optional(string)
-      })), [])
-    })), {})
-    parent = optional(string)
-    prefix = optional(string)
+    parent           = optional(string)
+    prefix           = optional(string)
+    project_template = optional(string)
    service_accounts = optional(map(object({
      display_name      = optional(string)
      iam_self_roles    = optional(list(string), [])