kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fast-dev

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-10-20 13:58:44 +00:00
parent a4f9924680 48f6b4cd49
commit ec09414823
37 changed files with 1971 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/modules/folder/context.tfvars
View File

@@ -54,6 +54,23 @@ iam_bindings_additive = {
member = "$iam_principals:myuser"
}
}
pam_entitlements = {
net-admins = {
max_request_duration = "3600s"
manual_approvals = {
require_approver_justification = true
steps = [{
approvers = ["$iam_principals:mygroup"]
}]
}
eligible_users = ["$iam_principals:mygroup"]
privileged_access = [
{ role = "roles/compute.networkAdmin" },
{ role = "roles/compute.admin" },
{ role = "$custom_roles:myrole_two" }
]
}
}
tag_bindings = {
foo = "$tag_values:test/one"
}

36
tests/modules/folder/context.yaml
View File

@@ -18,7 +18,6 @@ values:
display_name: Test Context
parent: organizations/1234567890
tags: null
timeouts: null
google_folder_iam_binding.authoritative["$custom_roles:myrole_one"]:
condition: []
members:
@@ -47,14 +46,45 @@ values:
condition: []
member: user:test-user@example.com
role: organizations/366118655033/roles/myRoleTwo
google_privileged_access_manager_entitlement.default["net-admins"]:
additional_notification_targets: []
approval_workflow:
- manual_approvals:
- require_approver_justification: true
steps:
- approvals_needed: 1
approver_email_recipients: null
approvers:
- principals:
- group:test-group@example.com
eligible_users:
- principals:
- group:test-group@example.com
entitlement_id: net-admins
location: global
max_request_duration: 3600s
privileged_access:
- gcp_iam_access:
- resource_type: cloudresourcemanager.googleapis.com/Folder
role_bindings:
- condition_expression: null
role: roles/compute.networkAdmin
- condition_expression: null
role: roles/compute.admin
- condition_expression: null
role: organizations/366118655033/roles/myRoleTwo
requester_justification_config:
- not_mandatory: []
unstructured:
- {}
google_tags_tag_binding.binding["foo"]:
tag_value: tagValues/1234567890
timeouts: null
counts:
google_folder: 1
google_folder_iam_binding: 4
google_folder_iam_member: 1
google_privileged_access_manager_entitlement: 1
google_tags_tag_binding: 1
modules: 0
resources: 7
resources: 8

17
tests/modules/organization/context.tfvars
View File

@@ -100,6 +100,23 @@ logging_sinks = {
logging_settings = {
storage_location = "$locations:default"
}
pam_entitlements = {
net-admins = {
max_request_duration = "3600s"
manual_approvals = {
require_approver_justification = true
steps = [{
approvers = ["$iam_principals:mygroup"]
}]
}
eligible_users = ["$iam_principals:mygroup"]
privileged_access = [
{ role = "roles/compute.networkAdmin" },
{ role = "roles/compute.admin" },
{ role = "$custom_roles:myrole_two" }
]
}
}
tag_bindings = {
foo = "$tag_values:test/one"
}

38
tests/modules/organization/context.yaml
View File

@@ -21,7 +21,6 @@ values:
google_logging_organization_settings.default[0]:
organization: '1234567890'
storage_location: europe-west8
timeouts: null
google_logging_organization_sink.sink["test-bq"]:
bigquery_options:
- use_partitioned_tables: false
@@ -107,6 +106,39 @@ values:
member: user:test-user@example.com
org_id: '1234567890'
role: organizations/366118655033/roles/myRoleTwo
google_privileged_access_manager_entitlement.default["net-admins"]:
additional_notification_targets: []
approval_workflow:
- manual_approvals:
- require_approver_justification: true
steps:
- approvals_needed: 1
approver_email_recipients: null
approvers:
- principals:
- group:test-group@example.com
eligible_users:
- principals:
- group:test-group@example.com
entitlement_id: net-admins
location: global
max_request_duration: 3600s
parent: organizations/1234567890
privileged_access:
- gcp_iam_access:
- resource: //cloudresourcemanager.googleapis.com/organizations/1234567890
resource_type: cloudresourcemanager.googleapis.com/Organization
role_bindings:
- condition_expression: null
role: roles/compute.networkAdmin
- condition_expression: null
role: roles/compute.admin
- condition_expression: null
role: organizations/366118655033/roles/myRoleTwo
requester_justification_config:
- not_mandatory: []
unstructured:
- {}
google_project_iam_member.bucket-sinks-binding["test-logging"]:
condition:
- expression: resource.name.endsWith('projects/test-prod-audit-logs-0/locations/europe-west8/buckets/audit-logs')
@@ -129,7 +161,6 @@ values:
google_tags_tag_binding.binding["foo"]:
parent: //cloudresourcemanager.googleapis.com/organizations/1234567890
tag_value: tagValues/1234567890
timeouts: null
google_tags_tag_key_iam_binding.bindings["test:tag_user"]:
condition: []
members:
@@ -171,6 +202,7 @@ counts:
google_logging_organization_sink: 5
google_organization_iam_binding: 4
google_organization_iam_member: 1
google_privileged_access_manager_entitlement: 1
google_project_iam_member: 2
google_pubsub_topic_iam_member: 1
google_storage_bucket_iam_member: 1
@@ -180,4 +212,4 @@ counts:
google_tags_tag_value_iam_binding: 2
google_tags_tag_value_iam_member: 1
modules: 0
resources: 23
resources: 24

17
tests/modules/project/context.tfvars
View File

@@ -69,6 +69,23 @@ iam_bindings_additive = {
member = "$service_agents:compute"
}
}
pam_entitlements = {
net-admins = {
max_request_duration = "3600s"
manual_approvals = {
require_approver_justification = true
steps = [{
approvers = ["$iam_principals:mygroup"]
}]
}
eligible_users = ["$iam_principals:mygroup"]
privileged_access = [
{ role = "roles/compute.networkAdmin" },
{ role = "roles/compute.admin" },
{ role = "$custom_roles:myrole_two" }
]
}
}
services = [
"compute.googleapis.com"
]

58
tests/modules/project/context.yaml
View File

@@ -15,16 +15,61 @@
values:
google_access_context_manager_service_perimeter_resource.default["$vpc_sc_perimeters:default"]:
perimeter_name: accessPolicies/888933661165/servicePerimeters/default
timeouts: null
google_compute_shared_vpc_service_project.shared_vpc_service[0]:
deletion_policy: null
host_project: test-vpc-host
service_project: my-project
timeouts: null
google_kms_crypto_key_iam_member.service_agent_cmek["key-0.compute-system"]:
condition: []
crypto_key_id: projects/kms-central-prj/locations/europe-west1/keyRings/my-keyring/cryptoKeys/ew1-compute
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
google_privileged_access_manager_entitlement.default["net-admins"]:
additional_notification_targets: []
approval_workflow:
- manual_approvals:
- require_approver_justification: true
steps:
- approvals_needed: 1
approver_email_recipients: null
approvers:
- principals:
- group:test-group@example.com
eligible_users:
- principals:
- group:test-group@example.com
entitlement_id: net-admins
location: global
max_request_duration: 3600s
parent: projects/my-project
privileged_access:
- gcp_iam_access:
- resource: //cloudresourcemanager.googleapis.com/projects/my-project
resource_type: cloudresourcemanager.googleapis.com/Project
role_bindings:
- condition_expression: null
role: roles/compute.networkAdmin
- condition_expression: null
role: roles/compute.admin
- condition_expression: null
role: organizations/366118655033/roles/myRoleTwo
requester_justification_config:
- not_mandatory: []
unstructured:
- {}
google_project.project[0]:
auto_create_network: false
billing_account: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
folder_id: '6789012345'
labels: null
name: my-project
org_id: null
project_id: my-project
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
google_project_iam_binding.authoritative["$custom_roles:myrole_one"]:
condition: []
members:
@@ -58,6 +103,10 @@ values:
member: user:test-user@example.com
project: my-project
role: organizations/366118655033/roles/myRoleTwo
google_project_iam_member.bindings["sa_test"]:
condition: []
project: my-project
role: roles/browser
google_project_iam_member.service_agents["compute-system"]:
condition: []
project: my-project
@@ -85,10 +134,8 @@ values:
disable_on_destroy: false
project: my-project
service: compute.googleapis.com
timeouts: null
google_tags_tag_binding.binding["foo"]:
tag_value: tagValues/1234567890
timeouts: null
google_tags_tag_key_iam_binding.bindings["test:tag_user"]:
condition: []
members:
@@ -128,6 +175,7 @@ counts:
google_access_context_manager_service_perimeter_resource: 1
google_compute_shared_vpc_service_project: 1
google_kms_crypto_key_iam_member: 1
google_privileged_access_manager_entitlement: 1
google_project: 1
google_project_iam_binding: 4
google_project_iam_member: 7
@@ -138,4 +186,4 @@ counts:
google_tags_tag_value_iam_binding: 2
google_tags_tag_value_iam_member: 1
modules: 0
resources: 23
resources: 24

110
tests/modules/project_factory/examples/example.yaml
View File

@@ -36,7 +36,6 @@ values:
storage_class: STANDARD
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
uniform_bucket_level_access: true
versioning:
- enabled: false
@@ -64,7 +63,6 @@ values:
email: dev-tb-app0-0-ro@test-pf-teams-iac-0.iam.gserviceaccount.com
member: serviceAccount:dev-tb-app0-0-ro@test-pf-teams-iac-0.iam.gserviceaccount.com
project: test-pf-teams-iac-0
timeouts: null
? module.project-factory.module.automation-service-accounts["dev-tb-app0-0/automation/rw"].google_service_account.service_account[0]
: account_id: dev-tb-app0-0-rw
create_ignore_already_exists: null
@@ -74,7 +72,6 @@ values:
email: dev-tb-app0-0-rw@test-pf-teams-iac-0.iam.gserviceaccount.com
member: serviceAccount:dev-tb-app0-0-rw@test-pf-teams-iac-0.iam.gserviceaccount.com
project: test-pf-teams-iac-0
timeouts: null
module.project-factory.module.billing-budgets[0].google_billing_budget.default["test-100"]:
all_updates_rule:
- disable_default_iam_recipients: true
@@ -103,7 +100,6 @@ values:
threshold_percent: 0.5
- spend_basis: CURRENT_SPEND
threshold_percent: 0.75
timeouts: null
module.project-factory.module.billing-budgets[0].google_monitoring_notification_channel.default["billing-default"]:
description: null
display_name: Budget email notification billing-default.
@@ -113,7 +109,6 @@ values:
email_address: gcp-billing-admins@example.org
project: foo-billing-audit
sensitive_labels: []
timeouts: null
type: email
user_labels: null
module.project-factory.module.folder-1-iam["team-a"].google_folder_iam_binding.authoritative["roles/viewer"]:
@@ -127,24 +122,20 @@ values:
display_name: Team A
parent: folders/5678901234
tags: null
timeouts: null
module.project-factory.module.folder-1["team-b"].google_folder.folder[0]:
deletion_protection: false
display_name: Team B
parent: folders/5678901234
tags: null
timeouts: null
module.project-factory.module.folder-1["team-c"].google_folder.folder[0]:
deletion_protection: false
display_name: Team C
parent: folders/5678901234
tags: null
timeouts: null
module.project-factory.module.folder-2["team-a/app-0"].google_folder.folder[0]:
deletion_protection: false
display_name: App 0
tags: null
timeouts: null
module.project-factory.module.folder-2["team-a/app-0"].google_org_policy_policy.default["compute.disableSerialPortAccess"]:
dry_run_spec: []
spec:
@@ -157,20 +148,43 @@ values:
enforce: 'FALSE'
parameters: null
values: []
timeouts: null
? module.project-factory.module.folder-2["team-a/app-0"].google_privileged_access_manager_entitlement.default["app-0-admins"]
: additional_notification_targets: []
approval_workflow:
- manual_approvals:
- require_approver_justification: true
steps:
- approvals_needed: 1
approver_email_recipients: null
approvers:
- principals:
- group:app-0-admins@example.org
eligible_users:
- principals:
- group:app-a-ops@example.org
entitlement_id: app-0-admins
location: global
max_request_duration: 3600s
privileged_access:
- gcp_iam_access:
- resource_type: cloudresourcemanager.googleapis.com/Folder
role_bindings:
- condition_expression: null
role: roles/writer
requester_justification_config:
- not_mandatory: []
unstructured:
- {}
module.project-factory.module.folder-2["team-b/app-0"].google_folder.folder[0]:
deletion_protection: false
display_name: App 0
tags: null
timeouts: null
module.project-factory.module.folder-2["team-b/app-0"].google_tags_tag_binding.binding["drs-allow-all"]:
tag_value: tagValues/123456
timeouts: null
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_compute_shared_vpc_service_project.shared_vpc_service[0]
: deletion_policy: null
host_project: $project_ids:dev-spoke-0
service_project: test-pf-dev-ta-app0-be
timeouts: null
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_kms_crypto_key_iam_member.service_agent_cmek["key-0.compute-system"]
: condition: []
crypto_key_id: projects/kms-central-prj/locations/europe-west1/keyRings/my-keyring/cryptoKeys/ew1-compute
@@ -179,6 +193,37 @@ values:
: condition: []
crypto_key_id: projects/kms-central-prj/locations/europe-west3/keyRings/my-keyring/cryptoKeys/europe3-gce
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_privileged_access_manager_entitlement.default["project-admins"]
: additional_notification_targets: []
approval_workflow:
- manual_approvals:
- require_approver_justification: true
steps:
- approvals_needed: 1
approver_email_recipients: null
approvers:
- principals:
- group:team-a-admins@example
eligible_users:
- principals:
- group:team-a-ops@example.org
entitlement_id: project-admins
location: global
max_request_duration: 3600s
parent: projects/test-pf-dev-ta-app0-be
privileged_access:
- gcp_iam_access:
- resource: //cloudresourcemanager.googleapis.com/projects/test-pf-dev-ta-app0-be
resource_type: cloudresourcemanager.googleapis.com/Project
role_bindings:
- condition_expression: null
role: roles/compute.admin
- condition_expression: null
role: roles/bigquery.admin
requester_justification_config:
- not_mandatory: []
unstructured:
- {}
? module.project-factory.module.projects-iam["dev-ta-app0-be"].google_project_iam_binding.authoritative["roles/cloudkms.cryptoKeyEncrypterDecrypter"]
: condition: []
project: test-pf-dev-ta-app0-be
@@ -204,7 +249,6 @@ values:
role: roles/container.hostServiceAgentUser
module.project-factory.module.projects-iam["dev-tb-app0-0"].google_compute_shared_vpc_host_project.shared_vpc_host[0]:
project: test-pf-dev-tb-app0-0
timeouts: null
module.project-factory.module.projects-iam["dev-tb-app0-0"].google_project_iam_binding.authoritative["roles/owner"]:
condition: []
members:
@@ -238,7 +282,6 @@ values:
notification_category_subscriptions:
- ALL
parent: projects/test-pf-dev-ta-app0-be
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-BCDEF0
@@ -261,7 +304,6 @@ values:
environment: test
goog-terraform-provisioned: 'true'
team: team-a
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_project_iam_member.service_agents["compute-system"]:
condition: []
project: test-pf-dev-ta-app0-be
@@ -279,47 +321,38 @@ values:
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: compute.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_project_service.project_services["container.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: container.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-ta-app0-be
service: storage.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_project_service_identity.default["container.googleapis.com"]
: project: test-pf-dev-ta-app0-be
service: container.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_binding.binding["context"]:
tag_value: tagValues/654321
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_key.default["my-tag-key-1"]:
description: Managed by the Terraform project-factory module.
parent: projects/test-pf-dev-ta-app0-be
purpose: null
purpose_data: null
short_name: my-tag-key-1
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_value.default["my-tag-key-1/my-value-1"]:
description: My value 1
short_name: my-value-1
timeouts: null
module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_value.default["my-tag-key-1/my-value-2"]:
description: My value 3
short_name: my-value-2
timeouts: null
? module.project-factory.module.projects["dev-ta-app0-be"].google_tags_tag_value_iam_binding.default["my-tag-key-1/my-value-2:roles/resourcemanager.tagUser"]
: condition: []
members:
@@ -334,7 +367,6 @@ values:
notification_category_subscriptions:
- ALL
parent: projects/test-pf-dev-tb-app0-0
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project.project[0]:
auto_create_network: false
billing_account: 123456-123456-123456
@@ -351,7 +383,6 @@ values:
terraform_labels:
environment: test
goog-terraform-provisioned: 'true'
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project_iam_member.service_agents["serverless-robot-prod"]:
condition: []
project: test-pf-dev-tb-app0-0
@@ -361,23 +392,19 @@ values:
disable_on_destroy: false
project: test-pf-dev-tb-app0-0
service: run.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-tb-app0-0"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-0
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-0
service: storage.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-0"].google_project_service_identity.default["run.googleapis.com"]:
project: test-pf-dev-tb-app0-0
service: run.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].data.google_storage_project_service_account.gcs_sa[0]:
project: test-pf-dev-tb-app0-1
user_project: null
@@ -387,7 +414,6 @@ values:
notification_category_subscriptions:
- ALL
parent: projects/test-pf-dev-tb-app0-1
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-BCDEF0
@@ -410,7 +436,6 @@ values:
environment: test
goog-terraform-provisioned: 'true'
team: team-b
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].google_project_iam_member.service_agents["container-engine-robot"]:
condition: []
project: test-pf-dev-tb-app0-1
@@ -424,23 +449,19 @@ values:
disable_on_destroy: false
project: test-pf-dev-tb-app0-1
service: container.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-tb-app0-1"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-1
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["dev-tb-app0-1"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-dev-tb-app0-1
service: storage.googleapis.com
timeouts: null
? module.project-factory.module.projects["dev-tb-app0-1"].google_project_service_identity.default["container.googleapis.com"]
: project: test-pf-dev-tb-app0-1
service: container.googleapis.com
timeouts: null
module.project-factory.module.projects["teams-iac-0"].data.google_storage_project_service_account.gcs_sa[0]:
project: test-pf-teams-iac-0
user_project: null
@@ -450,7 +471,6 @@ values:
notification_category_subscriptions:
- ALL
parent: projects/test-pf-teams-iac-0
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_org_policy_policy.default["compute.disableSerialPortAccess"]:
dry_run_spec: []
name: projects/test-pf-teams-iac-0/policies/compute.disableSerialPortAccess
@@ -465,7 +485,6 @@ values:
enforce: 'FALSE'
parameters: null
values: []
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-BCDEF0
@@ -483,7 +502,6 @@ values:
terraform_labels:
environment: test
goog-terraform-provisioned: 'true'
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project_iam_member.service_agents["container-engine-robot"]:
condition: []
project: test-pf-teams-iac-0
@@ -497,23 +515,19 @@ values:
disable_on_destroy: false
project: test-pf-teams-iac-0
service: container.googleapis.com
timeouts: null
? module.project-factory.module.projects["teams-iac-0"].google_project_service.project_services["stackdriver.googleapis.com"]
: disable_dependent_services: false
disable_on_destroy: false
project: test-pf-teams-iac-0
service: stackdriver.googleapis.com
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project_service.project_services["storage.googleapis.com"]:
disable_dependent_services: false
disable_on_destroy: false
project: test-pf-teams-iac-0
service: storage.googleapis.com
timeouts: null
module.project-factory.module.projects["teams-iac-0"].google_project_service_identity.default["container.googleapis.com"]:
project: test-pf-teams-iac-0
service: container.googleapis.com
timeouts: null
? module.project-factory.module.service-accounts["dev-ta-app0-be/app-0-be"].google_project_iam_member.project-roles["$project_ids:dev-spoke-0-roles/compute.networkUser"]
: condition: []
project: $project_ids:dev-spoke-0
@@ -535,7 +549,6 @@ values:
email: app-0-be@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
member: serviceAccount:app-0-be@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
project: test-pf-dev-ta-app0-be
timeouts: null
? module.project-factory.module.service-accounts["dev-ta-app0-be/app-0-fe"].google_project_iam_member.project-roles["$project_ids:dev-spoke-0-roles/compute.networkUser"]
: condition: []
project: $project_ids:dev-spoke-0
@@ -557,7 +570,6 @@ values:
email: app-0-fe@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
member: serviceAccount:app-0-fe@test-pf-dev-ta-app0-be.iam.gserviceaccount.com
project: test-pf-dev-ta-app0-be
timeouts: null
? module.project-factory.module.service-accounts["dev-tb-app0-0/vm-default"].google_project_iam_member.project-roles["$project_ids:dev-tb-app0-0-roles/logging.logWriter"]
: condition: []
project: test-pf-dev-tb-app0-0
@@ -575,7 +587,6 @@ values:
email: vm-default@test-pf-dev-tb-app0-0.iam.gserviceaccount.com
member: serviceAccount:vm-default@test-pf-dev-tb-app0-0.iam.gserviceaccount.com
project: test-pf-dev-tb-app0-0
timeouts: null
? module.project-factory.module.service-accounts["dev-tb-app0-1/app-0-be"].google_project_iam_member.project-roles["$project_ids:dev-tb-app0-1-roles/logging.logWriter"]
: condition: []
project: test-pf-dev-tb-app0-1
@@ -593,7 +604,6 @@ values:
email: app-0-be@test-pf-dev-tb-app0-1.iam.gserviceaccount.com
member: serviceAccount:app-0-be@test-pf-dev-tb-app0-1.iam.gserviceaccount.com
project: test-pf-dev-tb-app0-1
timeouts: null
? module.project-factory.module.service_accounts-iam["dev-tb-app0-0/vm-default"].data.google_service_account.service_account[0]
: account_id: vm-default
? module.project-factory.module.service_accounts-iam["dev-tb-app0-0/vm-default"].google_service_account_iam_binding.authoritative["roles/iam.serviceAccountTokenCreator"]
@@ -605,7 +615,6 @@ values:
input: null
output: null
triggers_replace: null
counts:
google_billing_budget: 1
google_compute_shared_vpc_host_project: 1
@@ -616,6 +625,7 @@ counts:
google_kms_crypto_key_iam_member: 2
google_monitoring_notification_channel: 1
google_org_policy_policy: 2
google_privileged_access_manager_entitlement: 2
google_project: 4
google_project_iam_binding: 6
google_project_iam_member: 21
@@ -631,5 +641,5 @@ counts:
google_tags_tag_value: 2
google_tags_tag_value_iam_binding: 1
modules: 23
resources: 88
resources: 90
terraform_data: 1