From c3a6ebee207cc3f6dc2a1fe14ed4b9d888b21d78 Mon Sep 17 00:00:00 2001 From: Lorenzo Caggioni Date: Wed, 16 Feb 2022 06:55:45 +0100 Subject: [PATCH] Fix roles --- fast/stages/00-bootstrap/automation.tf | 1 + fast/stages/02-networking-vpn/outputs.tf | 2 +- fast/stages/02-networking-vpn/spoke-dev.tf | 3 +++ fast/stages/02-networking-vpn/spoke-prod.tf | 3 +++ fast/stages/03-data-platform/dev/README.md | 1 + 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/fast/stages/00-bootstrap/automation.tf b/fast/stages/00-bootstrap/automation.tf index 0c6951ee..d5bf3a4a 100644 --- a/fast/stages/00-bootstrap/automation.tf +++ b/fast/stages/00-bootstrap/automation.tf @@ -53,6 +53,7 @@ module "automation-project" { "cloudbilling.googleapis.com", "cloudkms.googleapis.com", "cloudresourcemanager.googleapis.com", + "container.googleapis.com", "compute.googleapis.com", "essentialcontacts.googleapis.com", "iam.googleapis.com", diff --git a/fast/stages/02-networking-vpn/outputs.tf b/fast/stages/02-networking-vpn/outputs.tf index be14f3b6..4a259149 100644 --- a/fast/stages/02-networking-vpn/outputs.tf +++ b/fast/stages/02-networking-vpn/outputs.tf @@ -30,7 +30,7 @@ locals { "03-data-platform-dev" = jsonencode({ network_config = { host_project = module.dev-spoke-project.project_id - network_self_link = module.prod-spoke-vpc.self_link + network_self_link = module.dev-spoke-vpc.self_link subnet_self_links = { load = module.dev-spoke-vpc.subnets["europe-west1/dev-dp-lod-ew1"].self_link orchestration = module.dev-spoke-vpc.subnets["europe-west1/dev-dp-orc-ew1"].self_link diff --git a/fast/stages/02-networking-vpn/spoke-dev.tf b/fast/stages/02-networking-vpn/spoke-dev.tf index 4a3f0f25..4b0aa469 100644 --- a/fast/stages/02-networking-vpn/spoke-dev.tf +++ b/fast/stages/02-networking-vpn/spoke-dev.tf @@ -27,6 +27,7 @@ module "dev-spoke-project" { disable_dependent_services = false } services = [ + "container.googleapis.com", "compute.googleapis.com", "dns.googleapis.com", "iap.googleapis.com", @@ -41,6 +42,7 @@ module "dev-spoke-project" { iam = { "roles/dns.admin" = [var.project_factory_sa.dev] (var.custom_roles.service_project_network_admin) = [ + var.data_platform_sa.dev, var.project_factory_sa.prod ] } @@ -112,6 +114,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" { project = module.dev-spoke-project.project_id role = "roles/resourcemanager.projectIamAdmin" members = [ + var.data_platform_sa.dev, var.project_factory_sa.dev ] condition { diff --git a/fast/stages/02-networking-vpn/spoke-prod.tf b/fast/stages/02-networking-vpn/spoke-prod.tf index 3be90c2e..e3832709 100644 --- a/fast/stages/02-networking-vpn/spoke-prod.tf +++ b/fast/stages/02-networking-vpn/spoke-prod.tf @@ -27,6 +27,7 @@ module "prod-spoke-project" { disable_dependent_services = false } services = [ + "container.googleapis.com", "compute.googleapis.com", "dns.googleapis.com", "iap.googleapis.com", @@ -41,6 +42,7 @@ module "prod-spoke-project" { iam = { "roles/dns.admin" = [var.project_factory_sa.prod] (var.custom_roles.service_project_network_admin) = [ + var.data_platform_sa.prod, var.project_factory_sa.prod ] } @@ -112,6 +114,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" { project = module.prod-spoke-project.project_id role = "roles/resourcemanager.projectIamAdmin" members = [ + var.data_platform_sa.prod, var.project_factory_sa.prod ] condition { diff --git a/fast/stages/03-data-platform/dev/README.md b/fast/stages/03-data-platform/dev/README.md index d5d93a81..a540406f 100644 --- a/fast/stages/03-data-platform/dev/README.md +++ b/fast/stages/03-data-platform/dev/README.md @@ -110,6 +110,7 @@ terraform apply |---|---|---|---| | [main.tf](./main.tf) | Data Platformy. | data-platform-foundations | | | [outputs.tf](./outputs.tf) | Output variables. | | local_file | +| [providers.tf](./providers.tf) | Provider configurations. | | | | [variables.tf](./variables.tf) | Terraform Variables. | | | ## Variables