Simplify fast bootstrap test
This commit is contained in:
Julio Castillo
parent
2af4a826fa
commit
34f01762c3
|
|
@ -1,705 +1,49 @@
|
|||
# # TODO: missing all local_file and gcs objects
|
||||
# values:
|
||||
# google_organization_iam_binding.org_admin_delegated:
|
||||
# condition:
|
||||
# - description: Automation service account delegated grants.
|
||||
# expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/accesscontextmanager.policyAdmin','roles/compute.orgFirewallPolicyAdmin','roles/compute.xpnAdmin','roles/orgpolicy.policyAdmin','roles/billing.admin','roles/billing.costsManager','roles/billing.user'])
|
||||
# title: automation_sa_delegated_grants
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: organizations/123456789012/roles/organizationIamAdmin
|
||||
# module.automation-project.data.google_bigquery_default_service_account.bq_sa[0]:
|
||||
# project: fast-prod-iac-core-0
|
||||
# module.automation-project.data.google_storage_project_service_account.gcs_sa[0]:
|
||||
# project: fast-prod-iac-core-0
|
||||
# user_project: null
|
||||
# module.automation-project.google_project.project[0]:
|
||||
# auto_create_network: false
|
||||
# billing_account: 000000-111111-222222
|
||||
# folder_id: null
|
||||
# labels: null
|
||||
# name: fast-prod-iac-core-0
|
||||
# org_id: '123456789012'
|
||||
# project_id: fast-prod-iac-core-0
|
||||
# skip_delete: false
|
||||
# module.automation-project.google_project_iam_binding.authoritative["roles/cloudbuild.builds.editor"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/cloudbuild.builds.editor
|
||||
# module.automation-project.google_project_iam_binding.authoritative["roles/iam.serviceAccountAdmin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-devops@fast.example.com
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/iam.serviceAccountAdmin
|
||||
# module.automation-project.google_project_iam_binding.authoritative["roles/iam.serviceAccountTokenCreator"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-devops@fast.example.com
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/iam.serviceAccountTokenCreator
|
||||
# module.automation-project.google_project_iam_binding.authoritative["roles/iam.workloadIdentityPoolAdmin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/iam.workloadIdentityPoolAdmin
|
||||
# module.automation-project.google_project_iam_binding.authoritative["roles/owner"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/owner
|
||||
# module.automation-project.google_project_iam_binding.authoritative["roles/source.admin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/source.admin
|
||||
# module.automation-project.google_project_iam_binding.authoritative["roles/storage.admin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/storage.admin
|
||||
# module.automation-project.google_project_iam_member.servicenetworking[0]:
|
||||
# condition: []
|
||||
# project: fast-prod-iac-core-0
|
||||
# role: roles/servicenetworking.serviceAgent
|
||||
# module.automation-project.google_project_service.project_services["accesscontextmanager.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: accesscontextmanager.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["bigquery.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: bigquery.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["bigqueryreservation.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: bigqueryreservation.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["bigquerystorage.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: bigquerystorage.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["billingbudgets.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: billingbudgets.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["cloudbilling.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: cloudbilling.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["cloudbuild.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: cloudbuild.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["cloudkms.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: cloudkms.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["cloudresourcemanager.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: cloudresourcemanager.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["compute.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: compute.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["container.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: container.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["essentialcontacts.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: essentialcontacts.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["iam.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: iam.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["iamcredentials.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: iamcredentials.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["orgpolicy.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: orgpolicy.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["pubsub.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: pubsub.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["servicenetworking.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: servicenetworking.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["serviceusage.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: serviceusage.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["sourcerepo.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: sourcerepo.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["stackdriver.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: stackdriver.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["storage-component.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: storage-component.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["storage.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: storage.googleapis.com
|
||||
# module.automation-project.google_project_service.project_services["sts.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: sts.googleapis.com
|
||||
# module.automation-project.google_project_service_identity.jit_si["pubsub.googleapis.com"]:
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: pubsub.googleapis.com
|
||||
# module.automation-project.google_project_service_identity.servicenetworking[0]:
|
||||
# project: fast-prod-iac-core-0
|
||||
# service: servicenetworking.googleapis.com
|
||||
# module.automation-tf-bootstrap-gcs.google_storage_bucket.bucket:
|
||||
# cors: []
|
||||
# custom_placement_config: []
|
||||
# default_event_based_hold: null
|
||||
# encryption: []
|
||||
# force_destroy: false
|
||||
# labels: null
|
||||
# lifecycle_rule: []
|
||||
# location: EU
|
||||
# logging: []
|
||||
# name: fast-prod-iac-core-bootstrap-0
|
||||
# project: fast-prod-iac-core-0
|
||||
# requester_pays: null
|
||||
# retention_policy: []
|
||||
# storage_class: MULTI_REGIONAL
|
||||
# uniform_bucket_level_access: true
|
||||
# versioning:
|
||||
# - enabled: true
|
||||
# website: []
|
||||
# module.automation-tf-bootstrap-sa.google_service_account.service_account[0]:
|
||||
# account_id: fast-prod-bootstrap-0
|
||||
# description: null
|
||||
# disabled: false
|
||||
# display_name: Terraform organization bootstrap service account.
|
||||
# project: fast-prod-iac-core-0
|
||||
# module.automation-tf-bootstrap-sa.google_service_account_iam_binding.roles["roles/iam.serviceAccountTokenCreator"]:
|
||||
# condition: []
|
||||
# members: null
|
||||
# role: roles/iam.serviceAccountTokenCreator
|
||||
# module.automation-tf-bootstrap-sa.google_storage_bucket_iam_member.bucket-roles["fast-prod-iac-core-outputs-0-roles/storage.admin"]:
|
||||
# bucket: fast-prod-iac-core-outputs-0
|
||||
# condition: []
|
||||
# role: roles/storage.admin
|
||||
# module.automation-tf-cicd-gcs.google_storage_bucket.bucket:
|
||||
# cors: []
|
||||
# custom_placement_config: []
|
||||
# default_event_based_hold: null
|
||||
# encryption: []
|
||||
# force_destroy: false
|
||||
# labels: null
|
||||
# lifecycle_rule: []
|
||||
# location: EU
|
||||
# logging: []
|
||||
# name: fast-prod-iac-core-cicd-0
|
||||
# project: fast-prod-iac-core-0
|
||||
# requester_pays: null
|
||||
# retention_policy: []
|
||||
# storage_class: MULTI_REGIONAL
|
||||
# uniform_bucket_level_access: true
|
||||
# versioning:
|
||||
# - enabled: true
|
||||
# website: []
|
||||
# module.automation-tf-cicd-gcs.google_storage_bucket_iam_binding.bindings["roles/storage.objectAdmin"]:
|
||||
# bucket: fast-prod-iac-core-cicd-0
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-cicd-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# role: roles/storage.objectAdmin
|
||||
# module.automation-tf-cicd-provisioning-sa.google_service_account.service_account[0]:
|
||||
# account_id: fast-prod-cicd-0
|
||||
# description: null
|
||||
# disabled: false
|
||||
# display_name: Terraform stage 1 CICD service account.
|
||||
# project: fast-prod-iac-core-0
|
||||
# module.automation-tf-cicd-provisioning-sa.google_service_account_iam_binding.roles["roles/iam.serviceAccountTokenCreator"]:
|
||||
# condition: []
|
||||
# members: null
|
||||
# role: roles/iam.serviceAccountTokenCreator
|
||||
# module.automation-tf-cicd-provisioning-sa.google_storage_bucket_iam_member.bucket-roles["fast-prod-iac-core-outputs-0-roles/storage.admin"]:
|
||||
# bucket: fast-prod-iac-core-outputs-0
|
||||
# condition: []
|
||||
# role: roles/storage.admin
|
||||
# module.automation-tf-output-gcs.google_storage_bucket.bucket:
|
||||
# cors: []
|
||||
# custom_placement_config: []
|
||||
# default_event_based_hold: null
|
||||
# encryption: []
|
||||
# force_destroy: false
|
||||
# labels: null
|
||||
# lifecycle_rule: []
|
||||
# location: EU
|
||||
# logging: []
|
||||
# name: fast-prod-iac-core-outputs-0
|
||||
# project: fast-prod-iac-core-0
|
||||
# requester_pays: null
|
||||
# retention_policy: []
|
||||
# storage_class: MULTI_REGIONAL
|
||||
# uniform_bucket_level_access: true
|
||||
# versioning:
|
||||
# - enabled: true
|
||||
# website: []
|
||||
# module.automation-tf-resman-gcs.google_storage_bucket.bucket:
|
||||
# cors: []
|
||||
# custom_placement_config: []
|
||||
# default_event_based_hold: null
|
||||
# encryption: []
|
||||
# force_destroy: false
|
||||
# labels: null
|
||||
# lifecycle_rule: []
|
||||
# location: EU
|
||||
# logging: []
|
||||
# name: fast-prod-iac-core-resman-0
|
||||
# project: fast-prod-iac-core-0
|
||||
# requester_pays: null
|
||||
# retention_policy: []
|
||||
# storage_class: MULTI_REGIONAL
|
||||
# uniform_bucket_level_access: true
|
||||
# versioning:
|
||||
# - enabled: true
|
||||
# website: []
|
||||
# module.automation-tf-resman-gcs.google_storage_bucket_iam_binding.bindings["roles/storage.objectAdmin"]:
|
||||
# bucket: fast-prod-iac-core-resman-0
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# role: roles/storage.objectAdmin
|
||||
# module.automation-tf-resman-sa.google_service_account.service_account[0]:
|
||||
# account_id: fast-prod-resman-0
|
||||
# description: null
|
||||
# disabled: false
|
||||
# display_name: Terraform stage 1 resman service account.
|
||||
# project: fast-prod-iac-core-0
|
||||
# module.automation-tf-resman-sa.google_service_account_iam_binding.roles["roles/iam.serviceAccountTokenCreator"]:
|
||||
# condition: []
|
||||
# members: null
|
||||
# role: roles/iam.serviceAccountTokenCreator
|
||||
# module.automation-tf-resman-sa.google_storage_bucket_iam_member.bucket-roles["fast-prod-iac-core-outputs-0-roles/storage.admin"]:
|
||||
# bucket: fast-prod-iac-core-outputs-0
|
||||
# condition: []
|
||||
# role: roles/storage.admin
|
||||
# module.billing-export-dataset[0].google_bigquery_dataset.default:
|
||||
# dataset_id: billing_export
|
||||
# default_encryption_configuration: []
|
||||
# default_partition_expiration_ms: null
|
||||
# default_table_expiration_ms: null
|
||||
# delete_contents_on_destroy: false
|
||||
# description: Terraform managed.
|
||||
# friendly_name: Billing export.
|
||||
# labels: null
|
||||
# location: EU
|
||||
# project: fast-prod-billing-exp-0
|
||||
# module.billing-export-project[0].data.google_bigquery_default_service_account.bq_sa[0]:
|
||||
# project: fast-prod-billing-exp-0
|
||||
# module.billing-export-project[0].data.google_storage_project_service_account.gcs_sa[0]:
|
||||
# project: fast-prod-billing-exp-0
|
||||
# user_project: null
|
||||
# module.billing-export-project[0].google_project.project[0]:
|
||||
# auto_create_network: false
|
||||
# billing_account: 000000-111111-222222
|
||||
# folder_id: null
|
||||
# labels: null
|
||||
# name: fast-prod-billing-exp-0
|
||||
# org_id: '123456789012'
|
||||
# project_id: fast-prod-billing-exp-0
|
||||
# skip_delete: false
|
||||
# module.billing-export-project[0].google_project_iam_binding.authoritative["roles/owner"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-billing-exp-0
|
||||
# role: roles/owner
|
||||
# module.billing-export-project[0].google_project_service.project_services["bigquery.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-billing-exp-0
|
||||
# service: bigquery.googleapis.com
|
||||
# module.billing-export-project[0].google_project_service.project_services["bigquerydatatransfer.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-billing-exp-0
|
||||
# service: bigquerydatatransfer.googleapis.com
|
||||
# module.billing-export-project[0].google_project_service.project_services["storage.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-billing-exp-0
|
||||
# service: storage.googleapis.com
|
||||
# module.log-export-dataset[0].google_bigquery_dataset.default:
|
||||
# dataset_id: audit_export
|
||||
# default_encryption_configuration: []
|
||||
# default_partition_expiration_ms: null
|
||||
# default_table_expiration_ms: null
|
||||
# delete_contents_on_destroy: false
|
||||
# description: Terraform managed.
|
||||
# friendly_name: Audit logs export.
|
||||
# labels: null
|
||||
# location: EU
|
||||
# project: fast-prod-audit-logs-0
|
||||
# module.log-export-project.data.google_bigquery_default_service_account.bq_sa[0]:
|
||||
# project: fast-prod-audit-logs-0
|
||||
# module.log-export-project.data.google_storage_project_service_account.gcs_sa[0]:
|
||||
# project: fast-prod-audit-logs-0
|
||||
# user_project: null
|
||||
# module.log-export-project.google_project.project[0]:
|
||||
# auto_create_network: false
|
||||
# billing_account: 000000-111111-222222
|
||||
# folder_id: null
|
||||
# labels: null
|
||||
# name: fast-prod-audit-logs-0
|
||||
# org_id: '123456789012'
|
||||
# project_id: fast-prod-audit-logs-0
|
||||
# skip_delete: false
|
||||
# module.log-export-project.google_project_iam_binding.authoritative["roles/owner"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# project: fast-prod-audit-logs-0
|
||||
# role: roles/owner
|
||||
# module.log-export-project.google_project_service.project_services["bigquery.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-audit-logs-0
|
||||
# service: bigquery.googleapis.com
|
||||
# module.log-export-project.google_project_service.project_services["stackdriver.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-audit-logs-0
|
||||
# service: stackdriver.googleapis.com
|
||||
# module.log-export-project.google_project_service.project_services["storage.googleapis.com"]:
|
||||
# disable_dependent_services: false
|
||||
# disable_on_destroy: false
|
||||
# project: fast-prod-audit-logs-0
|
||||
# service: storage.googleapis.com
|
||||
# module.organization.google_bigquery_dataset_iam_member.bq-sinks-binding["audit-logs"]:
|
||||
# condition: []
|
||||
# role: roles/bigquery.dataEditor
|
||||
# module.organization.google_bigquery_dataset_iam_member.bq-sinks-binding["vpc-sc"]:
|
||||
# condition: []
|
||||
# role: roles/bigquery.dataEditor
|
||||
# module.organization.google_logging_organization_sink.sink["audit-logs"]:
|
||||
# description: audit-logs (Terraform-managed).
|
||||
# disabled: false
|
||||
# exclusions: []
|
||||
# filter: logName:"/logs/cloudaudit.googleapis.com%2Factivity" OR logName:"/logs/cloudaudit.googleapis.com%2Fsystem_event"
|
||||
# include_children: true
|
||||
# name: audit-logs
|
||||
# org_id: '123456789012'
|
||||
# module.organization.google_logging_organization_sink.sink["vpc-sc"]:
|
||||
# description: vpc-sc (Terraform-managed).
|
||||
# disabled: false
|
||||
# exclusions: []
|
||||
# filter: protoPayload.metadata.@type="type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata"
|
||||
# include_children: true
|
||||
# name: vpc-sc
|
||||
# org_id: '123456789012'
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/browser"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - domain:fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/browser
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/cloudasset.owner"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-network-admins@fast.example.com
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# - group:gcp-security-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/cloudasset.owner
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.admin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/cloudsupport.admin
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.techSupportEditor"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-devops@fast.example.com
|
||||
# - group:gcp-network-admins@fast.example.com
|
||||
# - group:gcp-security-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/cloudsupport.techSupportEditor
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/compute.osAdminLogin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/compute.osAdminLogin
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/compute.osLoginExternalUser"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/compute.osLoginExternalUser
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/iam.securityReviewer"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-security-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/iam.securityReviewer
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/logging.admin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-security-admins@fast.example.com
|
||||
# - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/logging.admin
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/logging.viewer"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-devops@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/logging.viewer
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/monitoring.viewer"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-devops@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/monitoring.viewer
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/owner"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/owner
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.folderAdmin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/resourcemanager.folderAdmin
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.organizationAdmin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/resourcemanager.organizationAdmin
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectCreator"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-organization-admins@fast.example.com
|
||||
# - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/resourcemanager.projectCreator
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectMover"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/resourcemanager.projectMover
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagAdmin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/resourcemanager.tagAdmin
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagUser"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/resourcemanager.tagUser
|
||||
# module.organization.google_organization_iam_binding.authoritative["roles/securitycenter.admin"]:
|
||||
# condition: []
|
||||
# members:
|
||||
# - group:gcp-security-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/securitycenter.admin
|
||||
# module.organization.google_organization_iam_custom_role.roles["organizationIamAdmin"]:
|
||||
# description: Terraform-managed.
|
||||
# org_id: '123456789012'
|
||||
# permissions:
|
||||
# - resourcemanager.organizations.get
|
||||
# - resourcemanager.organizations.getIamPolicy
|
||||
# - resourcemanager.organizations.setIamPolicy
|
||||
# role_id: organizationIamAdmin
|
||||
# stage: GA
|
||||
# title: Custom role organizationIamAdmin
|
||||
# module.organization.google_organization_iam_custom_role.roles["serviceProjectNetworkAdmin"]:
|
||||
# description: Terraform-managed.
|
||||
# org_id: '123456789012'
|
||||
# permissions:
|
||||
# - compute.globalOperations.get
|
||||
# - compute.networks.get
|
||||
# - compute.networks.updatePeering
|
||||
# - compute.organizations.disableXpnResource
|
||||
# - compute.organizations.enableXpnResource
|
||||
# - compute.projects.get
|
||||
# - compute.subnetworks.getIamPolicy
|
||||
# - compute.subnetworks.setIamPolicy
|
||||
# - dns.networks.bindPrivateDNSZone
|
||||
# - resourcemanager.projects.get
|
||||
# role_id: serviceProjectNetworkAdmin
|
||||
# stage: GA
|
||||
# title: Custom role serviceProjectNetworkAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/accesscontextmanager.policyAdmin-group:gcp-security-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-security-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/accesscontextmanager.policyAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.admin-group:gcp-billing-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-billing-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.admin
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.admin-group:gcp-organization-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-organization-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.admin
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.admin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]:
|
||||
# condition: []
|
||||
# member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.admin
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.admin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]:
|
||||
# condition: []
|
||||
# member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.admin
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.costsManager-group:gcp-billing-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-billing-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.costsManager
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.costsManager-group:gcp-organization-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-organization-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.costsManager
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.costsManager-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]:
|
||||
# condition: []
|
||||
# member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.costsManager
|
||||
# module.organization.google_organization_iam_member.additive["roles/billing.costsManager-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]:
|
||||
# condition: []
|
||||
# member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/billing.costsManager
|
||||
# module.organization.google_organization_iam_member.additive["roles/compute.orgFirewallPolicyAdmin-group:gcp-network-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-network-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/compute.orgFirewallPolicyAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/compute.xpnAdmin-group:gcp-network-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-network-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/compute.xpnAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/iam.organizationRoleAdmin-group:gcp-security-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-security-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/iam.organizationRoleAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/iam.organizationRoleAdmin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]:
|
||||
# condition: []
|
||||
# member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/iam.organizationRoleAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/orgpolicy.policyAdmin-group:gcp-organization-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-organization-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/orgpolicy.policyAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/orgpolicy.policyAdmin-group:gcp-security-admins@fast.example.com"]:
|
||||
# condition: []
|
||||
# member: group:gcp-security-admins@fast.example.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/orgpolicy.policyAdmin
|
||||
# module.organization.google_organization_iam_member.additive["roles/orgpolicy.policyAdmin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]:
|
||||
# condition: []
|
||||
# member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# org_id: '123456789012'
|
||||
# role: roles/orgpolicy.policyAdmin
|
||||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# counts:
|
||||
# google_bigquery_dataset: 2
|
||||
# google_bigquery_dataset_iam_member: 2
|
||||
# google_bigquery_default_service_account: 3
|
||||
# google_logging_organization_sink: 2
|
||||
# google_organization_iam_binding: 19
|
||||
# google_organization_iam_custom_role: 2
|
||||
# google_organization_iam_member: 16
|
||||
# google_project: 3
|
||||
# google_project_iam_binding: 9
|
||||
# google_project_iam_member: 1
|
||||
# google_project_service: 29
|
||||
# google_project_service_identity: 2
|
||||
# google_service_account: 3
|
||||
# google_service_account_iam_binding: 3
|
||||
# google_storage_bucket: 4
|
||||
# google_storage_bucket_iam_binding: 2
|
||||
# google_storage_bucket_iam_member: 3
|
||||
# google_storage_bucket_object: 5
|
||||
# google_storage_project_service_account: 3
|
||||
# local_file: 5
|
||||
counts:
|
||||
google_bigquery_dataset: 2
|
||||
google_bigquery_dataset_iam_member: 2
|
||||
google_bigquery_default_service_account: 3
|
||||
google_logging_organization_sink: 2
|
||||
google_organization_iam_binding: 19
|
||||
google_organization_iam_custom_role: 2
|
||||
google_organization_iam_member: 16
|
||||
google_project: 3
|
||||
google_project_iam_binding: 9
|
||||
google_project_iam_member: 1
|
||||
google_project_service: 29
|
||||
google_project_service_identity: 2
|
||||
google_service_account: 3
|
||||
google_service_account_iam_binding: 3
|
||||
google_storage_bucket: 4
|
||||
google_storage_bucket_iam_binding: 2
|
||||
google_storage_bucket_iam_member: 3
|
||||
google_storage_bucket_object: 5
|
||||
google_storage_project_service_account: 3
|
||||
local_file: 5
|
||||
|
||||
# outputs:
|
||||
# automation: __missing__
|
||||
# billing_dataset: __missing__
|
||||
# cicd_repositories: {}
|
||||
# custom_roles:
|
||||
# organization_iam_admin: organizations/123456789012/roles/organizationIamAdmin
|
||||
# service_project_network_admin: organizations/123456789012/roles/serviceProjectNetworkAdmin
|
||||
# federated_identity:
|
||||
# pool: null
|
||||
# providers: {}
|
||||
# outputs_bucket: fast-prod-iac-core-outputs-0
|
||||
# project_ids:
|
||||
# automation: fast-prod-iac-core-0
|
||||
# billing-export: fast-prod-billing-exp-0
|
||||
# log-export: fast-prod-audit-logs-0
|
||||
# service_accounts:
|
||||
# bootstrap: fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# cicd: fast-prod-cicd-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# resman: fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
# tfvars: __missing__
|
||||
outputs:
|
||||
custom_roles:
|
||||
organization_iam_admin: organizations/123456789012/roles/organizationIamAdmin
|
||||
service_project_network_admin: organizations/123456789012/roles/serviceProjectNetworkAdmin
|
||||
outputs_bucket: fast-prod-iac-core-outputs-0
|
||||
project_ids:
|
||||
automation: fast-prod-iac-core-0
|
||||
billing-export: fast-prod-billing-exp-0
|
||||
log-export: fast-prod-audit-logs-0
|
||||
service_accounts:
|
||||
bootstrap: fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
cicd: fast-prod-cicd-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
resman: fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.automation-project.google_project.project[0]:
|
||||
auto_create_network: false
|
||||
billing_account: 000000-111111-222222
|
||||
name: fast-prod-iac-core-0
|
||||
org_id: '123456789012'
|
||||
project_id: fast-prod-iac-core-0
|
||||
module.billing-export-project[0].google_project.project[0]:
|
||||
auto_create_network: false
|
||||
billing_account: 000000-111111-222222
|
||||
name: fast-prod-billing-exp-0
|
||||
org_id: '123456789012'
|
||||
project_id: fast-prod-billing-exp-0
|
||||
module.log-export-project.google_project.project[0]:
|
||||
auto_create_network: false
|
||||
billing_account: 000000-111111-222222
|
||||
name: fast-prod-audit-logs-0
|
||||
org_id: '123456789012'
|
||||
project_id: fast-prod-audit-logs-0
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.automation-tf-bootstrap-sa.google_service_account.service_account[0]:
|
||||
account_id: fast-prod-bootstrap-0
|
||||
display_name: Terraform organization bootstrap service account.
|
||||
project: fast-prod-iac-core-0
|
||||
module.automation-tf-cicd-provisioning-sa.google_service_account.service_account[0]:
|
||||
account_id: fast-prod-cicd-0
|
||||
display_name: Terraform stage 1 CICD service account.
|
||||
project: fast-prod-iac-core-0
|
||||
module.automation-tf-resman-sa.google_service_account.service_account[0]:
|
||||
account_id: fast-prod-resman-0
|
||||
display_name: Terraform stage 1 resman service account.
|
||||
project: fast-prod-iac-core-0
|
||||
|
|
@ -6,3 +6,7 @@ tests:
|
|||
simple:
|
||||
tfvars:
|
||||
- simple.tfvars
|
||||
inventory:
|
||||
- simple.yaml
|
||||
- simple_projects.yaml
|
||||
- simple_sas.yaml
|
||||
|
|
|
|||
Loading…
Reference in New Issue