kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CMEK support to FAST and controls for CMEK encryption (#3556)

Browse Source
This commit is contained in:
Vannick Trinquier
2025-12-14 12:14:08 +07:00
committed by GitHub
parent ab0f55216a
commit cc24046be8
70 changed files with 4236 additions and 904 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/project/README.md
View File

@@ -774,7 +774,7 @@ module "project-host" {
no-gce-instances = "resource.type=gce_instance"
}
}
# tftest modules=6 resources=19 inventory=logging.yaml e2e
# tftest inventory=logging.yaml e2e
```
## Data Access Logs
@@ -842,7 +842,7 @@ module "project" {
}
}
}
# tftest modules=2 resources=6 inventory=log-scopes.yaml
# tftest inventory=log-scopes.yaml
```
## Cloud KMS Encryption Keys

1
modules/project/cmek.tf
View File

@@ -91,5 +91,6 @@ resource "google_kms_crypto_key_iam_member" "service_agent_cmek" {
data.google_project.project,
data.google_bigquery_default_service_account.bq_sa,
data.google_storage_project_service_account.gcs_sa,
data.google_logging_project_settings.logging_sa
]
}

6
modules/project/service-agents.tf
View File

@@ -139,6 +139,12 @@ data "google_bigquery_default_service_account" "bq_sa" {
depends_on = [google_project_service.project_services]
}
data "google_logging_project_settings" "logging_sa" {
count = contains(var.services, "logging.googleapis.com") ? 1 : 0
project = local.project.project_id
depends_on = [google_project_service.project_services]
}
moved {
from = google_project_service_identity.jit_si
to = google_project_service_identity.default

1
modules/project/shared-vpc.tf
View File

@@ -154,6 +154,7 @@ resource "google_project_iam_member" "shared_vpc_host_robots" {
google_project_default_service_accounts.default_service_accounts,
data.google_bigquery_default_service_account.bq_sa,
data.google_storage_project_service_account.gcs_sa,
data.google_logging_project_settings.logging_sa
]
}