update checklist parsing for top-level key (#1997)
This commit is contained in:
parent
37dc48bca4
commit
4b911a6047
|
@ -38,14 +38,14 @@ locals {
|
|||
)
|
||||
# check that files are for the correct organization and ignore them if not
|
||||
_cl_data = (
|
||||
try(local._cl_data_raw.organization.id, null) != tostring(var.organization.id)
|
||||
try(local._cl_data_raw.cloud_setup_config.organization.id, null) != tostring(var.organization.id)
|
||||
? null
|
||||
: local._cl_data_raw
|
||||
: local._cl_data_raw.cloud_setup_config
|
||||
)
|
||||
_cl_org = (
|
||||
try(local._cl_org_raw.organization.id, null) != tostring(var.organization.id)
|
||||
try(local._cl_org_raw.cloud_setup_org_iam.organization.id, null) != tostring(var.organization.id)
|
||||
? null
|
||||
: local._cl_org_raw
|
||||
: local._cl_org_raw.cloud_setup_org_iam
|
||||
)
|
||||
# do a first pass on IAM bindings to identify groups and normalize
|
||||
_cl_org_iam_bindings = {
|
||||
|
@ -93,14 +93,14 @@ check "checklist" {
|
|||
assert {
|
||||
condition = (
|
||||
var.factories_config.checklist_data == null ||
|
||||
try(local._cl_data_raw.version, null) == "0.1.0"
|
||||
try(local._cl_data_raw.cloud_setup_config.version, null) == "0.1.0"
|
||||
)
|
||||
error_message = "Checklist data version mismatch."
|
||||
}
|
||||
assert {
|
||||
condition = (
|
||||
var.factories_config.checklist_org_iam == null ||
|
||||
try(local._cl_org_raw.version, null) == "0.1.0"
|
||||
try(local._cl_org_raw.cloud_setup_org_iam.version, null) == "0.1.0"
|
||||
)
|
||||
error_message = "Checklist org IAM version mismatch."
|
||||
}
|
||||
|
@ -108,14 +108,14 @@ check "checklist" {
|
|||
assert {
|
||||
condition = (
|
||||
var.factories_config.checklist_data == null ||
|
||||
try(local._cl_data_raw.organization.id, null) == tostring(var.organization.id)
|
||||
try(local._cl_data_raw.cloud_setup_config.organization.id, null) == tostring(var.organization.id)
|
||||
)
|
||||
error_message = "Checklist data organization id mismatch, file ignored."
|
||||
}
|
||||
assert {
|
||||
condition = (
|
||||
var.factories_config.checklist_org_iam == null ||
|
||||
try(local._cl_org_raw.organization.id, null) == tostring(var.organization.id)
|
||||
try(local._cl_org_raw.cloud_setup_org_iam.organization.id, null) == tostring(var.organization.id)
|
||||
)
|
||||
error_message = "Checklist org IAM organization id mismatch, file ignored."
|
||||
}
|
||||
|
|
|
@ -23,9 +23,9 @@ locals {
|
|||
)
|
||||
# check that files are for the correct organization and ignore them if not
|
||||
_cl_data = (
|
||||
try(local._cl_data_raw.organization.id, null) != tostring(var.organization.id)
|
||||
try(local._cl_data_raw.cloud_setup_config.organization.id, null) != tostring(var.organization.id)
|
||||
? null
|
||||
: local._cl_data_raw
|
||||
: local._cl_data_raw.cloud_setup_config
|
||||
)
|
||||
# normalized IAM bindings one element per binding
|
||||
_cl_iam = local._cl_data == null ? [] : flatten([
|
||||
|
@ -57,7 +57,7 @@ check "checklist" {
|
|||
assert {
|
||||
condition = (
|
||||
var.factories_config.checklist_data == null ||
|
||||
try(local._cl_data_raw.version, null) == "0.1.0"
|
||||
try(local._cl_data_raw.cloud_setup_config.version, null) == "0.1.0"
|
||||
)
|
||||
error_message = "Checklist data version mismatch."
|
||||
}
|
||||
|
@ -65,7 +65,7 @@ check "checklist" {
|
|||
assert {
|
||||
condition = (
|
||||
var.factories_config.checklist_data == null ||
|
||||
try(local._cl_data_raw.organization.id, null) == tostring(var.organization.id)
|
||||
try(local._cl_data_raw.cloud_setup_config.organization.id, null) == tostring(var.organization.id)
|
||||
)
|
||||
error_message = "Checklist data organization id mismatch, file ignored."
|
||||
}
|
||||
|
|
|
@ -40,13 +40,93 @@ values:
|
|||
locked: null
|
||||
project: fast-prod-audit-logs-0
|
||||
retention_days: 30
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/securitycenter.admin"]:
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/billing.creator"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-billing-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.creator
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/browser"]:
|
||||
condition: []
|
||||
members:
|
||||
- domain:fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/browser
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/cloudasset.owner"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-network-admins@fast.example.com
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
- group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/securitycenter.admin
|
||||
role: roles/cloudasset.owner
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.admin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/cloudsupport.admin
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.techSupportEditor"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-devops@fast.example.com
|
||||
- group:gcp-network-admins@fast.example.com
|
||||
- group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/cloudsupport.techSupportEditor
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/compute.osAdminLogin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/compute.osAdminLogin
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/compute.osLoginExternalUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/compute.osLoginExternalUser
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/iam.securityReviewer"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/iam.securityReviewer
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/logging.admin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-security-admins@fast.example.com
|
||||
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/logging.admin
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/logging.viewer"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-devops@fast.example.com
|
||||
- serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/logging.viewer
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/monitoring.viewer"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-devops@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/monitoring.viewer
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/owner"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/owner
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.folderAdmin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.folderAdmin
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.folderViewer"]:
|
||||
condition: []
|
||||
members:
|
||||
|
@ -56,21 +136,226 @@ values:
|
|||
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.folderViewer
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.organizationAdmin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.organizationAdmin
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectCreator"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.projectCreator
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectMover"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.projectMover
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagAdmin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.tagAdmin
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.tagUser
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagViewer"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.tagViewer
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/securitycenter.admin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-organization-admins@fast.example.com
|
||||
- group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/securitycenter.admin
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/serviceusage.serviceUsageViewer"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/serviceusage.serviceUsageViewer
|
||||
module.organization.google_organization_iam_binding.bindings["organization_iam_admin_conditional"]:
|
||||
condition:
|
||||
- description: Automation service account delegated grants.
|
||||
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/accesscontextmanager.policyAdmin','roles/compute.orgFirewallPolicyAdmin','roles/compute.xpnAdmin','roles/orgpolicy.policyAdmin','roles/resourcemanager.organizationViewer','organizations/123456789012/roles/tenantNetworkAdmin','roles/billing.admin','roles/billing.costsManager','roles/billing.user'])
|
||||
title: automation_sa_delegated_grants
|
||||
members:
|
||||
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: organizations/123456789012/roles/organizationIamAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/accesscontextmanager.policyAdmin-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/accesscontextmanager.policyAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-group:gcp-billing-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-billing-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.admin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-group:gcp-organization-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.admin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.admin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.admin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/billing.user-group:gcp-organization-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.user
|
||||
? module.organization.google_organization_iam_member.bindings["roles/billing.viewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.viewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/billing.viewer-serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/billing.viewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/compute.networkAdmin-group:gcp-network-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-network-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/compute.networkAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/compute.orgFirewallPolicyAdmin-group:gcp-network-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-network-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/compute.orgFirewallPolicyAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/compute.securityAdmin-group:gcp-network-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-network-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/compute.securityAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/compute.viewer-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/compute.viewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/compute.xpnAdmin-group:gcp-network-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-network-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/compute.xpnAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/container.viewer-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/container.viewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/monitoring.admin-group:gcp-monitoring-admins@fast.example.com"]
|
||||
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-group:gcp-organization-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-monitoring-admins@fast.example.com
|
||||
member: group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/iam.organizationRoleAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/iam.organizationRoleAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/iam.organizationRoleAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleViewer-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/iam.organizationRoleViewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleViewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/iam.organizationRoleViewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/logging.configWriter-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/logging.configWriter
|
||||
? module.organization.google_organization_iam_member.bindings["roles/logging.privateLogViewer-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/logging.privateLogViewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/monitoring.admin-group:gcp-monitoring-admins@fast-onboarding-0.joonix.net"]
|
||||
: condition: []
|
||||
member: group:gcp-monitoring-admins@fast-onboarding-0.joonix.net
|
||||
org_id: '123456789012'
|
||||
role: roles/monitoring.admin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-group:gcp-organization-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/orgpolicy.policyAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/orgpolicy.policyAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/orgpolicy.policyAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/orgpolicy.policyAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyViewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/orgpolicy.policyViewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyViewer-serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
|
||||
: condition: []
|
||||
member: serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
|
||||
org_id: '123456789012'
|
||||
role: roles/orgpolicy.policyViewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/resourcemanager.folderIamAdmin-group:gcp-security-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-security-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.folderIamAdmin
|
||||
? module.organization.google_organization_iam_member.bindings["roles/resourcemanager.organizationViewer-group:gcp-billing-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-billing-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/resourcemanager.organizationViewer
|
||||
? module.organization.google_organization_iam_member.bindings["roles/storage.objectAdmin-group:gcp-organization-admins@fast.example.com"]
|
||||
: condition: []
|
||||
member: group:gcp-organization-admins@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/storage.objectAdmin
|
||||
|
||||
counts:
|
||||
google_bigquery_dataset: 1
|
||||
google_bigquery_default_service_account: 3
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,112 +1,108 @@
|
|||
{
|
||||
"version": "0.1.0",
|
||||
"organization": {
|
||||
"id": "123456789012",
|
||||
"name": "fast.example.com"
|
||||
},
|
||||
"iam_bindings": [
|
||||
{
|
||||
"principal": "group:gcp-organization-admins@fast.example.com",
|
||||
"group_id": "ORG_ADMINS",
|
||||
"role": [
|
||||
"roles/resourcemanager.organizationAdmin",
|
||||
"roles/resourcemanager.folderAdmin",
|
||||
"roles/resourcemanager.projectCreator",
|
||||
"roles/billing.user",
|
||||
"roles/iam.organizationRoleAdmin",
|
||||
"roles/orgpolicy.policyAdmin",
|
||||
"roles/securitycenter.admin",
|
||||
"roles/cloudsupport.admin",
|
||||
"roles/owner",
|
||||
"roles/cloudasset.owner",
|
||||
"roles/compute.osAdminLogin",
|
||||
"roles/compute.osLoginExternalUser",
|
||||
"roles/resourcemanager.tagAdmin",
|
||||
"roles/compute.xpnAdmin"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "123456789012"
|
||||
}
|
||||
"cloud_setup_org_iam": {
|
||||
"version": "0.1.0",
|
||||
"organization": {
|
||||
"id": "123456789012",
|
||||
"name": "fast.example.com"
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-billing-admins@fast.example.com",
|
||||
"group_id": "BILLING_ADMINS",
|
||||
"role": [
|
||||
"roles/billing.admin",
|
||||
"roles/billing.creator",
|
||||
"roles/resourcemanager.organizationViewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "123456789012"
|
||||
"iam_bindings": [
|
||||
{
|
||||
"principal": "group:gcp-organization-admins@fast-onboarding-0.joonix.net",
|
||||
"group_id": "ORG_ADMINS",
|
||||
"role": [
|
||||
"roles/storage.objectAdmin",
|
||||
"roles/resourcemanager.folderAdmin",
|
||||
"roles/resourcemanager.projectCreator",
|
||||
"roles/billing.user",
|
||||
"roles/iam.organizationRoleAdmin",
|
||||
"roles/orgpolicy.policyAdmin",
|
||||
"roles/securitycenter.admin",
|
||||
"roles/cloudsupport.admin"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "656131167402"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-billing-admins@fast-onboarding-0.joonix.net",
|
||||
"group_id": "BILLING_ADMINS",
|
||||
"role": [
|
||||
"roles/billing.admin",
|
||||
"roles/billing.creator",
|
||||
"roles/resourcemanager.organizationViewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "656131167402"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-network-admins@fast-onboarding-0.joonix.net",
|
||||
"group_id": "NETWORK_ADMINS",
|
||||
"role": [
|
||||
"roles/compute.networkAdmin",
|
||||
"roles/compute.xpnAdmin",
|
||||
"roles/compute.securityAdmin",
|
||||
"roles/resourcemanager.folderViewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "656131167402"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-logging-admins@fast-onboarding-0.joonix.net",
|
||||
"group_id": "LOGGING_ADMINS",
|
||||
"role": [
|
||||
"roles/logging.admin"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "656131167402"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-monitoring-admins@fast-onboarding-0.joonix.net",
|
||||
"group_id": "MONITORING_ADMINS",
|
||||
"role": [
|
||||
"roles/monitoring.admin"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "656131167402"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-security-admins@fast-onboarding-0.joonix.net",
|
||||
"group_id": "SECURITY_ADMINS",
|
||||
"role": [
|
||||
"roles/orgpolicy.policyAdmin",
|
||||
"roles/iam.securityReviewer",
|
||||
"roles/iam.organizationRoleViewer",
|
||||
"roles/securitycenter.admin",
|
||||
"roles/resourcemanager.folderIamAdmin",
|
||||
"roles/logging.privateLogViewer",
|
||||
"roles/logging.configWriter",
|
||||
"roles/container.viewer",
|
||||
"roles/compute.viewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "656131167402"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-devops@fast-onboarding-0.joonix.net",
|
||||
"group_id": "DEVOPS",
|
||||
"role": [
|
||||
"roles/resourcemanager.folderViewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "656131167402"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-network-admins@fast.example.com",
|
||||
"group_id": "NETWORK_ADMINS",
|
||||
"role": [
|
||||
"roles/compute.networkAdmin",
|
||||
"roles/compute.xpnAdmin",
|
||||
"roles/compute.securityAdmin",
|
||||
"roles/resourcemanager.folderViewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "123456789012"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-logging-admins@fast.example.com",
|
||||
"group_id": "LOGGING_ADMINS",
|
||||
"role": [
|
||||
"roles/logging.admin"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "123456789012"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-monitoring-admins@fast.example.com",
|
||||
"group_id": "MONITORING_ADMINS",
|
||||
"role": [
|
||||
"roles/monitoring.admin"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "123456789012"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-security-admins@fast.example.com",
|
||||
"group_id": "SECURITY_ADMINS",
|
||||
"role": [
|
||||
"roles/orgpolicy.policyAdmin",
|
||||
"roles/iam.securityReviewer",
|
||||
"roles/iam.organizationRoleViewer",
|
||||
"roles/securitycenter.admin",
|
||||
"roles/resourcemanager.folderIamAdmin",
|
||||
"roles/logging.privateLogViewer",
|
||||
"roles/logging.configWriter",
|
||||
"roles/container.viewer",
|
||||
"roles/compute.viewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "123456789012"
|
||||
}
|
||||
},
|
||||
{
|
||||
"principal": "group:gcp-devops@fast.example.com",
|
||||
"group_id": "DEVOPS",
|
||||
"role": [
|
||||
"roles/resourcemanager.folderViewer"
|
||||
],
|
||||
"resource": {
|
||||
"type": "ORGANIZATION",
|
||||
"id": "123456789012"
|
||||
}
|
||||
}
|
||||
]
|
||||
]
|
||||
}
|
||||
}
|
|
@ -17,108 +17,406 @@ values:
|
|||
display_name: Common
|
||||
parent: organizations/123456789012
|
||||
timeouts: null
|
||||
module.checklist-folder-1["Team 1"].google_folder.folder[0]:
|
||||
module.checklist-folder-1["Department 1"].google_folder.folder[0]:
|
||||
display_name: Department 1
|
||||
parent: organizations/123456789012
|
||||
timeouts: null
|
||||
module.checklist-folder-1["Department 2"].google_folder.folder[0]:
|
||||
display_name: Department 2
|
||||
parent: organizations/123456789012
|
||||
timeouts: null
|
||||
module.checklist-folder-1["Department 3"].google_folder.folder[0]:
|
||||
display_name: Department 3
|
||||
parent: organizations/123456789012
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 1/Team 1"].google_folder.folder[0]:
|
||||
display_name: Team 1
|
||||
parent: organizations/123456789012
|
||||
timeouts: null
|
||||
module.checklist-folder-1["Team 2"].google_folder.folder[0]:
|
||||
module.checklist-folder-2["Department 1/Team 2"].google_folder.folder[0]:
|
||||
display_name: Team 2
|
||||
parent: organizations/123456789012
|
||||
timeouts: null
|
||||
module.checklist-folder-1["Team 3"].google_folder.folder[0]:
|
||||
module.checklist-folder-2["Department 1/Team 3"].google_folder.folder[0]:
|
||||
display_name: Team 3
|
||||
parent: organizations/123456789012
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Team 1/Development"].google_folder.folder[0]:
|
||||
module.checklist-folder-2["Department 1/Team 4"].google_folder.folder[0]:
|
||||
display_name: Team 4
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 2/Team 1"].google_folder.folder[0]:
|
||||
display_name: Team 1
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 2/Team 2"].google_folder.folder[0]:
|
||||
display_name: Team 2
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 2/Team 3"].google_folder.folder[0]:
|
||||
display_name: Team 3
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 2/Team 4"].google_folder.folder[0]:
|
||||
display_name: Team 4
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 3/Team 1"].google_folder.folder[0]:
|
||||
display_name: Team 1
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 3/Team 2"].google_folder.folder[0]:
|
||||
display_name: Team 2
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 3/Team 3"].google_folder.folder[0]:
|
||||
display_name: Team 3
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Department 3/Team 4"].google_folder.folder[0]:
|
||||
display_name: Team 4
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 1/Team 1/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
module.checklist-folder-2["Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-2["Team 1/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-2["Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
? module.checklist-folder-3["Department 1/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
module.checklist-folder-2["Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]:
|
||||
condition: []
|
||||
? module.checklist-folder-3["Department 1/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-2["Team 1/Production"].google_folder.folder[0]:
|
||||
module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 1/Team 1/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Team 2/Development"].google_folder.folder[0]:
|
||||
module.checklist-folder-3["Department 1/Team 2/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
module.checklist-folder-2["Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-2["Team 2/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-2["Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
? module.checklist-folder-3["Department 1/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
module.checklist-folder-2["Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]:
|
||||
condition: []
|
||||
? module.checklist-folder-3["Department 1/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-2["Team 2/Production"].google_folder.folder[0]:
|
||||
module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 1/Team 2/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Team 3/Development"].google_folder.folder[0]:
|
||||
module.checklist-folder-3["Department 1/Team 3/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
module.checklist-folder-2["Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
module.checklist-folder-2["Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-2["Team 3/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-2["Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
? module.checklist-folder-3["Department 1/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
module.checklist-folder-2["Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]:
|
||||
condition: []
|
||||
? module.checklist-folder-3["Department 1/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast.example.com
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-2["Team 3/Production"].google_folder.folder[0]:
|
||||
module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 1/Team 3/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 1/Team 4/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 1/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 1/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 1/Team 4/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 2/Team 1/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 1/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 2/Team 2/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 2/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 2/Team 3/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 3/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 2/Team 4/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 2/Team 4/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 3/Team 1/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 1/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 3/Team 2/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 2/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 3/Team 3/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 3/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
module.checklist-folder-3["Department 3/Team 4/Development"].google_folder.folder[0]:
|
||||
display_name: Development
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder.folder[0]:
|
||||
display_name: Non-Production
|
||||
timeouts: null
|
||||
? module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/compute.instanceAdmin.v1
|
||||
? module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
|
||||
: condition: []
|
||||
members:
|
||||
- group:gcp-developers@fast-onboarding-0.joonix.net
|
||||
role: roles/container.admin
|
||||
module.checklist-folder-3["Department 3/Team 4/Production"].google_folder.folder[0]:
|
||||
display_name: Production
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_folder: 18
|
||||
google_folder_iam_binding: 31
|
||||
google_folder: 57
|
||||
google_folder_iam_binding: 67
|
||||
google_organization_iam_member: 5
|
||||
google_project_iam_member: 4
|
||||
google_service_account: 4
|
||||
|
@ -130,5 +428,5 @@ counts:
|
|||
google_tags_tag_binding: 5
|
||||
google_tags_tag_key: 3
|
||||
google_tags_tag_value: 9
|
||||
modules: 25
|
||||
resources: 98
|
||||
modules: 64
|
||||
resources: 173
|
||||
|
|
Loading…
Reference in New Issue