Fix permissions and update NVA and peering net stages for gke
This commit is contained in:
Julio Castillo
parent
259afec97d
commit
f9b808b4bc
|
|
@ -51,7 +51,7 @@ module "branch-gke-multitenant-prod-folder" {
|
|||
|
||||
module "branch-gke-multitenant-prod-sa" {
|
||||
source = "../../../modules/iam-service-account"
|
||||
project_id = var.automation_project_id
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-gke-0"
|
||||
description = "Terraform gke multitenant prod service account."
|
||||
prefix = var.prefix
|
||||
|
|
@ -63,7 +63,7 @@ module "branch-gke-multitenant-prod-sa" {
|
|||
|
||||
module "branch-gke-multitenant-prod-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation_project_id
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-gke-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
|
|
@ -92,7 +92,7 @@ module "branch-gke-multitenant-dev-folder" {
|
|||
|
||||
module "branch-gke-multitenant-dev-sa" {
|
||||
source = "../../../modules/iam-service-account"
|
||||
project_id = var.automation_project_id
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-gke-0"
|
||||
description = "Terraform gke multitenant dev service account."
|
||||
prefix = var.prefix
|
||||
|
|
@ -104,7 +104,7 @@ module "branch-gke-multitenant-dev-sa" {
|
|||
|
||||
module "branch-gke-multitenant-dev-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation_project_id
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-gke-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
|
|
|
|||
|
|
@ -126,6 +126,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" {
|
|||
members = [
|
||||
local.service_accounts.data-platform-dev,
|
||||
local.service_accounts.project-factory-dev,
|
||||
local.service_accounts.gke-multitenant-dev,
|
||||
]
|
||||
condition {
|
||||
title = "dev_stage3_sa_delegated_grants"
|
||||
|
|
|
|||
|
|
@ -126,6 +126,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" {
|
|||
members = [
|
||||
local.service_accounts.data-platform-prod,
|
||||
local.service_accounts.project-factory-prod,
|
||||
local.service_accounts.gke-multitenant-prod,
|
||||
]
|
||||
condition {
|
||||
title = "prod_stage3_sa_delegated_grants"
|
||||
|
|
|
|||
|
|
@ -209,6 +209,8 @@ variable "service_accounts" {
|
|||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-multitenant-dev = string
|
||||
gke-multitenant-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
|
|
|
|||
|
|
@ -103,6 +103,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" {
|
|||
members = [
|
||||
local.service_accounts.data-platform-dev,
|
||||
local.service_accounts.project-factory-dev,
|
||||
local.service_accounts.gke-multitenant-dev,
|
||||
]
|
||||
condition {
|
||||
title = "dev_stage3_sa_delegated_grants"
|
||||
|
|
|
|||
|
|
@ -103,6 +103,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" {
|
|||
members = [
|
||||
local.service_accounts.data-platform-prod,
|
||||
local.service_accounts.project-factory-prod,
|
||||
local.service_accounts.gke-multitenant-prod,
|
||||
]
|
||||
condition {
|
||||
title = "prod_stage3_sa_delegated_grants"
|
||||
|
|
|
|||
|
|
@ -187,6 +187,8 @@ variable "service_accounts" {
|
|||
type = object({
|
||||
data-platform-dev = string
|
||||
data-platform-prod = string
|
||||
gke-multitenant-dev = string
|
||||
gke-multitenant-prod = string
|
||||
project-factory-dev = string
|
||||
project-factory-prod = string
|
||||
})
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ module "gke-cluster" {
|
|||
config_connector_config = true
|
||||
kalm_config = false
|
||||
gcp_filestore_csi_driver_config = false
|
||||
gke_backup_agent_config = false
|
||||
# enable only if enable_dataplane_v2 is changed to false below
|
||||
network_policy_config = false
|
||||
istio_config = {
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@ module "stage" {
|
|||
service_accounts = {
|
||||
data-platform-dev = "string"
|
||||
data-platform-prod = "string"
|
||||
gke-multitenant-dev = "string"
|
||||
gke-multitenant-prod = "string"
|
||||
project-factory-dev = "string"
|
||||
project-factory-prod = "string"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@ module "stage" {
|
|||
service_accounts = {
|
||||
data-platform-dev = "string"
|
||||
data-platform-prod = "string"
|
||||
gke-multitenant-dev = "string"
|
||||
gke-multitenant-prod = "string"
|
||||
project-factory-dev = "string"
|
||||
project-factory-prod = "string"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,11 +23,11 @@ def resources(plan_runner):
|
|||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 8
|
||||
assert len(resources) == 6
|
||||
assert sorted(r['address'] for r in resources) == [
|
||||
'module.hub.google_gke_hub_feature.configmanagement["1"]',
|
||||
'module.hub.google_gke_hub_feature.mci["mycluster1"]',
|
||||
'module.hub.google_gke_hub_feature.mci["mycluster2"]',
|
||||
# 'module.hub.google_gke_hub_feature.mci["mycluster1"]',
|
||||
# 'module.hub.google_gke_hub_feature.mci["mycluster2"]',
|
||||
'module.hub.google_gke_hub_feature.mcs["1"]',
|
||||
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster1"]',
|
||||
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster2"]',
|
||||
|
|
|
|||
Loading…
Reference in New Issue