History

Ludovico Magnocavallo 71a64487d5 Extend FAST to support different principal types (#2064 ) * add doc draft * typos * typo * typo * typos * rewording * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * move iam variables to a separate file * move billing-account module to iam_principals * move data-catalog-policy-tag module to iam_principals * move dataplex-datascan module to iam_principals * move dataproc module to iam_principals * move folder module to iam_principals * copyright * move organization module to iam_principals * move project module to iam_principals * move source-repository module to iam_principals * update blueprints for iam_principals interface * FAST bootstrap * module READMEs fixes * FAST bootstrap * FAST networking stages * FAST security stage * FAST gke stage * FAST multitenant bootstrap stage * FAST multitenant resman stage * tfdoc * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Update 0-domainless-iam.md * fix module test * Update 0-domainless-iam.md * Update 0-domainless-iam.md * Rename iam_principals to iam_by_principals * Update IAM template to include iam_by_principals * Update Resman README * Fix ADR link format --------- Co-authored-by: Julio Castillo <jccb@google.com>		2024-02-12 14:35:30 +01:00
..
README.md	Extend FAST to support different principal types (#2064 )	2024-02-12 14:35:30 +01:00
iam.tf	Extend FAST to support different principal types (#2064 )	2024-02-12 14:35:30 +01:00
main.tf	CI/CD support for Source Repository and Cloud Build (#669 )	2022-06-08 11:34:08 +02:00
outputs.tf	Ensure all modules have an `id` output (#1410 )	2023-06-02 16:07:22 +02:00
variables-iam.tf	Extend FAST to support different principal types (#2064 )	2024-02-12 14:35:30 +01:00
variables.tf	Extend FAST to support different principal types (#2064 )	2024-02-12 14:35:30 +01:00
versions.tf	Bum terraform to version 1.7.0	2024-02-07 17:25:11 +01:00

README.md

Google Cloud Source Repository Module

This module allows managing a single Cloud Source Repository, including IAM bindings and basic Cloud Build triggers.

Examples
- Repository with IAM
- Repository with Cloud Build trigger
Files
Variables
Outputs

Examples

Repository with IAM

module "repo" {
  source     = "./fabric/modules/source-repository"
  project_id = "my-project"
  name       = "my-repo"
  iam = {
    "roles/source.reader" = ["user:foo@example.com"]
  }
  iam_bindings_additive = {
    am1-reader = {
      member = "user:am1@example.com"
      role   = "roles/source.reader"
    }
  }
}
# tftest modules=1 resources=3 inventory=simple.yaml

Repository with Cloud Build trigger

module "repo" {
  source     = "./fabric/modules/source-repository"
  project_id = "my-project"
  name       = "my-repo"
  triggers = {
    foo = {
      filename        = "ci/workflow-foo.yaml"
      included_files  = ["**/*tf"]
      service_account = null
      substitutions = {
        BAR = 1
      }
      template = {
        branch_name = "main"
        project_id  = null
        tag_name    = null
      }
    }
  }
}
# tftest modules=1 resources=2 inventory=trigger.yaml

Files

name	description	resources
iam.tf	IAM bindings.	`google_sourcerepo_repository_iam_binding` · `google_sourcerepo_repository_iam_member`
main.tf	Module-level locals and resources.	`google_cloudbuild_trigger` · `google_sourcerepo_repository`
outputs.tf	Module outputs.
variables-iam.tf	None
variables.tf	Module variables.
versions.tf	Version pins.

Variables

name	description	type	required	default
name	Repository name.	`string`	✓
project_id	Project used for resources.	`string`	✓
iam	IAM bindings in {ROLE => [MEMBERS]} format.	`map(list(string))`		`{}`
iam_bindings	Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary.	`map(object({…}))`		`{}`
iam_bindings_additive	Individual additive IAM bindings. Keys are arbitrary.	`map(object({…}))`		`{}`
iam_by_principals	Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable.	`map(list(string))`		`{}`
triggers	Cloud Build triggers.	`map(object({…}))`		`{}`

Outputs

name	description	sensitive
id	Fully qualified repository id.
name	Repository name.
url	Repository URL.