* Draft terraform_naming_convention
* Two fast/stages fixes for terraform_naming_convention
* Disable terraform_naming_convention for resources for now
* module fixes for terraform_naming_convention
* tfdoc
* Remove "moved" from recipe and needs-fixing
* Fix moved for spoke_ra
* fix tests
* Use default (snake_case) for resources
* factory.terraform_data.project-preconditions
* First-pass migration of resources + tests
* Fix tests/modules/organization
* Require snake_case for variables; Add annotations for _testing
* permit _fast_debug variable
* Fix net_vpc_factory and net_vpc_firewall tests
* tfdoc addons and recipe
* Fix more tests
* Fix some net-global -> net_global tests
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* Add example "Remote Docker registry with credentials" for artifact-registry
* Add inventory
(cherry picked from commit 903c4c423c0264bf270f1da13245fa01e58163d9)
Add inventory
(cherry picked from commit fd439be6412c2ea281578ee49f61cb3399850521)
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* Allow creation of dynamic tags
* Extend project factory and related modules to support dynamic values
* Extend folder and organization modules
* project and organization readme
* Simplify dynamic tag support and remove unnecessary restrictions
• Schemas & Validations: Removed the restriction that forbade combining IAM fields with allowed_values_regex on tags. Updated validations in project and organization modules, and
simplified all relevant JSON schemas.
• Module Tag Bindings: Simplified the tag_value assignment in folder , project , gcs , bigquery-dataset , and kms modules by removing the defensive can(regex(...)) check and
calling templatestring directly.
• Outputs: Removed the tags_dynamic output from project and organization modules, as the same information is now available in tag_keys .
• Project Factory: Updated tag_vars_projects in projects.tf to use the native namespaced_name attribute and filtered manually for dynamic tags.
* fix(organization, project): fix linting and tests for dynamic tag support
- Align allowed_values_regex and description extraction in _tags_merged
locals to use lookup() for consistency with other fields.
- Fix spacing in project context variable (alphabetical ordering).
- Update organization tags test to include the new cost_center tag key
with allowed_values_regex.
- Update project tags test to include the new cost_center tag key and
reflect the resolved allowed_values_regex on environment.
* refactor(gcs): refine tag bindings and fix context test
- Add _tag_bindings local to pre-resolve context references, enabling
templatestring to receive a direct map reference (required by Terraform).
- Use var.context.tag_vars instead of the non-existent local.ctx.tag_vars.
- Fix HCL syntax in context.tfvars (escaped inner quotes).
- Update context test inventory to reflect 3 tag bindings including a
dynamic value resolved via templatestring.
* refactor: align modules with tag binding context pattern
- Add _tag_bindings local + templatestring dance to cloud-run-v2,
compute-vm, folder, kms modules (bigquery-dataset already had it)
- Exclude tag_vars from local.ctx in cloud-run-v2, compute-vm, folder,
kms, project modules (bigquery-dataset already had it)
- Add tag_vars to context variable in cloud-run-v2, compute-vm modules
(others already had it)
- Update all context tests with dynamic tag binding values using
var.context.tag_vars
* docs: add module-level tftest.yaml test instructions to GEMINI.md
* docs: regenerate READMEs after tag-regex alignment
- Regenerate variable tables in 7 module READMEs to reflect
line number shifts from prior tag-regex changes
- Add tag_vars exclusion to gcs ctx local
- Fix whitespace alignment in iam-service-account and
project-factory tag_vars blocks
- Update tftest resource counts for organization and project
- Remove tags_dynamic from organization/project output tables
* fix(project-factory): update test inventory for tag_bindings module split
- Move tag binding address from folder-2 to folder-2-iam in test
inventory (tag_bindings moved from creation to IAM modules)
- Update module instance count from 34 to 35
- Regenerate README tables after terraform fmt line shifts
- Apply terraform fmt to variables.tf
* refactor(project-factory): remove unnecessary depends_on from folder-iam modules
Folder IAM modules depend on their own folder creation modules, not
on module.projects. The explicit depends_on was leftover from an
earlier design.
* FAST stages
* Address review comments.
- FAST Stages:
- Added tag_keys to output-files.tf in 0-org-setup to pass org tags via tfvars.
- Sorted tag_keys and tag_values in output-files.tf.
- Updated project-factory, networking, and security stages to use tag_keys.
- Filtered tag_keys for dynamic tags only.
- Modules:
- Excluded tag_vars from local.ctx in iam-service-account and organization.
- Simplified tag_value in iam-service-account.
- Tests:
- Updated test inventories for 0-org-setup and project-factory.
* Fix tf format
* Fix tfdoc
* docs: add ADR for templatestring vars convention and update status of base path ADR
* More tfdoc
* Update schemas
* Use endswith in context loop
* Address review
* Update FAST readmes
* Update last modules
* Terraform fmt
* Revert alloydb
* Fix whitespace
---------
Co-authored-by: Ludovico Magnocavallo <ludo@qix.it>
* add dns armor module
* add dns armor to pf
* added missing/optional attributes
* Update project schemas
* Set version file copyright year to 2025
* replace module with single resource
* moved into it's own file
* Added tests and defaulting enabled to false
* Add optional name parameter and updated schemas
* make dns_threat_detector.enabled optional in project schemas
---------
Co-authored-by: Luca Prete <preteluca@gmail.com>
* feat(agent-engine): add support for container and custom image specs
- Add container_config to deployment_files.
- Add image_spec with build_args to source_config.
- Make agent_framework optional and document supported values.
- Implement dynamic specs for container and source deployments.
- Add examples and automated tests for new deployment types.
* chore: update Google provider version to 7.28.0 across modules
Mechanical update of versions.tf and versions.tofu files using tools/versions.py.
* feat(agent-engine): refactor for container deployments and API alignment
- Group deployment settings under 'deployment_config' (renamed from 'deployment_files').
- Support container-based deployments via 'container_config' and 'image_spec'.
- Refactor 'source_files_config' (renamed from 'source_config') to include mutually exclusive 'python_spec' and 'image_spec'.
- Support 'developer_connect_config' as a source code type.
- Group engine settings (framework, env, secrets) under 'agent_engine_config'.
- Add support for 'memory_bank_config' persistent memory.
- Overhaul reasoning engine resources with dynamic blocks to match provider schema.
- Update all documentation examples, add TOC, and refresh test inventories.
* Update dynamic python_spec block and related example yamls
* Ignore changes setting for developer_connect_source under lifecycle management
* fixing review comments for `try` and default path for `source_path`
---------
Co-authored-by: Hemanand <hemr@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
* feat(agent-engine): add support for memory bank configuration
* refactor(agent-engine): remove source_path_override and revert to standard source_path
* provider version upgrade from 7.17 to 7.27
* docs(agent-engine): fix README validation and update tables
---------
Co-authored-by: Hemanand <hemr@google.com>
* Migrate organization policy tests to standard tftest.yaml.
Remove python-hcl2 dependency and the custom python test file.
Consolidate the boolean, list, and custom constraint tests into a single `org_policies` test with a factory equivalent.
Restructure factory files into a unified `factory/` directory.
* Migrate project and folder org policy tests to standard tftest.yaml.
Replicate the organization module changes for project and folder modules:
- Remove python-hcl2 dependency usages and conftest.py.
- Remove custom python test files for org policies.
- Consolidate org policy tests into a single `org_policies` test with a factory equivalent.
- Unify factory files into a `factory/` directory.
- Remove redundant common.tfvars in folder module.
* Add factory policies directory to duplicate-diff checks.
Ensure the YAML factory files for org policies remain perfectly identical across the organization, folder, and project modules.
* Remove unused deepdiff dependency from requirements and pre-commit config.
* Add boilerplate
* fix broken link
Fixes#3819 by changing the default of `private_cluster_config` to `null` instead of an empty object, preventing the module from unintentionally generating an empty `private_cluster_config` block and treating the cluster as private when it wasn't requested.
* add ad for compute-vm refactor
* Exclue nic_type from validated fields, add split of main.tf and template.tf
* boot disk
* fix examples and fixtures
* attached disks
* fix further examples and module-level tests
* remove extra file
* fix mig examples
* finish refactoring variables
* align fast and other modules
* refactor(compute-vm): align examples and ADR with the newly implemented interface
This commit addresses the remaining references of the `instance_type` and `confidential_compute` parameters in the testing environment and updates the ADR.
* feat(compute-vm): add network_performance_config to instance and templates
This change implements the usage of the `network_performance_tier` variable we added earlier into the actual Terraform resources.
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
* fix(modules/organization): conditions ignored in tags
* fix(modules/project): conditions ignored in tags
* fix(modules/project): Tags:1 test skipped due to bad markdown block
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* docs(organization): document external IAM management for logging sinks at scale
* Update TOC
---------
Co-authored-by: Julio Castillo <jccb@google.com>
