From 3c274c64ecba079d390d42a20b330d2f97b6d477 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Fri, 3 Oct 2025 20:23:20 -0300
Subject: [PATCH 1/2] fix: add depends on the CI/CD module to prevent error
 granting roles

---
 0-bootstrap/cb.tf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/0-bootstrap/cb.tf b/0-bootstrap/cb.tf
index 8707e2ed3..eae95b617 100644
--- a/0-bootstrap/cb.tf
+++ b/0-bootstrap/cb.tf
@@ -160,6 +160,8 @@ module "tf_private_pool" {
   vpn_configuration = {
     enable_vpn = false
   }
+
+  depends_on = [module.tf_source]
 }
 
 module "tf_cloud_builder" {
@@ -178,6 +180,8 @@ module "tf_cloud_builder" {
   worker_pool_id               = module.tf_private_pool.private_worker_pool_id
   bucket_name                  = "${var.bucket_prefix}-${module.tf_source.cloudbuild_project_id}-tf-cloudbuilder-build-logs"
   workflow_deletion_protection = var.workflow_deletion_protection
+
+  depends_on = [module.tf_source]
 }
 
 module "bootstrap_csr_repo" {
@@ -262,6 +266,8 @@ resource "google_artifact_registry_repository_iam_member" "terraform_sa_artifact
   repository = local.gar_repository
   role       = "roles/artifactregistry.reader"
   member     = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"
+
+  depends_on = [module.tf_source]
 }
 
 resource "google_sourcerepo_repository_iam_member" "member" {
@@ -271,4 +277,6 @@ resource "google_sourcerepo_repository_iam_member" "member" {
   repository = module.tf_source.csr_repos["gcp-policies"].name
   role       = "roles/viewer"
   member     = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"
+
+  depends_on = [module.tf_source]
 }

From d813ff872d3300a04ebc5aca130c69c3ae962d72 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Mon, 6 Oct 2025 11:08:01 -0300
Subject: [PATCH 2/2] fix error Service 'alpha-documentai.googleapis.com' is
 not supported by VPC Service Controls

---
 3-networks-hub-and-spoke/envs/shared/net-hubs.tf  | 1 -
 3-networks-hub-and-spoke/modules/base_env/main.tf | 1 -
 2 files changed, 2 deletions(-)

diff --git a/3-networks-hub-and-spoke/envs/shared/net-hubs.tf b/3-networks-hub-and-spoke/envs/shared/net-hubs.tf
index 084f7d386..bdff242df 100644
--- a/3-networks-hub-and-spoke/envs/shared/net-hubs.tf
+++ b/3-networks-hub-and-spoke/envs/shared/net-hubs.tf
@@ -30,7 +30,6 @@ locals {
     "adsdatahub.googleapis.com",
     "aiplatform.googleapis.com",
     "alloydb.googleapis.com",
-    "alpha-documentai.googleapis.com",
     "analyticshub.googleapis.com",
     "apigee.googleapis.com",
     "apigeeconnect.googleapis.com",
diff --git a/3-networks-hub-and-spoke/modules/base_env/main.tf b/3-networks-hub-and-spoke/modules/base_env/main.tf
index f624bbbe6..ab7521696 100644
--- a/3-networks-hub-and-spoke/modules/base_env/main.tf
+++ b/3-networks-hub-and-spoke/modules/base_env/main.tf
@@ -26,7 +26,6 @@ locals {
     "adsdatahub.googleapis.com",
     "aiplatform.googleapis.com",
     "alloydb.googleapis.com",
-    "alpha-documentai.googleapis.com",
     "analyticshub.googleapis.com",
     "apigee.googleapis.com",
     "apigeeconnect.googleapis.com",