* dp rewrite stage 0, projects
* remove plan files
* generalize handling of basepath for projects in project-factory module
* central-0 ---> core-0
* add schemas, validate YAMLs, tags
* aspect types
* data catalog policy tag factory
* add support for data catalog taxonomy to project factory
* complete retrofit of old stage configuration, except networking
* shared vpc networking
* networking
* data platform as pf dataset
* docs
* test
* remove legacy dp stage, fix tests and links
* boilerplate
* tfdoc
* fix unrelated tfdoc
* schemas
* fix errors
* schema
* duplicate schemas
* yamllint
* Fix module naming convention for aspect-types
* Fix factories_config in vpcs.tf for net-vpc-factory compatibility
* Update schema documentation based on schema changes
* Fix false rename conflict in .config.yaml files
* Sync schemas and update documentation
* Fix path expansion for aspect-types and revert projects_input to master
* Restore path expansion for org_policies in projects-iam call
* Fix trailing newlines in schema duplicates to satisfy duplicate-diff
* Fix path expansion for data_catalog_taxonomy in taxonomies.tf
* Update inventory for data-platform test and clean up debug prints
* Add full values to data-platform inventory
* Align Stage 2 VPC Factory integration with Stage 0 and fix tests
TAG=agy
* Fix project factory context resolution and data platform datasets
- Update tag context keys in project factory to use file key without 'projects/' prefix.
- Fix tag reference in product-0.yaml.
- Fix shared_vpc_service_config in shared-0.yaml by moving service account to network_users.
- Set parent for domain-0 folder to data-platform.
- Mock net-dev-0 project ID in tests.
- Update inventories.
TAG=agy
CONV=4b37fa5b-bf59-4604-9e8f-b55353d967a0
* Fix project-level tag keys context resolution in project factory
* Fix commented out tag reference in domain-0 .config.yaml
* Fix merge() calls with empty arguments in project-factory and data-catalog-policy-tag
* Update Data Platform dataset README with prerequisites and customization guide
* Add Table of Contents to Data Platform dataset README
* docs: update Data Platform README with project templates tip
* Document data platform output files and linking sequence in README
* Update data platform README with VPC-SC and delegated IAM details
* Refactor data platform dataset and align stage defaults
* Update test inventory and variables for data platform with new prefix
* Allow creation of dynamic tags
* Extend project factory and related modules to support dynamic values
* Extend folder and organization modules
* project and organization readme
* Simplify dynamic tag support and remove unnecessary restrictions
• Schemas & Validations: Removed the restriction that forbade combining IAM fields with allowed_values_regex on tags. Updated validations in project and organization modules, and
simplified all relevant JSON schemas.
• Module Tag Bindings: Simplified the tag_value assignment in folder , project , gcs , bigquery-dataset , and kms modules by removing the defensive can(regex(...)) check and
calling templatestring directly.
• Outputs: Removed the tags_dynamic output from project and organization modules, as the same information is now available in tag_keys .
• Project Factory: Updated tag_vars_projects in projects.tf to use the native namespaced_name attribute and filtered manually for dynamic tags.
* fix(organization, project): fix linting and tests for dynamic tag support
- Align allowed_values_regex and description extraction in _tags_merged
locals to use lookup() for consistency with other fields.
- Fix spacing in project context variable (alphabetical ordering).
- Update organization tags test to include the new cost_center tag key
with allowed_values_regex.
- Update project tags test to include the new cost_center tag key and
reflect the resolved allowed_values_regex on environment.
* refactor(gcs): refine tag bindings and fix context test
- Add _tag_bindings local to pre-resolve context references, enabling
templatestring to receive a direct map reference (required by Terraform).
- Use var.context.tag_vars instead of the non-existent local.ctx.tag_vars.
- Fix HCL syntax in context.tfvars (escaped inner quotes).
- Update context test inventory to reflect 3 tag bindings including a
dynamic value resolved via templatestring.
* refactor: align modules with tag binding context pattern
- Add _tag_bindings local + templatestring dance to cloud-run-v2,
compute-vm, folder, kms modules (bigquery-dataset already had it)
- Exclude tag_vars from local.ctx in cloud-run-v2, compute-vm, folder,
kms, project modules (bigquery-dataset already had it)
- Add tag_vars to context variable in cloud-run-v2, compute-vm modules
(others already had it)
- Update all context tests with dynamic tag binding values using
var.context.tag_vars
* docs: add module-level tftest.yaml test instructions to GEMINI.md
* docs: regenerate READMEs after tag-regex alignment
- Regenerate variable tables in 7 module READMEs to reflect
line number shifts from prior tag-regex changes
- Add tag_vars exclusion to gcs ctx local
- Fix whitespace alignment in iam-service-account and
project-factory tag_vars blocks
- Update tftest resource counts for organization and project
- Remove tags_dynamic from organization/project output tables
* fix(project-factory): update test inventory for tag_bindings module split
- Move tag binding address from folder-2 to folder-2-iam in test
inventory (tag_bindings moved from creation to IAM modules)
- Update module instance count from 34 to 35
- Regenerate README tables after terraform fmt line shifts
- Apply terraform fmt to variables.tf
* refactor(project-factory): remove unnecessary depends_on from folder-iam modules
Folder IAM modules depend on their own folder creation modules, not
on module.projects. The explicit depends_on was leftover from an
earlier design.
* FAST stages
* Address review comments.
- FAST Stages:
- Added tag_keys to output-files.tf in 0-org-setup to pass org tags via tfvars.
- Sorted tag_keys and tag_values in output-files.tf.
- Updated project-factory, networking, and security stages to use tag_keys.
- Filtered tag_keys for dynamic tags only.
- Modules:
- Excluded tag_vars from local.ctx in iam-service-account and organization.
- Simplified tag_value in iam-service-account.
- Tests:
- Updated test inventories for 0-org-setup and project-factory.
* Fix tf format
* Fix tfdoc
* docs: add ADR for templatestring vars convention and update status of base path ADR
* More tfdoc
* Update schemas
* Use endswith in context loop
* Address review
* Update FAST readmes
* Update last modules
* Terraform fmt
* Revert alloydb
* Fix whitespace
---------
Co-authored-by: Ludovico Magnocavallo <ludo@qix.it>
* add dns armor module
* add dns armor to pf
* added missing/optional attributes
* Update project schemas
* Set version file copyright year to 2025
* replace module with single resource
* moved into it's own file
* Added tests and defaulting enabled to false
* Add optional name parameter and updated schemas
* make dns_threat_detector.enabled optional in project schemas
---------
Co-authored-by: Luca Prete <preteluca@gmail.com>
* Add support for bucket custom_placement_config to project-factory
* Copy modules/project-factory/schemas/project.schema.json to fast stages
* Add custom_placement_config (only) to schema markdown
* Update module project.schema.md
