FAST: add support for project parents to bootstrap stage

fast/stages/00-bootstrap/README.md

@@ -473,6 +473,7 @@ The remaining configuration is manual, as it regards the repositories themselves
 | [iam_additive](variables.tf#L146) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 | [log_sinks](variables.tf#L154) | Org-level log sinks, in name => {type, filter} format. | <code title="map&#40;object&#40;&#123;&#10;  filter &#61; string&#10;  type   &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code title="&#123;&#10;  audit-logs &#61; &#123;&#10;    filter &#61; &#34;logName:&#92;&#34;&#47;logs&#47;cloudaudit.googleapis.com&#37;2Factivity&#92;&#34; OR logName:&#92;&#34;&#47;logs&#47;cloudaudit.googleapis.com&#37;2Fsystem_event&#92;&#34;&#34;&#10;    type   &#61; &#34;bigquery&#34;&#10;  &#125;&#10;  vpc-sc &#61; &#123;&#10;    filter &#61; &#34;protoPayload.metadata.&#64;type&#61;&#92;&#34;type.googleapis.com&#47;google.cloud.audit.VpcServiceControlAuditMetadata&#92;&#34;&#34;&#10;    type   &#61; &#34;bigquery&#34;&#10;  &#125;&#10;&#125;">&#123;&#8230;&#125;</code> |  |
 | [outputs_location](variables.tf#L188) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> |  | <code>null</code> |  |
+| [project_parents](variables.tf#L204) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | <code title="object&#40;&#123;&#10;  automation &#61; string&#10;  billing    &#61; string&#10;  logging    &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  automation &#61; null&#10;  billing    &#61; null&#10;  logging    &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> |  |
 
 ## Outputs
 

fast/stages/00-bootstrap/automation.tf

@@ -20,8 +20,10 @@ module "automation-project" {
   source          = "../../../modules/project"
   billing_account = var.billing_account.id
   name            = "iac-core-0"
-  parent          = "organizations/${var.organization.id}"
-  prefix          = local.prefix
+  parent = coalesce(
+    var.project_parents.automation, "organizations/${var.organization.id}"
+  )
+  prefix = local.prefix
   # human (groups) IAM bindings
   group_iam = {
     (local.groups.gcp-devops) = [

fast/stages/00-bootstrap/billing.tf

@@ -33,8 +33,10 @@ module "billing-export-project" {
   count           = local.billing_org ? 1 : 0
   billing_account = var.billing_account.id
   name            = "billing-exp-0"
-  parent          = "organizations/${var.organization.id}"
-  prefix          = local.prefix
+  parent = coalesce(
+    var.project_parents.billing, "organizations/${var.organization.id}"
+  )
+  prefix = local.prefix
   iam = {
     "roles/owner" = [module.automation-tf-bootstrap-sa.iam_email]
   }

fast/stages/00-bootstrap/log-export.tf

@@ -21,9 +21,11 @@ locals {
 }
 
 module "log-export-project" {
-  source          = "../../../modules/project"
-  name            = "audit-logs-0"
-  parent          = "organizations/${var.organization.id}"
+  source = "../../../modules/project"
+  name   = "audit-logs-0"
+  parent = coalesce(
+    var.project_parents.logging, "organizations/${var.organization.id}"
+  )
   prefix          = local.prefix
   billing_account = var.billing_account.id
   iam = {

fast/stages/00-bootstrap/variables.tf

@@ -200,3 +200,18 @@ variable "prefix" {
     error_message = "Use a maximum of 9 characters for prefix."
   }
 }
+
+variable "project_parents" {
+  description = "Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent."
+  type = object({
+    automation = string
+    billing    = string
+    logging    = string
+  })
+  default = {
+    automation = null
+    billing    = null
+    logging    = null
+  }
+  nullable = false
+}