Update main.tf
Added a terraform and provider block - terraform relies on plugins and following best practices to allow allowing the rightmost component of a version to increment. (https://developer.hashicorp.com/terraform/language/providers/requirements#version-constraints) Also removed comment about it being ok to use project roles of monitoring viewer and compute networkViewer. (Look at Issue #922)
This commit is contained in:
parent
3dc7b5dcdf
commit
1ca493e3d7
|
@ -14,6 +14,15 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
terraform {
|
||||||
|
required_version = "~> 1.3.3"
|
||||||
|
required_providers {
|
||||||
|
google = {
|
||||||
|
version = "~> 4.41.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
project_ids = toset(var.monitored_projects_list)
|
project_ids = toset(var.monitored_projects_list)
|
||||||
projects = join(",", local.project_ids)
|
projects = join(",", local.project_ids)
|
||||||
|
@ -50,7 +59,6 @@ module "service-account-function" {
|
||||||
# Required IAM permissions for this service account are:
|
# Required IAM permissions for this service account are:
|
||||||
# 1) compute.networkViewer on projects to be monitored (I gave it at organization level for now for simplicity)
|
# 1) compute.networkViewer on projects to be monitored (I gave it at organization level for now for simplicity)
|
||||||
# 2) monitoring viewer on the projects to be monitored (I gave it at organization level for now for simplicity)
|
# 2) monitoring viewer on the projects to be monitored (I gave it at organization level for now for simplicity)
|
||||||
# 3) if you dont have permission to create service account and assign permission at organization Level, move these 3 roles to project level.
|
|
||||||
|
|
||||||
iam_organization_roles = {
|
iam_organization_roles = {
|
||||||
"${var.organization_id}" = [
|
"${var.organization_id}" = [
|
||||||
|
|
Loading…
Reference in New Issue