Merge pull request #301 from terraform-google-modules/cai-01

Fix 'scheduled-asset-inventory-export-bq' example

CHANGELOG.md

@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
 - new `apigee-organization` and `apigee-x-instance`
 - generate `email` and `iam_email` statically in the `iam-service-account` module 
 - new `billing-budget` module
+- fix `scheduled-asset-inventory-export-bq` module
 
 ## [5.1.0] - 2021-08-30
 

cloud-operations/scheduled-asset-inventory-export-bq/README.md

@@ -43,9 +43,9 @@ You can also create a dashboard connecting [Datalab](https://datastudio.google.c
 
 | name | description | type | required | default |
 |---|---|:---: |:---:|:---:|
-| billing_account | Billing account id used as default for new projects. | <code title="">string</code> | ✓ |  |
 | cai_config | Cloud Asset inventory export config. | <code title="object&#40;&#123;&#10;bq_dataset &#61; string&#10;bq_table   &#61; string&#10;&#125;&#41;">object({...})</code> | ✓ |  |
 | project_id | Project id that references existing project. | <code title="">string</code> | ✓ |  |
+| *billing_account* | Billing account id used as default for new projects. | <code title="">string</code> |  | <code title="">null</code> |
 | *bundle_path* | Path used to write the intermediate Cloud Function code bundle. | <code title="">string</code> |  | <code title="">./bundle.zip</code> |
 | *location* | Appe Engine location used in the example. | <code title="">string</code> |  | <code title="">europe-west</code> |
 | *name* | Arbitrary string used to name created resources. | <code title="">string</code> |  | <code title="">asset-inventory</code> |

cloud-operations/scheduled-asset-inventory-export-bq/main.tf

@@ -22,7 +22,7 @@ module "project" {
   source          = "../../modules/project"
   name            = var.project_id
   parent          = var.root_node
-  billing_account = var.billing_account
+  billing_account = try(var.billing_account, null)
   project_create  = var.project_create
   services = [
     "bigquery.googleapis.com",
@@ -33,6 +33,11 @@ module "project" {
     "cloudscheduler.googleapis.com",
     "pubsub.googleapis.com"
   ]
+  iam = {
+    "roles/resourcemanager.projectIamAdmin" = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
+    "roles/bigquery.dataEditor"             = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
+    "roles/bigquery.user"                   = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
+  }
 }
 
 module "service-account" {
@@ -40,7 +45,9 @@ module "service-account" {
   project_id = module.project.project_id
   name       = "${var.name}-cf"
   iam_project_roles = {
-    (var.project_id) = ["roles/cloudasset.viewer"]
+    (var.project_id) = [
+      "roles/cloudasset.owner",
+    ]
   }
 }
 

cloud-operations/scheduled-asset-inventory-export-bq/variables.tf

@@ -17,6 +17,7 @@
 variable "billing_account" {
   description = "Billing account id used as default for new projects."
   type        = string
+  default     = null
 }
 
 variable "bundle_path" {

tests/cloud_operations/scheduled_asset_inventory_export_bq/test_plan.py

@@ -24,4 +24,4 @@ def test_resources(e2e_plan_runner):
   "Test that plan works and the numbers of resources is as expected."
   modules, resources = e2e_plan_runner(FIXTURES_DIR)
   assert len(modules) == 5
-  assert len(resources) == 20
+  assert len(resources) == 23