Error:
com.google.apps.framework.request.StatusException: <eye3 title='INVALID_ARGUMENT'/> generic::INVALID_ARGUMENT: Invalid value for field 'resource.router': 'projects/<PREFIX>-prod-net-core-0/regions/europe-north1/routers/encrypted-vlan-attachment-b-underlay'. The Cloud Router used by PARTNER type interconnect attachments must be assigned a local ASN of '16550'
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* fix(project-factory): Correctly interpolate IAM principals in tags
Moves the processing of `tags` and `tag_bindings` from the `projects` module instance to the `projects-iam` instance.
This fixes a bug where IAM principals for automation service accounts, referenced via `$iam_principals:service_accounts/...`, were not being interpolated within `tags` IAM definitions. The `projects` module was called before the automation service account context was available, leading to the literal string being used instead of the service account email. Processing tags in the `projects-iam` module ensures the full context is available for interpolation.
Adds new tests for both the `project` and `project-factory` modules to validate the fix.
* fix(project-factory): Tag creation is now done in 2 steps.
1st step(projects): Creation of the tags without IAM bindings
2nd step(projects-iam): IAM bindings without creating the tags again
That way we are more backwards compatible as tags and tags values are back to be under module.project-factory.module.projects["*"].google_tags_tag_*
* fix(modules/project-factory): introduce fix suggested by @ludoo, fix logs
* fix(modules/project-factory): fix linting
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
This PR (re :D)introduces module net-vpc-factory, a minimal factory that deals with vpcs, subnets, and firewall rules creation, meant to be embedded into other factories, starting with 2-data-platform and 2-networking.
* - Mark maintenance_window.day as optional\n- Update validation logic to allow null values\n- Keep existing range checks when day is provided
* - Mark maintenance_window.day as optional\n- Update validation logic to allow null values\n- Keep existing range checks when day is provided
* updated the Readme
* refactor maintenance config day validation for cloud sql instance
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* refactor(net-lb-app-ext): improve configurability and resource references
- Allow overriding names for backend buckets and instance groups
- Add optional per-group description with default value
- Use self_link for instance group backend references
- Fix HTTP proxy name to use http_proxy_config
* reverted the instance group reference in backend service back to id instead of self link
* updated all the lb modules for unmanaged instance groups to have flexible names and proper refactorization of http_proxy_cofig in each module
* removed the description variable
* updated the readme.md for the net-lb-app-ext-regional module
* fixed the linting error for the change in versions.tf
---------
Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* feat(logging-bucket): support locked parameter for project parent types
- Add locked parameter to project bucket resources with default value of false.
* fixed the linting error, added the validation for project level bucket only and removed the nullable constraint
A persistent diff was occurring for Docker artifact registries where `immutable_tags` was set to `false`. On every `terraform plan`, Terraform would propose changing `immutable_tags` from `false` to `null`.
This was caused by the `for_each` condition in the `docker_config` dynamic block, which only created the block if `immutable_tags` was explicitly set to `true`.
The condition has been updated to check if `immutable_tags` is not null (`!= null`) instead of checking if it is true (`== true`). This ensures the `docker_config` block is correctly generated for both `true` and `false` values, aligning the configuration with the resource's state and eliminating the persistent diff.
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* fixed bug where label field is ignored for policy based routes
* Fix example and inventory
* Add missing schema
---------
Co-authored-by: Julio Castillo <jccb@google.com>
* feat: Implement target secure tags for hierarchical firewall policies by integrating tag values and refining tag purpose data.
* docs: update variable
