Merge branch 'master' into master
This commit is contained in:
Antonio Lopez
@@ -13,6 +13,8 @@ All notable changes to this project will be documented in this file.
|
||||
- add support for Cloud Source Repositories in stage 0 and 1 CI/CD
|
||||
- fix Gitlab workflow indentation
|
||||
- remove unsupported attributes and add supported ones to the Gitlab mapping used for Workload Identity Federation pools
|
||||
- add roles for CI/CD source repositories to stage 1 service account on automation project
|
||||
- fixes to CI/CD source repositories in stage 1
|
||||
|
||||
## [16.0.0] - 2022-06-06
|
||||
|
||||
|
||||
@@ -457,15 +457,15 @@ The remaining configuration is manual, as it regards the repositories themselves
|
||||
|
||||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [automation](outputs.tf#L81) | Automation resources. | | |
|
||||
| [billing_dataset](outputs.tf#L86) | BigQuery dataset prepared for billing export. | | |
|
||||
| [cicd_repositories](outputs.tf#L91) | CI/CD repository configurations. | | |
|
||||
| [custom_roles](outputs.tf#L103) | Organization-level custom roles. | | |
|
||||
| [federated_identity](outputs.tf#L108) | Workload Identity Federation pool and providers. | | |
|
||||
| [outputs_bucket](outputs.tf#L118) | GCS bucket where generated output files are stored. | | |
|
||||
| [project_ids](outputs.tf#L123) | Projects created by this stage. | | |
|
||||
| [providers](outputs.tf#L142) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> |
|
||||
| [service_accounts](outputs.tf#L132) | Automation service accounts created by this stage. | | |
|
||||
| [tfvars](outputs.tf#L151) | Terraform variable files for the following stages. | ✓ | |
|
||||
| [automation](outputs.tf#L82) | Automation resources. | | |
|
||||
| [billing_dataset](outputs.tf#L87) | BigQuery dataset prepared for billing export. | | |
|
||||
| [cicd_repositories](outputs.tf#L92) | CI/CD repository configurations. | | |
|
||||
| [custom_roles](outputs.tf#L104) | Organization-level custom roles. | | |
|
||||
| [federated_identity](outputs.tf#L109) | Workload Identity Federation pool and providers. | | |
|
||||
| [outputs_bucket](outputs.tf#L119) | GCS bucket where generated output files are stored. | | |
|
||||
| [project_ids](outputs.tf#L124) | Projects created by this stage. | | |
|
||||
| [providers](outputs.tf#L143) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> |
|
||||
| [service_accounts](outputs.tf#L133) | Automation service accounts created by this stage. | | |
|
||||
| [tfvars](outputs.tf#L152) | Terraform variable files for the following stages. | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
||||
@@ -38,12 +38,18 @@ module "automation-project" {
|
||||
"roles/owner" = [
|
||||
module.automation-tf-bootstrap-sa.iam_email
|
||||
]
|
||||
"roles/cloudbuild.builds.editor" = [
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
"roles/iam.serviceAccountAdmin" = [
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
"roles/iam.workloadIdentityPoolAdmin" = [
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
"roles/source.admin" = [
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
"roles/storage.admin" = [
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
|
||||
@@ -57,6 +57,7 @@ locals {
|
||||
federated_identity_providers = local.wif_providers
|
||||
outputs_bucket = module.automation-tf-output-gcs.name
|
||||
project_id = module.automation-project.project_id
|
||||
project_number = module.automation-project.number
|
||||
}
|
||||
custom_roles = local.custom_roles
|
||||
}
|
||||
|
||||
@@ -178,30 +178,30 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
|
||||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L20) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string project_id = string federated_identity_pool = string federated_identity_providers = map(object({ issuer = string issuer_uri = string name = string principal_tpl = string principalset_tpl = string })) })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L37) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [organization](variables.tf#L140) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L164) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [cicd_repositories](variables.tf#L46) | CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ data_platform_dev = object({ branch = string identity_provider = string name = string type = string }) data_platform_prod = object({ branch = string identity_provider = string name = string type = string }) networking = object({ branch = string identity_provider = string name = string type = string }) project_factory_dev = object({ branch = string identity_provider = string name = string type = string }) project_factory_prod = object({ branch = string identity_provider = string name = string type = string }) security = object({ branch = string identity_provider = string name = string type = string }) })">object({…})</code> | | <code>null</code> | |
|
||||
| [custom_roles](variables.tf#L116) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>00-bootstrap</code> |
|
||||
| [groups](variables.tf#L125) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [organization_policy_configs](variables.tf#L150) | Organization policies customization. | <code title="object({ allowed_policy_member_domains = list(string) })">object({…})</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L158) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [tag_names](variables.tf#L175) | Customized names for resource management tags. | <code title="object({ context = string environment = string })">object({…})</code> | | <code title="{ context = "context" environment = "environment" }">{…}</code> | |
|
||||
| [team_folders](variables.tf#L192) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
| [automation](variables.tf#L20) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string project_id = string project_number = string federated_identity_pool = string federated_identity_providers = map(object({ issuer = string issuer_uri = string name = string principal_tpl = string principalset_tpl = string })) })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L38) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [organization](variables.tf#L141) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L165) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [cicd_repositories](variables.tf#L47) | CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ data_platform_dev = object({ branch = string identity_provider = string name = string type = string }) data_platform_prod = object({ branch = string identity_provider = string name = string type = string }) networking = object({ branch = string identity_provider = string name = string type = string }) project_factory_dev = object({ branch = string identity_provider = string name = string type = string }) project_factory_prod = object({ branch = string identity_provider = string name = string type = string }) security = object({ branch = string identity_provider = string name = string type = string }) })">object({…})</code> | | <code>null</code> | |
|
||||
| [custom_roles](variables.tf#L117) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>00-bootstrap</code> |
|
||||
| [groups](variables.tf#L126) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [organization_policy_configs](variables.tf#L151) | Organization policies customization. | <code title="object({ allowed_policy_member_domains = list(string) })">object({…})</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L159) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [tag_names](variables.tf#L176) | Customized names for resource management tags. | <code title="object({ context = string environment = string })">object({…})</code> | | <code title="{ context = "context" environment = "environment" }">{…}</code> | |
|
||||
| [team_folders](variables.tf#L193) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [cicd_repositories](outputs.tf#L143) | WIF configuration for CI/CD repositories. | | |
|
||||
| [dataplatform](outputs.tf#L155) | Data for the Data Platform stage. | | |
|
||||
| [networking](outputs.tf#L171) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L180) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L196) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L203) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L213) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L223) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L236) | Terraform variable files for the following stages. | ✓ | |
|
||||
| [cicd_repositories](outputs.tf#L145) | WIF configuration for CI/CD repositories. | | |
|
||||
| [dataplatform](outputs.tf#L159) | Data for the Data Platform stage. | | |
|
||||
| [networking](outputs.tf#L175) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L184) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L200) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L207) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L217) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L227) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L240) | Terraform variable files for the following stages. | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
||||
@@ -37,7 +37,7 @@ module "branch-dp-dev-cicd-repo" {
|
||||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-dp-dev-sa.iam_email
|
||||
service_account = module.branch-dp-dev-sa-cicd.0.id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
@@ -47,6 +47,7 @@ module "branch-dp-dev-cicd-repo" {
|
||||
}
|
||||
}
|
||||
}
|
||||
depends_on = [module.branch-dp-dev-sa-cicd]
|
||||
}
|
||||
|
||||
module "branch-dp-prod-cicd-repo" {
|
||||
@@ -68,7 +69,7 @@ module "branch-dp-prod-cicd-repo" {
|
||||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-dp-prod-sa.iam_email
|
||||
service_account = module.branch-dp-prod-sa-cicd.0.id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
@@ -78,6 +79,7 @@ module "branch-dp-prod-cicd-repo" {
|
||||
}
|
||||
}
|
||||
}
|
||||
depends_on = [module.branch-dp-prod-sa-cicd]
|
||||
}
|
||||
|
||||
# SAs used by CI/CD workflows to impersonate automation SAs
|
||||
@@ -96,7 +98,9 @@ module "branch-dp-dev-sa-cicd" {
|
||||
iam = (
|
||||
each.value.type == "sourcerepo"
|
||||
# used directly from the cloud build trigger for source repos
|
||||
? {}
|
||||
? {
|
||||
"roles/iam.serviceAccountUser" = local.automation_resman_sa
|
||||
}
|
||||
# impersonated via workload identity federation for external repos
|
||||
: {
|
||||
"roles/iam.workloadIdentityUser" = [
|
||||
@@ -135,7 +139,9 @@ module "branch-dp-prod-sa-cicd" {
|
||||
iam = (
|
||||
each.value.type == "sourcerepo"
|
||||
# used directly from the cloud build trigger for source repos
|
||||
? {}
|
||||
? {
|
||||
"roles/iam.serviceAccountUser" = local.automation_resman_sa
|
||||
}
|
||||
# impersonated via workload identity federation for external repos
|
||||
: {
|
||||
"roles/iam.workloadIdentityUser" = [
|
||||
|
||||
@@ -35,7 +35,7 @@ module "branch-network-cicd-repo" {
|
||||
fast-02-networking = {
|
||||
filename = ".cloudbuild/workflow.yaml"
|
||||
included_files = ["**/*tf", ".cloudbuild/workflow.yaml"]
|
||||
service_account = module.branch-network-sa.id
|
||||
service_account = module.branch-network-sa-cicd.0.id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
@@ -45,6 +45,7 @@ module "branch-network-cicd-repo" {
|
||||
}
|
||||
}
|
||||
}
|
||||
depends_on = [module.branch-network-sa-cicd]
|
||||
}
|
||||
|
||||
# SA used by CI/CD workflows to impersonate automation SAs
|
||||
@@ -63,7 +64,9 @@ module "branch-network-sa-cicd" {
|
||||
iam = (
|
||||
each.value.type == "sourcerepo"
|
||||
# used directly from the cloud build trigger for source repos
|
||||
? {}
|
||||
? {
|
||||
"roles/iam.serviceAccountUser" = local.automation_resman_sa
|
||||
}
|
||||
# impersonated via workload identity federation for external repos
|
||||
: {
|
||||
"roles/iam.workloadIdentityUser" = [
|
||||
|
||||
@@ -35,7 +35,7 @@ module "branch-security-cicd-repo" {
|
||||
fast-02-security = {
|
||||
filename = ".cloudbuild/workflow.yaml"
|
||||
included_files = ["**/*tf", ".cloudbuild/workflow.yaml"]
|
||||
service_account = module.branch-security-sa.id
|
||||
service_account = module.branch-security-sa-cicd.0.id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
@@ -45,6 +45,7 @@ module "branch-security-cicd-repo" {
|
||||
}
|
||||
}
|
||||
}
|
||||
depends_on = [module.branch-security-sa-cicd]
|
||||
}
|
||||
|
||||
# SA used by CI/CD workflows to impersonate automation SAs
|
||||
@@ -63,7 +64,9 @@ module "branch-security-sa-cicd" {
|
||||
iam = (
|
||||
each.value.type == "sourcerepo"
|
||||
# used directly from the cloud build trigger for source repos
|
||||
? {}
|
||||
? {
|
||||
"roles/iam.serviceAccountUser" = local.automation_resman_sa
|
||||
}
|
||||
# impersonated via workload identity federation for external repos
|
||||
: {
|
||||
"roles/iam.workloadIdentityUser" = [
|
||||
|
||||
@@ -37,7 +37,7 @@ module "branch-teams-dev-pf-cicd-repo" {
|
||||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-teams-dev-pf-sa.iam_email
|
||||
service_account = module.branch-teams-dev-pf-sa-cicd.0.id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
@@ -47,6 +47,7 @@ module "branch-teams-dev-pf-cicd-repo" {
|
||||
}
|
||||
}
|
||||
}
|
||||
depends_on = [module.branch-teams-dev-pf-sa-cicd]
|
||||
}
|
||||
|
||||
module "branch-teams-prod-pf-cicd-repo" {
|
||||
@@ -68,7 +69,7 @@ module "branch-teams-prod-pf-cicd-repo" {
|
||||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-teams-prod-pf-sa.iam_email
|
||||
service_account = module.branch-teams-prod-pf-sa-cicd.0.id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
@@ -78,6 +79,7 @@ module "branch-teams-prod-pf-cicd-repo" {
|
||||
}
|
||||
}
|
||||
}
|
||||
depends_on = [module.branch-teams-prod-pf-sa-cicd]
|
||||
}
|
||||
|
||||
# SAs used by CI/CD workflows to impersonate automation SAs
|
||||
@@ -96,7 +98,9 @@ module "branch-teams-dev-pf-sa-cicd" {
|
||||
iam = (
|
||||
each.value.type == "sourcerepo"
|
||||
# used directly from the cloud build trigger for source repos
|
||||
? {}
|
||||
? {
|
||||
"roles/iam.serviceAccountUser" = local.automation_resman_sa
|
||||
}
|
||||
# impersonated via workload identity federation for external repos
|
||||
: {
|
||||
"roles/iam.workloadIdentityUser" = [
|
||||
@@ -135,7 +139,9 @@ module "branch-teams-prod-pf-sa-cicd" {
|
||||
iam = (
|
||||
each.value.type == "sourcerepo"
|
||||
# used directly from the cloud build trigger for source repos
|
||||
? {}
|
||||
? {
|
||||
"roles/iam.serviceAccountUser" = local.automation_resman_sa
|
||||
}
|
||||
# impersonated via workload identity federation for external repos
|
||||
: {
|
||||
"roles/iam.workloadIdentityUser" = [
|
||||
|
||||
@@ -16,6 +16,13 @@
|
||||
|
||||
locals {
|
||||
# convenience flags that express where billing account resides
|
||||
automation_resman_sa = try(
|
||||
[format(
|
||||
"serviceAccount:%s",
|
||||
data.google_client_openid_userinfo.provider_identity.0.email
|
||||
)],
|
||||
[]
|
||||
)
|
||||
billing_ext = var.billing_account.organization_id == null
|
||||
billing_org = var.billing_account.organization_id == var.organization.id
|
||||
billing_org_ext = !local.billing_ext && !local.billing_org
|
||||
@@ -64,3 +71,7 @@ locals {
|
||||
try(var.automation.federated_identity_providers, null), {}
|
||||
)
|
||||
}
|
||||
|
||||
data "google_client_openid_userinfo" "provider_identity" {
|
||||
count = length(local.cicd_repositories) > 0 ? 1 : 0
|
||||
}
|
||||
|
||||
@@ -52,9 +52,11 @@ locals {
|
||||
for k, v in local.cicd_repositories : k => templatefile(
|
||||
"${path.module}/templates/workflow-${v.type}.yaml",
|
||||
merge(local.cicd_workflow_attrs[k], {
|
||||
identity_provider = local.identity_providers[v.identity_provider].name
|
||||
outputs_bucket = var.automation.outputs_bucket
|
||||
stage_name = k
|
||||
identity_provider = try(
|
||||
local.identity_providers[v.identity_provider].name, null
|
||||
)
|
||||
outputs_bucket = var.automation.outputs_bucket
|
||||
stage_name = k
|
||||
})
|
||||
)
|
||||
}
|
||||
@@ -144,9 +146,11 @@ output "cicd_repositories" {
|
||||
description = "WIF configuration for CI/CD repositories."
|
||||
value = {
|
||||
for k, v in local.cicd_repositories : k => {
|
||||
branch = v.branch
|
||||
name = v.name
|
||||
provider = local.identity_providers[v.identity_provider].name
|
||||
branch = v.branch
|
||||
name = v.name
|
||||
provider = try(
|
||||
local.identity_providers[v.identity_provider].name, null
|
||||
)
|
||||
service_account = local.cicd_workflow_attrs[k].service_account
|
||||
} if v != null
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ variable "automation" {
|
||||
type = object({
|
||||
outputs_bucket = string
|
||||
project_id = string
|
||||
project_number = string
|
||||
federated_identity_pool = string
|
||||
federated_identity_providers = map(object({
|
||||
issuer = string
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
This module allows simplified creation and management of one a service account and its IAM bindings. A key can optionally be generated and will be stored in Terraform state. To use it create a sensitive output in your root modules referencing the `key` output, then extract the private key from the JSON formatted outputs. Alternatively, the `key` can be generated with `openssl` library and only public part uploaded to the Service Account, for more refer to the [Onprem SA Key Management](../../examples/cloud-operations/onprem-sa-key-management/) example.
|
||||
|
||||
Note that this module does not fully comply with our design principles, as outputs have no dependencies on IAM bindings to prevent resource cycles.
|
||||
|
||||
## Example
|
||||
|
||||
```hcl
|
||||
@@ -64,9 +66,9 @@ module "myproject-default-service-accounts" {
|
||||
| [email](outputs.tf#L17) | Service account email. | |
|
||||
| [iam_email](outputs.tf#L25) | IAM-format service account email. | |
|
||||
| [id](outputs.tf#L33) | Service account id. | |
|
||||
| [key](outputs.tf#L38) | Service account key. | ✓ |
|
||||
| [name](outputs.tf#L44) | Service account name. | |
|
||||
| [service_account](outputs.tf#L49) | Service account resource. | |
|
||||
| [service_account_credentials](outputs.tf#L54) | Service account json credential templates for uploaded public keys data. | |
|
||||
| [key](outputs.tf#L41) | Service account key. | ✓ |
|
||||
| [name](outputs.tf#L47) | Service account name. | |
|
||||
| [service_account](outputs.tf#L52) | Service account resource. | |
|
||||
| [service_account_credentials](outputs.tf#L57) | Service account json credential templates for uploaded public keys data. | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
||||
@@ -33,6 +33,9 @@ output "iam_email" {
|
||||
output "id" {
|
||||
description = "Service account id."
|
||||
value = local.service_account.id
|
||||
depends_on = [
|
||||
local.service_account
|
||||
]
|
||||
}
|
||||
|
||||
output "key" {
|
||||
|
||||
@@ -20,6 +20,7 @@ module "stage" {
|
||||
federated_identity_pool = null
|
||||
federated_identity_providers = null
|
||||
project_id = "fast-prod-automation"
|
||||
project_number = 123456
|
||||
outputs_bucket = "test"
|
||||
}
|
||||
billing_account = {
|
||||
|
||||
Reference in New Issue
Block a user