kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Project factory additions, project module reuse implementation (#2899)

Browse Source 
* add support for buckets

* add project-level interpolation for own SAs

* docs

* project reuse changes

* fix example

* tfdoc

* update check documentation tool

* fast tests

* blueprints

* typo
This commit is contained in:
Ludovico Magnocavallo
2025-02-15 20:37:45 +01:00
committed by GitHub
parent 87383a1569
commit 1a4b298cc9
79 changed files with 628 additions and 379 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
tests/modules/project/examples/data.yaml
View File

@@ -26,11 +26,16 @@ values:
auto_create_network: false
billing_account: 123456-123456-123456
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
folder_id: '1122334455'
labels: null
name: test-project
org_id: null
project_id: test-project
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.dataset.google_bigquery_dataset.default:
dataset_id: bq_sink
@@ -39,6 +44,8 @@ values:
default_table_expiration_ms: null
delete_contents_on_destroy: true
description: Terraform managed.
effective_labels:
goog-terraform-provisioned: 'true'
external_dataset_reference: []
friendly_name: null
labels: null
@@ -46,15 +53,20 @@ values:
max_time_travel_hours: '168'
project: project-id
resource_tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.gcs.google_storage_bucket.bucket[0]:
autoclass: []
cors: []
custom_placement_config: []
default_event_based_hold: null
effective_labels:
goog-terraform-provisioned: 'true'
enable_object_retention: null
encryption: []
force_destroy: true
hierarchical_namespace: []
labels: null
lifecycle_rule: []
location: EU
@@ -64,6 +76,8 @@ values:
requester_pays: null
retention_policy: []
storage_class: STANDARD
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
uniform_bucket_level_access: true
module.host-project.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
@@ -73,18 +87,27 @@ values:
auto_create_network: false
billing_account: 123456-123456-123456
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
folder_id: '1122334455'
labels: null
name: test-host
org_id: null
project_id: test-host
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.kms.google_kms_crypto_key.default["key-global"]:
effective_labels:
goog-terraform-provisioned: 'true'
labels: null
name: key-global
purpose: ENCRYPT_DECRYPT
rotation_period: null
skip_initial_version_creation: false
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.kms.google_kms_key_ring.default[0]:
location: global
@@ -95,11 +118,9 @@ values:
condition: []
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
module.project.data.google_bigquery_default_service_account.bq_sa[0]:
project: test-project
module.project.data.google_project.project[0]:
project_id: test-project
project: test-test-project
module.project.data.google_storage_project_service_account.gcs_sa[0]:
project: test-project
project: test-test-project
user_project: null
module.project.google_bigquery_dataset_iam_member.bq-sinks-binding["info"]:
condition: []
@@ -107,7 +128,7 @@ values:
module.project.google_compute_shared_vpc_service_project.shared_vpc_service[0]:
deletion_policy: null
host_project: test-host
service_project: test-project
service_project: test-test-project
timeouts: null
module.project.google_kms_crypto_key_iam_member.service_agent_cmek["key-0.compute-system"]:
condition: []
@@ -120,7 +141,7 @@ values:
disabled: null
filter: resource.type=gce_instance
name: no-gce-instances
project: test-project
project: test-test-project
module.project.google_logging_project_sink.sink["debug"]:
custom_writer_identity: null
description: debug (Terraform-managed).
@@ -132,7 +153,7 @@ values:
name: no-compute
filter: severity=DEBUG
name: debug
project: test-project
project: test-test-project
unique_writer_identity: true
module.project.google_logging_project_sink.sink["info"]:
bigquery_options:
@@ -143,7 +164,7 @@ values:
exclusions: []
filter: severity=INFO
name: info
project: test-project
project: test-test-project
unique_writer_identity: true
module.project.google_logging_project_sink.sink["notice"]:
custom_writer_identity: null
@@ -153,7 +174,7 @@ values:
exclusions: []
filter: severity=NOTICE
name: notice
project: test-project
project: test-test-project
unique_writer_identity: true
module.project.google_logging_project_sink.sink["warnings"]:
custom_writer_identity: null
@@ -163,12 +184,12 @@ values:
exclusions: []
filter: severity=WARNING
name: warnings
project: test-project
project: test-test-project
unique_writer_identity: true
module.project.google_org_policy_policy.default["compute.disableGuestAttributesAccess"]:
dry_run_spec: []
name: projects/test-project/policies/compute.disableGuestAttributesAccess
parent: projects/test-project
name: projects/test-test-project/policies/compute.disableGuestAttributesAccess
parent: projects/test-test-project
spec:
- inherit_from_parent: null
reset: null
@@ -177,12 +198,13 @@ values:
condition: []
deny_all: null
enforce: 'TRUE'
parameters: null
values: []
timeouts: null
module.project.google_org_policy_policy.default["compute.skipDefaultNetworkCreation"]:
dry_run_spec: []
name: projects/test-project/policies/compute.skipDefaultNetworkCreation
parent: projects/test-project
name: projects/test-test-project/policies/compute.skipDefaultNetworkCreation
parent: projects/test-test-project
spec:
- inherit_from_parent: null
reset: null
@@ -191,12 +213,13 @@ values:
condition: []
deny_all: null
enforce: 'TRUE'
parameters: null
values: []
timeouts: null
module.project.google_org_policy_policy.default["compute.trustedImageProjects"]:
dry_run_spec: []
name: projects/test-project/policies/compute.trustedImageProjects
parent: projects/test-project
name: projects/test-test-project/policies/compute.trustedImageProjects
parent: projects/test-test-project
spec:
- inherit_from_parent: null
reset: null
@@ -205,6 +228,7 @@ values:
condition: []
deny_all: null
enforce: null
parameters: null
values:
- allowed_values:
- projects/my-project
@@ -212,8 +236,8 @@ values:
timeouts: null
module.project.google_org_policy_policy.default["compute.vmExternalIpAccess"]:
dry_run_spec: []
name: projects/test-project/policies/compute.vmExternalIpAccess
parent: projects/test-project
name: projects/test-test-project/policies/compute.vmExternalIpAccess
parent: projects/test-test-project
spec:
- inherit_from_parent: null
reset: null
@@ -222,12 +246,13 @@ values:
condition: []
deny_all: 'TRUE'
enforce: null
parameters: null
values: []
timeouts: null
module.project.google_org_policy_policy.default["iam.allowedPolicyMemberDomains"]:
dry_run_spec: []
name: projects/test-project/policies/iam.allowedPolicyMemberDomains
parent: projects/test-project
name: projects/test-test-project/policies/iam.allowedPolicyMemberDomains
parent: projects/test-test-project
spec:
- inherit_from_parent: null
reset: null
@@ -236,6 +261,7 @@ values:
condition: []
deny_all: null
enforce: null
parameters: null
values:
- allowed_values:
- C0xxxxxxx
@@ -244,8 +270,8 @@ values:
timeouts: null
module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
dry_run_spec: []
name: projects/test-project/policies/iam.disableServiceAccountKeyCreation
parent: projects/test-project
name: projects/test-test-project/policies/iam.disableServiceAccountKeyCreation
parent: projects/test-test-project
spec:
- inherit_from_parent: null
reset: null
@@ -254,12 +280,13 @@ values:
condition: []
deny_all: null
enforce: 'TRUE'
parameters: null
values: []
timeouts: null
module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyUpload"]:
dry_run_spec: []
name: projects/test-project/policies/iam.disableServiceAccountKeyUpload
parent: projects/test-project
name: projects/test-test-project/policies/iam.disableServiceAccountKeyUpload
parent: projects/test-test-project
spec:
- inherit_from_parent: null
reset: null
@@ -272,11 +299,13 @@ values:
title: condition
deny_all: null
enforce: 'TRUE'
parameters: null
values: []
- allow_all: null
condition: []
deny_all: null
enforce: 'FALSE'
parameters: null
values: []
timeouts: null
module.project.google_project_iam_audit_config.default["allServices"]:
@@ -284,7 +313,7 @@ values:
- exempted_members:
- group:organization-admins@example.org
log_type: ADMIN_READ
project: test-project
project: test-test-project
service: allServices
module.project.google_project_iam_audit_config.default["storage.googleapis.com"]:
audit_log_config:
@@ -292,39 +321,39 @@ values:
log_type: DATA_READ
- exempted_members: []
log_type: DATA_WRITE
project: test-project
project: test-test-project
service: storage.googleapis.com
module.project.google_project_iam_binding.authoritative["roles/apigee.serviceAgent"]:
condition: []
project: test-project
project: test-test-project
role: roles/apigee.serviceAgent
module.project.google_project_iam_binding.authoritative["roles/cloudasset.owner"]:
condition: []
members:
- group:organization-admins@example.org
project: test-project
project: test-test-project
role: roles/cloudasset.owner
module.project.google_project_iam_binding.authoritative["roles/cloudsupport.techSupportEditor"]:
condition: []
members:
- group:organization-admins@example.org
project: test-project
project: test-test-project
role: roles/cloudsupport.techSupportEditor
module.project.google_project_iam_binding.authoritative["roles/editor"]:
condition: []
project: test-project
project: test-test-project
role: roles/editor
module.project.google_project_iam_binding.authoritative["roles/iam.securityReviewer"]:
condition: []
members:
- group:organization-admins@example.org
project: test-project
project: test-test-project
role: roles/iam.securityReviewer
module.project.google_project_iam_binding.authoritative["roles/logging.admin"]:
condition: []
members:
- group:organization-admins@example.org
project: test-project
project: test-test-project
role: roles/logging.admin
module.project.google_project_iam_binding.bindings["iam_admin_conditional"]:
condition:
@@ -334,12 +363,12 @@ values:
title: delegated_network_user_one
members:
- group:organization-admins@example.org
project: test-project
project: test-test-project
role: roles/resourcemanager.projectIamAdmin
module.project.google_project_iam_member.bindings["group-owner"]:
condition: []
member: group:organization-admins@example.org
project: test-project
project: test-test-project
role: roles/owner
module.project.google_project_iam_member.bucket-sinks-binding["debug"]:
condition:
@@ -347,23 +376,23 @@ values:
role: roles/logging.bucketWriter
module.project.google_project_iam_member.service_agents["apigee"]:
condition: []
project: test-project
project: test-test-project
role: roles/apigee.serviceAgent
module.project.google_project_iam_member.service_agents["compute-system"]:
condition: []
project: test-project
project: test-test-project
role: roles/compute.serviceAgent
module.project.google_project_iam_member.service_agents["container-engine-robot"]:
condition: []
project: test-project
project: test-test-project
role: roles/container.serviceAgent
module.project.google_project_iam_member.service_agents["gkenode"]:
condition: []
project: test-project
project: test-test-project
role: roles/container.defaultNodeServiceAgent
module.project.google_project_iam_member.service_agents["serverless-robot-prod"]:
condition: []
project: test-project
project: test-test-project
role: roles/run.serviceAgent
module.project.google_project_iam_member.shared_vpc_host_robots["roles/cloudasset.owner:cloudservices"]:
condition: []
@@ -396,55 +425,55 @@ values:
module.project.google_project_service.project_services["apigee.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-project
project: test-test-project
service: apigee.googleapis.com
timeouts: null
module.project.google_project_service.project_services["bigquery.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-project
project: test-test-project
service: bigquery.googleapis.com
timeouts: null
module.project.google_project_service.project_services["compute.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-project
project: test-test-project
service: compute.googleapis.com
timeouts: null
module.project.google_project_service.project_services["container.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-project
project: test-test-project
service: container.googleapis.com
timeouts: null
module.project.google_project_service.project_services["logging.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-project
project: test-test-project
service: logging.googleapis.com
timeouts: null
module.project.google_project_service.project_services["run.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-project
project: test-test-project
service: run.googleapis.com
timeouts: null
module.project.google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-project
project: test-test-project
service: storage.googleapis.com
timeouts: null
module.project.google_project_service_identity.default["apigee.googleapis.com"]:
project: test-project
project: test-test-project
service: apigee.googleapis.com
timeouts: null
module.project.google_project_service_identity.default["container.googleapis.com"]:
project: test-project
project: test-test-project
service: container.googleapis.com
timeouts: null
module.project.google_project_service_identity.default["run.googleapis.com"]:
project: test-project
project: test-test-project
service: run.googleapis.com
timeouts: null
module.project.google_pubsub_topic_iam_member.pubsub-sinks-binding["notice"]:
@@ -457,12 +486,17 @@ values:
condition: []
role: roles/storage.objectCreator
module.pubsub.google_pubsub_topic.default:
effective_labels:
goog-terraform-provisioned: 'true'
ingestion_data_source_settings: []
kms_key_name: null
labels: null
message_retention_duration: null
name: pubsub_sink
project: project-id
schema_settings: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
counts:
@@ -479,7 +513,7 @@ counts:
google_logging_project_exclusion: 1
google_logging_project_sink: 4
google_org_policy_policy: 7
google_project: 3
google_project: 2
google_project_iam_audit_config: 2
google_project_iam_binding: 7
google_project_iam_member: 14
@@ -491,7 +525,7 @@ counts:
google_storage_bucket_iam_member: 1
google_storage_project_service_account: 1
modules: 8
resources: 64
resources: 63
outputs: {}