From bd1461ed615ff681cfaf30dc39f504d8e7230e44 Mon Sep 17 00:00:00 2001 From: Lorenzo Caggioni Date: Sat, 12 Feb 2022 15:52:32 +0100 Subject: [PATCH] Fix roles and tests. --- .../03-orchestration.tf | 2 -- .../data-platform-foundations/README.md | 18 +++++++++--------- .../terraform.tfvars.sample | 12 ++++-------- .../data-platform-foundations/variables.tf | 3 ++- .../data_platform_foundations/test_plan.py | 2 +- 5 files changed, 16 insertions(+), 21 deletions(-) diff --git a/examples/data-solutions/data-platform-foundations/03-orchestration.tf b/examples/data-solutions/data-platform-foundations/03-orchestration.tf index 833763e8..d8b9254e 100644 --- a/examples/data-solutions/data-platform-foundations/03-orchestration.tf +++ b/examples/data-solutions/data-platform-foundations/03-orchestration.tf @@ -42,10 +42,8 @@ module "orch-project" { "roles/composer.environmentAndStorageObjectAdmin", "roles/iap.httpsResourceAccessor", "roles/iam.serviceAccountUser", - "roles/compute.networkUser", "roles/storage.objectAdmin", "roles/storage.admin", - "roles/compute.networkUser" ] } iam = { diff --git a/examples/data-solutions/data-platform-foundations/README.md b/examples/data-solutions/data-platform-foundations/README.md index a14d5e26..733627de 100644 --- a/examples/data-solutions/data-platform-foundations/README.md +++ b/examples/data-solutions/data-platform-foundations/README.md @@ -163,21 +163,21 @@ To deploy this example on your GCP organization, you will need The DP is meant to be executed by a Service Account (or a regular user) having this minimal set of permission: -- **Org level**: - - `"compute.organizations.enableXpnResource"` - - `"compute.organizations.disableXpnResource"` - - `"compute.subnetworks.setIamPolicy"` +- **Billing account** + - `"roles/billing.user"` +- **Org level** (If Shared-VPC in use): + - `"roles/orgpolicy.policyAdmin"` - **Folder level**: + - `"roles/compute.xpnAdmin" (If Shared-VPC in use) - `"roles/logging.admin"` - `"roles/owner"` - `"roles/resourcemanager.folderAdmin"` - `"roles/resourcemanager.projectCreator"` -- **Cloud Key Management Keys** (if Cloud Key Management keys are configured): +- **Cloud Key Management Keys** (If CMEK encryption in use): - `"roles/cloudkms.admin"` or Permissions: `cloudkms.cryptoKeys.getIamPolicy`, `cloudkms.cryptoKeys.list`, `cloudkms.cryptoKeys.setIamPolicy` -- **On the host project** for the Shared VPC/s - - `"roles/browser"` - - `"roles/compute.viewer"` - - `"roles/dns.admin"` +- **Shared-VPC host project** (If Shared-VPC in use): + - `"roles/compute.xpnAdmin"` + - `"roles/resourcemanager.projectIamAdmin"` ## Variable configuration diff --git a/examples/data-solutions/data-platform-foundations/terraform.tfvars.sample b/examples/data-solutions/data-platform-foundations/terraform.tfvars.sample index 2d43e583..e530499f 100644 --- a/examples/data-solutions/data-platform-foundations/terraform.tfvars.sample +++ b/examples/data-solutions/data-platform-foundations/terraform.tfvars.sample @@ -1,8 +1,4 @@ -prefix = "prefix" -project_create = { - parent = "folders/123456789012" - billing_account_id = "111111-222222-333333" -} -organization = { - domain = "example.com" -} +prefix = "prefix" +folder_id = "folders/123456789012" +billing_account_id = "111111-222222-333333" +organization_domain = "example.com" diff --git a/examples/data-solutions/data-platform-foundations/variables.tf b/examples/data-solutions/data-platform-foundations/variables.tf index e947fce1..f403243a 100644 --- a/examples/data-solutions/data-platform-foundations/variables.tf +++ b/examples/data-solutions/data-platform-foundations/variables.tf @@ -20,6 +20,7 @@ variable "billing_account_id" { } variable "composer_config" { + description = "Cloud Composer config." type = object({ node_count = number airflow_version = string @@ -50,7 +51,7 @@ variable "location" { } variable "groups" { - description = "Groups." + description = "User groups." type = map(string) default = { data-analysts = "gcp-data-analysts" diff --git a/tests/examples/data_solutions/data_platform_foundations/test_plan.py b/tests/examples/data_solutions/data_platform_foundations/test_plan.py index 8f5bf595..b000b126 100644 --- a/tests/examples/data_solutions/data_platform_foundations/test_plan.py +++ b/tests/examples/data_solutions/data_platform_foundations/test_plan.py @@ -24,4 +24,4 @@ def test_resources(e2e_plan_runner): "Test that plan works and the numbers of resources is as expected." modules, resources = e2e_plan_runner(FIXTURES_DIR) assert len(modules) == 40 - assert len(resources) == 283 + assert len(resources) == 282