Sandbox project creation with FAST

[skaaptjop]

Hi,
FAST stage 0/1 give us a Sandbox folder and Teams folder
Stage 2 Project Factory is then relatively straight forward to create projects in the Teams folder hierarchy.
However, how do we create a sandbox project under the Sandbox folder (by specifying the correct parent)? The permissions and service accounts used are different.

Stage 2 wants to use prefix-prod-resman-pf-0@prefix-prod-iac-core-0.iam.gserviceaccount.com as the impersonation account which has the Project Creator Role under the Teams hierarchy.

But the Sandbox folder doesn't have this service account listed. It has prexix-dev-resman-sbox-0@prefix-prod-iac-core-0.iam.gserviceaccount.com attached with the Project Creator role and not prefix-prod-resman-pf-0@ so we get a 403 error.

This must have to do with the automated providers files created and used on the 2-PF stage as opposed to the 9-sandbox-providers.tf file created in earlier stages.

[ludoo]

Good point on the prefix, we should prod remove it from the project factory default as it's a unified project factory.

[ludoo]

Reading the rest of your reply, sorry hectic day :) You have two choices:

• use the main project factory to also create projects in the sandbox, just add the context/project-factory tag to the Sandbox folder
• spin up a new project factory dedicated to sandbox projects, just clone the main project factory and link the sandbox provider file, then edit the few defaults in main.tf

We will make all this a lot easier once the resman changes we have in the pipeline go in. Thanks for reminding us that we need to provide more explicit choices, and document this stuff better. :)