feat(governance): support custom parent folder ID for resource manage…

src/README.md

@@ -4,9 +4,9 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.10 |
-| <a name="requirement_stackit"></a> [stackit](#requirement\_stackit) | 0.93.0 |
-| <a name="requirement_time"></a> [time](#requirement\_time) | 0.13.1 |
-| <a name="requirement_vault"></a> [vault](#requirement\_vault) | 5.7.0 |
+| <a name="requirement_stackit"></a> [stackit](#requirement\_stackit) | 0.96.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | 0.14.0 |
+| <a name="requirement_vault"></a> [vault](#requirement\_vault) | 5.9.0 |
 
 ## Providers
 
@@ -43,7 +43,8 @@ No resources.
 | <a name="input_organization_owners"></a> [organization\_owners](#input\_organization\_owners) | List of organization owners. | `list(string)` | `[]` | no |
 | <a name="input_owner_email"></a> [owner\_email](#input\_owner\_email) | Email address of the owner. Required for STACKIT resource manager. | `string` | n/a | yes |
 | <a name="input_region"></a> [region](#input\_region) | STACKIT region for regional resources. | `string` | `"eu01"` | no |
-| <a name="input_rm_folders"></a> [rm\_folders](#input\_rm\_folders) | Map of resource manager folders to create under the root organization. | <pre>map(object({<br/>    name          = string<br/>    description   = optional(string, null)<br/>    owner_emails  = list(string)<br/>    reader_emails = list(string)<br/>  }))</pre> | <pre>{<br/>  "landing_zones_corporate": {<br/>    "name": "Landing Zones - Corporate 4",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "landing_zones_public": {<br/>    "name": "Landing Zones - Public 4",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "platform": {<br/>    "name": "Platform 4",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "sandboxes": {<br/>    "name": "Sandboxes 4",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  }<br/>}</pre> | no |
+| <a name="input_rm_folder_parent_id"></a> [rm\_folder\_parent\_id](#input\_rm\_folder\_parent\_id) | ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization. | `string` | `null` | no |
+| <a name="input_rm_folders"></a> [rm\_folders](#input\_rm\_folders) | Map of resource manager folders to create under the root organization. | <pre>map(object({<br/>    name          = string<br/>    description   = optional(string, null)<br/>    owner_emails  = list(string)<br/>    reader_emails = list(string)<br/>  }))</pre> | <pre>{<br/>  "landing_zones_corporate": {<br/>    "name": "Landing Zones - Corporate",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "landing_zones_public": {<br/>    "name": "Landing Zones - Public",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "platform": {<br/>    "name": "Platform",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "sandboxes": {<br/>    "name": "Sandboxes",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  }<br/>}</pre> | no |
 | <a name="input_sandboxes"></a> [sandboxes](#input\_sandboxes) | List of sandboxes to create. | <pre>list(object({<br/>    project_name        = string<br/>    owner_emails        = optional(list(string))<br/>    project_owner_email = string<br/>  }))</pre> | `[]` | no |
 
 ## Outputs

src/main.tf

@@ -7,6 +7,7 @@ module "governance" {
 
   owner_email           = var.owner_email
   organization_id       = var.organization_id
+  rm_folder_parent_id   = var.rm_folder_parent_id
   labels                = var.labels
   organization_owners   = var.organization_owners
   organization_auditors = var.organization_auditors

src/modules/governance/1-rm-folders.tf

@@ -30,7 +30,7 @@ resource "stackit_resourcemanager_folder" "this" {
   for_each = var.rm_folders
 
   name                = each.value.name
-  parent_container_id = var.organization_id
+  parent_container_id = var.rm_folder_parent_id != null ? var.rm_folder_parent_id : var.organization_id
   owner_email         = var.owner_email
   # labels              = length(var.labels) > 0 ? var.labels : null # provider bug: empty map becomes null after apply
 

src/modules/governance/README.md

@@ -38,6 +38,7 @@ No modules.
 | <a name="input_organization_id"></a> [organization\_id](#input\_organization\_id) | Container ID of the root folder or organization under which the company folder will be created. | `string` | n/a | yes |
 | <a name="input_organization_owners"></a> [organization\_owners](#input\_organization\_owners) | List of organization role assignments for organization owners. | `list(string)` | `[]` | no |
 | <a name="input_owner_email"></a> [owner\_email](#input\_owner\_email) | Email address of the owner for the folders. Required for STACKIT resource manager. | `string` | n/a | yes |
+| <a name="input_rm_folder_parent_id"></a> [rm\_folder\_parent\_id](#input\_rm\_folder\_parent\_id) | ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization. | `string` | `null` | no |
 | <a name="input_rm_folders"></a> [rm\_folders](#input\_rm\_folders) | Map of folder keys to folder configuration. Each folder has a display name and optional lists of owner and reader subjects. | <pre>map(object({<br/>    name          = string<br/>    owner_emails  = optional(list(string), [])<br/>    reader_emails = optional(list(string), [])<br/>  }))</pre> | <pre>{<br/>  "landing_zones_corporate": {<br/>    "name": "Landing Zones - Corporate",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "landing_zones_public": {<br/>    "name": "Landing Zones - Public",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "platform": {<br/>    "name": "Platform",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  },<br/>  "sandbox": {<br/>    "name": "Sandboxes",<br/>    "owner_emails": [],<br/>    "reader_emails": []<br/>  }<br/>}</pre> | no |
 
 ## Outputs

src/modules/governance/variables.tf

@@ -39,7 +39,13 @@
   }
 }
 
+variable "rm_folder_parent_id" {
+  type        = string
+  description = "ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization."
+  default     = null
+}
+
 variable "labels" {
   type        = map(string)
   description = "Additional labels to apply to all folders."
   default     = {}

src/variables.tf

@@ -22,6 +22,12 @@ variable "organization_id" {
   description = "Container ID of the root organization."
 }
 
+variable "rm_folder_parent_id" {
+  type        = string
+  description = "ID of the parent folder under which the resource manager folders will be created. If not provided, the resource manager folders will be created under the organization."
+  default     = null
+}
+
 variable "region" {
   type        = string
   description = "STACKIT region for regional resources."