* Allow creation of dynamic tags
* Extend project factory and related modules to support dynamic values
* Extend folder and organization modules
* project and organization readme
* Simplify dynamic tag support and remove unnecessary restrictions
• Schemas & Validations: Removed the restriction that forbade combining IAM fields with allowed_values_regex on tags. Updated validations in project and organization modules, and
simplified all relevant JSON schemas.
• Module Tag Bindings: Simplified the tag_value assignment in folder , project , gcs , bigquery-dataset , and kms modules by removing the defensive can(regex(...)) check and
calling templatestring directly.
• Outputs: Removed the tags_dynamic output from project and organization modules, as the same information is now available in tag_keys .
• Project Factory: Updated tag_vars_projects in projects.tf to use the native namespaced_name attribute and filtered manually for dynamic tags.
* fix(organization, project): fix linting and tests for dynamic tag support
- Align allowed_values_regex and description extraction in _tags_merged
locals to use lookup() for consistency with other fields.
- Fix spacing in project context variable (alphabetical ordering).
- Update organization tags test to include the new cost_center tag key
with allowed_values_regex.
- Update project tags test to include the new cost_center tag key and
reflect the resolved allowed_values_regex on environment.
* refactor(gcs): refine tag bindings and fix context test
- Add _tag_bindings local to pre-resolve context references, enabling
templatestring to receive a direct map reference (required by Terraform).
- Use var.context.tag_vars instead of the non-existent local.ctx.tag_vars.
- Fix HCL syntax in context.tfvars (escaped inner quotes).
- Update context test inventory to reflect 3 tag bindings including a
dynamic value resolved via templatestring.
* refactor: align modules with tag binding context pattern
- Add _tag_bindings local + templatestring dance to cloud-run-v2,
compute-vm, folder, kms modules (bigquery-dataset already had it)
- Exclude tag_vars from local.ctx in cloud-run-v2, compute-vm, folder,
kms, project modules (bigquery-dataset already had it)
- Add tag_vars to context variable in cloud-run-v2, compute-vm modules
(others already had it)
- Update all context tests with dynamic tag binding values using
var.context.tag_vars
* docs: add module-level tftest.yaml test instructions to GEMINI.md
* docs: regenerate READMEs after tag-regex alignment
- Regenerate variable tables in 7 module READMEs to reflect
line number shifts from prior tag-regex changes
- Add tag_vars exclusion to gcs ctx local
- Fix whitespace alignment in iam-service-account and
project-factory tag_vars blocks
- Update tftest resource counts for organization and project
- Remove tags_dynamic from organization/project output tables
* fix(project-factory): update test inventory for tag_bindings module split
- Move tag binding address from folder-2 to folder-2-iam in test
inventory (tag_bindings moved from creation to IAM modules)
- Update module instance count from 34 to 35
- Regenerate README tables after terraform fmt line shifts
- Apply terraform fmt to variables.tf
* refactor(project-factory): remove unnecessary depends_on from folder-iam modules
Folder IAM modules depend on their own folder creation modules, not
on module.projects. The explicit depends_on was leftover from an
earlier design.
* FAST stages
* Address review comments.
- FAST Stages:
- Added tag_keys to output-files.tf in 0-org-setup to pass org tags via tfvars.
- Sorted tag_keys and tag_values in output-files.tf.
- Updated project-factory, networking, and security stages to use tag_keys.
- Filtered tag_keys for dynamic tags only.
- Modules:
- Excluded tag_vars from local.ctx in iam-service-account and organization.
- Simplified tag_value in iam-service-account.
- Tests:
- Updated test inventories for 0-org-setup and project-factory.
* Fix tf format
* Fix tfdoc
* docs: add ADR for templatestring vars convention and update status of base path ADR
* More tfdoc
* Update schemas
* Use endswith in context loop
* Address review
* Update FAST readmes
* Update last modules
* Terraform fmt
* Revert alloydb
* Fix whitespace
---------
Co-authored-by: Ludovico Magnocavallo <ludo@qix.it>
Additional changes:
* align vpc-connector interface to Cloud Functions
* split managed and unmanaged resources into separate files, this makes
easier to introduce further changes
* add support for contexts
* move `vpc_connector` variable to variables.tf for Cloud Functions
* remove `create` from `vpc_connector` in Cloud Functions as it was
sharing the meaning with `vpc_connector_create`
* fix: allow configuring `docker_repository` for cloud-function2
When docker repository is not specified by default docker repository
`projects/PROJECT_ID/locations/REGION/repositories/gcf-artifacts` is used.
In such a case, terraform plan always generates a difference for `docker_repository`
field as the module passes null value but the tfstate file has the above specified
default value. This fix allows one to prevent unnecessary infrastructure change when
using the default repository as well as any user created repository.
* doc: updated README for cloud-function-v2
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
