forked from terraform-google-modules/terraform-google-iam
-
Notifications
You must be signed in to change notification settings - Fork 0
/
metadata.yaml
146 lines (145 loc) · 4.36 KB
/
metadata.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
name: terraform-google-iam
annotations:
config.kubernetes.io/local-config: "true"
spec:
title: Module pubsub_subscription IAM
source:
repo: https://github.com/terraform-google-modules/terraform-google-iam/
sourceType: git
version: 7.7.1
actuationTool:
type: Terraform
version: '>= 0.13'
examples:
- name: bigquery_dataset
location: examples/bigquery_dataset
- name: billing_account
location: examples/billing_account
- name: cloud_run_service
location: examples/cloud_run_service
- name: custom_role_org
location: examples/custom_role_org
- name: custom_role_project
location: examples/custom_role_project
- name: folder
location: examples/folder
- name: kms_crypto_key
location: examples/kms_crypto_key
- name: kms_key_ring
location: examples/kms_key_ring
- name: member_iam
location: examples/member_iam
- name: organization
location: examples/organization
- name: project
location: examples/project
- name: project_conditions
location: examples/project_conditions
- name: pubsub_subscription
location: examples/pubsub_subscription
- name: pubsub_topic
location: examples/pubsub_topic
- name: secret_manager
location: examples/secret_manager
- name: service_account
location: examples/service_account
- name: stackdriver_agent_roles
location: examples/stackdriver_agent_roles
- name: storage_bucket
location: examples/storage_bucket
- name: subnet
location: examples/subnet
variables:
- name: bindings
description: Map of role (key) and list of members (value) to add the IAM policies/bindings
type: map(list(string))
required: true
- name: mode
description: Mode for adding the IAM policies/bindings, additive and authoritative
type: string
default: additive
required: false
- name: project
description: Project to add the IAM policies/bindings
type: string
default: ""
required: false
- name: pubsub_subscriptions
description: PubSub Subscriptions list to add the IAM policies/bindings
type: list(string)
default: []
required: false
outputs:
- name: members
description: Members which were bound to the PubSub Subscription.
- name: pubsub_subscriptions
description: PubSub Subscriptions which received bindings.
- name: roles
description: Roles which were assigned to members.
roles:
- level: Project
roles:
- roles/owner
- roles/resourcemanager.projectIamAdmin
- roles/iam.serviceAccountAdmin
- roles/compute.admin
- roles/compute.networkAdmin
- roles/compute.storageAdmin
- roles/pubsub.admin
- roles/cloudkms.admin
- roles/storage.admin
- roles/composer.worker
- roles/secretmanager.admin
- level: Project
roles:
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/owner
- roles/billing.projectManager
- roles/composer.worker
- level: Project
roles:
- roles/billing.user
- level: Project
roles:
- roles/billing.admin
- level: Project
roles:
- roles/iam.organizationRoleAdmin
- roles/orgpolicy.policyAdmin
- roles/resourcemanager.organizationAdmin
services:
- admin.googleapis.com
- appengine.googleapis.com
- cloudbilling.googleapis.com
- cloudresourcemanager.googleapis.com
- compute.googleapis.com
- iam.googleapis.com
- iamcredentials.googleapis.com
- oslogin.googleapis.com
- serviceusage.googleapis.com
- cloudkms.googleapis.com
- pubsub.googleapis.com
- storage-api.googleapis.com
- servicenetworking.googleapis.com
- storage-component.googleapis.com
- iap.googleapis.com
- secretmanager.googleapis.com
- bigquery.googleapis.com