Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add cross-project IAM binding support #955

Merged
merged 40 commits into from
Jul 19, 2021
Merged

Add cross-project IAM binding support #955

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
a38b162
Add recipe for cross-project IAM bindings
pasha-gh Jul 13, 2021
22a0fee
Add iam bindgin dependencies to project.hcl recipe
pasha-gh Jul 13, 2021
cbfbcbe
Add example for cross-project IAM bindings
pasha-gh Jul 13, 2021
8cfdc5c
Add cross-project IAM bindings to team.hcl example
pasha-gh Jul 13, 2021
afd0e73
Add auto-generated files after running ./regen.sh
pasha-gh Jul 13, 2021
8061bec
Fix typo
pasha-gh Jul 14, 2021
743b372
Fix typo
pasha-gh Jul 14, 2021
cc2cf43
Update example deprecated roles
pasha-gh Jul 14, 2021
cb6031f
Fix typo
pasha-gh Jul 14, 2021
ab32013
Remove dependency between iam_bindings and project recipes
pasha-gh Jul 14, 2021
04dc775
Add newline at the end of file
pasha-gh Jul 14, 2021
f381401
Rename existing iam_members component to avoid confusion
pasha-gh Jul 14, 2021
a6822d0
Rename iam_bindings to iam_members for better clarity
pasha-gh Jul 14, 2021
3b690d0
Refactor iam_members component
pasha-gh Jul 14, 2021
06e83b8
Redesign iam_members recipe and example
pasha-gh Jul 15, 2021
92909c5
Update iam_members in team.hcl example
pasha-gh Jul 15, 2021
7d9d9bb
Add folder_iam_member to iam_members.hcl example
pasha-gh Jul 15, 2021
6d12009
Add comments indicating the type of parent_id in iam_members example
pasha-gh Jul 15, 2021
bd0df27
Move comments from iam_members example to recipe description
pasha-gh Jul 15, 2021
2e8bd8a
Add/Update auto-generated files by running ./regen.sh
pasha-gh Jul 15, 2021
eb48876
Add missing license
pasha-gh Jul 15, 2021
c7337f3
Fix typo
pasha-gh Jul 15, 2021
69f58ac
Refactor to remove redundant code
pasha-gh Jul 15, 2021
2336cdd
Add/Update auto-generated files by running ./regen.sh
pasha-gh Jul 15, 2021
d2fa6d5
Rename variables
pasha-gh Jul 15, 2021
f13ae85
Update docs and comments to consistently follow existing code, docs, …
pasha-gh Jul 16, 2021
f4b0972
Update parent_id description with examples
pasha-gh Jul 16, 2021
1c7a580
Fix typo
pasha-gh Jul 16, 2021
2541a58
Remove redundant if statement
pasha-gh Jul 16, 2021
206353b
Remove service accounts from supported iam members
pasha-gh Jul 16, 2021
00e210e
Add/Update auto-generated files by running ./regen.sh
pasha-gh Jul 16, 2021
c52867d
Rename parent_ids to resource_ids
pasha-gh Jul 16, 2021
5a56163
Include additional_iam_members template in the integration tests
pasha-gh Jul 16, 2021
6b3a20e
Remove redundant code
pasha-gh Jul 16, 2021
d56ddf0
Update iam_members exmaple code format
pasha-gh Jul 16, 2021
43c5a1d
Update IAM members component variable descriptions and types
pasha-gh Jul 16, 2021
d9d8a9d
Refactor for_each meta-argument for iam members
pasha-gh Jul 16, 2021
21440c0
Update iam members component variable descriptions.
pasha-gh Jul 16, 2021
7847f7a
Remove redundant data from iam members example
pasha-gh Jul 16, 2021
a9c86f0
Remove empty lines from generated iam members terraform.tfvars
pasha-gh Jul 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions docs/tfengine/schemas/iam_members.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# IAM members recipe

<!-- These files are auto generated -->

## Properties

| Property | Description | Type | Required | Default | Pattern |
| -------- | ----------- | ---- | -------- | ------- | ------- |
| iam_members | [Module](https://github.com/terraform-google-modules/terraform-google-iam) | object | false | - | - |
pasha-gh marked this conversation as resolved.
Show resolved Hide resolved
70 changes: 70 additions & 0 deletions examples/tfengine/generated/iam_members/iam_members/main.tf
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

71 changes: 71 additions & 0 deletions examples/tfengine/generated/iam_members/iam_members/terraform.tfvars
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

49 changes: 49 additions & 0 deletions examples/tfengine/generated/iam_members/iam_members/variables.tf
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

70 changes: 70 additions & 0 deletions examples/tfengine/generated/team/additional_iam_members/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

terraform {
required_version = ">=0.14"
required_providers {
google = "~> 3.0"
google-beta = "~> 3.0"
kubernetes = "~> 1.0"
}
backend "gcs" {
bucket = "example-terraform-state"
prefix = "additional_iam_members"
}
}

module "storage_bucket_iam_members" {
source = "terraform-google-modules/iam/google//modules/storage_buckets_iam"
mode = "additive"
for_each = {
for idx, member in var.storage_bucket_iam_members :
idx => member
}
storage_buckets = each.value.resource_ids
bindings = each.value.bindings
}

module "project_iam_members" {
source = "terraform-google-modules/iam/google//modules/projects_iam"
mode = "additive"
for_each = {
for idx, member in var.project_iam_members :
idx => member
}
projects = each.value.resource_ids
bindings = each.value.bindings
}

module "folder_iam_members" {
source = "terraform-google-modules/iam/google//modules/folders_iam"
mode = "additive"
for_each = {
for idx, member in var.folder_iam_members :
idx => member
}
folders = each.value.resource_ids
bindings = each.value.bindings
}

module "organization_iam_members" {
source = "terraform-google-modules/iam/google//modules/organizations_iam"
mode = "additive"
for_each = {
for idx, member in var.organization_iam_members :
idx => member
}
organizations = each.value.resource_ids
bindings = each.value.bindings
}
36 changes: 36 additions & 0 deletions examples/tfengine/generated/team/additional_iam_members/terraform.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


project_iam_members = [
{
resource_ids = ["example-prod-data"]
bindings = {
"roles/browser" = [
"serviceAccount:[email protected]",
],
}
},
]

storage_bucket_iam_members = [
{
resource_ids = ["example-bucket"]
bindings = {
"roles/storage.admin" = [
"serviceAccount:[email protected]",
],
}
},
]
49 changes: 49 additions & 0 deletions examples/tfengine/generated/team/additional_iam_members/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

variable "storage_bucket_iam_members" {
description = "IAM members for storage buckets. Assigns additional non-authoritative IAM bindings to a list of storage buckets."
default = []
type = list(object({
resource_ids = list(string)
bindings = map(list(string))
}))
}

variable "project_iam_members" {
description = "IAM members for projects. Assigns additional non-authoritative IAM bindings to a list of projects."
default = []
type = list(object({
resource_ids = list(string)
bindings = map(list(string))
}))
}

variable "folder_iam_members" {
description = "IAM members for folders. Assigns additional non-authoritative IAM bindings to a list of folders."
default = []
type = list(object({
resource_ids = list(string)
bindings = map(list(string))
}))
}

variable "organization_iam_members" {
description = "IAM members for organizations. Assigns additional non-authoritative IAM bindings to a list of organizations."
default = []
type = list(object({
resource_ids = list(string)
bindings = map(list(string))
}))
}
6 changes: 3 additions & 3 deletions examples/tfengine/generated/team/cicd/triggers.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "google_cloudbuild_trigger" "validate_prod" {

substitutions = {
_TERRAFORM_ROOT = "terraform"
_MANAGED_DIRS = "project_secrets project_networks project_apps project_data"
_MANAGED_DIRS = "project_secrets project_networks project_apps project_data additional_iam_members"
}

depends_on = [
Expand Down Expand Up @@ -66,7 +66,7 @@ resource "google_cloudbuild_trigger" "plan_prod" {

substitutions = {
_TERRAFORM_ROOT = "terraform"
_MANAGED_DIRS = "project_secrets project_networks project_apps project_data"
_MANAGED_DIRS = "project_secrets project_networks project_apps project_data additional_iam_members"
}

depends_on = [
Expand Down Expand Up @@ -97,7 +97,7 @@ resource "google_cloudbuild_trigger" "apply_prod" {

substitutions = {
_TERRAFORM_ROOT = "terraform"
_MANAGED_DIRS = "project_secrets project_networks project_apps project_data"
_MANAGED_DIRS = "project_secrets project_networks project_apps project_data additional_iam_members"
}

depends_on = [
Expand Down
Loading