Fix roles
This commit is contained in:
parent
51026e6d0f
commit
c3a6ebee20
|
@ -53,6 +53,7 @@ module "automation-project" {
|
||||||
"cloudbilling.googleapis.com",
|
"cloudbilling.googleapis.com",
|
||||||
"cloudkms.googleapis.com",
|
"cloudkms.googleapis.com",
|
||||||
"cloudresourcemanager.googleapis.com",
|
"cloudresourcemanager.googleapis.com",
|
||||||
|
"container.googleapis.com",
|
||||||
"compute.googleapis.com",
|
"compute.googleapis.com",
|
||||||
"essentialcontacts.googleapis.com",
|
"essentialcontacts.googleapis.com",
|
||||||
"iam.googleapis.com",
|
"iam.googleapis.com",
|
||||||
|
|
|
@ -30,7 +30,7 @@ locals {
|
||||||
"03-data-platform-dev" = jsonencode({
|
"03-data-platform-dev" = jsonencode({
|
||||||
network_config = {
|
network_config = {
|
||||||
host_project = module.dev-spoke-project.project_id
|
host_project = module.dev-spoke-project.project_id
|
||||||
network_self_link = module.prod-spoke-vpc.self_link
|
network_self_link = module.dev-spoke-vpc.self_link
|
||||||
subnet_self_links = {
|
subnet_self_links = {
|
||||||
load = module.dev-spoke-vpc.subnets["europe-west1/dev-dp-lod-ew1"].self_link
|
load = module.dev-spoke-vpc.subnets["europe-west1/dev-dp-lod-ew1"].self_link
|
||||||
orchestration = module.dev-spoke-vpc.subnets["europe-west1/dev-dp-orc-ew1"].self_link
|
orchestration = module.dev-spoke-vpc.subnets["europe-west1/dev-dp-orc-ew1"].self_link
|
||||||
|
|
|
@ -27,6 +27,7 @@ module "dev-spoke-project" {
|
||||||
disable_dependent_services = false
|
disable_dependent_services = false
|
||||||
}
|
}
|
||||||
services = [
|
services = [
|
||||||
|
"container.googleapis.com",
|
||||||
"compute.googleapis.com",
|
"compute.googleapis.com",
|
||||||
"dns.googleapis.com",
|
"dns.googleapis.com",
|
||||||
"iap.googleapis.com",
|
"iap.googleapis.com",
|
||||||
|
@ -41,6 +42,7 @@ module "dev-spoke-project" {
|
||||||
iam = {
|
iam = {
|
||||||
"roles/dns.admin" = [var.project_factory_sa.dev]
|
"roles/dns.admin" = [var.project_factory_sa.dev]
|
||||||
(var.custom_roles.service_project_network_admin) = [
|
(var.custom_roles.service_project_network_admin) = [
|
||||||
|
var.data_platform_sa.dev,
|
||||||
var.project_factory_sa.prod
|
var.project_factory_sa.prod
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -112,6 +114,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" {
|
||||||
project = module.dev-spoke-project.project_id
|
project = module.dev-spoke-project.project_id
|
||||||
role = "roles/resourcemanager.projectIamAdmin"
|
role = "roles/resourcemanager.projectIamAdmin"
|
||||||
members = [
|
members = [
|
||||||
|
var.data_platform_sa.dev,
|
||||||
var.project_factory_sa.dev
|
var.project_factory_sa.dev
|
||||||
]
|
]
|
||||||
condition {
|
condition {
|
||||||
|
|
|
@ -27,6 +27,7 @@ module "prod-spoke-project" {
|
||||||
disable_dependent_services = false
|
disable_dependent_services = false
|
||||||
}
|
}
|
||||||
services = [
|
services = [
|
||||||
|
"container.googleapis.com",
|
||||||
"compute.googleapis.com",
|
"compute.googleapis.com",
|
||||||
"dns.googleapis.com",
|
"dns.googleapis.com",
|
||||||
"iap.googleapis.com",
|
"iap.googleapis.com",
|
||||||
|
@ -41,6 +42,7 @@ module "prod-spoke-project" {
|
||||||
iam = {
|
iam = {
|
||||||
"roles/dns.admin" = [var.project_factory_sa.prod]
|
"roles/dns.admin" = [var.project_factory_sa.prod]
|
||||||
(var.custom_roles.service_project_network_admin) = [
|
(var.custom_roles.service_project_network_admin) = [
|
||||||
|
var.data_platform_sa.prod,
|
||||||
var.project_factory_sa.prod
|
var.project_factory_sa.prod
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -112,6 +114,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" {
|
||||||
project = module.prod-spoke-project.project_id
|
project = module.prod-spoke-project.project_id
|
||||||
role = "roles/resourcemanager.projectIamAdmin"
|
role = "roles/resourcemanager.projectIamAdmin"
|
||||||
members = [
|
members = [
|
||||||
|
var.data_platform_sa.prod,
|
||||||
var.project_factory_sa.prod
|
var.project_factory_sa.prod
|
||||||
]
|
]
|
||||||
condition {
|
condition {
|
||||||
|
|
|
@ -110,6 +110,7 @@ terraform apply
|
||||||
|---|---|---|---|
|
|---|---|---|---|
|
||||||
| [main.tf](./main.tf) | Data Platformy. | <code>data-platform-foundations</code> | |
|
| [main.tf](./main.tf) | Data Platformy. | <code>data-platform-foundations</code> | |
|
||||||
| [outputs.tf](./outputs.tf) | Output variables. | | <code>local_file</code> |
|
| [outputs.tf](./outputs.tf) | Output variables. | | <code>local_file</code> |
|
||||||
|
| [providers.tf](./providers.tf) | Provider configurations. | | |
|
||||||
| [variables.tf](./variables.tf) | Terraform Variables. | | |
|
| [variables.tf](./variables.tf) | Terraform Variables. | | |
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
Loading…
Reference in New Issue