Fix roles and tests.
This commit is contained in:
parent
60a0009726
commit
bd1461ed61
|
@ -42,10 +42,8 @@ module "orch-project" {
|
|||
"roles/composer.environmentAndStorageObjectAdmin",
|
||||
"roles/iap.httpsResourceAccessor",
|
||||
"roles/iam.serviceAccountUser",
|
||||
"roles/compute.networkUser",
|
||||
"roles/storage.objectAdmin",
|
||||
"roles/storage.admin",
|
||||
"roles/compute.networkUser"
|
||||
]
|
||||
}
|
||||
iam = {
|
||||
|
|
|
@ -163,21 +163,21 @@ To deploy this example on your GCP organization, you will need
|
|||
|
||||
The DP is meant to be executed by a Service Account (or a regular user) having this minimal set of permission:
|
||||
|
||||
- **Org level**:
|
||||
- `"compute.organizations.enableXpnResource"`
|
||||
- `"compute.organizations.disableXpnResource"`
|
||||
- `"compute.subnetworks.setIamPolicy"`
|
||||
- **Billing account**
|
||||
- `"roles/billing.user"`
|
||||
- **Org level** (If Shared-VPC in use):
|
||||
- `"roles/orgpolicy.policyAdmin"`
|
||||
- **Folder level**:
|
||||
- `"roles/compute.xpnAdmin" (If Shared-VPC in use)
|
||||
- `"roles/logging.admin"`
|
||||
- `"roles/owner"`
|
||||
- `"roles/resourcemanager.folderAdmin"`
|
||||
- `"roles/resourcemanager.projectCreator"`
|
||||
- **Cloud Key Management Keys** (if Cloud Key Management keys are configured):
|
||||
- **Cloud Key Management Keys** (If CMEK encryption in use):
|
||||
- `"roles/cloudkms.admin"` or Permissions: `cloudkms.cryptoKeys.getIamPolicy`, `cloudkms.cryptoKeys.list`, `cloudkms.cryptoKeys.setIamPolicy`
|
||||
- **On the host project** for the Shared VPC/s
|
||||
- `"roles/browser"`
|
||||
- `"roles/compute.viewer"`
|
||||
- `"roles/dns.admin"`
|
||||
- **Shared-VPC host project** (If Shared-VPC in use):
|
||||
- `"roles/compute.xpnAdmin"`
|
||||
- `"roles/resourcemanager.projectIamAdmin"`
|
||||
|
||||
## Variable configuration
|
||||
|
||||
|
|
|
@ -1,8 +1,4 @@
|
|||
prefix = "prefix"
|
||||
project_create = {
|
||||
parent = "folders/123456789012"
|
||||
billing_account_id = "111111-222222-333333"
|
||||
}
|
||||
organization = {
|
||||
domain = "example.com"
|
||||
}
|
||||
prefix = "prefix"
|
||||
folder_id = "folders/123456789012"
|
||||
billing_account_id = "111111-222222-333333"
|
||||
organization_domain = "example.com"
|
||||
|
|
|
@ -20,6 +20,7 @@ variable "billing_account_id" {
|
|||
}
|
||||
|
||||
variable "composer_config" {
|
||||
description = "Cloud Composer config."
|
||||
type = object({
|
||||
node_count = number
|
||||
airflow_version = string
|
||||
|
@ -50,7 +51,7 @@ variable "location" {
|
|||
}
|
||||
|
||||
variable "groups" {
|
||||
description = "Groups."
|
||||
description = "User groups."
|
||||
type = map(string)
|
||||
default = {
|
||||
data-analysts = "gcp-data-analysts"
|
||||
|
|
|
@ -24,4 +24,4 @@ def test_resources(e2e_plan_runner):
|
|||
"Test that plan works and the numbers of resources is as expected."
|
||||
modules, resources = e2e_plan_runner(FIXTURES_DIR)
|
||||
assert len(modules) == 40
|
||||
assert len(resources) == 283
|
||||
assert len(resources) == 282
|
||||
|
|
Loading…
Reference in New Issue