Skip to content

Commit 8caaf2d

Browse files
author
Zheng Qin
committed
addressing comments
1 parent 2c8f70c commit 8caaf2d

File tree

7 files changed

+40
-36
lines changed

7 files changed

+40
-36
lines changed

metadata.yaml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -387,10 +387,12 @@ spec:
387387
- level: Project
388388
roles:
389389
- roles/bigquery.admin
390-
- roles/iam.serviceAccountAdmin
391-
- roles/resourcemanager.projectIamAdmin
390+
- roles/storage.admin
391+
- roles/cloudkms.cryptoKeyEncrypterDecrypter
392392
services:
393393
- bigquery.googleapis.com
394+
- bigquerystorage.googleapis.com
395+
- cloudkms.googleapis.com
394396
- cloudresourcemanager.googleapis.com
395397
- iam.googleapis.com
396398
providerVersions:

modules/authorization/metadata.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -93,20 +93,20 @@ spec:
9393
roles:
9494
- level: Project
9595
roles:
96+
- roles/run.invoker
97+
- roles/storage.admin
9698
- roles/workflows.admin
99+
- roles/bigquery.admin
100+
- roles/aiplatform.admin
97101
- roles/cloudfunctions.admin
98102
- roles/dataform.admin
99-
- roles/datalineage.viewer
100-
- roles/iam.serviceAccountAdmin
101103
- roles/iam.serviceAccountTokenCreator
102104
- roles/iam.serviceAccountUser
103105
- roles/logging.configWriter
104-
- roles/resourcemanager.projectIamAdmin
105-
- roles/bigquery.admin
106-
- roles/aiplatform.admin
107-
- roles/run.invoker
108106
- roles/serviceusage.serviceUsageAdmin
109-
- roles/storage.admin
107+
- roles/datalineage.viewer
108+
- roles/iam.serviceAccountAdmin
109+
- roles/resourcemanager.projectIamAdmin
110110
services:
111111
- bigquery.googleapis.com
112112
- bigqueryconnection.googleapis.com

modules/data_warehouse/metadata.yaml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -135,20 +135,20 @@ spec:
135135
roles:
136136
- level: Project
137137
roles:
138+
- roles/storage.admin
139+
- roles/aiplatform.admin
140+
- roles/cloudfunctions.admin
138141
- roles/dataform.admin
142+
- roles/iam.serviceAccountUser
143+
- roles/serviceusage.serviceUsageAdmin
144+
- roles/workflows.admin
145+
- roles/bigquery.admin
139146
- roles/datalineage.viewer
147+
- roles/iam.serviceAccountAdmin
140148
- roles/iam.serviceAccountTokenCreator
141149
- roles/logging.configWriter
142-
- roles/run.invoker
143-
- roles/workflows.admin
144-
- roles/aiplatform.admin
145-
- roles/iam.serviceAccountAdmin
146-
- roles/iam.serviceAccountUser
147150
- roles/resourcemanager.projectIamAdmin
148-
- roles/serviceusage.serviceUsageAdmin
149-
- roles/storage.admin
150-
- roles/bigquery.admin
151-
- roles/cloudfunctions.admin
151+
- roles/run.invoker
152152
services:
153153
- bigquery.googleapis.com
154154
- bigqueryconnection.googleapis.com

modules/scheduled_queries/metadata.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -60,19 +60,19 @@ spec:
6060
- level: Project
6161
roles:
6262
- roles/cloudfunctions.admin
63-
- roles/iam.serviceAccountAdmin
64-
- roles/serviceusage.serviceUsageAdmin
65-
- roles/storage.admin
66-
- roles/workflows.admin
67-
- roles/aiplatform.admin
6863
- roles/dataform.admin
6964
- roles/datalineage.viewer
70-
- roles/iam.serviceAccountTokenCreator
71-
- roles/iam.serviceAccountUser
72-
- roles/logging.configWriter
7365
- roles/resourcemanager.projectIamAdmin
7466
- roles/run.invoker
67+
- roles/workflows.admin
7568
- roles/bigquery.admin
69+
- roles/aiplatform.admin
70+
- roles/iam.serviceAccountAdmin
71+
- roles/iam.serviceAccountTokenCreator
72+
- roles/iam.serviceAccountUser
73+
- roles/logging.configWriter
74+
- roles/serviceusage.serviceUsageAdmin
75+
- roles/storage.admin
7676
services:
7777
- bigquery.googleapis.com
7878
- bigqueryconnection.googleapis.com

modules/udf/metadata.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -63,20 +63,20 @@ spec:
6363
roles:
6464
- level: Project
6565
roles:
66-
- roles/dataform.admin
6766
- roles/iam.serviceAccountAdmin
67+
- roles/iam.serviceAccountTokenCreator
6868
- roles/iam.serviceAccountUser
6969
- roles/resourcemanager.projectIamAdmin
70+
- roles/serviceusage.serviceUsageAdmin
71+
- roles/bigquery.admin
72+
- roles/cloudfunctions.admin
73+
- roles/logging.configWriter
7074
- roles/run.invoker
75+
- roles/storage.admin
7176
- roles/workflows.admin
72-
- roles/bigquery.admin
7377
- roles/aiplatform.admin
78+
- roles/dataform.admin
7479
- roles/datalineage.viewer
75-
- roles/iam.serviceAccountTokenCreator
76-
- roles/logging.configWriter
77-
- roles/serviceusage.serviceUsageAdmin
78-
- roles/storage.admin
79-
- roles/cloudfunctions.admin
8080
services:
8181
- bigquery.googleapis.com
8282
- bigqueryconnection.googleapis.com

test/setup/iam.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@ locals {
1818
per_module_roles = {
1919
root = [
2020
"roles/bigquery.admin",
21-
"roles/iam.serviceAccountAdmin",
22-
"roles/resourcemanager.projectIamAdmin",
21+
"roles/storage.admin",
22+
"roles/cloudkms.cryptoKeyEncrypterDecrypter",
2323
]
2424
authorization = [
2525
"roles/bigquery.admin",

test/setup/main.tf

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,11 @@
1616
locals {
1717
per_module_services = {
1818
root = [
19+
"iam.googleapis.com",
20+
"cloudkms.googleapis.com",
1921
"cloudresourcemanager.googleapis.com",
2022
"bigquery.googleapis.com",
21-
"iam.googleapis.com",
23+
"bigquerystorage.googleapis.com",
2224
]
2325
authorization = [
2426
"cloudkms.googleapis.com",

0 commit comments

Comments
 (0)