metadata.yaml

# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
  name: terraform-google-service-accounts
  annotations:
    config.kubernetes.io/local-config: "true"
spec:
  info:
    title: Terraform Service Accounts Module
    source:
      repo: https://github.com/terraform-google-modules/terraform-google-service-accounts.git
      sourceType: git
    version: 4.4.3
    actuationTool:
      flavor: Terraform
      version: ">= 0.13"
    description: {}
  content:
    subBlueprints:
      - name: key-distributor
        location: modules/key-distributor
      - name: simple-sa
        location: modules/simple-sa
    examples:
      - name: key_distributor
        location: examples/key_distributor
      - name: multiple_service_accounts
        location: examples/multiple_service_accounts
      - name: simple_sa
        location: examples/simple_sa
      - name: single_service_account
        location: examples/single_service_account
  interfaces:
    variables:
      - name: project_id
        description: Project id where service account will be created.
        varType: string
        required: true
      - name: prefix
        description: Prefix applied to service account names.
        varType: string
        defaultValue: ""
      - name: names
        description: Names of the service accounts to create.
        varType: list(string)
        defaultValue: []
      - name: project_roles
        description: Common roles to apply to all service accounts, project=>role as elements.
        varType: list(string)
        defaultValue: []
      - name: grant_billing_role
        description: Grant billing user role.
        varType: bool
        defaultValue: false
      - name: billing_account_id
        description: If assigning billing role, specificy a billing account (default is to assign at the organizational level).
        varType: string
        defaultValue: ""
      - name: grant_xpn_roles
        description: Grant roles for shared VPC management.
        varType: bool
        defaultValue: true
      - name: org_id
        description: Id of the organization for org-level roles.
        varType: string
        defaultValue: ""
      - name: generate_keys
        description: Generate keys for service accounts.
        varType: bool
        defaultValue: false
      - name: display_name
        description: Display names of the created service accounts (defaults to 'Terraform-managed service account')
        varType: string
        defaultValue: Terraform-managed service account
      - name: description
        description: Default description of the created service accounts (defaults to no description)
        varType: string
        defaultValue: ""
      - name: descriptions
        description: List of descriptions for the created service accounts (elements default to the value of `description`)
        varType: list(string)
        defaultValue: []
    outputs:
      - name: email
        description: Service account email (for single use).
      - name: emails
        description: Service account emails by name.
      - name: emails_list
        description: Service account emails as list.
      - name: iam_email
        description: IAM-format service account email (for single use).
      - name: iam_emails
        description: IAM-format service account emails by name.
      - name: iam_emails_list
        description: IAM-format service account emails as list.
      - name: key
        description: Service account key (for single use).
      - name: keys
        description: Map of service account keys.
      - name: service_account
        description: Service account resource (for single use).
      - name: service_accounts
        description: Service account resources as list.
      - name: service_accounts_map
        description: Service account resources by name.
  requirements:
    roles:
      - level: Project
        roles:
          - roles/resourcemanager.projectIamAdmin
          - roles/iam.serviceAccountAdmin
          - roles/iam.serviceAccountUser
          - roles/iam.serviceAccountKeyAdmin
          - roles/storage.admin
          - roles/cloudfunctions.admin
          - roles/serviceusage.serviceUsageAdmin
    services:
      - cloudresourcemanager.googleapis.com
      - iam.googleapis.com
      - serviceusage.googleapis.com
      - cloudfunctions.googleapis.com
      - cloudbuild.googleapis.com
    providerVersions:
      - source: hashicorp/google
        version: ">= 3.53, < 7"