* Added bucket_name for project-factory module
* Added new key attribute to projects_buckets local
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
Refactor subnets mgmt in net-vpc-factory
This commit removes the ability to define subnets inline within the VPC `.config.yaml` across `net-vpc-factory` and enforces file-based subnet definitions using the `subnets/` subdirectory pattern.
Key changes include:
- **Module Updates:** Removed standard and non-standard inline subnet arguments (`subnets`, `subnets_private_nat`, `subnets_proxy_only`, `subnets_psc`) from the factory module's internal `vpcs` instantiation.
- **Schema & Docs:** Renamed `vpc.schema.json` to `vpc-factory.schema.json`, stripping inline subnet definitions from the JSON schema, and updated the module `README.md` to reflect the new file-based only approach.
- **Stage 2 Networking Configs:** Refactored datasets to migrate inline `subnets_proxy_only` definitions into standalone files like `subnets/prod-proxy.yaml`. Added a new exported output `subnet_ips` for downstream usage.
<!--
**Breaking Changes**
```upgrade-note
`fast/stages/2-networking`: Proxy-only subnets have been renamed for consistency - unfortunately this results in a nasty create-before-destroy which needs to be handled manually (i.e. delete the existing proxy-only-subnet first, either manually or with a targeted apply, then apply again)
```
-->
Error:
com.google.apps.framework.request.StatusException: <eye3 title='INVALID_ARGUMENT'/> generic::INVALID_ARGUMENT: Invalid value for field 'resource.router': 'projects/<PREFIX>-prod-net-core-0/regions/europe-north1/routers/encrypted-vlan-attachment-b-underlay'. The Cloud Router used by PARTNER type interconnect attachments must be assigned a local ASN of '16550'
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* fix(project-factory): Correctly interpolate IAM principals in tags
Moves the processing of `tags` and `tag_bindings` from the `projects` module instance to the `projects-iam` instance.
This fixes a bug where IAM principals for automation service accounts, referenced via `$iam_principals:service_accounts/...`, were not being interpolated within `tags` IAM definitions. The `projects` module was called before the automation service account context was available, leading to the literal string being used instead of the service account email. Processing tags in the `projects-iam` module ensures the full context is available for interpolation.
Adds new tests for both the `project` and `project-factory` modules to validate the fix.
* fix(project-factory): Tag creation is now done in 2 steps.
1st step(projects): Creation of the tags without IAM bindings
2nd step(projects-iam): IAM bindings without creating the tags again
That way we are more backwards compatible as tags and tags values are back to be under module.project-factory.module.projects["*"].google_tags_tag_*
* fix(modules/project-factory): introduce fix suggested by @ludoo, fix logs
* fix(modules/project-factory): fix linting
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
This PR (re :D)introduces module net-vpc-factory, a minimal factory that deals with vpcs, subnets, and firewall rules creation, meant to be embedded into other factories, starting with 2-data-platform and 2-networking.
* - Mark maintenance_window.day as optional\n- Update validation logic to allow null values\n- Keep existing range checks when day is provided
* - Mark maintenance_window.day as optional\n- Update validation logic to allow null values\n- Keep existing range checks when day is provided
* updated the Readme
* refactor maintenance config day validation for cloud sql instance
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* refactor(net-lb-app-ext): improve configurability and resource references
- Allow overriding names for backend buckets and instance groups
- Add optional per-group description with default value
- Use self_link for instance group backend references
- Fix HTTP proxy name to use http_proxy_config
* reverted the instance group reference in backend service back to id instead of self link
* updated all the lb modules for unmanaged instance groups to have flexible names and proper refactorization of http_proxy_cofig in each module
* removed the description variable
* updated the readme.md for the net-lb-app-ext-regional module
* fixed the linting error for the change in versions.tf
---------
Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* feat(logging-bucket): support locked parameter for project parent types
- Add locked parameter to project bucket resources with default value of false.
* fixed the linting error, added the validation for project level bucket only and removed the nullable constraint
A persistent diff was occurring for Docker artifact registries where `immutable_tags` was set to `false`. On every `terraform plan`, Terraform would propose changing `immutable_tags` from `false` to `null`.
This was caused by the `for_each` condition in the `docker_config` dynamic block, which only created the block if `immutable_tags` was explicitly set to `true`.
The condition has been updated to check if `immutable_tags` is not null (`!= null`) instead of checking if it is true (`== true`). This ensures the `docker_config` block is correctly generated for both `true` and `false` values, aligning the configuration with the resource's state and eliminating the persistent diff.
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
