kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support domainless orgs in FAST (#2086)

Browse Source 
* bootstrap

* align org policies to domainless enforced ones

* fix #2073

* fix tests

* fix team admin attribute in resman stage
This commit is contained in:
Ludovico Magnocavallo
2024-02-19 11:29:37 +03:00
committed by GitHub
parent bee3072568
commit eb23bb62d2
12 changed files with 83 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/fast/stages/s0_bootstrap/checklist.yaml
View File

@@ -194,7 +194,7 @@ values:
module.organization.google_organization_iam_binding.bindings["organization_iam_admin_conditional"]:
condition:
- description: Automation service account delegated grants.
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/accesscontextmanager.policyAdmin','roles/compute.orgFirewallPolicyAdmin','roles/compute.xpnAdmin','roles/orgpolicy.policyAdmin','roles/resourcemanager.organizationViewer','organizations/123456789012/roles/tenantNetworkAdmin','roles/billing.admin','roles/billing.costsManager','roles/billing.user'])
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/accesscontextmanager.policyAdmin','roles/compute.orgFirewallPolicyAdmin','roles/compute.xpnAdmin','roles/orgpolicy.policyAdmin','roles/orgpolicy.policyViewer','roles/resourcemanager.organizationViewer','organizations/123456789012/roles/tenantNetworkAdmin'])
title: automation_sa_delegated_grants
members:
- serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com
@@ -363,7 +363,7 @@ counts:
google_logging_organization_sink: 3
google_logging_project_bucket_config: 3
google_org_policy_policy: 20
google_organization_iam_binding: 26
google_organization_iam_binding: 27
google_organization_iam_custom_role: 6
google_organization_iam_member: 35
google_project: 3
@@ -381,4 +381,4 @@ counts:
google_tags_tag_key: 1
google_tags_tag_value: 1
modules: 16
resources: 190
resources: 191

4
tests/fast/stages/s0_bootstrap/simple.yaml
View File

@@ -42,7 +42,7 @@ counts:
google_logging_organization_sink: 3
google_logging_project_bucket_config: 3
google_org_policy_policy: 20
google_organization_iam_binding: 26
google_organization_iam_binding: 27
google_organization_iam_custom_role: 6
google_organization_iam_member: 22
google_project: 3
@@ -61,7 +61,7 @@ counts:
google_tags_tag_value: 1
local_file: 7
modules: 15
resources: 181
resources: 182
outputs:
custom_roles: