diff --git a/metadata.display.yaml b/metadata.display.yaml new file mode 100644 index 0000000..0fd53fd --- /dev/null +++ b/metadata.display.yaml @@ -0,0 +1,65 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-service-accounts-display + annotations: + config.kubernetes.io/local-config: "true" +spec: + info: + title: Terraform Service Accounts Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-service-accounts.git + sourceType: git + ui: + input: + variables: + billing_account_id: + name: billing_account_id + title: Billing Account Id + description: + name: description + title: Description + descriptions: + name: descriptions + title: Descriptions + display_name: + name: display_name + title: Display Name + generate_keys: + name: generate_keys + title: Generate Keys + grant_billing_role: + name: grant_billing_role + title: Grant Billing Role + grant_xpn_roles: + name: grant_xpn_roles + title: Grant Xpn Roles + names: + name: names + title: Names + org_id: + name: org_id + title: Org Id + prefix: + name: prefix + title: Prefix + project_id: + name: project_id + title: Project Id + project_roles: + name: project_roles + title: Project Roles diff --git a/metadata.yaml b/metadata.yaml index 48fc7c6..90493f9 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,120 +19,121 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform Service Accounts Module - source: - repo: https://github.com/terraform-google-modules/terraform-google-service-accounts - sourceType: git - version: 4.4.1 - actuationTool: - type: Terraform - version: '>= 0.13' - subBlueprints: - - name: key-distributor - location: modules/key-distributor - examples: - - name: key_distributor - location: examples/key_distributor - - name: multiple_service_accounts - location: examples/multiple_service_accounts - - name: single_service_account - location: examples/single_service_account - variables: - - name: billing_account_id - description: If assigning billing role, specificy a billing account (default is to assign at the organizational level). - type: string - default: "" - required: false - - name: description - description: Default description of the created service accounts (defaults to no description) - type: string - default: "" - required: false - - name: descriptions - description: List of descriptions for the created service accounts (elements default to the value of `description`) - type: list(string) - default: [] - required: false - - name: display_name - description: Display names of the created service accounts (defaults to 'Terraform-managed service account') - type: string - default: Terraform-managed service account - required: false - - name: generate_keys - description: Generate keys for service accounts. - type: bool - default: false - required: false - - name: grant_billing_role - description: Grant billing user role. - type: bool - default: false - required: false - - name: grant_xpn_roles - description: Grant roles for shared VPC management. - type: bool - default: true - required: false - - name: names - description: Names of the service accounts to create. - type: list(string) - default: [] - required: false - - name: org_id - description: Id of the organization for org-level roles. - type: string - default: "" - required: false - - name: prefix - description: Prefix applied to service account names. - type: string - default: "" - required: false - - name: project_id - description: Project id where service account will be created. - type: string - required: true - - name: project_roles - description: Common roles to apply to all service accounts, project=>role as elements. - type: list(string) - default: [] - required: false - outputs: - - name: email - description: Service account email (for single use). - - name: emails - description: Service account emails by name. - - name: emails_list - description: Service account emails as list. - - name: iam_email - description: IAM-format service account email (for single use). - - name: iam_emails - description: IAM-format service account emails by name. - - name: iam_emails_list - description: IAM-format service account emails as list. - - name: key - description: Service account key (for single use). - - name: keys - description: Map of service account keys. - - name: service_account - description: Service account resource (for single use). - - name: service_accounts - description: Service account resources as list. - - name: service_accounts_map - description: Service account resources by name. - roles: - - level: Project + info: + title: Terraform Service Accounts Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-service-accounts.git + sourceType: git + version: 4.4.0 + actuationTool: + flavor: Terraform + version: ">= 0.13" + description: {} + content: + subBlueprints: + - name: key-distributor + location: modules/key-distributor + - name: simple-sa + location: modules/simple-sa + examples: + - name: key_distributor + location: examples/key_distributor + - name: multiple_service_accounts + location: examples/multiple_service_accounts + - name: simple_sa + location: examples/simple_sa + - name: single_service_account + location: examples/single_service_account + interfaces: + variables: + - name: project_id + description: Project id where service account will be created. + varType: string + required: true + - name: prefix + description: Prefix applied to service account names. + varType: string + defaultValue: "" + - name: names + description: Names of the service accounts to create. + varType: list(string) + defaultValue: [] + - name: project_roles + description: Common roles to apply to all service accounts, project=>role as elements. + varType: list(string) + defaultValue: [] + - name: grant_billing_role + description: Grant billing user role. + varType: bool + defaultValue: false + - name: billing_account_id + description: If assigning billing role, specificy a billing account (default is to assign at the organizational level). + varType: string + defaultValue: "" + - name: grant_xpn_roles + description: Grant roles for shared VPC management. + varType: bool + defaultValue: true + - name: org_id + description: Id of the organization for org-level roles. + varType: string + defaultValue: "" + - name: generate_keys + description: Generate keys for service accounts. + varType: bool + defaultValue: false + - name: display_name + description: Display names of the created service accounts (defaults to 'Terraform-managed service account') + varType: string + defaultValue: Terraform-managed service account + - name: description + description: Default description of the created service accounts (defaults to no description) + varType: string + defaultValue: "" + - name: descriptions + description: List of descriptions for the created service accounts (elements default to the value of `description`) + varType: list(string) + defaultValue: [] + outputs: + - name: email + description: Service account email (for single use). + - name: emails + description: Service account emails by name. + - name: emails_list + description: Service account emails as list. + - name: iam_email + description: IAM-format service account email (for single use). + - name: iam_emails + description: IAM-format service account emails by name. + - name: iam_emails_list + description: IAM-format service account emails as list. + - name: key + description: Service account key (for single use). + - name: keys + description: Map of service account keys. + - name: service_account + description: Service account resource (for single use). + - name: service_accounts + description: Service account resources as list. + - name: service_accounts_map + description: Service account resources by name. + requirements: roles: - - roles/resourcemanager.projectIamAdmin - - roles/iam.serviceAccountAdmin - - roles/iam.serviceAccountUser - - roles/iam.serviceAccountKeyAdmin - - roles/storage.admin - - roles/cloudfunctions.admin - - roles/serviceusage.serviceUsageAdmin - services: - - cloudresourcemanager.googleapis.com - - iam.googleapis.com - - serviceusage.googleapis.com - - cloudfunctions.googleapis.com - - cloudbuild.googleapis.com + - level: Project + roles: + - roles/resourcemanager.projectIamAdmin + - roles/iam.serviceAccountAdmin + - roles/iam.serviceAccountUser + - roles/iam.serviceAccountKeyAdmin + - roles/storage.admin + - roles/cloudfunctions.admin + - roles/serviceusage.serviceUsageAdmin + services: + - cloudresourcemanager.googleapis.com + - iam.googleapis.com + - serviceusage.googleapis.com + - cloudfunctions.googleapis.com + - cloudbuild.googleapis.com + providerVersions: + - source: hashicorp/google + version: ">= 3.53, < 7" diff --git a/modules/key-distributor/metadata.display.yaml b/modules/key-distributor/metadata.display.yaml new file mode 100644 index 0000000..bd1b4c9 --- /dev/null +++ b/modules/key-distributor/metadata.display.yaml @@ -0,0 +1,54 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-service-accounts-display + annotations: + config.kubernetes.io/local-config: "true" +spec: + info: + title: Service Account Key Distributor + source: + repo: https://github.com/terraform-google-modules/terraform-google-service-accounts.git + sourceType: git + dir: /modules/key-distributor + ui: + input: + variables: + folder_ids: + name: folder_ids + title: Folder Ids + function_members: + name: function_members + title: Function Members + function_name: + name: function_name + title: Function Name + org_id: + name: org_id + title: Org Id + project_id: + name: project_id + title: Project Id + project_ids: + name: project_ids + title: Project Ids + public_key_file: + name: public_key_file + title: Public Key File + region: + name: region + title: Region diff --git a/modules/key-distributor/metadata.yaml b/modules/key-distributor/metadata.yaml index eb91868..cad5852 100644 --- a/modules/key-distributor/metadata.yaml +++ b/modules/key-distributor/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,80 +19,89 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Service Account Key Distributor - source: - repo: https://github.com/terraform-google-modules/terraform-google-service-accounts - sourceType: git - version: 4.4.1 - actuationTool: - type: Terraform - version: '>= 0.13' - examples: - - name: key_distributor - location: examples/key_distributor - - name: multiple_service_accounts - location: examples/multiple_service_accounts - - name: single_service_account - location: examples/single_service_account - variables: - - name: folder_ids - description: Folder IDs where the Cloud Function will have access to create Service Account keys. - type: list(any) - default: [] - required: false - - name: function_members - description: List of IAM members (users, groups, etc) with the invoker permission on the CLoud Function - type: list(string) - required: true - - name: function_name - description: Name of the Cloud Function - type: string - default: key-distributor - required: false - - name: org_id - description: Organization ID where the Cloud Function will have access to create Service Account keys. - type: string - default: "" - required: false - - name: project_id - description: Project Id for the Cloud Function. Also if folder_ids and project_ids are empty, the Cloud Function will be granted access to create keys in this project by default. - type: string - required: true - - name: project_ids - description: Project IDs where the Cloud Function will have access to create Service Account keys. - type: list(any) - default: [] - required: false - - name: public_key_file - description: Path of the ascii armored gpg public key. Create by running `gpg --export --armor > pubkey.asc` - type: string - default: pubkey.asc - required: false - - name: region - description: The region where the Cloud Function will run - type: string - default: us-central1 - required: false - outputs: - - name: function_name - description: The name for the Cloud Function. - - name: project_id - description: The project id for the Cloud Function. - - name: region - description: The region for the Cloud Function - roles: - - level: Project + info: + title: Service Account Key Distributor + source: + repo: https://github.com/terraform-google-modules/terraform-google-service-accounts.git + sourceType: git + dir: /modules/key-distributor + version: 4.4.0 + actuationTool: + flavor: Terraform + version: ">= 0.13" + description: {} + content: + examples: + - name: key_distributor + location: examples/key_distributor + - name: multiple_service_accounts + location: examples/multiple_service_accounts + - name: simple_sa + location: examples/simple_sa + - name: single_service_account + location: examples/single_service_account + interfaces: + variables: + - name: org_id + description: Organization ID where the Cloud Function will have access to create Service Account keys. + varType: string + defaultValue: "" + - name: folder_ids + description: Folder IDs where the Cloud Function will have access to create Service Account keys. + varType: list(any) + defaultValue: [] + - name: project_ids + description: Project IDs where the Cloud Function will have access to create Service Account keys. + varType: list(any) + defaultValue: [] + - name: project_id + description: Project Id for the Cloud Function. Also if folder_ids and project_ids are empty, the Cloud Function will be granted access to create keys in this project by default. + varType: string + required: true + - name: region + description: The region where the Cloud Function will run + varType: string + defaultValue: us-central1 + - name: function_name + description: Name of the Cloud Function + varType: string + defaultValue: key-distributor + - name: public_key_file + description: Path of the ascii armored gpg public key. Create by running `gpg --export --armor > pubkey.asc` + varType: string + defaultValue: pubkey.asc + - name: function_members + description: List of IAM members (users, groups, etc) with the invoker permission on the CLoud Function + varType: list(string) + required: true + outputs: + - name: function_name + description: The name for the Cloud Function. + - name: project_id + description: The project id for the Cloud Function. + - name: region + description: The region for the Cloud Function + requirements: roles: - - roles/resourcemanager.projectIamAdmin - - roles/iam.serviceAccountAdmin - - roles/iam.serviceAccountUser - - roles/iam.serviceAccountKeyAdmin - - roles/storage.admin - - roles/cloudfunctions.admin - - roles/serviceusage.serviceUsageAdmin - services: - - cloudresourcemanager.googleapis.com - - iam.googleapis.com - - serviceusage.googleapis.com - - cloudfunctions.googleapis.com - - cloudbuild.googleapis.com + - level: Project + roles: + - roles/resourcemanager.projectIamAdmin + - roles/iam.serviceAccountAdmin + - roles/iam.serviceAccountUser + - roles/iam.serviceAccountKeyAdmin + - roles/storage.admin + - roles/cloudfunctions.admin + - roles/serviceusage.serviceUsageAdmin + services: + - cloudresourcemanager.googleapis.com + - iam.googleapis.com + - serviceusage.googleapis.com + - cloudfunctions.googleapis.com + - cloudbuild.googleapis.com + providerVersions: + - source: hashicorp/archive + version: ">= 2.2" + - source: hashicorp/google + version: ">= 3.53, < 7" + - source: hashicorp/local + version: ">= 2.2" diff --git a/modules/simple-sa/metadata.display.yaml b/modules/simple-sa/metadata.display.yaml index 236eca6..5f1ce83 100644 --- a/modules/simple-sa/metadata.display.yaml +++ b/modules/simple-sa/metadata.display.yaml @@ -31,9 +31,11 @@ spec: description: name: description title: Description + invisible: false display_name: name: display_name title: Display Name + invisible: false name: name: name title: Name diff --git a/modules/simple-sa/metadata.yaml b/modules/simple-sa/metadata.yaml index 4ff5729..9490f6c 100644 --- a/modules/simple-sa/metadata.yaml +++ b/modules/simple-sa/metadata.yaml @@ -42,22 +42,22 @@ spec: location: examples/single_service_account interfaces: variables: - - name: description - description: Default description of the created service accounts (defaults to no description) - varType: string - defaultValue: "" - - name: display_name - description: Display name of the created service accounts (defaults to 'Terraform-managed service account') + - name: project_id + description: Project id where service account will be created varType: string - defaultValue: Terraform-managed service account + required: true - name: name description: Name of service account varType: string required: true - - name: project_id - description: Project id where service account will be created + - name: display_name + description: Display name of the created service accounts (defaults to 'Terraform-managed service account') varType: string - required: true + defaultValue: Terraform-managed service account + - name: description + description: Default description of the created service accounts (defaults to no description) + varType: string + defaultValue: "" - name: project_roles description: Roles to grant the SA in specified project varType: list(string) @@ -101,3 +101,6 @@ spec: - serviceusage.googleapis.com - cloudfunctions.googleapis.com - cloudbuild.googleapis.com + providerVersions: + - source: hashicorp/google + version: ">= 3.53, < 7"