* feat(agent-engine): add support for memory bank configuration
* refactor(agent-engine): remove source_path_override and revert to standard source_path
* provider version upgrade from 7.17 to 7.27
* docs(agent-engine): fix README validation and update tables
---------
Co-authored-by: Hemanand <hemr@google.com>
* Migrate organization policy tests to standard tftest.yaml.
Remove python-hcl2 dependency and the custom python test file.
Consolidate the boolean, list, and custom constraint tests into a single `org_policies` test with a factory equivalent.
Restructure factory files into a unified `factory/` directory.
* Migrate project and folder org policy tests to standard tftest.yaml.
Replicate the organization module changes for project and folder modules:
- Remove python-hcl2 dependency usages and conftest.py.
- Remove custom python test files for org policies.
- Consolidate org policy tests into a single `org_policies` test with a factory equivalent.
- Unify factory files into a `factory/` directory.
- Remove redundant common.tfvars in folder module.
* Add factory policies directory to duplicate-diff checks.
Ensure the YAML factory files for org policies remain perfectly identical across the organization, folder, and project modules.
* Remove unused deepdiff dependency from requirements and pre-commit config.
* Add boilerplate
* fix broken link
Fixes#3819 by changing the default of `private_cluster_config` to `null` instead of an empty object, preventing the module from unintentionally generating an empty `private_cluster_config` block and treating the cluster as private when it wasn't requested.
* add ad for compute-vm refactor
* Exclue nic_type from validated fields, add split of main.tf and template.tf
* boot disk
* fix examples and fixtures
* attached disks
* fix further examples and module-level tests
* remove extra file
* fix mig examples
* finish refactoring variables
* align fast and other modules
* refactor(compute-vm): align examples and ADR with the newly implemented interface
This commit addresses the remaining references of the `instance_type` and `confidential_compute` parameters in the testing environment and updates the ADR.
* feat(compute-vm): add network_performance_config to instance and templates
This change implements the usage of the `network_performance_tier` variable we added earlier into the actual Terraform resources.
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
* fix(modules/organization): conditions ignored in tags
* fix(modules/project): conditions ignored in tags
* fix(modules/project): Tags:1 test skipped due to bad markdown block
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* docs(organization): document external IAM management for logging sinks at scale
* Update TOC
---------
Co-authored-by: Julio Castillo <jccb@google.com>
Refactor subnets mgmt in net-vpc-factory
This commit removes the ability to define subnets inline within the VPC `.config.yaml` across `net-vpc-factory` and enforces file-based subnet definitions using the `subnets/` subdirectory pattern.
Key changes include:
- **Module Updates:** Removed standard and non-standard inline subnet arguments (`subnets`, `subnets_private_nat`, `subnets_proxy_only`, `subnets_psc`) from the factory module's internal `vpcs` instantiation.
- **Schema & Docs:** Renamed `vpc.schema.json` to `vpc-factory.schema.json`, stripping inline subnet definitions from the JSON schema, and updated the module `README.md` to reflect the new file-based only approach.
- **Stage 2 Networking Configs:** Refactored datasets to migrate inline `subnets_proxy_only` definitions into standalone files like `subnets/prod-proxy.yaml`. Added a new exported output `subnet_ips` for downstream usage.
<!--
**Breaking Changes**
```upgrade-note
`fast/stages/2-networking`: Proxy-only subnets have been renamed for consistency - unfortunately this results in a nasty create-before-destroy which needs to be handled manually (i.e. delete the existing proxy-only-subnet first, either manually or with a targeted apply, then apply again)
```
-->
* fix(project-factory): Correctly interpolate IAM principals in tags
Moves the processing of `tags` and `tag_bindings` from the `projects` module instance to the `projects-iam` instance.
This fixes a bug where IAM principals for automation service accounts, referenced via `$iam_principals:service_accounts/...`, were not being interpolated within `tags` IAM definitions. The `projects` module was called before the automation service account context was available, leading to the literal string being used instead of the service account email. Processing tags in the `projects-iam` module ensures the full context is available for interpolation.
Adds new tests for both the `project` and `project-factory` modules to validate the fix.
* fix(project-factory): Tag creation is now done in 2 steps.
1st step(projects): Creation of the tags without IAM bindings
2nd step(projects-iam): IAM bindings without creating the tags again
That way we are more backwards compatible as tags and tags values are back to be under module.project-factory.module.projects["*"].google_tags_tag_*
* fix(modules/project-factory): introduce fix suggested by @ludoo, fix logs
* fix(modules/project-factory): fix linting
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
This PR (re :D)introduces module net-vpc-factory, a minimal factory that deals with vpcs, subnets, and firewall rules creation, meant to be embedded into other factories, starting with 2-data-platform and 2-networking.
