67 lines
2.5 KiB
YAML
67 lines
2.5 KiB
YAML
|
# Copyright 2023 Google LLC
|
||
|
#
|
||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
# you may not use this file except in compliance with the License.
|
||
|
# You may obtain a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
# See the License for the specific language governing permissions and
|
||
|
# limitations under the License.
|
||
|
|
||
|
values:
|
||
|
module.kms.google_kms_crypto_key.default["key-a"]:
|
||
|
labels: null
|
||
|
name: key-a
|
||
|
purpose: ENCRYPT_DECRYPT
|
||
|
rotation_period: null
|
||
|
skip_initial_version_creation: null
|
||
|
module.kms.google_kms_crypto_key.default["key-b"]:
|
||
|
labels: null
|
||
|
name: key-b
|
||
|
purpose: ENCRYPT_DECRYPT
|
||
|
rotation_period: 604800s
|
||
|
skip_initial_version_creation: null
|
||
|
module.kms.google_kms_crypto_key.default["key-c"]:
|
||
|
labels:
|
||
|
env: test
|
||
|
name: key-c
|
||
|
purpose: ENCRYPT_DECRYPT
|
||
|
rotation_period: null
|
||
|
skip_initial_version_creation: null
|
||
|
module.kms.google_kms_crypto_key_iam_binding.default["key-a.roles/cloudkms.admin"]:
|
||
|
condition: []
|
||
|
members:
|
||
|
- user:user3@example.com
|
||
|
role: roles/cloudkms.admin
|
||
|
module.kms.google_kms_crypto_key_iam_member.default["key-b.roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user4@example.com"]:
|
||
|
condition: []
|
||
|
member: user:user4@example.com
|
||
|
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
|
||
|
module.kms.google_kms_crypto_key_iam_member.default["key-b.roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user5@example.com"]:
|
||
|
condition: []
|
||
|
member: user:user5@example.com
|
||
|
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
|
||
|
module.kms.google_kms_key_ring.default[0]:
|
||
|
location: europe-west1
|
||
|
name: test
|
||
|
project: my-project
|
||
|
module.kms.google_kms_key_ring_iam_member.default["roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user1@example.com"]:
|
||
|
condition: []
|
||
|
member: user:user1@example.com
|
||
|
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
|
||
|
module.kms.google_kms_key_ring_iam_member.default["roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user2@example.com"]:
|
||
|
condition: []
|
||
|
member: user:user2@example.com
|
||
|
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
|
||
|
|
||
|
counts:
|
||
|
google_kms_crypto_key: 3
|
||
|
google_kms_crypto_key_iam_binding: 1
|
||
|
google_kms_crypto_key_iam_member: 2
|
||
|
google_kms_key_ring: 1
|
||
|
google_kms_key_ring_iam_member: 2
|