Change factories_config type in FAST and project/vpc factory modules, add YAML schema validation (#3728)

* stage 0

* stage 1

* networking

* security

* pf stage

* tfdoc

* align schemas

* inventory

* fix observability

* pf module

* pf module budgets

* align fast stages

* align project subfactories

* tfdoc

* schema validation

* add missing schemas

* Fix observability types

---------

Co-authored-by: Julio Castillo <jccb@google.com>

tests/fast/stages/s0_org_setup/hardened.tfvars

@@ -1,8 +1,7 @@
 factories_config = {
-  cicd_workflows = "data-hardened/cicd-workflows.yaml"
-  defaults       = "data-hardened/defaults.yaml"
-  folders        = "datasets/hardened/folders"
-  observability  = "datasets/hardened/observability"
-  organization   = "datasets/hardened/organization"
-  projects       = "datasets/hardened/projects"
+  dataset = "datasets/hardened"
+  paths = {
+    cicd_workflows = "./data-hardened/cicd-workflows.yaml"
+    defaults       = "./data-hardened/defaults.yaml"
+  }
 }

tests/fast/stages/s0_org_setup/hardened.yaml

@@ -13,6 +13,7 @@
 # limitations under the License.
 
 # yamllint disable rule:line-length
+
 values:
   google_storage_bucket_object.providers["0-org-setup"]:
     bucket: ft0-prod-iac-core-0-iac-outputs
@@ -44,6 +45,7 @@ values:
     name: providers/0-org-setup-providers.tf
     retention: []
     source: null
+    source_md5hash: 2a0bbb00e4b7f1454a50ac7f26c23c05
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.providers["0-org-setup-ro"]:
@@ -76,6 +78,7 @@ values:
     name: providers/0-org-setup-ro-providers.tf
     retention: []
     source: null
+    source_md5hash: 2a0bbb00e4b7f1454a50ac7f26c23c05
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.providers["1-vpcsc"]:
@@ -109,6 +112,7 @@ values:
     name: providers/1-vpcsc-providers.tf
     retention: []
     source: null
+    source_md5hash: d2df90abc46524d941227a1dec12dd86
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.providers["2-networking"]:
@@ -142,6 +146,7 @@ values:
     name: providers/2-networking-providers.tf
     retention: []
     source: null
+    source_md5hash: a724885c3dcc9850116aca1ef4d4fc5a
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.providers["2-project-factory"]:
@@ -175,6 +180,7 @@ values:
     name: providers/2-project-factory-providers.tf
     retention: []
     source: null
+    source_md5hash: 165844578c46bc04c4581139c8b8b8d4
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.providers["2-security"]:
@@ -208,6 +214,7 @@ values:
     name: providers/2-security-providers.tf
     retention: []
     source: null
+    source_md5hash: 5969d3e40a61a42d849a81417a6a84eb
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.tfvars["globals"]:
@@ -227,6 +234,7 @@ values:
     name: tfvars/0-globals.auto.tfvars.json
     retention: []
     source: null
+    source_md5hash: cdbf79d3eff8bced040e5deccf39d765
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.tfvars["org-setup"]:
@@ -263,6 +271,7 @@ values:
     name: versions/0-org-setup-version.txt
     retention: []
     source: fast_version.txt
+    source_md5hash: a564c0ab78f4b481f7886f9871376d2c
     temporary_hold: null
     timeouts: null
   google_storage_bucket_object.workflows["org-setup"]:
@@ -376,6 +385,7 @@ values:
     name: workflows/org-setup.yaml
     retention: []
     source: null
+    source_md5hash: e5dc153b195e936b1c81bc33db1935c7
     temporary_hold: null
     timeouts: null
   local_file.providers["0-org-setup"]:
@@ -8014,6 +8024,7 @@ values:
     timeouts: null
     value_extractor: null
   module.projects-observability[0].google_logging_metric.metrics["storageIamChanges"]:
+    bucket_name: l$log_buckets:log-0/audit-logs
     bucket_options: []
     description: Cloud Storage IAM Permission Changes
     disabled: null
@@ -8060,10 +8071,15 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.organization_id
+          - metric.label.folder_id
+          - metric.label.project_id
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8114,10 +8130,13 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.project_id
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8172,10 +8191,14 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.project_id
+          - metric.label.database_id
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8222,10 +8245,15 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.organization_id
+          - metric.label.project_id
+          - metric.label.role_name
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8266,10 +8294,12 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8311,10 +8341,14 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.project_id
+          - metric.label.firewall_rule_id
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8355,10 +8389,14 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.project_id
+          - metric.label.network_id
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8401,10 +8439,14 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.project_id
+          - metric.label.route_id
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8444,10 +8486,15 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.organization_id
+          - metric.label.folder_id
+          - metric.label.project_id
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8489,10 +8536,15 @@ values:
       condition_sql: []
       condition_threshold:
       - aggregations:
-        - alignment_period: null
-          cross_series_reducer: null
-          group_by_fields: null
-          per_series_aligner: null
+        - alignment_period: 60s
+          cross_series_reducer: REDUCE_SUM
+          group_by_fields:
+          - metric.label.principal
+          - metric.label.method_name
+          - metric.label.project_id
+          - metric.label.location
+          - metric.label.bucket_name
+          per_series_aligner: ALIGN_SUM
         comparison: COMPARISON_GT
         denominator_aggregations: []
         denominator_filter: null
@@ -8581,3 +8633,16 @@ counts:
   modules: 58
   resources: 718
   terraform_data: 4
+
+outputs:
+  iam_principals:
+    domain: domain:example.org
+    gcp-billing-admins: group:gcp-billing-admins@example.org
+    gcp-devops: group:gcp-devops@example.org
+    gcp-network-admins: group:gcp-network-admins@example.org
+    gcp-organization-admins: group:fabric-fast-owners@google.com
+    gcp-secops-admins: group:gcp-secops-admins@example.org
+    gcp-security-admins: group:gcp-security-admins@example.org
+    gcp-support: group:gcp-support@example.org
+  projects: __missing__
+  tfvars: __missing__

tests/fast/stages/s0_org_setup/simple.tfvars

@@ -1,4 +1,6 @@
 factories_config = {
-  cicd_workflows = "data-simple/cicd-workflows.yaml"
-  defaults       = "data-simple/defaults.yaml"
+  paths = {
+    cicd_workflows = "./data-simple/cicd-workflows.yaml"
+    defaults       = "./data-simple/defaults.yaml"
+  }
 }

tests/fast/stages/s1_vpcsc/data-simple/access-levels/geo_it.yaml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../../../../../../modules/vpc-sc/schemas/access-level.schema.json
+# yaml-language-server: $schema=../../../../../../modules/vpc-sc/schemas/access-level.schema.json
 
 conditions:
   - regions:

tests/fast/stages/s1_vpcsc/data-simple/access-levels/identity_me.yaml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../../../../../../modules/vpc-sc/schemas/access-level.schema.json
+# yaml-language-server: $schema=../../../../../../modules/vpc-sc/schemas/access-level.schema.json
 
 # yamllint disable rule:indentation
 conditions:

tests/fast/stages/s1_vpcsc/data-simple/egress-policies/test.yaml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../../../../../../modules/vpc-sc/schemas/egress-policy.schema.json
+# yaml-language-server: $schema=../../../../../../modules/vpc-sc/schemas/egress-policy.schema.json
 
 from:
   identities:

tests/fast/stages/s1_vpcsc/data-simple/ingress-policies/fast-org-log-sinks.yaml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../../../../../../modules/vpc-sc/schemas/ingress-policy.schema.json
+# yaml-language-server: $schema=../../../../../../modules/vpc-sc/schemas/ingress-policy.schema.json
 
 from:
   access_levels:

tests/fast/stages/s1_vpcsc/data-simple/ingress-policies/test.yaml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../../../../../../modules/vpc-sc/schemas/ingress-policy.schema.json
+# yaml-language-server: $schema=../../../../../../modules/vpc-sc/schemas/ingress-policy.schema.json
 
 from:
   access_levels:

tests/fast/stages/s1_vpcsc/data-simple/perimeters/default.yaml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# yaml-language-server: $schema=../../../../../../../modules/vpc-sc/schemas/perimeter.schema.json
+# yaml-language-server: $schema=../../../../../../modules/vpc-sc/schemas/perimeter.schema.json
 
 use_explicit_dry_run_spec: true
 spec:

tests/fast/stages/s1_vpcsc/factory.tfvars

@@ -2,10 +2,12 @@ automation = {
   outputs_bucket = "test"
 }
 factories_config = {
-  access_levels    = "../../../tests/fast/stages/s1_vpcsc/data/vpc-sc/access-levels"
-  egress_policies  = "../../../tests/fast/stages/s1_vpcsc/data/vpc-sc/egress-policies"
-  ingress_policies = "../../../tests/fast/stages/s1_vpcsc/data/vpc-sc/ingress-policies"
-  perimeters       = "../../../tests/fast/stages/s1_vpcsc/data/vpc-sc/perimeters"
+  paths = {
+    access_levels    = "./data-simple/access-levels"
+    egress_policies  = "./data-simple/egress-policies"
+    ingress_policies = "./data-simple/ingress-policies"
+    perimeters       = "./data-simple/perimeters"
+  }
 }
 logging = {
   project_number = "1234567890"

tests/fast/stages/s1_vpcsc/hardened.tfvars

@@ -0,0 +1,27 @@
+automation = {
+  outputs_bucket = "test"
+}
+factories_config = {
+  dataset = "datasets/hardened"
+}
+logging = {
+  project_number = "1234567890"
+  writer_identities = {
+    audit-logs           = "serviceAccount:service-org-1234567890@gcp-sa-logging.iam.gserviceaccount.com"
+    iam                  = "serviceAccount:service-org-1234567890@gcp-sa-logging.iam.gserviceaccount.com"
+    vpc-sc               = "serviceAccount:service-org-1234567890@gcp-sa-logging.iam.gserviceaccount.com"
+    workspace-audit-logs = "serviceAccount:o1234567890-1234567890@gcp-sa-logging.iam.gserviceaccount.com"
+  }
+}
+organization = {
+  domain      = "fast.example.com"
+  id          = 123456789012
+  customer_id = "C00000000"
+}
+prefix = "fast"
+resource_discovery = {
+  enabled = false
+}
+storage_buckets = {
+  "iac-0/iac-outputs" = "test"
+}

tests/fast/stages/s1_vpcsc/hardened.yaml

@@ -0,0 +1,203 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_storage_bucket_object.tfvars[0]:
+    bucket: test
+    cache_control: null
+    content_disposition: null
+    content_encoding: null
+    content_language: null
+    contexts: []
+    customer_encryption: []
+    deletion_policy: null
+    detect_md5hash: null
+    event_based_hold: null
+    force_empty_content_type: null
+    metadata: null
+    name: tfvars/1-vpcsc.auto.tfvars.json
+    retention: []
+    source: null
+    temporary_hold: null
+    timeouts: null
+  google_storage_bucket_object.version[0]:
+    bucket: test
+    cache_control: null
+    content_disposition: null
+    content_encoding: null
+    content_language: null
+    contexts: []
+    customer_encryption: []
+    deletion_policy: null
+    detect_md5hash: null
+    event_based_hold: null
+    force_empty_content_type: null
+    metadata: null
+    name: versions/1-vpcsc-version.txt
+    retention: []
+    source: fast_version.txt
+    temporary_hold: null
+    timeouts: null
+  local_file.tfvars["1"]:
+    content_base64: null
+    directory_permission: '0777'
+    file_permission: '0644'
+    sensitive_content: null
+    source: null
+  module.vpc-sc.google_access_context_manager_access_level.basic["geo"]:
+    basic:
+    - combining_function: AND
+      conditions:
+      - device_policy: []
+        ip_subnetworks: []
+        members: []
+        negate: null
+        regions:
+        - ES
+        - ID
+        - IT
+        required_access_levels: []
+        vpc_network_sources: []
+    custom: []
+    description: null
+    timeouts: null
+    title: geo
+  module.vpc-sc.google_access_context_manager_access_policy.default[0]:
+    parent: organizations/123456789012
+    scopes: null
+    timeouts: null
+    title: default
+  module.vpc-sc.google_access_context_manager_service_perimeter.regular["default"]:
+    description: null
+    perimeter_type: PERIMETER_TYPE_REGULAR
+    spec: []
+    status:
+    - egress_policies: []
+      ingress_policies:
+      - ingress_from:
+        - identities:
+          - serviceAccount:o1234567890-1234567890@gcp-sa-logging.iam.gserviceaccount.com
+          - serviceAccount:service-org-1234567890@gcp-sa-logging.iam.gserviceaccount.com
+          identity_type: null
+          sources:
+          - access_level: '*'
+            resource: null
+        ingress_to:
+        - operations:
+          - method_selectors: []
+            service_name: '*'
+          resources:
+          - projects/1234567890
+          roles: []
+        title: fast-org-log-sinks
+      resources: null
+      restricted_services:
+      - accessapproval.googleapis.com
+      - adsdatahub.googleapis.com
+      - aiplatform.googleapis.com
+      - apigee.googleapis.com
+      - apigeeconnect.googleapis.com
+      - artifactregistry.googleapis.com
+      - assuredworkloads.googleapis.com
+      - automl.googleapis.com
+      - bigquery.googleapis.com
+      - bigquerydatatransfer.googleapis.com
+      - bigtable.googleapis.com
+      - binaryauthorization.googleapis.com
+      - cloudasset.googleapis.com
+      - cloudbuild.googleapis.com
+      - cloudfunctions.googleapis.com
+      - cloudkms.googleapis.com
+      - cloudprofiler.googleapis.com
+      - cloudresourcemanager.googleapis.com
+      - cloudsearch.googleapis.com
+      - cloudtrace.googleapis.com
+      - composer.googleapis.com
+      - compute.googleapis.com
+      - connectgateway.googleapis.com
+      - contactcenterinsights.googleapis.com
+      - container.googleapis.com
+      - containeranalysis.googleapis.com
+      - containerregistry.googleapis.com
+      - containerthreatdetection.googleapis.com
+      - datacatalog.googleapis.com
+      - dataflow.googleapis.com
+      - datafusion.googleapis.com
+      - dataproc.googleapis.com
+      - datastream.googleapis.com
+      - dialogflow.googleapis.com
+      - dlp.googleapis.com
+      - dns.googleapis.com
+      - documentai.googleapis.com
+      - eventarc.googleapis.com
+      - file.googleapis.com
+      - gameservices.googleapis.com
+      - gkeconnect.googleapis.com
+      - gkehub.googleapis.com
+      - healthcare.googleapis.com
+      - iam.googleapis.com
+      - iaptunnel.googleapis.com
+      - language.googleapis.com
+      - lifesciences.googleapis.com
+      - logging.googleapis.com
+      - managedidentities.googleapis.com
+      - memcache.googleapis.com
+      - meshca.googleapis.com
+      - metastore.googleapis.com
+      - ml.googleapis.com
+      - monitoring.googleapis.com
+      - networkconnectivity.googleapis.com
+      - networkmanagement.googleapis.com
+      - networksecurity.googleapis.com
+      - networkservices.googleapis.com
+      - notebooks.googleapis.com
+      - opsconfigmonitoring.googleapis.com
+      - osconfig.googleapis.com
+      - oslogin.googleapis.com
+      - privateca.googleapis.com
+      - pubsub.googleapis.com
+      - pubsublite.googleapis.com
+      - recaptchaenterprise.googleapis.com
+      - recommender.googleapis.com
+      - redis.googleapis.com
+      - run.googleapis.com
+      - secretmanager.googleapis.com
+      - servicecontrol.googleapis.com
+      - servicedirectory.googleapis.com
+      - spanner.googleapis.com
+      - speakerid.googleapis.com
+      - speech.googleapis.com
+      - sqladmin.googleapis.com
+      - storage.googleapis.com
+      - storagetransfer.googleapis.com
+      - texttospeech.googleapis.com
+      - tpu.googleapis.com
+      - trafficdirector.googleapis.com
+      - transcoder.googleapis.com
+      - translate.googleapis.com
+      - videointelligence.googleapis.com
+      - vision.googleapis.com
+      - vpcaccess.googleapis.com
+      vpc_accessible_services: []
+    timeouts: null
+    title: default
+    use_explicit_dry_run_spec: false
+counts:
+  google_access_context_manager_access_level: 1
+  google_access_context_manager_access_policy: 1
+  google_access_context_manager_service_perimeter: 1
+  google_storage_bucket_object: 2
+  local_file: 1
+  modules: 1
+  resources: 6

tests/fast/stages/s1_vpcsc/simple.tfvars

@@ -2,9 +2,11 @@ automation = {
   outputs_bucket = "test"
 }
 factories_config = {
-  access_levels    = "../../../tests/fast/stages/s1_vpcsc/data/vpc-sc/access-levels"
-  egress_policies  = "../../../tests/fast/stages/s1_vpcsc/data/vpc-sc/egress-policies"
-  ingress_policies = "../../../tests/fast/stages/s1_vpcsc/data/vpc-sc/ingress-policies"
+  paths = {
+    access_levels    = "./data-simple/access-levels"
+    egress_policies  = "./data-simple/egress-policies"
+    ingress_policies = "./data-simple/ingress-policies"
+  }
 }
 logging = {
   project_number = "1234567890"

tests/fast/stages/s1_vpcsc/tftest.yaml

@@ -15,7 +15,15 @@
 module: fast/stages/1-vpcsc
 
 tests:
+  hardened:
+    extra_dirs:
+      - ../../../tests/fast/stages/s1_vpcsc/data-simple
   simple:
+    extra_dirs:
+      - ../../../tests/fast/stages/s1_vpcsc/data-simple
   factory:
     inventory:
       - simple.yaml
+    extra_dirs:
+      - ../../../tests/fast/stages/s1_vpcsc/data-simple
+

tests/fast/stages/s2_networking/ncc.tfvars

@@ -5,18 +5,8 @@ billing_account = {
   id = "000000-111111-222222"
 }
 factories_config = {
-  defaults              = "datasets/hub-and-spokes-ncc/defaults.yaml"
-  dns                   = "datasets/hub-and-spokes-ncc/dns/zones"
-  dns-response-policies = "datasets/hub-and-spokes-ncc/dns/response-policies"
-  firewall-policies     = "datasets/hub-and-spokes-ncc/firewall-policies"
-  folders               = "datasets/hub-and-spokes-ncc/folders"
-  interconnect          = "datasets/hub-and-spokes-ncc/interconnect"
-  ncc-hubs              = "datasets/hub-and-spokes-ncc/ncc-hubs"
-  nvas                  = "datasets/hub-and-spokes-ncc/nvas"
-  projects              = "datasets/hub-and-spokes-ncc/projects"
-  vpcs                  = "datasets/hub-and-spokes-ncc/vpcs"
+  dataset = "datasets/hub-and-spokes-ncc"
 }
-
 folder_ids = {
   "networking"      = "folders/12345678"
   "networking/prod" = "folders/23456789"

tests/fast/stages/s2_networking/nva.tfvars

@@ -5,18 +5,8 @@ billing_account = {
   id = "000000-111111-222222"
 }
 factories_config = {
-  defaults              = "datasets/hub-and-spokes-nva/defaults.yaml"
-  dns                   = "datasets/hub-and-spokes-nva/dns/zones"
-  dns-response-policies = "datasets/hub-and-spokes-nva/dns/response-policies"
-  firewall-policies     = "datasets/hub-and-spokes-nva/firewall-policies"
-  folders               = "datasets/hub-and-spokes-nva/folders"
-  interconnect          = "datasets/hub-and-spokes-nva/interconnect"
-  ncc-hubs              = "datasets/hub-and-spokes-nva/ncc-hubs"
-  nvas                  = "datasets/hub-and-spokes-nva/nvas"
-  projects              = "datasets/hub-and-spokes-nva/projects"
-  vpcs                  = "datasets/hub-and-spokes-nva/vpcs"
+  dataset = "datasets/hub-and-spokes-nva"
 }
-
 folder_ids = {
   "networking"      = "folders/12345678"
   "networking/prod" = "folders/23456789"

tests/fast/stages/s2_networking/simple.tfvars

@@ -5,18 +5,8 @@ billing_account = {
   id = "000000-111111-222222"
 }
 factories_config = {
-  defaults              = "datasets/hub-and-spokes-peerings/defaults.yaml"
-  dns                   = "datasets/hub-and-spokes-peerings/dns/zones"
-  dns-response-policies = "datasets/hub-and-spokes-peerings/dns/response-policies"
-  firewall-policies     = "datasets/hub-and-spokes-peerings/firewall-policies"
-  folders               = "datasets/hub-and-spokes-peerings/folders"
-  interconnect          = "datasets/hub-and-spokes-peerings/interconnect"
-  ncc-hubs              = "datasets/hub-and-spokes-peerings/ncc-hubs"
-  nvas                  = "datasets/hub-and-spokes-peerings/nvas"
-  projects              = "datasets/hub-and-spokes-peerings/projects"
-  vpcs                  = "datasets/hub-and-spokes-peerings/vpcs"
+  dataset = "datasets/hub-and-spokes-peerings"
 }
-
 folder_ids = {
   "networking"      = "folders/12345678"
   "networking/prod" = "folders/23456789"

tests/fast/stages/s2_networking/vpns.tfvars

@@ -5,18 +5,8 @@ billing_account = {
   id = "000000-111111-222222"
 }
 factories_config = {
-  defaults              = "datasets/hub-and-spokes-vpns/defaults.yaml"
-  dns                   = "datasets/hub-and-spokes-vpns/dns/zones"
-  dns-response-policies = "datasets/hub-and-spokes-vpns/dns/response-policies"
-  firewall-policies     = "datasets/hub-and-spokes-vpns/firewall-policies"
-  folders               = "datasets/hub-and-spokes-vpns/folders"
-  interconnect          = "datasets/hub-and-spokes-vpns/interconnect"
-  ncc-hubs              = "datasets/hub-and-spokes-vpns/ncc-hubs"
-  nvas                  = "datasets/hub-and-spokes-vpns/nvas"
-  projects              = "datasets/hub-and-spokes-vpns/projects"
-  vpcs                  = "datasets/hub-and-spokes-vpns/vpcs"
+  dataset = "datasets/hub-and-spokes-vpns"
 }
-
 folder_ids = {
   "networking"      = "folders/12345678"
   "networking/prod" = "folders/23456789"

tests/fast/stages/s2_security/simple.tfvars

@@ -5,8 +5,10 @@ billing_account = {
   id = "000000-111111-222222"
 }
 factories_config = {
-  certificate_authorities = "data-simple/certificate-authorities"
-  defaults                = "data-simple/defaults.yaml"
+  paths = {
+    certificate_authorities = "./data-simple/certificate-authorities"
+    defaults                = "./data-simple/defaults.yaml"
+  }
 }
 folder_ids = {
   security = "folders/12345678"