From 4cbacaed2e7862e5149fd1c03195fe1dcf3ccf5c Mon Sep 17 00:00:00 2001 From: Matthias Hauber Date: Tue, 2 Jun 2026 15:12:34 +0200 Subject: [PATCH 1/3] feat(governance): support custom parent folder ID for resource manager folders --- src/modules/governance/1-rm-folders.tf | 2 +- src/modules/governance/README.md | 1 + src/modules/governance/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/modules/governance/1-rm-folders.tf b/src/modules/governance/1-rm-folders.tf index df3800e..186422c 100644 --- a/src/modules/governance/1-rm-folders.tf +++ b/src/modules/governance/1-rm-folders.tf @@ -30,7 +30,7 @@ resource "stackit_resourcemanager_folder" "this" { for_each = var.rm_folders name = each.value.name - parent_container_id = var.organization_id + parent_container_id = var.rm_folder_parent_id != null ? var.rm_folder_parent_id : var.organization_id owner_email = var.owner_email # labels = length(var.labels) > 0 ? var.labels : null # provider bug: empty map becomes null after apply diff --git a/src/modules/governance/README.md b/src/modules/governance/README.md index 2bfd363..d0e92f8 100644 --- a/src/modules/governance/README.md +++ b/src/modules/governance/README.md @@ -38,6 +38,7 @@ No modules. | [organization\_id](#input\_organization\_id) | Container ID of the root folder or organization under which the company folder will be created. | `string` | n/a | yes | | [organization\_owners](#input\_organization\_owners) | List of organization role assignments for organization owners. | `list(string)` | `[]` | no | | [owner\_email](#input\_owner\_email) | Email address of the owner for the folders. Required for STACKIT resource manager. | `string` | n/a | yes | +| [rm\_folder\_parent\_id](#input\_rm\_folder\_parent\_id) | ID of the parent folder under which the company folder will be created. If not provided, the company folder will be created under the organization. | `string` | `null` | no | | [rm\_folders](#input\_rm\_folders) | Map of folder keys to folder configuration. Each folder has a display name and optional lists of owner and reader subjects. | 
map(object({
    name          = string
    owner_emails  = optional(list(string), [])
    reader_emails = optional(list(string), [])
  }))
| 
{
  "landing_zones_corporate": {
    "name": "Landing Zones - Corporate",
    "owner_emails": [],
    "reader_emails": []
  },
  "landing_zones_public": {
    "name": "Landing Zones - Public",
    "owner_emails": [],
    "reader_emails": []
  },
  "platform": {
    "name": "Platform",
    "owner_emails": [],
    "reader_emails": []
  },
  "sandbox": {
    "name": "Sandboxes",
    "owner_emails": [],
    "reader_emails": []
  }
}
| no | ## Outputs diff --git a/src/modules/governance/variables.tf b/src/modules/governance/variables.tf index 61d6ed7..2bdb72b 100644 --- a/src/modules/governance/variables.tf +++ b/src/modules/governance/variables.tf @@ -39,6 +39,12 @@ variable "rm_folders" { } } +variable "rm_folder_parent_id" { + type = string + description = "ID of the parent folder under which the company folder will be created. If not provided, the company folder will be created under the organization." + default = null +} + variable "labels" { type = map(string) description = "Additional labels to apply to all folders." From b5a7855fab064d1c51bb82e9e4d1024ba5a15db2 Mon Sep 17 00:00:00 2001 From: Matthias Hauber Date: Tue, 2 Jun 2026 15:18:56 +0200 Subject: [PATCH 2/3] feat(governance): add rm_folder_parent_id variable for custom folder management --- src/main.tf | 1 + src/variables.tf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/src/main.tf b/src/main.tf index 8469371..ac739bc 100644 --- a/src/main.tf +++ b/src/main.tf @@ -7,6 +7,7 @@ module "governance" { owner_email = var.owner_email organization_id = var.organization_id + rm_folder_parent_id = var.rm_folder_parent_id labels = var.labels organization_owners = var.organization_owners organization_auditors = var.organization_auditors diff --git a/src/variables.tf b/src/variables.tf index 8e264b1..c4c627b 100644 --- a/src/variables.tf +++ b/src/variables.tf @@ -22,6 +22,12 @@ variable "organization_id" { description = "Container ID of the root organization." } +variable "rm_folder_parent_id" { + type = string + description = "ID of the parent folder under which the company folder will be created. If not provided, the company folder will be created under the organization." + default = null +} + variable "region" { type = string description = "STACKIT region for regional resources." From 99c8b66cfabf505e262cf86c0f0223009add9b63 Mon Sep 17 00:00:00 2001 From: Matthias Hauber Date: Tue, 2 Jun 2026 15:22:45 +0200 Subject: [PATCH 3/3] feat(governance): update rm_folder_parent_id description for clarity in README and variables --- src/README.md | 9 +++++---- src/modules/governance/README.md | 2 +- src/modules/governance/variables.tf | 2 +- src/variables.tf | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/README.md b/src/README.md index 4de9df0..a12acd8 100644 --- a/src/README.md +++ b/src/README.md @@ -4,9 +4,9 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.10 | -| [stackit](#requirement\_stackit) | 0.93.0 | -| [time](#requirement\_time) | 0.13.1 | -| [vault](#requirement\_vault) | 5.7.0 | +| [stackit](#requirement\_stackit) | 0.96.0 | +| [time](#requirement\_time) | 0.14.0 | +| [vault](#requirement\_vault) | 5.9.0 | ## Providers @@ -43,7 +43,8 @@ No resources. | [organization\_owners](#input\_organization\_owners) | List of organization owners. | `list(string)` | `[]` | no | | [owner\_email](#input\_owner\_email) | Email address of the owner. Required for STACKIT resource manager. | `string` | n/a | yes | | [region](#input\_region) | STACKIT region for regional resources. | `string` | `"eu01"` | no | -| [rm\_folders](#input\_rm\_folders) | Map of resource manager folders to create under the root organization. | 
map(object({
    name          = string
    description   = optional(string, null)
    owner_emails  = list(string)
    reader_emails = list(string)
  }))
| 
{
  "landing_zones_corporate": {
    "name": "Landing Zones - Corporate 4",
    "owner_emails": [],
    "reader_emails": []
  },
  "landing_zones_public": {
    "name": "Landing Zones - Public 4",
    "owner_emails": [],
    "reader_emails": []
  },
  "platform": {
    "name": "Platform 4",
    "owner_emails": [],
    "reader_emails": []
  },
  "sandboxes": {
    "name": "Sandboxes 4",
    "owner_emails": [],
    "reader_emails": []
  }
}
| no | +| [rm\_folder\_parent\_id](#input\_rm\_folder\_parent\_id) | ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization. | `string` | `null` | no | +| [rm\_folders](#input\_rm\_folders) | Map of resource manager folders to create under the root organization. | 
map(object({
    name          = string
    description   = optional(string, null)
    owner_emails  = list(string)
    reader_emails = list(string)
  }))
| 
{
  "landing_zones_corporate": {
    "name": "Landing Zones - Corporate",
    "owner_emails": [],
    "reader_emails": []
  },
  "landing_zones_public": {
    "name": "Landing Zones - Public",
    "owner_emails": [],
    "reader_emails": []
  },
  "platform": {
    "name": "Platform",
    "owner_emails": [],
    "reader_emails": []
  },
  "sandboxes": {
    "name": "Sandboxes",
    "owner_emails": [],
    "reader_emails": []
  }
}
| no | | [sandboxes](#input\_sandboxes) | List of sandboxes to create. | 
list(object({
    project_name        = string
    owner_emails        = optional(list(string))
    project_owner_email = string
  }))
| `[]` | no | ## Outputs diff --git a/src/modules/governance/README.md b/src/modules/governance/README.md index d0e92f8..516e3ab 100644 --- a/src/modules/governance/README.md +++ b/src/modules/governance/README.md @@ -38,7 +38,7 @@ No modules. | [organization\_id](#input\_organization\_id) | Container ID of the root folder or organization under which the company folder will be created. | `string` | n/a | yes | | [organization\_owners](#input\_organization\_owners) | List of organization role assignments for organization owners. | `list(string)` | `[]` | no | | [owner\_email](#input\_owner\_email) | Email address of the owner for the folders. Required for STACKIT resource manager. | `string` | n/a | yes | -| [rm\_folder\_parent\_id](#input\_rm\_folder\_parent\_id) | ID of the parent folder under which the company folder will be created. If not provided, the company folder will be created under the organization. | `string` | `null` | no | +| [rm\_folder\_parent\_id](#input\_rm\_folder\_parent\_id) | ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization. | `string` | `null` | no | | [rm\_folders](#input\_rm\_folders) | Map of folder keys to folder configuration. Each folder has a display name and optional lists of owner and reader subjects. | 
map(object({
    name          = string
    owner_emails  = optional(list(string), [])
    reader_emails = optional(list(string), [])
  }))
| 
{
  "landing_zones_corporate": {
    "name": "Landing Zones - Corporate",
    "owner_emails": [],
    "reader_emails": []
  },
  "landing_zones_public": {
    "name": "Landing Zones - Public",
    "owner_emails": [],
    "reader_emails": []
  },
  "platform": {
    "name": "Platform",
    "owner_emails": [],
    "reader_emails": []
  },
  "sandbox": {
    "name": "Sandboxes",
    "owner_emails": [],
    "reader_emails": []
  }
}
| no | ## Outputs diff --git a/src/modules/governance/variables.tf b/src/modules/governance/variables.tf index 2bdb72b..b98f8cb 100644 --- a/src/modules/governance/variables.tf +++ b/src/modules/governance/variables.tf @@ -41,7 +41,7 @@ variable "rm_folders" { variable "rm_folder_parent_id" { type = string - description = "ID of the parent folder under which the company folder will be created. If not provided, the company folder will be created under the organization." + description = "ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization." default = null } diff --git a/src/variables.tf b/src/variables.tf index c4c627b..7163f4f 100644 --- a/src/variables.tf +++ b/src/variables.tf @@ -24,7 +24,7 @@ variable "organization_id" { variable "rm_folder_parent_id" { type = string - description = "ID of the parent folder under which the company folder will be created. If not provided, the company folder will be created under the organization." + description = "ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization." default = null }