zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix variables

This commit is contained in:
Lorenzo Caggioni 2022-01-14 09:32:15 +01:00
parent 910013f988
commit 52b0e43112
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
data-solutions/gcs-to-bq-with-least-privileges/main.tf
View File

@ -33,6 +33,7 @@ module "project-service" {
name = var.project_name
parent = var.root_node
billing_account = var.billing_account
project_create = var.project_create
services = [
"compute.googleapis.com",
"servicenetworking.googleapis.com",
@ -83,6 +84,12 @@ module "project-service" {
"roles/iam.serviceAccountUser" = [
module.service-account-orch.iam_email,
]
"roles/iam.serviceAccountTokenCreator" = concat(
local.data_eng_users_iam,
)
"roles/viewer" = concat(
local.data_eng_users_iam,
)
#Dataflow roles
"roles/dataflow.admin" = [
module.service-account-orch.iam_email,
@ -90,11 +97,9 @@ module "project-service" {
}
group_iam = {
"roles/iam.serviceAccountTokenCreator" = concat(
local.data_eng_users_iam,
local.data_eng_groups_iam
)
"roles/viewer" = concat(
local.data_eng_users_iam,
local.data_eng_groups_iam
)
}

10
data-solutions/gcs-to-bq-with-least-privileges/variables.tf
View File

@ -19,13 +19,13 @@ variable "billing_account" {
}
variable "data_eng_groups" {
description = "Groups with Service Account Tocken creator role on service accounts in the form 'USER/GROUP_EMAIL'."
description = "Groups with Service Account Tocken creator role on service accounts in the form 'GROUP_EMAIL@DOMAIN.COM'."
type = list(string)
default = []
}
variable "data_eng_users" {
description = "Users with Service Account Tocken creator role on service accounts in the form 'USER/GROUP_EMAIL'."
description = "Users with Service Account Tocken creator role on service accounts in the form 'USER_EMAIL@DOMAIN.COM'. User level role is intended for the porpuse of the test, prefer group role based on real life use cases."
type = list(string)
default = []
}
@ -36,6 +36,12 @@ variable "location" {
default = "europe"
}
variable "project_create" {
description = "Set to true to create projects, will use existing ones by default."
type = bool
default = false
}
variable "project_name" {
description = "Name for the new Service Project."
type = string