hashicorp · dmalch-hashicorp · May 23, 2023 · Jan 30, 2023 · Feb 1, 2023 · Feb 6, 2023
@@ -0,0 +1,3 @@
+```release-note:feature
+Enable multi-project at provider level.
+```
@@ -30,6 +30,7 @@ data "hcp_aws_network_peering" "test" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the network peering is located. Always matches the HVN's project.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 - `wait_for_active_state` (Boolean) If `true`, Terraform will wait for the network peering to reach an `ACTIVE` state before continuing. Default `false`.
 
@@ -42,7 +43,6 @@ data "hcp_aws_network_peering" "test" {
 - `peer_account_id` (String) The account ID of the peer VPC in AWS.
 - `peer_vpc_id` (String) The ID of the peer VPC in AWS.
 - `peer_vpc_region` (String) The region of the peer VPC in AWS.
-- `project_id` (String) The ID of the HCP project where the network peering is located. Always matches the HVN's project.
 - `provider_peering_id` (String) The peering connection ID used by AWS.
 - `self_link` (String) A unique URL identifying the network peering.
 - `state` (String) The state of the network peering.

@@ -29,6 +29,7 @@ data "hcp_aws_transit_gateway_attachment" "test" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the transit gateway attachment is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 - `wait_for_active_state` (Boolean) If `true`, Terraform will wait for the transit gateway attachment to reach an `ACTIVE` state before continuing. Default `false`.
 
@@ -38,7 +39,6 @@ data "hcp_aws_transit_gateway_attachment" "test" {
 - `expires_at` (String) The time after which the transit gateway attachment will be considered expired if it hasn't transitioned into `ACCEPTED` or `ACTIVE` state.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the transit gateway attachment is located. Always matches the HVN's organization.
-- `project_id` (String) The ID of the HCP project where the transit gateway attachment is located. Always matches the HVN's project.
 - `provider_transit_gateway_attachment_id` (String) The transit gateway attachment ID used by AWS.
 - `self_link` (String) A unique URL identifying the transit gateway attachment.
 - `state` (String) The state of the transit gateway attachment.

@@ -27,6 +27,7 @@ data "hcp_boundary_cluster" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the Boundary cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

@@ -30,6 +30,7 @@ data "hcp_consul_agent_helm_config" "example" {
 ### Optional
 
 - `expose_gossip_ports` (Boolean) Denotes that the gossip ports should be exposed.
+- `project_id` (String) The ID of the HCP project where the HCP Consul cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

@@ -27,6 +27,7 @@ data "hcp_consul_agent_kubernetes_secret" "test" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HCP Consul cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

@@ -27,6 +27,7 @@ data "hcp_consul_cluster" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HCP Consul cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -48,7 +49,6 @@ data "hcp_consul_cluster" "example" {
 - `ip_allowlist` (List of Object) Allowed IPV4 address ranges (CIDRs) for inbound traffic. Each entry must be a unique CIDR. Maximum 3 CIDRS supported at this time. (see [below for nested schema](#nestedatt--ip_allowlist))
 - `organization_id` (String) The ID of the organization the project for this HCP Consul cluster is located.
 - `primary_link` (String) The `self_link` of the HCP Consul cluster which is the primary in the federation setup with this HCP Consul cluster. If not specified, it is a standalone cluster.
-- `project_id` (String) The ID of the project this HCP Consul cluster is located.
 - `public_endpoint` (Boolean) Denotes that the cluster has a public endpoint for the Consul UI. Defaults to false.
 - `region` (String) The region where the HCP Consul cluster is located.
 - `scale` (Number) The the number of Consul server nodes in the cluster.

@@ -27,6 +27,7 @@ data "hcp_hvn" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HVN is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -36,7 +37,6 @@ data "hcp_hvn" "example" {
 - `created_at` (String) The time that the HVN was created.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the HVN is located.
-- `project_id` (String) The ID of the HCP project where the HVN is located.
 - `provider_account_id` (String) The provider account ID where the HVN is located.
 - `region` (String) The region where the HVN is located.
 - `self_link` (String) A unique URL identifying the HVN.

@@ -31,6 +31,7 @@ data "hcp_hvn_peering_connection" "test" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HVN peering connection is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -39,7 +40,6 @@ data "hcp_hvn_peering_connection" "test" {
 - `expires_at` (String) The time after which the peering connection will be considered expired if it hasn't transitioned into `ACCEPTED` or `ACTIVE` state.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the peering connection is located. Always matches the HVNs' organization.
-- `project_id` (String) The ID of the HCP project where the peering connection is located. Always matches the HVNs' project.
 - `self_link` (String) A unique URL identifying the peering connection
 - `state` (String) The state of the HVN peering connection.
 

@@ -29,6 +29,7 @@ data "hcp_hvn_route" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HVN route is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

@@ -75,6 +75,7 @@ output "packer-registry-ubuntu-west-1" {
 - `channel` (String) The channel that points to the version of the image being retrieved. Either this or `iteration_id` must be specified. Note: will incur a billable request
 - `component_type` (String) Name of the builder that built this image. Ex: `amazon-ebs.example`.
 - `iteration_id` (String) The iteration from which to get the image. Either this or `channel` must be specified.
+- `project_id` (String) The ID of the HCP project where the HCP Packer Registry image is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -86,7 +87,6 @@ output "packer-registry-ubuntu-west-1" {
 - `labels` (Map of String) Labels associated with this build.
 - `organization_id` (String) The ID of the organization this HCP Packer registry is located in.
 - `packer_run_uuid` (String) UUID of this build.
-- `project_id` (String) The ID of the project this HCP Packer registry is located in.
 - `revoke_at` (String) The revocation time of this build. This field will be null for any build that has not been revoked or scheduled for revocation.
 
 <a id="nestedblock--timeouts"></a>

@@ -28,6 +28,7 @@ data "hcp_packer_iteration" "hardened-source" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HCP Packer Registry is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -38,7 +39,6 @@ data "hcp_packer_iteration" "hardened-source" {
 - `id` (String) The ID of this resource.
 - `incremental_version` (Number) Incremental version of this iteration
 - `organization_id` (String) The ID of the organization this HCP Packer registry is located in.
-- `project_id` (String) The ID of the project this HCP Packer registry is located in.
 - `revoke_at` (String) The revocation time of this iteration. This field will be null for any iteration that has not been revoked or scheduled for revocation.
 - `ulid` (String) The ULID of this iteration.
 - `updated_at` (String) Time this build was last updated.

@@ -27,6 +27,7 @@ data "hcp_vault_cluster" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the Vault cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -43,7 +44,6 @@ data "hcp_vault_cluster" "example" {
 - `organization_id` (String) The ID of the organization this HCP Vault cluster is located in.
 - `paths_filter` (List of String) The performance replication [paths filter](https://developer.hashicorp.com/vault/tutorials/cloud-ops/vault-replication-terraform#review-hcpvault-tf). Applies to performance replication secondaries only and operates in "deny" mode only.
 - `primary_link` (String) The `self_link` of the HCP Vault Plus tier cluster which is the primary in the performance replication setup with this HCP Vault Plus tier cluster. If not specified, it is a standalone Plus tier HCP Vault cluster.
-- `project_id` (String) The ID of the project this HCP Vault cluster is located in.
 - `public_endpoint` (Boolean) Denotes that the cluster has a public endpoint. Defaults to false.
 - `region` (String) The region where the HCP Vault cluster is located.
 - `self_link` (String) A unique URL identifying the Vault cluster.

@@ -0,0 +1,93 @@
+---
+subcategory: ""
+page_title: "Multi-Project Migration Guide - HCP Provider"
+description: |-
+    A guide to migrating HCP resources to multiple projects.
+---
+
+# Multi-project Migration Guide
+
+HCP now supports multiple projects. You may migrate your HCP Terraform configuration in the following ways.
+
+-> **Note:** Resources cannot be moved to new projects. Changing a resource's project will force its recreation. Before creating additional projects, we recommend configuring the current sole project as the provider's default project to ensure no recreation occurs.
+
+## 1. Default to oldest project (no change required)
+
+The HVN in this example will be created in the sole existing project, or if there is more than one project, the oldest project.
+
+```terraform
+provider "hcp" {}
+
+resource "hcp_hvn" "test" {
+  hvn_id         = "test-hvn"
+  cloud_provider = "aws"
+  region         = "us-west-2"
+}
+```
+
+## 2. Configure a default project on provider
+
+The HVN in this example will be created in the project configured at the provider level.
+
+```terraform
+provider "hcp" {
+  project_id = "f709ec73-55d4-46d8-897d-816ebba28778"
+}
+
+resource "hcp_hvn" "test" {
+  hvn_id         = "test-hvn"
+  cloud_provider = "aws"
+  region         = "us-west-2"
+}
+```
+
+## 3. Configure projects on resource
+
+The HVN will be created in its configured project, while the HCP Consul cluster will be created in its different configured project. 
+Since no project is configured on the provider, the default project will be the oldest project.
+
+```terraform
+provider "hcp" {}
+
+resource "hcp_hvn" "test" {
+  hvn_id         = "test-hvn"
+  project_id     = "f709ec73-55d4-46d8-897d-816ebba28778"
+  cloud_provider = "aws"
+  region         = "us-west-2"
+}
+
+resource "hcp_consul_cluster" "consul_cluster" {
+  cluster_id = "test-cluster"
+  hvn_id     = hcp_hvn.test.hvn_id
+  project_id = "0f8c263e-8eb4-4a7f-a0cc-7e476afb9fd2"
+  tier       = "development"
+}
+```
+
+### Override provider project with resource project
+
+Projects may be set at both the resource and provider level. The resource-configured project is always preferred over the provider-configured project.
+
+```terraform
+provider "hcp" {
+  project_id = "f709ec73-55d4-46d8-897d-816ebba28778"
+}
+
+# This HVN will be created in the project "0f8c263e-8eb4-4a7f-a0cc-7e476afb9fd2"
+resource "hcp_hvn" "test" {
+  hvn_id         = "test-hvn"
+  project_id     = "0f8c263e-8eb4-4a7f-a0cc-7e476afb9fd2"
+  cloud_provider = "aws"
+  region         = "us-west-2"
+}
+```
+
+## Imports
+
+If no project is configured at the provider level, imported resources must include their project ID to ensure uniqueness.
+
+```shell
+# terraform import {resource_type}.{resource_name} {project_id}:{hvn_id}
+
+$ terraform import hcp_hvn.test f709ec73-55d4-46d8-897d-816ebba28778:test-hvn
+```
@@ -124,5 +124,6 @@ resource "hcp_vault_cluster" "example" {
 
 - `client_id` (String) The OAuth2 Client ID for API operations.
 - `client_secret` (String) The OAuth2 Client Secret for API operations.
+- `project_id` (String) The default project in which resources should be created.
 
 For more information about HCP, please review our [documentation page](https://cloud.hashicorp.com/docs/hcp).
@@ -66,6 +66,7 @@ resource "aws_vpc_peering_connection_accepter" "peer" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the network peering is located. Always matches the HVN's project.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -74,7 +75,6 @@ resource "aws_vpc_peering_connection_accepter" "peer" {
 - `expires_at` (String) The time after which the network peering will be considered expired if it hasn't transitioned into `ACCEPTED` or `ACTIVE` state.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the network peering is located. Always matches the HVN's organization.
-- `project_id` (String) The ID of the HCP project where the network peering is located. Always matches the HVN's project.
 - `provider_peering_id` (String) The peering connection ID used by AWS.
 - `self_link` (String) A unique URL identifying the network peering.
 - `state` (String) The state of the network peering.

@@ -86,6 +86,7 @@ resource "aws_ec2_transit_gateway_vpc_attachment_accepter" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the transit gateway attachment is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -94,7 +95,6 @@ resource "aws_ec2_transit_gateway_vpc_attachment_accepter" "example" {
 - `expires_at` (String) The time after which the transit gateway attachment will be considered expired if it hasn't transitioned into `ACCEPTED` or `ACTIVE` state.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the transit gateway attachment is located. Always matches the HVN's organization.
-- `project_id` (String) The ID of the HCP project where the transit gateway attachment is located. Always matches the HVN's project.
 - `provider_transit_gateway_attachment_id` (String) The transit gateway attachment ID used by AWS.
 - `self_link` (String) A unique URL identifying the transit gateway attachment.
 - `state` (String) The state of the transit gateway attachment.

@@ -31,6 +31,7 @@ resource "hcp_boundary_cluster" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the Boundary cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

@@ -44,6 +44,7 @@ resource "hcp_consul_cluster" "example" {
 - `ip_allowlist` (Block List, Max: 3) Allowed IPV4 address ranges (CIDRs) for inbound traffic. Each entry must be a unique CIDR. Maximum 3 CIDRS supported at this time. (see [below for nested schema](#nestedblock--ip_allowlist))
 - `min_consul_version` (String) The minimum Consul patch version of the cluster. Allows only the rightmost version component to increment (E.g: `1.13.0` will allow installation of `1.13.2` and `1.13.3` etc., but not `1.14.0`). If not specified, it is defaulted to the version that is currently recommended by HCP.
 - `primary_link` (String) The `self_link` of the HCP Consul cluster which is the primary in the federation setup with this HCP Consul cluster. If not specified, it is a standalone cluster.
+- `project_id` (String) The ID of the HCP project where the HCP Consul cluster is located.
 - `public_endpoint` (Boolean) Denotes that the cluster has a public endpoint for the Consul UI. Defaults to false.
 - `size` (String) The t-shirt size representation of each server VM that this Consul cluster is provisioned with. Valid option for development tier - `x_small`. Valid options for other tiers - `small`, `medium`, `large`. For more details - https://cloud.hashicorp.com/pricing/consul. Upgrading the size of a cluster after creation is allowed.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
@@ -63,7 +64,6 @@ resource "hcp_consul_cluster" "example" {
 - `consul_version` (String) The Consul version of the cluster.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the organization this HCP Consul cluster is located in.
-- `project_id` (String) The ID of the project this HCP Consul cluster is located in.
 - `region` (String) The region where the HCP Consul cluster is located.
 - `scale` (Number) The number of Consul server nodes in the cluster.
 - `self_link` (String) A unique URL identifying the HCP Consul cluster.

@@ -28,6 +28,7 @@ resource "hcp_consul_cluster_root_token" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HCP Consul cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only

@@ -31,14 +31,14 @@ resource "hcp_consul_snapshot" "example" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HCP Consul cluster is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
 
 - `consul_version` (String) The version of Consul at the time of snapshot creation.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the project the HCP Consul cluster is located.
-- `project_id` (String) The ID of the project the HCP Consul cluster is located.
 - `restored_at` (String) Timestamp of when the snapshot was restored. If the snapshot has not been restored, this field will be blank.
 - `size` (Number) The size of the snapshot in bytes.
 - `snapshot_id` (String) The ID of the Consul snapshot

@@ -44,14 +44,14 @@ resource "hcp_hvn" "example" {
 ### Optional
 
 - `cidr_block` (String) The CIDR range of the HVN. If this is not provided, the service will provide a default value.
+- `project_id` (String) The ID of the HCP project where the HVN is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
 
 - `created_at` (String) The time that the HVN was created.
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the HVN is located.
-- `project_id` (String) The ID of the HCP project where the HVN is located.
 - `provider_account_id` (String) The provider account ID where the HVN is located.
 - `self_link` (String) A unique URL identifying the HVN.
 - `state` (String) The state of the HVN.

@@ -43,6 +43,7 @@ resource "hcp_hvn_peering_connection" "peer_1" {
 
 ### Optional
 
+- `project_id` (String) The ID of the HCP project where the HVN peering connection is located.
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 
 ### Read-Only
@@ -52,7 +53,6 @@ resource "hcp_hvn_peering_connection" "peer_1" {
 - `id` (String) The ID of this resource.
 - `organization_id` (String) The ID of the HCP organization where the peering connection is located. Always matches the HVNs' organization.
 - `peering_id` (String) The ID of the peering connection.
-- `project_id` (String) The ID of the HCP project where the peering connection is located. Always matches the HVNs' project.
 - `self_link` (String) A unique URL identifying the peering connection
 - `state` (String) The state of the HVN peering connection.