Merge remote-tracking branch 'origin/master' into fast-dev
This commit is contained in:
Ludo
@@ -586,6 +586,17 @@
|
||||
"npm": "1.2.8000 || >= 1.4.16"
|
||||
}
|
||||
},
|
||||
"node_modules/brace-expansion": {
|
||||
"version": "1.1.12",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
|
||||
"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
|
||||
"license": "MIT",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"balanced-match": "^1.0.0",
|
||||
"concat-map": "0.0.1"
|
||||
}
|
||||
},
|
||||
"node_modules/buffer-equal-constant-time": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
|
||||
@@ -634,6 +645,19 @@
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
}
|
||||
},
|
||||
"node_modules/call-bind-apply-helpers": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
|
||||
"integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"es-errors": "^1.3.0",
|
||||
"function-bind": "^1.1.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
},
|
||||
"node_modules/chalk": {
|
||||
"version": "2.4.2",
|
||||
"resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
|
||||
@@ -814,6 +838,20 @@
|
||||
"node": ">=0.10"
|
||||
}
|
||||
},
|
||||
"node_modules/dunder-proto": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
|
||||
"integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"call-bind-apply-helpers": "^1.0.1",
|
||||
"es-errors": "^1.3.0",
|
||||
"gopd": "^1.2.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
},
|
||||
"node_modules/duplexify": {
|
||||
"version": "4.1.3",
|
||||
"resolved": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz",
|
||||
@@ -868,12 +906,10 @@
|
||||
}
|
||||
},
|
||||
"node_modules/es-define-property": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
|
||||
"integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
|
||||
"dependencies": {
|
||||
"get-intrinsic": "^1.2.4"
|
||||
},
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
|
||||
"integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
@@ -886,6 +922,33 @@
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
},
|
||||
"node_modules/es-object-atoms": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
|
||||
"integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"es-errors": "^1.3.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
},
|
||||
"node_modules/es-set-tostringtag": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
|
||||
"integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"es-errors": "^1.3.0",
|
||||
"get-intrinsic": "^1.2.6",
|
||||
"has-tostringtag": "^1.0.2",
|
||||
"hasown": "^2.0.2"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
},
|
||||
"node_modules/escalade": {
|
||||
"version": "3.1.2",
|
||||
"resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz",
|
||||
@@ -1027,13 +1090,17 @@
|
||||
}
|
||||
},
|
||||
"node_modules/form-data": {
|
||||
"version": "2.5.1",
|
||||
"resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.1.tgz",
|
||||
"integrity": "sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA==",
|
||||
"version": "2.5.5",
|
||||
"resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz",
|
||||
"integrity": "sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"asynckit": "^0.4.0",
|
||||
"combined-stream": "^1.0.6",
|
||||
"mime-types": "^2.1.12"
|
||||
"combined-stream": "^1.0.8",
|
||||
"es-set-tostringtag": "^2.1.0",
|
||||
"hasown": "^2.0.2",
|
||||
"mime-types": "^2.1.35",
|
||||
"safe-buffer": "^5.2.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.12"
|
||||
@@ -1111,15 +1178,21 @@
|
||||
}
|
||||
},
|
||||
"node_modules/get-intrinsic": {
|
||||
"version": "1.2.4",
|
||||
"resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
|
||||
"integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
|
||||
"version": "1.3.0",
|
||||
"resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
|
||||
"integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"call-bind-apply-helpers": "^1.0.2",
|
||||
"es-define-property": "^1.0.1",
|
||||
"es-errors": "^1.3.0",
|
||||
"es-object-atoms": "^1.1.1",
|
||||
"function-bind": "^1.1.2",
|
||||
"has-proto": "^1.0.1",
|
||||
"has-symbols": "^1.0.3",
|
||||
"hasown": "^2.0.0"
|
||||
"get-proto": "^1.0.1",
|
||||
"gopd": "^1.2.0",
|
||||
"has-symbols": "^1.1.0",
|
||||
"hasown": "^2.0.2",
|
||||
"math-intrinsics": "^1.1.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
@@ -1128,6 +1201,19 @@
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
}
|
||||
},
|
||||
"node_modules/get-proto": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
|
||||
"integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"dunder-proto": "^1.0.1",
|
||||
"es-object-atoms": "^1.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
},
|
||||
"node_modules/google-auth-library": {
|
||||
"version": "9.10.0",
|
||||
"resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-9.10.0.tgz",
|
||||
@@ -1179,11 +1265,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/gopd": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
|
||||
"integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
|
||||
"dependencies": {
|
||||
"get-intrinsic": "^1.1.3"
|
||||
"version": "1.2.0",
|
||||
"resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
|
||||
"integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
@@ -1231,21 +1318,11 @@
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
}
|
||||
},
|
||||
"node_modules/has-proto": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz",
|
||||
"integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==",
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
}
|
||||
},
|
||||
"node_modules/has-symbols": {
|
||||
"version": "1.0.3",
|
||||
"resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz",
|
||||
"integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==",
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
|
||||
"integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
},
|
||||
@@ -1254,11 +1331,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/has-tostringtag": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz",
|
||||
"integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==",
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
|
||||
"integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"has-symbols": "^1.0.2"
|
||||
"has-symbols": "^1.0.3"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
@@ -1601,6 +1679,15 @@
|
||||
"node": ">=10"
|
||||
}
|
||||
},
|
||||
"node_modules/math-intrinsics": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
|
||||
"integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
}
|
||||
},
|
||||
"node_modules/media-typer": {
|
||||
"version": "0.3.0",
|
||||
"resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
|
||||
@@ -1691,16 +1778,6 @@
|
||||
"node": ">=0.8.0"
|
||||
}
|
||||
},
|
||||
"node_modules/mv/node_modules/brace-expansion": {
|
||||
"version": "1.1.11",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
|
||||
"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"balanced-match": "^1.0.0",
|
||||
"concat-map": "0.0.1"
|
||||
}
|
||||
},
|
||||
"node_modules/mv/node_modules/glob": {
|
||||
"version": "6.0.4",
|
||||
"resolved": "https://registry.npmjs.org/glob/-/glob-6.0.4.tgz",
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
module example.com/healthckecker
|
||||
|
||||
go 1.16
|
||||
go 1.23.0
|
||||
|
||||
toolchain go1.24.1
|
||||
|
||||
require (
|
||||
@@ -10,8 +11,7 @@ require (
|
||||
|
||||
require (
|
||||
cloud.google.com/go v0.110.0 // indirect
|
||||
cloud.google.com/go/compute v1.19.1 // indirect
|
||||
cloud.google.com/go/compute/metadata v0.2.3 // indirect
|
||||
cloud.google.com/go/compute/metadata v0.3.0 // indirect
|
||||
cloud.google.com/go/iam v0.13.0 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/protobuf v1.5.3 // indirect
|
||||
@@ -21,10 +21,10 @@ require (
|
||||
github.com/googleapis/gax-go/v2 v2.7.1 // indirect
|
||||
go.opencensus.io v0.24.0 // indirect
|
||||
golang.org/x/net v0.38.0 // indirect
|
||||
golang.org/x/oauth2 v0.7.0 // indirect
|
||||
golang.org/x/sync v0.11.0 // indirect
|
||||
golang.org/x/sys v0.30.0 // indirect
|
||||
golang.org/x/text v0.22.0 // indirect
|
||||
golang.org/x/oauth2 v0.27.0 // indirect
|
||||
golang.org/x/sync v0.12.0 // indirect
|
||||
golang.org/x/sys v0.31.0 // indirect
|
||||
golang.org/x/text v0.23.0 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
|
||||
google.golang.org/grpc v1.56.3 // indirect
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
|
||||
cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
|
||||
cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY=
|
||||
cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
|
||||
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
|
||||
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
|
||||
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
|
||||
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
|
||||
cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k=
|
||||
cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0=
|
||||
cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g=
|
||||
@@ -80,27 +78,27 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
|
||||
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
|
||||
golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
|
||||
golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
|
||||
golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
|
||||
golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
|
||||
golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
|
||||
golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
|
||||
golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
|
||||
golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
|
||||
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
|
||||
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
|
||||
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
|
||||
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
|
||||
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||
|
||||
@@ -662,7 +662,7 @@ FAST defines a simple mechanism to extend stage functionality via the use of [ad
|
||||
| name | description | modules | resources |
|
||||
|---|---|---|---|
|
||||
| [automation.tf](./automation.tf) | Automation project and resources. | <code>gcs</code> · <code>iam-service-account</code> · <code>project</code> | |
|
||||
| [billing.tf](./billing.tf) | Billing export project and dataset. | <code>bigquery-dataset</code> · <code>project</code> | <code>google_billing_account_iam_member</code> |
|
||||
| [billing.tf](./billing.tf) | Billing export project and dataset. | <code>bigquery-dataset</code> · <code>billing-account</code> · <code>logging-bucket</code> · <code>project</code> | |
|
||||
| [cicd.tf](./cicd.tf) | CI/CD locals and resources. | <code>iam-service-account</code> | |
|
||||
| [identity-providers-wfif-defs.tf](./identity-providers-wfif-defs.tf) | Workforce Identity provider definitions. | | |
|
||||
| [identity-providers-wfif.tf](./identity-providers-wfif.tf) | Workforce Identity Federation provider definitions. | | <code>google_iam_workforce_pool</code> · <code>google_iam_workforce_pool_provider</code> |
|
||||
@@ -683,29 +683,29 @@ FAST defines a simple mechanism to extend stage functionality via the use of [ad
|
||||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [billing_account](variables.tf#L17) | Billing account id. If billing account is not part of the same org set `is_org_level` to `false`. To disable handling of billing IAM roles set `no_iam` to `true`. | <code title="object({ id = string force_create = optional(object({ dataset = optional(bool, false) project = optional(bool, false) }), {}) is_org_level = optional(bool, true) no_iam = optional(bool, false) })">object({…})</code> | ✓ | | |
|
||||
| [organization](variables.tf#L281) | Organization details. | <code title="object({ id = number domain = optional(string) customer_id = optional(string) })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L296) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | |
|
||||
| [bootstrap_user](variables.tf#L38) | Email of the nominal user running this stage for the first time. | <code>string</code> | | <code>null</code> | |
|
||||
| [cicd_config](variables.tf#L44) | CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ bootstrap = optional(object({ identity_provider = string repository = object({ name = string branch = optional(string) type = optional(string, "github") }) })) resman = optional(object({ identity_provider = string repository = object({ name = string branch = optional(string) type = optional(string, "github") }) })) vpcsc = optional(object({ identity_provider = string repository = object({ name = string branch = optional(string) type = optional(string, "github") }) })) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [custom_roles](variables.tf#L85) | Map of role names => list of permissions to additionally create at the organization level. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [environments](variables.tf#L92) | Environment names. When not defined, short name is set to the key and tag name to lower(name). | <code title="map(object({ name = string is_default = optional(bool, false) short_name = optional(string) tag_name = optional(string) }))">map(object({…}))</code> | | <code title="{ dev = { name = "Development" } prod = { name = "Production" is_default = true } }">{…}</code> | |
|
||||
| [essential_contacts](variables.tf#L132) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L138) | Configuration for the resource factories or external data. | <code title="object({ custom_constraints = optional(string, "data/custom-constraints") custom_roles = optional(string, "data/custom-roles") org_policies = optional(string, "data/org-policies") org_policies_iac = optional(string, "data/org-policies-iac") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [billing_account](variables.tf#L17) | Billing account id. If billing account is not part of the same org set `is_org_level` to `false`. To disable handling of billing IAM roles set `no_iam` to `true`. | <code title="object({ id = string force_create = optional(object({ dataset = optional(bool, false) project = optional(bool, false) log_bucket = optional(bool, false) }), {}) is_org_level = optional(bool, true) no_iam = optional(bool, false) })">object({…})</code> | ✓ | | |
|
||||
| [organization](variables.tf#L282) | Organization details. | <code title="object({ id = number domain = optional(string) customer_id = optional(string) })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L297) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | |
|
||||
| [bootstrap_user](variables.tf#L39) | Email of the nominal user running this stage for the first time. | <code>string</code> | | <code>null</code> | |
|
||||
| [cicd_config](variables.tf#L45) | CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ bootstrap = optional(object({ identity_provider = string repository = object({ name = string branch = optional(string) type = optional(string, "github") }) })) resman = optional(object({ identity_provider = string repository = object({ name = string branch = optional(string) type = optional(string, "github") }) })) vpcsc = optional(object({ identity_provider = string repository = object({ name = string branch = optional(string) type = optional(string, "github") }) })) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [custom_roles](variables.tf#L86) | Map of role names => list of permissions to additionally create at the organization level. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [environments](variables.tf#L93) | Environment names. When not defined, short name is set to the key and tag name to lower(name). | <code title="map(object({ name = string is_default = optional(bool, false) short_name = optional(string) tag_name = optional(string) }))">map(object({…}))</code> | | <code title="{ dev = { name = "Development" } prod = { name = "Production" is_default = true } }">{…}</code> | |
|
||||
| [essential_contacts](variables.tf#L133) | Email used for essential contacts, unset if null. | <code>string</code> | | <code>null</code> | |
|
||||
| [factories_config](variables.tf#L139) | Configuration for the resource factories or external data. | <code title="object({ custom_constraints = optional(string, "data/custom-constraints") custom_roles = optional(string, "data/custom-roles") org_policies = optional(string, "data/org-policies") org_policies_iac = optional(string, "data/org-policies-iac") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [fast_addon](variables-addons.tf#L17) | FAST addons configurations for stages 1. Keys are used as short names for the add-on resources. | <code title="map(object({ parent_stage = string cicd_config = optional(object({ identity_provider = string repository = object({ name = string branch = optional(string) type = optional(string, "github") }) })) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [groups](variables.tf#L150) | Group names or IAM-format principals to grant organization-level permissions. If just the name is provided, the 'group:' principal and organization domain are interpolated. | <code title="object({ gcp-billing-admins = optional(string, "gcp-billing-admins") gcp-devops = optional(string, "gcp-devops") gcp-network-admins = optional(string, "gcp-vpc-network-admins") gcp-organization-admins = optional(string, "gcp-organization-admins") gcp-secops-admins = optional(string, "gcp-security-admins") gcp-security-admins = optional(string, "gcp-security-admins") gcp-support = optional(string, "gcp-devops") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [iam](variables.tf#L167) | Organization-level custom IAM settings in role => [principal] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_bindings_additive](variables.tf#L174) | Organization-level custom additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [iam_by_principals](variables.tf#L189) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [locations](variables.tf#L196) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object({ bq = optional(string, "EU") gcs = optional(string, "EU") logging = optional(string, "global") pubsub = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [log_sinks](variables.tf#L210) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string disabled = optional(bool, false) exclusions = optional(map(string), {}) }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = <<-FILTER log_id("cloudaudit.googleapis.com/activity") OR log_id("cloudaudit.googleapis.com/system_event") OR log_id("cloudaudit.googleapis.com/policy") OR log_id("cloudaudit.googleapis.com/access_transparency") FILTER type = "logging" } iam = { filter = <<-FILTER protoPayload.serviceName="iamcredentials.googleapis.com" OR protoPayload.serviceName="iam.googleapis.com" OR protoPayload.serviceName="sts.googleapis.com" FILTER type = "logging" } vpc-sc = { filter = <<-FILTER protoPayload.metadata.@type="type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata" FILTER type = "logging" } workspace-audit-logs = { filter = <<-FILTER protoPayload.serviceName="admin.googleapis.com" OR protoPayload.serviceName="cloudidentity.googleapis.com" OR protoPayload.serviceName="login.googleapis.com" FILTER type = "logging" } }">{…}</code> | |
|
||||
| [org_policies_config](variables.tf#L266) | Organization policies customization. | <code title="object({ iac_policy_member_domains = optional(list(string)) import_defaults = optional(bool, false) tag_name = optional(string, "org-policies") tag_values = optional(map(object({ description = optional(string, "Managed by the Terraform organization module.") iam = optional(map(list(string)), {}) id = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L290) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_parent_ids](variables.tf#L305) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | <code title="object({ automation = optional(string) billing = optional(string) logging = optional(string) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [resource_names](variables.tf#L316) | Resource names overrides for specific resources. Prefix is always set via code, except where noted in the variable type. | <code title="object({ bq-billing = optional(string, "billing_export") bq-logs = optional(string, "logs") gcs-bootstrap = optional(string, "prod-iac-core-bootstrap-0") gcs-logs = optional(string, "prod-logs") gcs-outputs = optional(string, "prod-iac-core-outputs-0") gcs-resman = optional(string, "prod-iac-core-resman-0") gcs-vpcsc = optional(string, "prod-iac-core-vpcsc-0") project-automation = optional(string, "prod-iac-core-0") project-billing = optional(string, "prod-billing-exp-0") project-logs = optional(string, "prod-audit-logs-0") pubsub-logs_template = optional(string, "$${key}") sa-bootstrap = optional(string, "prod-bootstrap-0") sa-bootstrap_ro = optional(string, "prod-bootstrap-0r") sa-cicd_template = optional(string, "prod-$${key}-1") sa-cicd_template_ro = optional(string, "prod-$${key}-1r") sa-resman = optional(string, "prod-resman-0") sa-resman_ro = optional(string, "prod-resman-0r") sa-vpcsc = optional(string, "prod-vpcsc-0") sa-vpcsc_ro = optional(string, "prod-vpcsc-0r") wf-bootstrap = optional(string, "$${prefix}-bootstrap") wf-provider_template = optional(string, "$${prefix}-bootstrap-$${key}") wif-bootstrap = optional(string, "$${prefix}-bootstrap") wif-provider_template = optional(string, "$${prefix}-bootstrap-$${key}") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [universe](variables.tf#L348) | Target GCP universe. | <code title="object({ domain = string prefix = string unavailable_services = optional(list(string), []) })">object({…})</code> | | <code>null</code> | |
|
||||
| [workforce_identity_providers](variables.tf#L358) | Workforce Identity Federation pools. | <code title="map(object({ attribute_condition = optional(string) issuer = string display_name = string description = string disabled = optional(bool, false) saml = optional(object({ idp_metadata_xml = string }), null) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [workload_identity_providers](variables.tf#L374) | Workload Identity Federation pools. The `cicd_repositories` variable references keys here. | <code title="map(object({ attribute_condition = optional(string) issuer = string custom_settings = optional(object({ issuer_uri = optional(string) audiences = optional(list(string), []) jwks_json = optional(string) }), {}) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [groups](variables.tf#L151) | Group names or IAM-format principals to grant organization-level permissions. If just the name is provided, the 'group:' principal and organization domain are interpolated. | <code title="object({ gcp-billing-admins = optional(string, "gcp-billing-admins") gcp-devops = optional(string, "gcp-devops") gcp-network-admins = optional(string, "gcp-vpc-network-admins") gcp-organization-admins = optional(string, "gcp-organization-admins") gcp-secops-admins = optional(string, "gcp-security-admins") gcp-security-admins = optional(string, "gcp-security-admins") gcp-support = optional(string, "gcp-devops") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [iam](variables.tf#L168) | Organization-level custom IAM settings in role => [principal] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_bindings_additive](variables.tf#L175) | Organization-level custom additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [iam_by_principals](variables.tf#L190) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [locations](variables.tf#L197) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object({ bq = optional(string, "EU") gcs = optional(string, "EU") logging = optional(string, "global") pubsub = optional(list(string), []) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [log_sinks](variables.tf#L211) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string disabled = optional(bool, false) exclusions = optional(map(string), {}) }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = <<-FILTER log_id("cloudaudit.googleapis.com/activity") OR log_id("cloudaudit.googleapis.com/system_event") OR log_id("cloudaudit.googleapis.com/policy") OR log_id("cloudaudit.googleapis.com/access_transparency") FILTER type = "logging" } iam = { filter = <<-FILTER protoPayload.serviceName="iamcredentials.googleapis.com" OR protoPayload.serviceName="iam.googleapis.com" OR protoPayload.serviceName="sts.googleapis.com" FILTER type = "logging" } vpc-sc = { filter = <<-FILTER protoPayload.metadata.@type="type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata" FILTER type = "logging" } workspace-audit-logs = { filter = <<-FILTER protoPayload.serviceName="admin.googleapis.com" OR protoPayload.serviceName="cloudidentity.googleapis.com" OR protoPayload.serviceName="login.googleapis.com" FILTER type = "logging" } }">{…}</code> | |
|
||||
| [org_policies_config](variables.tf#L267) | Organization policies customization. | <code title="object({ iac_policy_member_domains = optional(list(string)) import_defaults = optional(bool, false) tag_name = optional(string, "org-policies") tag_values = optional(map(object({ description = optional(string, "Managed by the Terraform organization module.") iam = optional(map(list(string)), {}) id = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [outputs_location](variables.tf#L291) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_parent_ids](variables.tf#L306) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | <code title="object({ automation = optional(string) billing = optional(string) logging = optional(string) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [resource_names](variables.tf#L317) | Resource names overrides for specific resources. Prefix is always set via code, except where noted in the variable type. | <code title="object({ bq-billing = optional(string, "billing_export") bq-logs = optional(string, "logs") gcs-bootstrap = optional(string, "prod-iac-core-bootstrap-0") gcs-logs = optional(string, "prod-logs") gcs-outputs = optional(string, "prod-iac-core-outputs-0") gcs-resman = optional(string, "prod-iac-core-resman-0") gcs-vpcsc = optional(string, "prod-iac-core-vpcsc-0") project-automation = optional(string, "prod-iac-core-0") project-billing = optional(string, "prod-billing-exp-0") project-logs = optional(string, "prod-audit-logs-0") pubsub-logs_template = optional(string, "$${key}") sa-bootstrap = optional(string, "prod-bootstrap-0") sa-bootstrap_ro = optional(string, "prod-bootstrap-0r") sa-cicd_template = optional(string, "prod-$${key}-1") sa-cicd_template_ro = optional(string, "prod-$${key}-1r") sa-resman = optional(string, "prod-resman-0") sa-resman_ro = optional(string, "prod-resman-0r") sa-vpcsc = optional(string, "prod-vpcsc-0") sa-vpcsc_ro = optional(string, "prod-vpcsc-0r") wf-bootstrap = optional(string, "$${prefix}-bootstrap") wf-provider_template = optional(string, "$${prefix}-bootstrap-$${key}") wif-bootstrap = optional(string, "$${prefix}-bootstrap") wif-provider_template = optional(string, "$${prefix}-bootstrap-$${key}") })">object({…})</code> | | <code>{}</code> | |
|
||||
| [universe](variables.tf#L349) | Target GCP universe. | <code title="object({ domain = string prefix = string unavailable_services = optional(list(string), []) })">object({…})</code> | | <code>null</code> | |
|
||||
| [workforce_identity_providers](variables.tf#L359) | Workforce Identity Federation pools. | <code title="map(object({ attribute_condition = optional(string) issuer = string display_name = string description = string disabled = optional(bool, false) saml = optional(object({ idp_metadata_xml = string }), null) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [workload_identity_providers](variables.tf#L375) | Workload Identity Federation pools. The `cicd_repositories` variable references keys here. | <code title="map(object({ attribute_condition = optional(string) issuer = string custom_settings = optional(object({ issuer_uri = optional(string) audiences = optional(list(string), []) jwks_json = optional(string) }), {}) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -17,22 +17,41 @@
|
||||
# tfdoc:file:description Billing export project and dataset.
|
||||
|
||||
locals {
|
||||
# used here for convenience, in organization.tf members are explicit
|
||||
billing_ext_admins = [
|
||||
local.principals.gcp-billing-admins,
|
||||
local.principals.gcp-organization-admins,
|
||||
module.automation-tf-bootstrap-sa.iam_email,
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
billing_ext_viewers = [
|
||||
module.automation-tf-bootstrap-r-sa.iam_email,
|
||||
module.automation-tf-resman-r-sa.iam_email
|
||||
]
|
||||
billing_mode = (
|
||||
var.billing_account.no_iam
|
||||
? null
|
||||
: var.billing_account.is_org_level ? "org" : "resource"
|
||||
)
|
||||
|
||||
_billing_iam_bindings = {
|
||||
"roles/billing.admin" = [
|
||||
local.principals.gcp-billing-admins,
|
||||
local.principals.gcp-organization-admins,
|
||||
module.automation-tf-bootstrap-sa.iam_email,
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
],
|
||||
"roles/billing.viewer" = [
|
||||
module.automation-tf-bootstrap-r-sa.iam_email,
|
||||
module.automation-tf-resman-r-sa.iam_email
|
||||
],
|
||||
"roles/logging.configWriter" = local.billing_mode == "org" || !var.billing_account.force_create.log_bucket ? [] : [
|
||||
module.automation-tf-bootstrap-sa.iam_email
|
||||
]
|
||||
}
|
||||
|
||||
_billing_iam_bindings_add = flatten([for role, bindings in local._billing_iam_bindings : [
|
||||
for member in bindings : {
|
||||
member = member,
|
||||
role = role
|
||||
}
|
||||
]])
|
||||
|
||||
billing_iam_bindings_additive = {
|
||||
for b in local._billing_iam_bindings_add : "${b.role}-${b.member}" => {
|
||||
member = b.member
|
||||
role = b.role
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# billing account in same org (IAM is in the organization.tf file)
|
||||
@@ -81,20 +100,28 @@ module "billing-export-dataset" {
|
||||
|
||||
# standalone billing account
|
||||
|
||||
resource "google_billing_account_iam_member" "billing_ext_admin" {
|
||||
for_each = toset(
|
||||
local.billing_mode == "resource" ? local.billing_ext_admins : []
|
||||
)
|
||||
billing_account_id = var.billing_account.id
|
||||
role = "roles/billing.admin"
|
||||
member = each.key
|
||||
module "billing-account-logbucket" {
|
||||
source = "../../../modules/logging-bucket"
|
||||
count = local.billing_mode == "resource" && var.billing_account.force_create.log_bucket ? 1 : 0
|
||||
parent_type = "project"
|
||||
parent = module.log-export-project.project_id
|
||||
id = "billing-account"
|
||||
location = local.locations.logging
|
||||
log_analytics = { enable = true }
|
||||
# org-level logging settings ready before we create any logging buckets
|
||||
depends_on = [module.organization-logging]
|
||||
}
|
||||
|
||||
resource "google_billing_account_iam_member" "billing_ext_viewer" {
|
||||
for_each = toset(
|
||||
local.billing_mode == "resource" ? local.billing_ext_viewers : []
|
||||
)
|
||||
billing_account_id = var.billing_account.id
|
||||
role = "roles/billing.viewer"
|
||||
member = each.key
|
||||
}
|
||||
module "billing-account" {
|
||||
source = "../../../modules/billing-account"
|
||||
count = local.billing_mode == "resource" ? 1 : 0
|
||||
id = var.billing_account.id
|
||||
iam_bindings_additive = local.billing_iam_bindings_additive
|
||||
logging_sinks = !var.billing_account.force_create.log_bucket ? {} : {
|
||||
billing_bucket_log_sink = {
|
||||
destination = module.billing-account-logbucket[0].id
|
||||
type = "logging"
|
||||
description = "billing-account sink (Terraform-managed)."
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -19,8 +19,9 @@ variable "billing_account" {
|
||||
type = object({
|
||||
id = string
|
||||
force_create = optional(object({
|
||||
dataset = optional(bool, false)
|
||||
project = optional(bool, false)
|
||||
dataset = optional(bool, false)
|
||||
project = optional(bool, false)
|
||||
log_bucket = optional(bool, false)
|
||||
}), {})
|
||||
is_org_level = optional(bool, true)
|
||||
no_iam = optional(bool, false)
|
||||
|
||||
@@ -2556,6 +2556,7 @@ outputs:
|
||||
force_create:
|
||||
dataset: false
|
||||
project: false
|
||||
log_bucket: false
|
||||
id: 000000-111111-222222
|
||||
is_org_level: true
|
||||
no_iam: false
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
billing_account = {
|
||||
id = "000000-111111-222222"
|
||||
is_org_level = false
|
||||
force_create = {
|
||||
dataset = true
|
||||
project = true
|
||||
log_bucket = true
|
||||
}
|
||||
}
|
||||
essential_contacts = "gcp-organization-admins@fast.example.com"
|
||||
groups = {
|
||||
gcp-support = "group:gcp-support@example.com"
|
||||
}
|
||||
org_policies_config = {
|
||||
import_defaults = false
|
||||
}
|
||||
organization = {
|
||||
domain = "fast.example.com"
|
||||
id = 123456789012
|
||||
customer_id = "C00000000"
|
||||
}
|
||||
outputs_location = "/fast-config"
|
||||
prefix = "fast"
|
||||
2172
tests/fast/stages/s0_bootstrap/external_billing_account.yaml
Normal file
2172
tests/fast/stages/s0_bootstrap/external_billing_account.yaml
Normal file
File diff suppressed because it is too large
Load Diff
@@ -1637,6 +1637,7 @@ outputs:
|
||||
force_create:
|
||||
dataset: false
|
||||
project: false
|
||||
log_bucket: false
|
||||
id: 000000-111111-222222
|
||||
is_org_level: true
|
||||
no_iam: false
|
||||
|
||||
@@ -23,5 +23,8 @@ tests:
|
||||
inventory:
|
||||
- simple.yaml
|
||||
- managed_org_policies.yaml
|
||||
external_billing_account:
|
||||
inventory:
|
||||
- external_billing_account.yaml
|
||||
iam_by_principals:
|
||||
cicd:
|
||||
|
||||
Reference in New Issue
Block a user