Refactor service agent management (#2423)

* Service agents script * Service agents update * WIP * Update script and terraform * Fix tests * Fix linter * Update docs * Bring back pf example inventory * Fix tests * Fix more tests * Fix tests * Use dataclasses for build_service_agents.py * Remove unneeded field() from build_service_agents * Re-enable CMEK depends_on in project outputs * Update tools/requirements.txt * Enable storage in GCS example projects * Fix tests * Add CMEK Service Agents dependencies for services * Fix typos and data platform cmek * More typos
2024-07-23 22:05:38 +02:00
parent e49b2d686f
commit c0bf32e797
147 changed files with 3676 additions and 1301 deletions
--- a/blueprints/cloud-operations/adfs/README.md
+++ b/blueprints/cloud-operations/adfs/README.md
@@ -89,5 +89,5 @@ module "test" {
  ad_dns_domain_name   = "example.com"
  adfs_dns_domain_name = "adfs.example.com"
 }
-# tftest modules=5 resources=20
+# tftest modules=5 resources=25
 ```
--- a/blueprints/cloud-operations/asset-inventory-feed-remediation/README.md
+++ b/blueprints/cloud-operations/asset-inventory-feed-remediation/README.md
@@ -82,5 +82,5 @@ module "test" {
  project_id     = "project-1"
 }

-# tftest modules=7 resources=23
+# tftest modules=7 resources=28
 ```
--- a/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf
+++ b/blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2023 Google LLC
+ * Copyright 2024 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -63,7 +63,7 @@ module "pubsub" {
  }
  iam = {
    "roles/pubsub.publisher" = [
-      "serviceAccount:${module.project.service_accounts.robots.cloudasset}"
+      module.project.service_agents.cloudasset.iam_email
    ]
  }
 }
--- a/blueprints/cloud-operations/compute-quota-monitoring/README.md
+++ b/blueprints/cloud-operations/compute-quota-monitoring/README.md
@@ -79,5 +79,5 @@ module "test" {
    billing_account = "12345-ABCDE-12345"
  }
 }
-# tftest modules=4 resources=19
+# tftest modules=4 resources=26
 ```
--- a/blueprints/cloud-operations/dns-fine-grained-iam/README.md
+++ b/blueprints/cloud-operations/dns-fine-grained-iam/README.md
@@ -128,5 +128,5 @@ module "test1" {
  project_create = true
  project_id     = "test"
 }
-# tftest modules=9 resources=27
+# tftest modules=9 resources=32
 ```
--- a/blueprints/cloud-operations/dns-shared-vpc/README.md
+++ b/blueprints/cloud-operations/dns-shared-vpc/README.md
@@ -51,5 +51,5 @@ module "test" {
  shared_vpc_link    = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
  teams              = ["team1", "team2"]
 }
-# tftest modules=9 resources=16
+# tftest modules=9 resources=22
 ```
--- a/blueprints/cloud-operations/packer-image-builder/README.md
+++ b/blueprints/cloud-operations/packer-image-builder/README.md
@@ -115,5 +115,5 @@ module "test" {
  packer_account_users = ["user:john@example.com"]
  create_packer_vars   = true
 }
-# tftest modules=7 resources=19 files=pkrvars
+# tftest modules=7 resources=20 files=pkrvars
 ```
--- a/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/README.md
+++ b/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/README.md
@@ -101,5 +101,5 @@ module "test" {
  project_create = true
  project_id     = "project-1"
 }
-# tftest modules=8 resources=34
+# tftest modules=8 resources=42
 ```
--- a/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/main.tf
+++ b/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/main.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2023 Google LLC
+ * Copyright 2024 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -36,9 +36,9 @@ module "project" {
    "pubsub.googleapis.com"
  ]
  iam = {
-    "roles/resourcemanager.projectIamAdmin" = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
-    "roles/bigquery.dataEditor"             = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
-    "roles/bigquery.user"                   = ["serviceAccount:${module.project.service_accounts.robots.cloudasset}"]
+    "roles/resourcemanager.projectIamAdmin" = [module.project.service_agents.cloudasset.iam_email]
+    "roles/bigquery.dataEditor"             = [module.project.service_agents.cloudasset.iam_email]
+    "roles/bigquery.user"                   = [module.project.service_agents.cloudasset.iam_email]
  }
 }

--- a/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md
+++ b/blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md
@@ -128,5 +128,5 @@ module "test" {
  billing_account = "123456-123456-123456"
  project_create  = true
 }
-# tftest modules=11 resources=37
+# tftest modules=11 resources=46
 ```
--- a/blueprints/cloud-operations/vm-migration/host-target-projects/README.md
+++ b/blueprints/cloud-operations/vm-migration/host-target-projects/README.md
@@ -60,5 +60,5 @@ module "test-target-project" {
  project_create  = true
 }

-# tftest modules=5 resources=24
+# tftest modules=5 resources=28
 ```
--- a/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md
+++ b/blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md
@@ -75,5 +75,5 @@ module "test-sharedvpc-host-project" {
  project_create  = true
 }

-# tftest modules=7 resources=25
+# tftest modules=7 resources=29
 ```
--- a/blueprints/cloud-operations/vm-migration/single-project/README.md
+++ b/blueprints/cloud-operations/vm-migration/single-project/README.md
@@ -49,5 +49,5 @@ module "test" {
  migration_admin  = "user:admin@example.com"
  migration_viewer = "user:viewer@example.com"
 }
-# tftest modules=5 resources=22
+# tftest modules=5 resources=27
 ```