* add ad for compute-vm refactor
* Exclue nic_type from validated fields, add split of main.tf and template.tf
* boot disk
* fix examples and fixtures
* attached disks
* fix further examples and module-level tests
* remove extra file
* fix mig examples
* finish refactoring variables
* align fast and other modules
* refactor(compute-vm): align examples and ADR with the newly implemented interface
This commit addresses the remaining references of the `instance_type` and `confidential_compute` parameters in the testing environment and updates the ADR.
* feat(compute-vm): add network_performance_config to instance and templates
This change implements the usage of the `network_performance_tier` variable we added earlier into the actual Terraform resources.
---------
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
* fix(project-factory): Correctly interpolate IAM principals in tags
Moves the processing of `tags` and `tag_bindings` from the `projects` module instance to the `projects-iam` instance.
This fixes a bug where IAM principals for automation service accounts, referenced via `$iam_principals:service_accounts/...`, were not being interpolated within `tags` IAM definitions. The `projects` module was called before the automation service account context was available, leading to the literal string being used instead of the service account email. Processing tags in the `projects-iam` module ensures the full context is available for interpolation.
Adds new tests for both the `project` and `project-factory` modules to validate the fix.
* fix(project-factory): Tag creation is now done in 2 steps.
1st step(projects): Creation of the tags without IAM bindings
2nd step(projects-iam): IAM bindings without creating the tags again
That way we are more backwards compatible as tags and tags values are back to be under module.project-factory.module.projects["*"].google_tags_tag_*
* fix(modules/project-factory): introduce fix suggested by @ludoo, fix logs
* fix(modules/project-factory): fix linting
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* add support for pubsub to project factory
* remove duplicate data access log definitions from folders
* tfdoc
* schemas
* fix example
* add pubsub topics context to org in stage 0
* module-level support
* fast stage 0
* fix inventory, add outputs/tfvars
* wip
* project factory
* pf outputs
* iam templates will be added where ci/cd configs are managed
* fix merge conflicts
* Adding hardened datasets for preventive and detective Compliance Controls in stage 0 and stage 1 VPC-SC
* Move observability to factory file
* Update documentation
* Update local variable for use
* Update observability factory to use other module
* Add raw diagram file for hardened datasets
* Retrofit change
* Rename log_buckets context variable to be consistent across modules
* Update stage 0 documentation to mention hardened dataset
* Update customer ids list
* Update documentation, path to schema add ID to access level
* Comment organization policy gcp.resourceLocation by default
* Prevent duplicate key error by merging principal roles
* Adding ngfw roles files in hardened datasets
* Update script to validate files differences to support folder and datasets
* Format duplicate-diff python script
* Remove .config.yaml from duplicates
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
