From 3d72db5b655f9fef5948be5ec7cbb18babb88428 Mon Sep 17 00:00:00 2001 From: Bharath KKB Date: Fri, 3 Feb 2023 16:46:08 -0600 Subject: [PATCH] fix: update cloud run tflint (#179) --- metadata.yaml | 8 +- modules/artifact_registry_iam/metadata.yaml | 8 +- modules/audit_config/metadata.yaml | 14 +- modules/bigquery_datasets_iam/metadata.yaml | 24 +-- modules/billing_accounts_iam/metadata.yaml | 36 +++-- modules/cloud_run_services_iam/metadata.yaml | 151 ++++++++++++++++++ modules/cloud_run_services_iam/variables.tf | 1 + modules/cloud_run_services_iam/versions.tf | 31 ++++ modules/custom_role_iam/metadata.yaml | 36 +++-- modules/folders_iam/metadata.yaml | 24 +-- modules/helper/metadata.yaml | 34 ++-- modules/kms_crypto_keys_iam/metadata.yaml | 20 +-- modules/kms_key_rings_iam/metadata.yaml | 8 +- modules/member_iam/metadata.yaml | 30 ++-- modules/organizations_iam/metadata.yaml | 18 ++- modules/projects_iam/metadata.yaml | 30 ++-- .../pubsub_subscriptions_iam/metadata.yaml | 18 ++- modules/pubsub_topics_iam/metadata.yaml | 14 +- modules/secret_manager_iam/metadata.yaml | 18 ++- modules/service_accounts_iam/metadata.yaml | 8 +- modules/storage_buckets_iam/metadata.yaml | 36 +++-- modules/subnets_iam/metadata.yaml | 30 ++-- 22 files changed, 410 insertions(+), 187 deletions(-) create mode 100644 modules/cloud_run_services_iam/metadata.yaml create mode 100644 modules/cloud_run_services_iam/versions.tf diff --git a/metadata.yaml b/metadata.yaml index 970f5857..731b3243 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ metadata: spec: title: Google IAM Terraform Module source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git subBlueprints: - name: artifact_registry_iam @@ -32,6 +32,8 @@ spec: location: modules/bigquery_datasets_iam - name: billing_accounts_iam location: modules/billing_accounts_iam + - name: cloud_run_services_iam + location: modules/cloud_run_services_iam - name: custom_role_iam location: modules/custom_role_iam - name: folders_iam @@ -65,6 +67,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project diff --git a/modules/artifact_registry_iam/metadata.yaml b/modules/artifact_registry_iam/metadata.yaml index b9e97fcc..462abdc9 100644 --- a/modules/artifact_registry_iam/metadata.yaml +++ b/modules/artifact_registry_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module Artifact registry repository IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project diff --git a/modules/audit_config/metadata.yaml b/modules/audit_config/metadata.yaml index 4e5192e7..1e3a176f 100644 --- a/modules/audit_config/metadata.yaml +++ b/modules/audit_config/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module audit_config source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -77,6 +79,9 @@ spec: - name: audit_log_config description: Map of log type and exempted members to be added to service roles: + - level: Project + roles: + - roles/billing.user - level: Project roles: - roles/billing.admin @@ -106,9 +111,6 @@ spec: - roles/owner - roles/billing.projectManager - roles/composer.worker - - level: Project - roles: - - roles/billing.user services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/bigquery_datasets_iam/metadata.yaml b/modules/bigquery_datasets_iam/metadata.yaml index a28cc575..39197b80 100644 --- a/modules/bigquery_datasets_iam/metadata.yaml +++ b/modules/bigquery_datasets_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module bigquery_datasets IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -90,14 +92,6 @@ spec: - name: roles description: Roles which were assigned to members. roles: - - level: Project - roles: - - roles/resourcemanager.projectCreator - - roles/resourcemanager.folderAdmin - - roles/resourcemanager.folderIamAdmin - - roles/owner - - roles/billing.projectManager - - roles/composer.worker - level: Project roles: - roles/billing.user @@ -122,6 +116,14 @@ spec: - roles/storage.admin - roles/composer.worker - roles/secretmanager.admin + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/billing_accounts_iam/metadata.yaml b/modules/billing_accounts_iam/metadata.yaml index 2084e6d4..16ed741d 100644 --- a/modules/billing_accounts_iam/metadata.yaml +++ b/modules/billing_accounts_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module Billing Accounts IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -87,6 +89,20 @@ spec: - name: roles description: Roles which were assigned to members. roles: + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin - level: Project roles: - roles/iam.organizationRoleAdmin @@ -105,20 +121,6 @@ spec: - roles/storage.admin - roles/composer.worker - roles/secretmanager.admin - - level: Project - roles: - - roles/resourcemanager.projectCreator - - roles/resourcemanager.folderAdmin - - roles/resourcemanager.folderIamAdmin - - roles/owner - - roles/billing.projectManager - - roles/composer.worker - - level: Project - roles: - - roles/billing.user - - level: Project - roles: - - roles/billing.admin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/cloud_run_services_iam/metadata.yaml b/modules/cloud_run_services_iam/metadata.yaml new file mode 100644 index 00000000..700f2ddd --- /dev/null +++ b/modules/cloud_run_services_iam/metadata.yaml @@ -0,0 +1,151 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-iam + annotations: + config.kubernetes.io/local-config: "true" +spec: + title: Module Cloud Run Service IAM + source: + repo: https://github.com/terraform-google-modules/terraform-google-iam/ + sourceType: git + version: 7.5.0 + actuationTool: + type: Terraform + version: '>= 0.13' + examples: + - name: bigquery_dataset + location: examples/bigquery_dataset + - name: billing_account + location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service + - name: custom_role_org + location: examples/custom_role_org + - name: custom_role_project + location: examples/custom_role_project + - name: folder + location: examples/folder + - name: kms_crypto_key + location: examples/kms_crypto_key + - name: kms_key_ring + location: examples/kms_key_ring + - name: member_iam + location: examples/member_iam + - name: organization + location: examples/organization + - name: project + location: examples/project + - name: project_conditions + location: examples/project_conditions + - name: pubsub_subscription + location: examples/pubsub_subscription + - name: pubsub_topic + location: examples/pubsub_topic + - name: secret_manager + location: examples/secret_manager + - name: service_account + location: examples/service_account + - name: stackdriver_agent_roles + location: examples/stackdriver_agent_roles + - name: storage_bucket + location: examples/storage_bucket + - name: subnet + location: examples/subnet + variables: + - name: bindings + description: Map of role (key) and list of members (value) to add the IAM policies/bindings + type: map(any) + required: true + - name: cloud_run_services + description: Cloud Run services list to add the IAM policies/bindings + type: list(string) + default: [] + required: false + - name: location + description: The location of the cloud run instance + type: string + default: "" + required: false + - name: mode + description: Mode for adding the IAM policies/bindings, additive and authoritative + type: string + default: additive + required: false + - name: project + description: Project to add the IAM policies/bindings + type: string + default: "" + required: false + outputs: + - name: cloud_run_services + description: Cloud Run services which received for bindings. + - name: members + description: Members which were bound to the Cloud Run services. + - name: roles + description: Roles which were assigned to members. + roles: + - level: Project + roles: + - roles/iam.organizationRoleAdmin + - roles/orgpolicy.policyAdmin + - roles/resourcemanager.organizationAdmin + - level: Project + roles: + - roles/owner + - roles/resourcemanager.projectIamAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.admin + - roles/compute.networkAdmin + - roles/compute.storageAdmin + - roles/pubsub.admin + - roles/cloudkms.admin + - roles/storage.admin + - roles/composer.worker + - roles/secretmanager.admin + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin + services: + - admin.googleapis.com + - appengine.googleapis.com + - cloudbilling.googleapis.com + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - iam.googleapis.com + - iamcredentials.googleapis.com + - oslogin.googleapis.com + - serviceusage.googleapis.com + - cloudkms.googleapis.com + - pubsub.googleapis.com + - storage-api.googleapis.com + - servicenetworking.googleapis.com + - storage-component.googleapis.com + - iap.googleapis.com + - secretmanager.googleapis.com + - bigquery.googleapis.com diff --git a/modules/cloud_run_services_iam/variables.tf b/modules/cloud_run_services_iam/variables.tf index d90231ae..d15bf353 100644 --- a/modules/cloud_run_services_iam/variables.tf +++ b/modules/cloud_run_services_iam/variables.tf @@ -34,6 +34,7 @@ variable "cloud_run_services" { variable "mode" { description = "Mode for adding the IAM policies/bindings, additive and authoritative" + type = string default = "additive" } diff --git a/modules/cloud_run_services_iam/versions.tf b/modules/cloud_run_services_iam/versions.tf new file mode 100644 index 00000000..085ec9f6 --- /dev/null +++ b/modules/cloud_run_services_iam/versions.tf @@ -0,0 +1,31 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13" + required_providers { + + google = { + source = "hashicorp/google" + version = ">= 3.53, < 5.0" + } + } + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-iam:cloud_run_services_iam/v7.5.0" + } + +} diff --git a/modules/custom_role_iam/metadata.yaml b/modules/custom_role_iam/metadata.yaml index f79f47d7..de6f401b 100644 --- a/modules/custom_role_iam/metadata.yaml +++ b/modules/custom_role_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module Custom Role IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -115,20 +117,6 @@ spec: - name: custom_role_id description: ID of the custom role created. roles: - - level: Project - roles: - - roles/resourcemanager.projectCreator - - roles/resourcemanager.folderAdmin - - roles/resourcemanager.folderIamAdmin - - roles/owner - - roles/billing.projectManager - - roles/composer.worker - - level: Project - roles: - - roles/billing.user - - level: Project - roles: - - roles/billing.admin - level: Project roles: - roles/iam.organizationRoleAdmin @@ -147,6 +135,20 @@ spec: - roles/storage.admin - roles/composer.worker - roles/secretmanager.admin + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/folders_iam/metadata.yaml b/modules/folders_iam/metadata.yaml index c65abe84..e73df978 100644 --- a/modules/folders_iam/metadata.yaml +++ b/modules/folders_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module folder IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -100,6 +102,14 @@ spec: - name: roles description: Roles which were assigned to members. roles: + - level: Project + roles: + - roles/billing.admin + - level: Project + roles: + - roles/iam.organizationRoleAdmin + - roles/orgpolicy.policyAdmin + - roles/resourcemanager.organizationAdmin - level: Project roles: - roles/owner @@ -124,14 +134,6 @@ spec: - level: Project roles: - roles/billing.user - - level: Project - roles: - - roles/billing.admin - - level: Project - roles: - - roles/iam.organizationRoleAdmin - - roles/orgpolicy.policyAdmin - - roles/resourcemanager.organizationAdmin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/helper/metadata.yaml b/modules/helper/metadata.yaml index 83c2183c..de075bc8 100644 --- a/modules/helper/metadata.yaml +++ b/modules/helper/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ metadata: spec: title: IAM helper source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git actuationTool: type: Terraform @@ -31,6 +31,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -102,6 +104,20 @@ spec: - name: set_authoritative description: A set of authoritative binding keys (from bindings_authoritative) to be used in for_each. Unwinded by roles. roles: + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin - level: Project roles: - roles/iam.organizationRoleAdmin @@ -120,20 +136,6 @@ spec: - roles/storage.admin - roles/composer.worker - roles/secretmanager.admin - - level: Project - roles: - - roles/resourcemanager.projectCreator - - roles/resourcemanager.folderAdmin - - roles/resourcemanager.folderIamAdmin - - roles/owner - - roles/billing.projectManager - - roles/composer.worker - - level: Project - roles: - - roles/billing.user - - level: Project - roles: - - roles/billing.admin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/kms_crypto_keys_iam/metadata.yaml b/modules/kms_crypto_keys_iam/metadata.yaml index 76b18f54..2f10d8d1 100644 --- a/modules/kms_crypto_keys_iam/metadata.yaml +++ b/modules/kms_crypto_keys_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module kms_crypto_key IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -100,12 +102,6 @@ spec: - name: roles description: Roles which were assigned to members. roles: - - level: Project - roles: - - roles/billing.user - - level: Project - roles: - - roles/billing.admin - level: Project roles: - roles/iam.organizationRoleAdmin @@ -132,6 +128,12 @@ spec: - roles/owner - roles/billing.projectManager - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/kms_key_rings_iam/metadata.yaml b/modules/kms_key_rings_iam/metadata.yaml index e986f06a..153ae954 100644 --- a/modules/kms_key_rings_iam/metadata.yaml +++ b/modules/kms_key_rings_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module kms_key_ring IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project diff --git a/modules/member_iam/metadata.yaml b/modules/member_iam/metadata.yaml index d544280e..6717f788 100644 --- a/modules/member_iam/metadata.yaml +++ b/modules/member_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module Member IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -88,6 +90,17 @@ spec: - name: roles description: Project roles. roles: + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker + - level: Project + roles: + - roles/billing.user - level: Project roles: - roles/billing.admin @@ -109,17 +122,6 @@ spec: - roles/storage.admin - roles/composer.worker - roles/secretmanager.admin - - level: Project - roles: - - roles/resourcemanager.projectCreator - - roles/resourcemanager.folderAdmin - - roles/resourcemanager.folderIamAdmin - - roles/owner - - roles/billing.projectManager - - roles/composer.worker - - level: Project - roles: - - roles/billing.user services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/organizations_iam/metadata.yaml b/modules/organizations_iam/metadata.yaml index 516501f3..6874998b 100644 --- a/modules/organizations_iam/metadata.yaml +++ b/modules/organizations_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module organization IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -100,11 +102,6 @@ spec: - name: roles description: Roles which were assigned to members. roles: - - level: Project - roles: - - roles/iam.organizationRoleAdmin - - roles/orgpolicy.policyAdmin - - roles/resourcemanager.organizationAdmin - level: Project roles: - roles/owner @@ -132,6 +129,11 @@ spec: - level: Project roles: - roles/billing.admin + - level: Project + roles: + - roles/iam.organizationRoleAdmin + - roles/orgpolicy.policyAdmin + - roles/resourcemanager.organizationAdmin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/projects_iam/metadata.yaml b/modules/projects_iam/metadata.yaml index fd8a3b3f..e9e74528 100644 --- a/modules/projects_iam/metadata.yaml +++ b/modules/projects_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module Project IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -100,17 +102,6 @@ spec: - name: roles description: Roles which were assigned to members. roles: - - level: Project - roles: - - roles/billing.user - - level: Project - roles: - - roles/billing.admin - - level: Project - roles: - - roles/iam.organizationRoleAdmin - - roles/orgpolicy.policyAdmin - - roles/resourcemanager.organizationAdmin - level: Project roles: - roles/owner @@ -132,6 +123,17 @@ spec: - roles/owner - roles/billing.projectManager - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin + - level: Project + roles: + - roles/iam.organizationRoleAdmin + - roles/orgpolicy.policyAdmin + - roles/resourcemanager.organizationAdmin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/pubsub_subscriptions_iam/metadata.yaml b/modules/pubsub_subscriptions_iam/metadata.yaml index bc3e81db..8b3db3d6 100644 --- a/modules/pubsub_subscriptions_iam/metadata.yaml +++ b/modules/pubsub_subscriptions_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module pubsub_subscription IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -92,11 +94,6 @@ spec: - name: roles description: Roles which were assigned to members. roles: - - level: Project - roles: - - roles/iam.organizationRoleAdmin - - roles/orgpolicy.policyAdmin - - roles/resourcemanager.organizationAdmin - level: Project roles: - roles/owner @@ -124,6 +121,11 @@ spec: - level: Project roles: - roles/billing.admin + - level: Project + roles: + - roles/iam.organizationRoleAdmin + - roles/orgpolicy.policyAdmin + - roles/resourcemanager.organizationAdmin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/pubsub_topics_iam/metadata.yaml b/modules/pubsub_topics_iam/metadata.yaml index 53855727..1f16662e 100644 --- a/modules/pubsub_topics_iam/metadata.yaml +++ b/modules/pubsub_topics_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module pubsub_topic IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -92,9 +94,6 @@ spec: - name: roles description: Roles which were assigned to members. roles: - - level: Project - roles: - - roles/billing.user - level: Project roles: - roles/billing.admin @@ -124,6 +123,9 @@ spec: - roles/owner - roles/billing.projectManager - roles/composer.worker + - level: Project + roles: + - roles/billing.user services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/secret_manager_iam/metadata.yaml b/modules/secret_manager_iam/metadata.yaml index 6b70654c..5bf8c954 100644 --- a/modules/secret_manager_iam/metadata.yaml +++ b/modules/secret_manager_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ metadata: spec: title: Module Secret Manager IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git actuationTool: type: Terraform @@ -31,6 +31,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -103,12 +105,6 @@ spec: - name: secrets description: Secret Manager Secrets which received for bindings. roles: - - level: Project - roles: - - roles/billing.user - - level: Project - roles: - - roles/billing.admin - level: Project roles: - roles/iam.organizationRoleAdmin @@ -135,6 +131,12 @@ spec: - roles/owner - roles/billing.projectManager - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/service_accounts_iam/metadata.yaml b/modules/service_accounts_iam/metadata.yaml index 65efd9f4..68130981 100644 --- a/modules/service_accounts_iam/metadata.yaml +++ b/modules/service_accounts_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module service_account IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project diff --git a/modules/storage_buckets_iam/metadata.yaml b/modules/storage_buckets_iam/metadata.yaml index 73d13316..9490aa60 100644 --- a/modules/storage_buckets_iam/metadata.yaml +++ b/modules/storage_buckets_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module storage_bucket IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -100,20 +102,6 @@ spec: - name: storage_buckets description: Storage Buckets which received bindings. roles: - - level: Project - roles: - - roles/resourcemanager.projectCreator - - roles/resourcemanager.folderAdmin - - roles/resourcemanager.folderIamAdmin - - roles/owner - - roles/billing.projectManager - - roles/composer.worker - - level: Project - roles: - - roles/billing.user - - level: Project - roles: - - roles/billing.admin - level: Project roles: - roles/iam.organizationRoleAdmin @@ -132,6 +120,20 @@ spec: - roles/storage.admin - roles/composer.worker - roles/secretmanager.admin + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker + - level: Project + roles: + - roles/billing.user + - level: Project + roles: + - roles/billing.admin services: - admin.googleapis.com - appengine.googleapis.com diff --git a/modules/subnets_iam/metadata.yaml b/modules/subnets_iam/metadata.yaml index 57b3aa4e..4e91bf0b 100644 --- a/modules/subnets_iam/metadata.yaml +++ b/modules/subnets_iam/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +21,9 @@ metadata: spec: title: Module subnet IAM source: - repo: https://github.com/terraform-google-modules/terraform-google-iam.git + repo: https://github.com/terraform-google-modules/terraform-google-iam/ sourceType: git - version: 7.4.1 + version: 7.5.0 actuationTool: type: Terraform version: '>= 0.13' @@ -32,6 +32,8 @@ spec: location: examples/bigquery_dataset - name: billing_account location: examples/billing_account + - name: cloud_run_service + location: examples/cloud_run_service - name: custom_role_org location: examples/custom_role_org - name: custom_role_project @@ -109,6 +111,17 @@ spec: - name: subnets description: Subnetworks which received bindings. roles: + - level: Project + roles: + - roles/resourcemanager.projectCreator + - roles/resourcemanager.folderAdmin + - roles/resourcemanager.folderIamAdmin + - roles/owner + - roles/billing.projectManager + - roles/composer.worker + - level: Project + roles: + - roles/billing.user - level: Project roles: - roles/billing.admin @@ -130,17 +143,6 @@ spec: - roles/storage.admin - roles/composer.worker - roles/secretmanager.admin - - level: Project - roles: - - roles/resourcemanager.projectCreator - - roles/resourcemanager.folderAdmin - - roles/resourcemanager.folderIamAdmin - - roles/owner - - roles/billing.projectManager - - roles/composer.worker - - level: Project - roles: - - roles/billing.user services: - admin.googleapis.com - appengine.googleapis.com