236 lines
9.6 KiB
YAML
236 lines
9.6 KiB
YAML
|
# Copyright 2023 Google LLC
|
||
|
#
|
||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
# you may not use this file except in compliance with the License.
|
||
|
# You may obtain a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
# See the License for the specific language governing permissions and
|
||
|
# limitations under the License.
|
||
|
|
||
|
# This is one of the few modules where it actually makes sense to be
|
||
|
# very verbose with values
|
||
|
|
||
|
values:
|
||
|
module.projects["project"].google_compute_subnetwork_iam_member.default["dev-default-ew1:serviceAccount:my-service-account"]:
|
||
|
condition: []
|
||
|
member: serviceAccount:my-service-account
|
||
|
project: fast-dev-net-spoke-0
|
||
|
region: europe-west1
|
||
|
role: roles/compute.networkUser
|
||
|
subnetwork: projects/fast-dev-net-spoke-0/regions/europe-west1/subnetworks/dev-default-ew1
|
||
|
module.projects["project"].google_compute_subnetwork_iam_member.default["dev-default-ew1:user:foobar@example.com"]:
|
||
|
condition: []
|
||
|
member: user:foobar@example.com
|
||
|
project: fast-dev-net-spoke-0
|
||
|
region: europe-west1
|
||
|
role: roles/compute.networkUser
|
||
|
subnetwork: projects/fast-dev-net-spoke-0/regions/europe-west1/subnetworks/dev-default-ew1
|
||
|
module.projects["project"].module.billing-alert["1"].google_billing_budget.budget:
|
||
|
all_updates_rule:
|
||
|
- disable_default_iam_recipients: false
|
||
|
pubsub_topic: null
|
||
|
schema_version: '1.0'
|
||
|
amount:
|
||
|
- last_period_amount: null
|
||
|
specified_amount:
|
||
|
- nanos: null
|
||
|
units: '10'
|
||
|
billing_account: 012345-67890A-BCDEF0
|
||
|
budget_filter:
|
||
|
- calendar_period: null
|
||
|
credit_types_treatment: INCLUDE_ALL_CREDITS
|
||
|
custom_period: []
|
||
|
display_name: test1-project budget
|
||
|
threshold_rules:
|
||
|
- spend_basis: CURRENT_SPEND
|
||
|
threshold_percent: 0.5
|
||
|
- spend_basis: CURRENT_SPEND
|
||
|
threshold_percent: 0.8
|
||
|
module.projects["project"].module.billing-alert["1"].google_monitoring_notification_channel.email_channels["team-a-contacts@example.com"]:
|
||
|
display_name: test1-project budget budget email notification (team-a-contacts@example.com)
|
||
|
labels:
|
||
|
email_address: team-a-contacts@example.com
|
||
|
project: test1-project
|
||
|
sensitive_labels: []
|
||
|
type: email
|
||
|
module.projects["project"].module.billing-alert["1"].google_monitoring_notification_channel.email_channels["team-contacts@example.com"]:
|
||
|
display_name: test1-project budget budget email notification (team-contacts@example.com)
|
||
|
labels:
|
||
|
email_address: team-contacts@example.com
|
||
|
project: test1-project
|
||
|
sensitive_labels: []
|
||
|
type: email
|
||
|
module.projects["project"].module.dns["ipsum"].google_dns_managed_zone.non-public[0]:
|
||
|
dns_name: ipsum.dev.example.org
|
||
|
name: ipsum
|
||
|
private_visibility_config:
|
||
|
- gke_clusters: []
|
||
|
networks:
|
||
|
- network_url: projects/foo/networks/bar
|
||
|
project: fast-dev-net-spoke-0
|
||
|
visibility: private
|
||
|
module.projects["project"].module.dns["lorem"].google_dns_managed_zone.non-public[0]:
|
||
|
dns_name: lorem.dev.example.org
|
||
|
name: lorem
|
||
|
private_visibility_config:
|
||
|
- gke_clusters: []
|
||
|
networks:
|
||
|
- network_url: projects/foo/networks/bar
|
||
|
project: fast-dev-net-spoke-0
|
||
|
module.projects["project"].module.project.google_compute_shared_vpc_service_project.shared_vpc_service[0]:
|
||
|
host_project: fast-dev-net-spoke-0
|
||
|
service_project: test1-project
|
||
|
module.projects["project"].module.project.google_essential_contacts_contact.contact["team-a-contacts@example.com"]:
|
||
|
email: team-a-contacts@example.com
|
||
|
language_tag: en
|
||
|
notification_category_subscriptions:
|
||
|
- ALL
|
||
|
parent: projects/test1-project
|
||
|
module.projects["project"].module.project.google_essential_contacts_contact.contact["team-contacts@example.com"]:
|
||
|
email: team-contacts@example.com
|
||
|
language_tag: en
|
||
|
notification_category_subscriptions:
|
||
|
- ALL
|
||
|
parent: projects/test1-project
|
||
|
module.projects["project"].module.project.google_org_policy_policy.default["constraints/compute.disableGuestAttributesAccess"]:
|
||
|
name: projects/test1-project/policies/constraints/compute.disableGuestAttributesAccess
|
||
|
parent: projects/test1-project
|
||
|
spec:
|
||
|
- inherit_from_parent: null
|
||
|
reset: null
|
||
|
rules:
|
||
|
- allow_all: null
|
||
|
condition: []
|
||
|
deny_all: null
|
||
|
enforce: 'TRUE'
|
||
|
values: []
|
||
|
module.projects["project"].module.project.google_org_policy_policy.default["constraints/compute.trustedImageProjects"]:
|
||
|
name: projects/test1-project/policies/constraints/compute.trustedImageProjects
|
||
|
parent: projects/test1-project
|
||
|
spec:
|
||
|
- inherit_from_parent: null
|
||
|
reset: null
|
||
|
rules:
|
||
|
- allow_all: null
|
||
|
condition: []
|
||
|
deny_all: null
|
||
|
enforce: null
|
||
|
values:
|
||
|
- allowed_values:
|
||
|
- projects/fast-dev-iac-core-0
|
||
|
denied_values: null
|
||
|
module.projects["project"].module.project.google_org_policy_policy.default["constraints/compute.vmExternalIpAccess"]:
|
||
|
name: projects/test1-project/policies/constraints/compute.vmExternalIpAccess
|
||
|
parent: projects/test1-project
|
||
|
spec:
|
||
|
- inherit_from_parent: null
|
||
|
reset: null
|
||
|
rules:
|
||
|
- allow_all: null
|
||
|
condition: []
|
||
|
deny_all: 'TRUE'
|
||
|
enforce: null
|
||
|
values: []
|
||
|
module.projects["project"].module.project.google_project.project[0]:
|
||
|
auto_create_network: false
|
||
|
billing_account: 012345-67890A-BCDEF0
|
||
|
folder_id: 012345678901
|
||
|
labels:
|
||
|
application: example-app
|
||
|
costcenter: apps
|
||
|
department: accounting
|
||
|
environment: dev
|
||
|
foo: bar
|
||
|
name: test1-project
|
||
|
org_id: null
|
||
|
project_id: test1-project
|
||
|
skip_delete: false
|
||
|
module.projects["project"].module.project.google_project_iam_binding.authoritative["roles/compute.admin"]:
|
||
|
condition: []
|
||
|
project: test1-project
|
||
|
role: roles/compute.admin
|
||
|
module.projects["project"].module.project.google_project_iam_binding.authoritative["roles/compute.adminv1"]:
|
||
|
condition: []
|
||
|
project: test1-project
|
||
|
role: roles/compute.adminv1
|
||
|
module.projects["project"].module.project.google_project_iam_binding.authoritative["roles/storage.objectViewer"]:
|
||
|
condition: []
|
||
|
project: test1-project
|
||
|
role: roles/storage.objectViewer
|
||
|
module.projects["project"].module.project.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]:
|
||
|
condition: []
|
||
|
project: fast-dev-net-spoke-0
|
||
|
role: roles/compute.networkUser
|
||
|
module.projects["project"].module.project.google_project_iam_member.shared_vpc_host_robots["roles/compute.securityAdmin:container-engine"]:
|
||
|
condition: []
|
||
|
project: fast-dev-net-spoke-0
|
||
|
role: roles/compute.securityAdmin
|
||
|
module.projects["project"].module.project.google_project_service.project_services["billingbudgets.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: billingbudgets.googleapis.com
|
||
|
module.projects["project"].module.project.google_project_service.project_services["compute.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: compute.googleapis.com
|
||
|
module.projects["project"].module.project.google_project_service.project_services["container.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: container.googleapis.com
|
||
|
module.projects["project"].module.project.google_project_service.project_services["dns.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: dns.googleapis.com
|
||
|
module.projects["project"].module.project.google_project_service.project_services["essentialcontacts.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: essentialcontacts.googleapis.com
|
||
|
module.projects["project"].module.project.google_project_service.project_services["orgpolicy.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: orgpolicy.googleapis.com
|
||
|
module.projects["project"].module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: stackdriver.googleapis.com
|
||
|
module.projects["project"].module.project.google_project_service.project_services["storage.googleapis.com"]:
|
||
|
disable_dependent_services: false
|
||
|
disable_on_destroy: false
|
||
|
project: test1-project
|
||
|
service: storage.googleapis.com
|
||
|
module.projects["project"].module.service-accounts["another-service-account"].google_service_account.service_account[0]:
|
||
|
account_id: another-service-account
|
||
|
display_name: Terraform-managed.
|
||
|
project: test1-project
|
||
|
module.projects["project"].module.service-accounts["my-service-account"].google_service_account.service_account[0]:
|
||
|
account_id: my-service-account
|
||
|
display_name: Terraform-managed.
|
||
|
project: test1-project
|
||
|
|
||
|
counts:
|
||
|
google_billing_budget: 1
|
||
|
google_compute_shared_vpc_service_project: 1
|
||
|
google_compute_subnetwork_iam_member: 2
|
||
|
google_dns_managed_zone: 2
|
||
|
google_essential_contacts_contact: 2
|
||
|
google_monitoring_notification_channel: 2
|
||
|
google_org_policy_policy: 3
|
||
|
google_project: 1
|
||
|
google_project_iam_binding: 3
|
||
|
google_project_iam_member: 2
|
||
|
google_project_service: 8
|
||
|
google_service_account: 2
|
||
|
google_storage_project_service_account: 1
|