zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rewording, fix typos

This commit is contained in:
averbukh 2021-12-15 18:26:44 +01:00
parent 52878c1564
commit 39b7756958
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cloud-operations/README.md
View File

@ -49,6 +49,6 @@ The example's feed tracks changes to Google Compute instances, and the Cloud Fun
## On-prem Service Account key management ## On-prem Service Account key management
This [example](./onprem-sa-key-management) shows how to manage IAM Service Account Keys by generating a key pair and uploading the public part of the key to GCP. This [example](./onprem-sa-key-management) shows how to manage IAM Service Account Keys by manually generating a key pair and uploading the public part of the key to GCP.
s
<br clear="left"> <br clear="left">

4
cloud-operations/onprem-sa-key-management/README.md
View File

@ -2,10 +2,10 @@
When managing GCP Service Accounts with terraform, it's often a question on **how to avoid Service Account Key in the terraform state?** When managing GCP Service Accounts with terraform, it's often a question on **how to avoid Service Account Key in the terraform state?**
This example shows how to manage IAM Service Account Keys by generating a key pair and uploading the public part of the key to GCP, it has the following benefits: This example shows how to manage IAM Service Account Keys by manually generating a key pair and uploading the public part of the key to GCP. It has the following benefits:
- no [passing keys between users](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#pass-between-users) or systems - no [passing keys between users](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#pass-between-users) or systems
- no SA key stored in the terraform state (only public part of the key in the state) - no private keys stored in the terraform state (only public part of the key is in the state)
- let keys [expire automatically](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#key-expiryhaving) - let keys [expire automatically](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#key-expiryhaving)

2
modules/iam-service-account/main.tf
View File

@ -71,7 +71,7 @@ locals {
type : "service_account", type : "service_account",
project_id : var.project_id, project_id : var.project_id,
private_key_id : split("/", google_service_account_key.upload_key[file].id)[5] private_key_id : split("/", google_service_account_key.upload_key[file].id)[5]
private_key : "REPLASE_ME_WITH_PRIVATE_KEY_DATA" private_key : "REPLACE_ME_WITH_PRIVATE_KEY_DATA"
client_email : local.resource_email_static client_email : local.resource_email_static
client_id : local.service_account.unique_id, client_id : local.service_account.unique_id,
auth_uri : "https://accounts.google.com/o/oauth2/auth", auth_uri : "https://accounts.google.com/o/oauth2/auth",