zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update checklist parsing for top-level key (#1997)

This commit is contained in:
Ludovico Magnocavallo 2024-01-23 07:34:03 +01:00 committed by GitHub
parent 37dc48bca4
commit 4b911a6047
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 1513 additions and 499 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
fast/stages/0-bootstrap/checklist.tf
View File

@ -38,14 +38,14 @@ locals {
)
# check that files are for the correct organization and ignore them if not
_cl_data = (
try(local._cl_data_raw.organization.id, null) != tostring(var.organization.id)
try(local._cl_data_raw.cloud_setup_config.organization.id, null) != tostring(var.organization.id)
? null
: local._cl_data_raw
: local._cl_data_raw.cloud_setup_config
)
_cl_org = (
try(local._cl_org_raw.organization.id, null) != tostring(var.organization.id)
try(local._cl_org_raw.cloud_setup_org_iam.organization.id, null) != tostring(var.organization.id)
? null
: local._cl_org_raw
: local._cl_org_raw.cloud_setup_org_iam
)
# do a first pass on IAM bindings to identify groups and normalize
_cl_org_iam_bindings = {
@ -93,14 +93,14 @@ check "checklist" {
assert {
condition = (
var.factories_config.checklist_data == null ||
try(local._cl_data_raw.version, null) == "0.1.0"
try(local._cl_data_raw.cloud_setup_config.version, null) == "0.1.0"
)
error_message = "Checklist data version mismatch."
}
assert {
condition = (
var.factories_config.checklist_org_iam == null ||
try(local._cl_org_raw.version, null) == "0.1.0"
try(local._cl_org_raw.cloud_setup_org_iam.version, null) == "0.1.0"
)
error_message = "Checklist org IAM version mismatch."
}
@ -108,14 +108,14 @@ check "checklist" {
assert {
condition = (
var.factories_config.checklist_data == null ||
try(local._cl_data_raw.organization.id, null) == tostring(var.organization.id)
try(local._cl_data_raw.cloud_setup_config.organization.id, null) == tostring(var.organization.id)
)
error_message = "Checklist data organization id mismatch, file ignored."
}
assert {
condition = (
var.factories_config.checklist_org_iam == null ||
try(local._cl_org_raw.organization.id, null) == tostring(var.organization.id)
try(local._cl_org_raw.cloud_setup_org_iam.organization.id, null) == tostring(var.organization.id)
)
error_message = "Checklist org IAM organization id mismatch, file ignored."
}

8
fast/stages/1-resman/checklist.tf
View File

@ -23,9 +23,9 @@ locals {
)
# check that files are for the correct organization and ignore them if not
_cl_data = (
try(local._cl_data_raw.organization.id, null) != tostring(var.organization.id)
try(local._cl_data_raw.cloud_setup_config.organization.id, null) != tostring(var.organization.id)
? null
: local._cl_data_raw
: local._cl_data_raw.cloud_setup_config
)
# normalized IAM bindings one element per binding
_cl_iam = local._cl_data == null ? [] : flatten([
@ -57,7 +57,7 @@ check "checklist" {
assert {
condition = (
var.factories_config.checklist_data == null ||
try(local._cl_data_raw.version, null) == "0.1.0"
try(local._cl_data_raw.cloud_setup_config.version, null) == "0.1.0"
)
error_message = "Checklist data version mismatch."
}
@ -65,7 +65,7 @@ check "checklist" {
assert {
condition = (
var.factories_config.checklist_data == null ||
try(local._cl_data_raw.organization.id, null) == tostring(var.organization.id)
try(local._cl_data_raw.cloud_setup_config.organization.id, null) == tostring(var.organization.id)
)
error_message = "Checklist data organization id mismatch, file ignored."
}

293
tests/fast/stages/s0_bootstrap/checklist.yaml
View File

@ -40,13 +40,93 @@ values:
locked: null
project: fast-prod-audit-logs-0
retention_days: 30
module.organization.google_organization_iam_binding.authoritative["roles/securitycenter.admin"]:
module.organization.google_organization_iam_binding.authoritative["roles/billing.creator"]:
condition: []
members:
- group:gcp-billing-admins@fast.example.com
org_id: '123456789012'
role: roles/billing.creator
module.organization.google_organization_iam_binding.authoritative["roles/browser"]:
condition: []
members:
- domain:fast.example.com
org_id: '123456789012'
role: roles/browser
module.organization.google_organization_iam_binding.authoritative["roles/cloudasset.owner"]:
condition: []
members:
- group:gcp-network-admins@fast.example.com
- group:gcp-organization-admins@fast.example.com
- group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/securitycenter.admin
role: roles/cloudasset.owner
module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.admin"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/cloudsupport.admin
module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.techSupportEditor"]:
condition: []
members:
- group:gcp-devops@fast.example.com
- group:gcp-network-admins@fast.example.com
- group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/cloudsupport.techSupportEditor
module.organization.google_organization_iam_binding.authoritative["roles/compute.osAdminLogin"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/compute.osAdminLogin
module.organization.google_organization_iam_binding.authoritative["roles/compute.osLoginExternalUser"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/compute.osLoginExternalUser
module.organization.google_organization_iam_binding.authoritative["roles/iam.securityReviewer"]:
condition: []
members:
- group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/iam.securityReviewer
module.organization.google_organization_iam_binding.authoritative["roles/logging.admin"]:
condition: []
members:
- group:gcp-security-admins@fast.example.com
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/logging.admin
module.organization.google_organization_iam_binding.authoritative["roles/logging.viewer"]:
condition: []
members:
- group:gcp-devops@fast.example.com
- serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/logging.viewer
module.organization.google_organization_iam_binding.authoritative["roles/monitoring.viewer"]:
condition: []
members:
- group:gcp-devops@fast.example.com
org_id: '123456789012'
role: roles/monitoring.viewer
module.organization.google_organization_iam_binding.authoritative["roles/owner"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/owner
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.folderAdmin"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.folderAdmin
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.folderViewer"]:
condition: []
members:
@ -56,21 +136,226 @@ values:
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.folderViewer
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.organizationAdmin"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.organizationAdmin
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectCreator"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.projectCreator
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectMover"]:
condition: []
members:
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.projectMover
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagAdmin"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
- serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.tagAdmin
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagUser"]:
condition: []
members:
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.tagUser
module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagViewer"]:
condition: []
members:
- serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/resourcemanager.tagViewer
module.organization.google_organization_iam_binding.authoritative["roles/securitycenter.admin"]:
condition: []
members:
- group:gcp-organization-admins@fast.example.com
- group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/securitycenter.admin
module.organization.google_organization_iam_binding.authoritative["roles/serviceusage.serviceUsageViewer"]:
condition: []
members:
- serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/serviceusage.serviceUsageViewer
module.organization.google_organization_iam_binding.bindings["organization_iam_admin_conditional"]:
condition:
- description: Automation service account delegated grants.
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/accesscontextmanager.policyAdmin','roles/compute.orgFirewallPolicyAdmin','roles/compute.xpnAdmin','roles/orgpolicy.policyAdmin','roles/resourcemanager.organizationViewer','organizations/123456789012/roles/tenantNetworkAdmin','roles/billing.admin','roles/billing.costsManager','roles/billing.user'])
title: automation_sa_delegated_grants
members:
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: organizations/123456789012/roles/organizationIamAdmin
? module.organization.google_organization_iam_member.bindings["roles/accesscontextmanager.policyAdmin-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/accesscontextmanager.policyAdmin
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-group:gcp-billing-admins@fast.example.com"]
: condition: []
member: group:gcp-billing-admins@fast.example.com
org_id: '123456789012'
role: roles/billing.admin
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-group:gcp-organization-admins@fast.example.com"]
: condition: []
member: group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/billing.admin
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/billing.admin
? module.organization.google_organization_iam_member.bindings["roles/billing.admin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/billing.admin
? module.organization.google_organization_iam_member.bindings["roles/billing.user-group:gcp-organization-admins@fast.example.com"]
: condition: []
member: group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/billing.user
? module.organization.google_organization_iam_member.bindings["roles/billing.viewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/billing.viewer
? module.organization.google_organization_iam_member.bindings["roles/billing.viewer-serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/billing.viewer
? module.organization.google_organization_iam_member.bindings["roles/compute.networkAdmin-group:gcp-network-admins@fast.example.com"]
: condition: []
member: group:gcp-network-admins@fast.example.com
org_id: '123456789012'
role: roles/compute.networkAdmin
? module.organization.google_organization_iam_member.bindings["roles/compute.orgFirewallPolicyAdmin-group:gcp-network-admins@fast.example.com"]
: condition: []
member: group:gcp-network-admins@fast.example.com
org_id: '123456789012'
role: roles/compute.orgFirewallPolicyAdmin
? module.organization.google_organization_iam_member.bindings["roles/compute.securityAdmin-group:gcp-network-admins@fast.example.com"]
: condition: []
member: group:gcp-network-admins@fast.example.com
org_id: '123456789012'
role: roles/compute.securityAdmin
? module.organization.google_organization_iam_member.bindings["roles/compute.viewer-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/compute.viewer
? module.organization.google_organization_iam_member.bindings["roles/compute.xpnAdmin-group:gcp-network-admins@fast.example.com"]
: condition: []
member: group:gcp-network-admins@fast.example.com
org_id: '123456789012'
role: roles/compute.xpnAdmin
? module.organization.google_organization_iam_member.bindings["roles/container.viewer-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/container.viewer
? module.organization.google_organization_iam_member.bindings["roles/monitoring.admin-group:gcp-monitoring-admins@fast.example.com"]
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-group:gcp-organization-admins@fast.example.com"]
: condition: []
member: group:gcp-monitoring-admins@fast.example.com
member: group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/iam.organizationRoleAdmin
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/iam.organizationRoleAdmin
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/iam.organizationRoleAdmin
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleViewer-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/iam.organizationRoleViewer
? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleViewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/iam.organizationRoleViewer
? module.organization.google_organization_iam_member.bindings["roles/logging.configWriter-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/logging.configWriter
? module.organization.google_organization_iam_member.bindings["roles/logging.privateLogViewer-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/logging.privateLogViewer
? module.organization.google_organization_iam_member.bindings["roles/monitoring.admin-group:gcp-monitoring-admins@fast-onboarding-0.joonix.net"]
: condition: []
member: group:gcp-monitoring-admins@fast-onboarding-0.joonix.net
org_id: '123456789012'
role: roles/monitoring.admin
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-group:gcp-organization-admins@fast.example.com"]
: condition: []
member: group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/orgpolicy.policyAdmin
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/orgpolicy.policyAdmin
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/orgpolicy.policyAdmin
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/orgpolicy.policyAdmin
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyViewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/orgpolicy.policyViewer
? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyViewer-serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"]
: condition: []
member: serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com
org_id: '123456789012'
role: roles/orgpolicy.policyViewer
? module.organization.google_organization_iam_member.bindings["roles/resourcemanager.folderIamAdmin-group:gcp-security-admins@fast.example.com"]
: condition: []
member: group:gcp-security-admins@fast.example.com
org_id: '123456789012'
role: roles/resourcemanager.folderIamAdmin
? module.organization.google_organization_iam_member.bindings["roles/resourcemanager.organizationViewer-group:gcp-billing-admins@fast.example.com"]
: condition: []
member: group:gcp-billing-admins@fast.example.com
org_id: '123456789012'
role: roles/resourcemanager.organizationViewer
? module.organization.google_organization_iam_member.bindings["roles/storage.objectAdmin-group:gcp-organization-admins@fast.example.com"]
: condition: []
member: group:gcp-organization-admins@fast.example.com
org_id: '123456789012'
role: roles/storage.objectAdmin
counts:
google_bigquery_dataset: 1
google_bigquery_default_service_account: 3

1045
tests/fast/stages/s0_bootstrap/data/checklist-data.json
View File

File diff suppressed because it is too large Load Diff

212
tests/fast/stages/s0_bootstrap/data/checklist-org-iam.json
View File

@ -1,112 +1,108 @@
{
"version": "0.1.0",
"organization": {
"id": "123456789012",
"name": "fast.example.com"
},
"iam_bindings": [
{
"principal": "group:gcp-organization-admins@fast.example.com",
"group_id": "ORG_ADMINS",
"role": [
"roles/resourcemanager.organizationAdmin",
"roles/resourcemanager.folderAdmin",
"roles/resourcemanager.projectCreator",
"roles/billing.user",
"roles/iam.organizationRoleAdmin",
"roles/orgpolicy.policyAdmin",
"roles/securitycenter.admin",
"roles/cloudsupport.admin",
"roles/owner",
"roles/cloudasset.owner",
"roles/compute.osAdminLogin",
"roles/compute.osLoginExternalUser",
"roles/resourcemanager.tagAdmin",
"roles/compute.xpnAdmin"
],
"resource": {
"type": "ORGANIZATION",
"id": "123456789012"
}
"cloud_setup_org_iam": {
"version": "0.1.0",
"organization": {
"id": "123456789012",
"name": "fast.example.com"
},
{
"principal": "group:gcp-billing-admins@fast.example.com",
"group_id": "BILLING_ADMINS",
"role": [
"roles/billing.admin",
"roles/billing.creator",
"roles/resourcemanager.organizationViewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "123456789012"
"iam_bindings": [
{
"principal": "group:gcp-organization-admins@fast-onboarding-0.joonix.net",
"group_id": "ORG_ADMINS",
"role": [
"roles/storage.objectAdmin",
"roles/resourcemanager.folderAdmin",
"roles/resourcemanager.projectCreator",
"roles/billing.user",
"roles/iam.organizationRoleAdmin",
"roles/orgpolicy.policyAdmin",
"roles/securitycenter.admin",
"roles/cloudsupport.admin"
],
"resource": {
"type": "ORGANIZATION",
"id": "656131167402"
}
},
{
"principal": "group:gcp-billing-admins@fast-onboarding-0.joonix.net",
"group_id": "BILLING_ADMINS",
"role": [
"roles/billing.admin",
"roles/billing.creator",
"roles/resourcemanager.organizationViewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "656131167402"
}
},
{
"principal": "group:gcp-network-admins@fast-onboarding-0.joonix.net",
"group_id": "NETWORK_ADMINS",
"role": [
"roles/compute.networkAdmin",
"roles/compute.xpnAdmin",
"roles/compute.securityAdmin",
"roles/resourcemanager.folderViewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "656131167402"
}
},
{
"principal": "group:gcp-logging-admins@fast-onboarding-0.joonix.net",
"group_id": "LOGGING_ADMINS",
"role": [
"roles/logging.admin"
],
"resource": {
"type": "ORGANIZATION",
"id": "656131167402"
}
},
{
"principal": "group:gcp-monitoring-admins@fast-onboarding-0.joonix.net",
"group_id": "MONITORING_ADMINS",
"role": [
"roles/monitoring.admin"
],
"resource": {
"type": "ORGANIZATION",
"id": "656131167402"
}
},
{
"principal": "group:gcp-security-admins@fast-onboarding-0.joonix.net",
"group_id": "SECURITY_ADMINS",
"role": [
"roles/orgpolicy.policyAdmin",
"roles/iam.securityReviewer",
"roles/iam.organizationRoleViewer",
"roles/securitycenter.admin",
"roles/resourcemanager.folderIamAdmin",
"roles/logging.privateLogViewer",
"roles/logging.configWriter",
"roles/container.viewer",
"roles/compute.viewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "656131167402"
}
},
{
"principal": "group:gcp-devops@fast-onboarding-0.joonix.net",
"group_id": "DEVOPS",
"role": [
"roles/resourcemanager.folderViewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "656131167402"
}
}
},
{
"principal": "group:gcp-network-admins@fast.example.com",
"group_id": "NETWORK_ADMINS",
"role": [
"roles/compute.networkAdmin",
"roles/compute.xpnAdmin",
"roles/compute.securityAdmin",
"roles/resourcemanager.folderViewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "123456789012"
}
},
{
"principal": "group:gcp-logging-admins@fast.example.com",
"group_id": "LOGGING_ADMINS",
"role": [
"roles/logging.admin"
],
"resource": {
"type": "ORGANIZATION",
"id": "123456789012"
}
},
{
"principal": "group:gcp-monitoring-admins@fast.example.com",
"group_id": "MONITORING_ADMINS",
"role": [
"roles/monitoring.admin"
],
"resource": {
"type": "ORGANIZATION",
"id": "123456789012"
}
},
{
"principal": "group:gcp-security-admins@fast.example.com",
"group_id": "SECURITY_ADMINS",
"role": [
"roles/orgpolicy.policyAdmin",
"roles/iam.securityReviewer",
"roles/iam.organizationRoleViewer",
"roles/securitycenter.admin",
"roles/resourcemanager.folderIamAdmin",
"roles/logging.privateLogViewer",
"roles/logging.configWriter",
"roles/container.viewer",
"roles/compute.viewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "123456789012"
}
},
{
"principal": "group:gcp-devops@fast.example.com",
"group_id": "DEVOPS",
"role": [
"roles/resourcemanager.folderViewer"
],
"resource": {
"type": "ORGANIZATION",
"id": "123456789012"
}
}
]
]
}
}

438
tests/fast/stages/s1_resman/checklist.yaml
View File

@ -17,108 +17,406 @@ values:
display_name: Common
parent: organizations/123456789012
timeouts: null
module.checklist-folder-1["Team 1"].google_folder.folder[0]:
module.checklist-folder-1["Department 1"].google_folder.folder[0]:
display_name: Department 1
parent: organizations/123456789012
timeouts: null
module.checklist-folder-1["Department 2"].google_folder.folder[0]:
display_name: Department 2
parent: organizations/123456789012
timeouts: null
module.checklist-folder-1["Department 3"].google_folder.folder[0]:
display_name: Department 3
parent: organizations/123456789012
timeouts: null
module.checklist-folder-2["Department 1/Team 1"].google_folder.folder[0]:
display_name: Team 1
parent: organizations/123456789012
timeouts: null
module.checklist-folder-1["Team 2"].google_folder.folder[0]:
module.checklist-folder-2["Department 1/Team 2"].google_folder.folder[0]:
display_name: Team 2
parent: organizations/123456789012
timeouts: null
module.checklist-folder-1["Team 3"].google_folder.folder[0]:
module.checklist-folder-2["Department 1/Team 3"].google_folder.folder[0]:
display_name: Team 3
parent: organizations/123456789012
timeouts: null
module.checklist-folder-2["Team 1/Development"].google_folder.folder[0]:
module.checklist-folder-2["Department 1/Team 4"].google_folder.folder[0]:
display_name: Team 4
timeouts: null
module.checklist-folder-2["Department 2/Team 1"].google_folder.folder[0]:
display_name: Team 1
timeouts: null
module.checklist-folder-2["Department 2/Team 2"].google_folder.folder[0]:
display_name: Team 2
timeouts: null
module.checklist-folder-2["Department 2/Team 3"].google_folder.folder[0]:
display_name: Team 3
timeouts: null
module.checklist-folder-2["Department 2/Team 4"].google_folder.folder[0]:
display_name: Team 4
timeouts: null
module.checklist-folder-2["Department 3/Team 1"].google_folder.folder[0]:
display_name: Team 1
timeouts: null
module.checklist-folder-2["Department 3/Team 2"].google_folder.folder[0]:
display_name: Team 2
timeouts: null
module.checklist-folder-2["Department 3/Team 3"].google_folder.folder[0]:
display_name: Team 3
timeouts: null
module.checklist-folder-2["Department 3/Team 4"].google_folder.folder[0]:
display_name: Team 4
timeouts: null
module.checklist-folder-3["Department 1/Team 1/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
module.checklist-folder-2["Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]:
condition: []
members:
- group:gcp-developers@fast.example.com
role: roles/compute.instanceAdmin.v1
module.checklist-folder-2["Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]:
condition: []
members:
- group:gcp-developers@fast.example.com
role: roles/container.admin
module.checklist-folder-2["Team 1/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-2["Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
? module.checklist-folder-3["Department 1/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast.example.com
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
module.checklist-folder-2["Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]:
condition: []
? module.checklist-folder-3["Department 1/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast.example.com
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-2["Team 1/Production"].google_folder.folder[0]:
module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 1/Team 1/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-2["Team 2/Development"].google_folder.folder[0]:
module.checklist-folder-3["Department 1/Team 2/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
module.checklist-folder-2["Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]:
condition: []
members:
- group:gcp-developers@fast.example.com
role: roles/compute.instanceAdmin.v1
module.checklist-folder-2["Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]:
condition: []
members:
- group:gcp-developers@fast.example.com
role: roles/container.admin
module.checklist-folder-2["Team 2/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-2["Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
? module.checklist-folder-3["Department 1/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast.example.com
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
module.checklist-folder-2["Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]:
condition: []
? module.checklist-folder-3["Department 1/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast.example.com
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-2["Team 2/Production"].google_folder.folder[0]:
module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 1/Team 2/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-2["Team 3/Development"].google_folder.folder[0]:
module.checklist-folder-3["Department 1/Team 3/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
module.checklist-folder-2["Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]:
condition: []
members:
- group:gcp-developers@fast.example.com
role: roles/compute.instanceAdmin.v1
module.checklist-folder-2["Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]:
condition: []
members:
- group:gcp-developers@fast.example.com
role: roles/container.admin
module.checklist-folder-2["Team 3/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-2["Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
? module.checklist-folder-3["Department 1/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast.example.com
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
module.checklist-folder-2["Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]:
condition: []
? module.checklist-folder-3["Department 1/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast.example.com
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-2["Team 3/Production"].google_folder.folder[0]:
module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 1/Team 3/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 1/Team 4/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 1/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 1/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 1/Team 4/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 2/Team 1/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 2/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 1/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 2/Team 2/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 2/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 2/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 2/Team 3/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 2/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 3/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 2/Team 4/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 2/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 2/Team 4/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 3/Team 1/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 3/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 1/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 3/Team 2/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 3/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 2/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 3/Team 3/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 3/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 3/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
module.checklist-folder-3["Department 3/Team 4/Development"].google_folder.folder[0]:
display_name: Development
timeouts: null
? module.checklist-folder-3["Department 3/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder.folder[0]:
display_name: Non-Production
timeouts: null
? module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/compute.instanceAdmin.v1
? module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]
: condition: []
members:
- group:gcp-developers@fast-onboarding-0.joonix.net
role: roles/container.admin
module.checklist-folder-3["Department 3/Team 4/Production"].google_folder.folder[0]:
display_name: Production
timeouts: null
counts:
google_folder: 18
google_folder_iam_binding: 31
google_folder: 57
google_folder_iam_binding: 67
google_organization_iam_member: 5
google_project_iam_member: 4
google_service_account: 4
@ -130,5 +428,5 @@ counts:
google_tags_tag_binding: 5
google_tags_tag_key: 3
google_tags_tag_value: 9
modules: 25
resources: 98
modules: 64
resources: 173