Skip to content

Commit 15a5f00

Browse files
author
Zheng Qin
committed
feat: per module requirements configs
1 parent 6e7e878 commit 15a5f00

File tree

8 files changed

+135
-73
lines changed

8 files changed

+135
-73
lines changed

Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
# Make will use bash instead of sh
1919
SHELL := /usr/bin/env bash
2020

21-
DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.25
21+
DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.25.4
2222
DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
2323
REGISTRY_URL := gcr.io/cloud-foundation-cicd
2424

@@ -79,7 +79,7 @@ docker_generate_docs:
7979
-e ENABLE_BPMETADATA=1 \
8080
-v "$(CURDIR)":/workspace \
8181
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
82-
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
82+
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs --per-module-requirements'
8383

8484
## Generate files from autogen
8585
.PHONY: docker_generate_modules

metadata.yaml

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -334,9 +334,6 @@ spec:
334334
description: The default URL map used by this module.
335335
requirements:
336336
roles:
337-
- level: Project
338-
roles:
339-
- roles/compute.xpnAdmin
340337
- level: Project
341338
roles:
342339
- roles/storage.admin
@@ -347,13 +344,13 @@ spec:
347344
- roles/vpcaccess.admin
348345
- roles/iam.serviceAccountAdmin
349346
services:
347+
- certificatemanager.googleapis.com
350348
- cloudresourcemanager.googleapis.com
351-
- storage-api.googleapis.com
352-
- serviceusage.googleapis.com
353349
- compute.googleapis.com
354-
- run.googleapis.com
355350
- iam.googleapis.com
356-
- certificatemanager.googleapis.com
351+
- run.googleapis.com
352+
- serviceusage.googleapis.com
353+
- storage-api.googleapis.com
357354
- vpcaccess.googleapis.com
358355
providerVersions:
359356
- source: hashicorp/google

modules/backend/metadata.yaml

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -323,24 +323,21 @@ spec:
323323
roles:
324324
- level: Project
325325
roles:
326-
- roles/compute.xpnAdmin
327-
- level: Project
328-
roles:
326+
- roles/vpcaccess.admin
327+
- roles/iam.serviceAccountAdmin
329328
- roles/storage.admin
330329
- roles/compute.admin
331330
- roles/run.admin
332331
- roles/iam.serviceAccountUser
333332
- roles/certificatemanager.owner
334-
- roles/vpcaccess.admin
335-
- roles/iam.serviceAccountAdmin
336333
services:
334+
- certificatemanager.googleapis.com
337335
- cloudresourcemanager.googleapis.com
338-
- storage-api.googleapis.com
339-
- serviceusage.googleapis.com
340336
- compute.googleapis.com
341-
- run.googleapis.com
342337
- iam.googleapis.com
343-
- certificatemanager.googleapis.com
338+
- run.googleapis.com
339+
- serviceusage.googleapis.com
340+
- storage-api.googleapis.com
344341
- vpcaccess.googleapis.com
345342
providerVersions:
346343
- source: hashicorp/google

modules/dynamic_backends/metadata.yaml

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -328,24 +328,21 @@ spec:
328328
roles:
329329
- level: Project
330330
roles:
331-
- roles/compute.xpnAdmin
332-
- level: Project
333-
roles:
334-
- roles/storage.admin
335-
- roles/compute.admin
336331
- roles/run.admin
337332
- roles/iam.serviceAccountUser
338333
- roles/certificatemanager.owner
339334
- roles/vpcaccess.admin
340335
- roles/iam.serviceAccountAdmin
336+
- roles/storage.admin
337+
- roles/compute.admin
341338
services:
339+
- certificatemanager.googleapis.com
342340
- cloudresourcemanager.googleapis.com
343-
- storage-api.googleapis.com
344-
- serviceusage.googleapis.com
345341
- compute.googleapis.com
346-
- run.googleapis.com
347342
- iam.googleapis.com
348-
- certificatemanager.googleapis.com
343+
- run.googleapis.com
344+
- serviceusage.googleapis.com
345+
- storage-api.googleapis.com
349346
- vpcaccess.googleapis.com
350347
providerVersions:
351348
- source: hashicorp/google

modules/frontend/metadata.yaml

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -236,24 +236,21 @@ spec:
236236
roles:
237237
- level: Project
238238
roles:
239-
- roles/compute.xpnAdmin
240-
- level: Project
241-
roles:
239+
- roles/iam.serviceAccountAdmin
242240
- roles/storage.admin
243241
- roles/compute.admin
244242
- roles/run.admin
245243
- roles/iam.serviceAccountUser
246244
- roles/certificatemanager.owner
247245
- roles/vpcaccess.admin
248-
- roles/iam.serviceAccountAdmin
249246
services:
247+
- certificatemanager.googleapis.com
250248
- cloudresourcemanager.googleapis.com
251-
- storage-api.googleapis.com
252-
- serviceusage.googleapis.com
253249
- compute.googleapis.com
254-
- run.googleapis.com
255250
- iam.googleapis.com
256-
- certificatemanager.googleapis.com
251+
- run.googleapis.com
252+
- serviceusage.googleapis.com
253+
- storage-api.googleapis.com
257254
- vpcaccess.googleapis.com
258255
providerVersions:
259256
- source: hashicorp/google

modules/serverless_negs/metadata.yaml

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -292,24 +292,21 @@ spec:
292292
roles:
293293
- level: Project
294294
roles:
295-
- roles/compute.xpnAdmin
296-
- level: Project
297-
roles:
298-
- roles/storage.admin
299-
- roles/compute.admin
300295
- roles/run.admin
301296
- roles/iam.serviceAccountUser
302297
- roles/certificatemanager.owner
303298
- roles/vpcaccess.admin
304299
- roles/iam.serviceAccountAdmin
300+
- roles/storage.admin
301+
- roles/compute.admin
305302
services:
303+
- certificatemanager.googleapis.com
306304
- cloudresourcemanager.googleapis.com
307-
- storage-api.googleapis.com
308-
- serviceusage.googleapis.com
309305
- compute.googleapis.com
310-
- run.googleapis.com
311306
- iam.googleapis.com
312-
- certificatemanager.googleapis.com
307+
- run.googleapis.com
308+
- serviceusage.googleapis.com
309+
- storage-api.googleapis.com
313310
- vpcaccess.googleapis.com
314311
providerVersions:
315312
- source: hashicorp/google

test/setup/iam.tf

Lines changed: 49 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,55 @@
1515
*/
1616

1717
locals {
18-
int_required_project_roles = [
19-
"roles/storage.admin",
20-
"roles/compute.admin",
21-
"roles/run.admin",
22-
"roles/iam.serviceAccountUser",
23-
"roles/certificatemanager.owner",
24-
"roles/vpcaccess.admin",
25-
"roles/iam.serviceAccountAdmin"
26-
]
18+
per_module_roles = {
19+
root = [
20+
"roles/storage.admin",
21+
"roles/compute.admin",
22+
"roles/run.admin",
23+
"roles/iam.serviceAccountUser",
24+
"roles/certificatemanager.owner",
25+
"roles/vpcaccess.admin",
26+
"roles/iam.serviceAccountAdmin"
27+
]
28+
backend = [
29+
"roles/storage.admin",
30+
"roles/compute.admin",
31+
"roles/run.admin",
32+
"roles/iam.serviceAccountUser",
33+
"roles/certificatemanager.owner",
34+
"roles/vpcaccess.admin",
35+
"roles/iam.serviceAccountAdmin"
36+
]
37+
dynamic_backends = [
38+
"roles/storage.admin",
39+
"roles/compute.admin",
40+
"roles/run.admin",
41+
"roles/iam.serviceAccountUser",
42+
"roles/certificatemanager.owner",
43+
"roles/vpcaccess.admin",
44+
"roles/iam.serviceAccountAdmin"
45+
]
46+
frontend = [
47+
"roles/storage.admin",
48+
"roles/compute.admin",
49+
"roles/run.admin",
50+
"roles/iam.serviceAccountUser",
51+
"roles/certificatemanager.owner",
52+
"roles/vpcaccess.admin",
53+
"roles/iam.serviceAccountAdmin"
54+
]
55+
serverless_negs = [
56+
"roles/storage.admin",
57+
"roles/compute.admin",
58+
"roles/run.admin",
59+
"roles/iam.serviceAccountUser",
60+
"roles/certificatemanager.owner",
61+
"roles/vpcaccess.admin",
62+
"roles/iam.serviceAccountAdmin"
63+
]
64+
}
65+
66+
int_required_project_roles = tolist(toset(flatten(values(local.per_module_roles))))
2767
int_required_folder_roles = [
2868
"roles/compute.xpnAdmin"
2969
]

test/setup/main.tf

Lines changed: 57 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,61 @@
1414
* limitations under the License.
1515
*/
1616

17+
locals {
18+
per_module_services = {
19+
root = [
20+
"cloudresourcemanager.googleapis.com",
21+
"storage-api.googleapis.com",
22+
"serviceusage.googleapis.com",
23+
"compute.googleapis.com",
24+
"run.googleapis.com",
25+
"iam.googleapis.com",
26+
"certificatemanager.googleapis.com",
27+
"vpcaccess.googleapis.com",
28+
]
29+
backend = [
30+
"cloudresourcemanager.googleapis.com",
31+
"storage-api.googleapis.com",
32+
"serviceusage.googleapis.com",
33+
"compute.googleapis.com",
34+
"run.googleapis.com",
35+
"iam.googleapis.com",
36+
"certificatemanager.googleapis.com",
37+
"vpcaccess.googleapis.com",
38+
]
39+
dynamic_backends = [
40+
"cloudresourcemanager.googleapis.com",
41+
"storage-api.googleapis.com",
42+
"serviceusage.googleapis.com",
43+
"compute.googleapis.com",
44+
"run.googleapis.com",
45+
"iam.googleapis.com",
46+
"certificatemanager.googleapis.com",
47+
"vpcaccess.googleapis.com",
48+
]
49+
frontend = [
50+
"cloudresourcemanager.googleapis.com",
51+
"storage-api.googleapis.com",
52+
"serviceusage.googleapis.com",
53+
"compute.googleapis.com",
54+
"run.googleapis.com",
55+
"iam.googleapis.com",
56+
"certificatemanager.googleapis.com",
57+
"vpcaccess.googleapis.com",
58+
]
59+
serverless_negs = [
60+
"cloudresourcemanager.googleapis.com",
61+
"storage-api.googleapis.com",
62+
"serviceusage.googleapis.com",
63+
"compute.googleapis.com",
64+
"run.googleapis.com",
65+
"iam.googleapis.com",
66+
"certificatemanager.googleapis.com",
67+
"vpcaccess.googleapis.com",
68+
]
69+
}
70+
}
71+
1772
module "project-ci-lb-http" {
1873
source = "terraform-google-modules/project-factory/google"
1974
version = "~> 17.0"
@@ -28,16 +83,7 @@ module "project-ci-lb-http" {
2883
disable_services_on_destroy = false
2984
deletion_policy = "DELETE"
3085

31-
activate_apis = [
32-
"cloudresourcemanager.googleapis.com",
33-
"storage-api.googleapis.com",
34-
"serviceusage.googleapis.com",
35-
"compute.googleapis.com",
36-
"run.googleapis.com",
37-
"iam.googleapis.com",
38-
"certificatemanager.googleapis.com",
39-
"vpcaccess.googleapis.com",
40-
]
86+
activate_apis = tolist(toset(flatten(values(local.per_module_services))))
4187
}
4288

4389
module "project-ci-lb-http-1" {
@@ -54,14 +100,5 @@ module "project-ci-lb-http-1" {
54100
disable_services_on_destroy = false
55101
deletion_policy = "DELETE"
56102

57-
activate_apis = [
58-
"cloudresourcemanager.googleapis.com",
59-
"storage-api.googleapis.com",
60-
"serviceusage.googleapis.com",
61-
"compute.googleapis.com",
62-
"run.googleapis.com",
63-
"iam.googleapis.com",
64-
"certificatemanager.googleapis.com",
65-
"vpcaccess.googleapis.com",
66-
]
103+
activate_apis = tolist(toset(flatten(values(local.per_module_services))))
67104
}

0 commit comments

Comments
 (0)