Skip to content

Commit cce7172

Browse files
qz267Zheng Qin
qz267
and
Zheng Qin
authored
feat: per module requirements configs (#315)
Co-authored-by: Zheng Qin <[email protected]>
1 parent d6370b5 commit cce7172

File tree

7 files changed

+83
-64
lines changed

7 files changed

+83
-64
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ docker_generate_docs:
8080
-e ENABLE_BPMETADATA=1 \
8181
-v "$(CURDIR)":/workspace \
8282
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
83-
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display'
83+
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display --per-module-requirements'
8484

8585
# Alias for backwards compatibility
8686
.PHONY: generate_docs

metadata.yaml

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -203,23 +203,18 @@ spec:
203203
roles:
204204
- level: Project
205205
roles:
206-
- roles/memorystore.admin
207-
- roles/redis.admin
208-
- roles/memcache.admin
209206
- roles/compute.networkAdmin
210207
- roles/resourcemanager.projectIamAdmin
211-
- roles/cloudkms.admin
212-
- roles/cloudkms.cryptoKeyEncrypterDecrypter
208+
- roles/serviceusage.serviceUsageAdmin
209+
- roles/redis.admin
210+
- roles/iam.serviceAccountAdmin
211+
- roles/iam.serviceAccountUser
213212
services:
214213
- cloudresourcemanager.googleapis.com
215-
- serviceusage.googleapis.com
216-
- redis.googleapis.com
214+
- iam.googleapis.com
217215
- memcache.googleapis.com
218-
- serviceconsumermanagement.googleapis.com
219-
- networkconnectivity.googleapis.com
220-
- compute.googleapis.com
221-
- memorystore.googleapis.com
222-
- cloudkms.googleapis.com
216+
- redis.googleapis.com
217+
- serviceusage.googleapis.com
223218
providerVersions:
224219
- source: hashicorp/google
225220
version: ">= 4.74, < 7"

modules/memcache/metadata.yaml

Lines changed: 5 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -119,23 +119,15 @@ spec:
119119
roles:
120120
- level: Project
121121
roles:
122-
- roles/memorystore.admin
122+
- roles/redis.viewer
123123
- roles/redis.admin
124-
- roles/memcache.admin
124+
- roles/iam.serviceAccountUser
125+
- roles/logging.logWriter
125126
- roles/compute.networkAdmin
126-
- roles/resourcemanager.projectIamAdmin
127-
- roles/cloudkms.admin
128-
- roles/cloudkms.cryptoKeyEncrypterDecrypter
129127
services:
130-
- cloudresourcemanager.googleapis.com
131-
- serviceusage.googleapis.com
132-
- redis.googleapis.com
133128
- memcache.googleapis.com
134-
- serviceconsumermanagement.googleapis.com
135-
- networkconnectivity.googleapis.com
136-
- compute.googleapis.com
137-
- memorystore.googleapis.com
138-
- cloudkms.googleapis.com
129+
- redis.googleapis.com
130+
- serviceusage.googleapis.com
139131
providerVersions:
140132
- source: hashicorp/google
141133
version: ">= 4.23, < 7"

modules/redis-cluster/metadata.yaml

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -363,23 +363,14 @@ spec:
363363
roles:
364364
- level: Project
365365
roles:
366-
- roles/memorystore.admin
367366
- roles/redis.admin
368-
- roles/memcache.admin
369-
- roles/compute.networkAdmin
370-
- roles/resourcemanager.projectIamAdmin
371-
- roles/cloudkms.admin
367+
- roles/iam.serviceAccountUser
368+
- roles/logging.logWriter
372369
- roles/cloudkms.cryptoKeyEncrypterDecrypter
373370
services:
374-
- cloudresourcemanager.googleapis.com
375-
- serviceusage.googleapis.com
376-
- redis.googleapis.com
377-
- memcache.googleapis.com
378-
- serviceconsumermanagement.googleapis.com
379-
- networkconnectivity.googleapis.com
380-
- compute.googleapis.com
381-
- memorystore.googleapis.com
382371
- cloudkms.googleapis.com
372+
- redis.googleapis.com
373+
- serviceusage.googleapis.com
383374
providerVersions:
384375
- source: hashicorp/google
385376
version: ">= 6.22, < 7"

modules/valkey/metadata.yaml

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -185,23 +185,14 @@ spec:
185185
roles:
186186
- level: Project
187187
roles:
188-
- roles/memorystore.admin
189188
- roles/redis.admin
190-
- roles/memcache.admin
191-
- roles/compute.networkAdmin
192-
- roles/resourcemanager.projectIamAdmin
193-
- roles/cloudkms.admin
189+
- roles/iam.serviceAccountUser
190+
- roles/logging.logWriter
194191
- roles/cloudkms.cryptoKeyEncrypterDecrypter
195192
services:
196-
- cloudresourcemanager.googleapis.com
197-
- serviceusage.googleapis.com
198-
- redis.googleapis.com
199-
- memcache.googleapis.com
200-
- serviceconsumermanagement.googleapis.com
201-
- networkconnectivity.googleapis.com
202-
- compute.googleapis.com
203-
- memorystore.googleapis.com
204193
- cloudkms.googleapis.com
194+
- redis.googleapis.com
195+
- serviceusage.googleapis.com
205196
providerVersions:
206197
- source: hashicorp/google
207198
version: ">= 6.30, < 7"

test/setup/iam.tf

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,43 @@
1515
*/
1616

1717
locals {
18-
int_required_roles = [
18+
19+
per_module_roles = {
20+
valkey = [
21+
"roles/redis.admin",
22+
"roles/iam.serviceAccountUser",
23+
"roles/logging.logWriter",
24+
"roles/cloudkms.cryptoKeyEncrypterDecrypter",
25+
]
26+
redis-cluster = [
27+
"roles/redis.admin",
28+
"roles/iam.serviceAccountUser",
29+
"roles/logging.logWriter",
30+
"roles/cloudkms.cryptoKeyEncrypterDecrypter",
31+
]
32+
memcache = [
33+
"roles/redis.viewer",
34+
"roles/redis.admin",
35+
"roles/iam.serviceAccountUser",
36+
"roles/logging.logWriter",
37+
"roles/compute.networkAdmin",
38+
]
39+
root = [
40+
"roles/resourcemanager.projectIamAdmin",
41+
"roles/serviceusage.serviceUsageAdmin",
42+
"roles/redis.admin",
43+
"roles/iam.serviceAccountAdmin",
44+
"roles/iam.serviceAccountUser",
45+
"roles/compute.networkAdmin",
46+
]
47+
}
48+
49+
int_required_roles = concat([
1950
"roles/memorystore.admin",
2051
"roles/redis.admin",
2152
"roles/memcache.admin",
22-
"roles/compute.networkAdmin",
23-
"roles/resourcemanager.projectIamAdmin",
2453
"roles/cloudkms.admin",
25-
"roles/cloudkms.cryptoKeyEncrypterDecrypter",
26-
]
54+
], flatten(values(local.per_module_roles)))
2755
}
2856

2957
resource "google_service_account" "int_test" {

test/setup/main.tf

Lines changed: 29 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,33 @@
1414
* limitations under the License.
1515
*/
1616

17+
locals {
18+
per_module_services = {
19+
valkey = [
20+
"redis.googleapis.com",
21+
"cloudkms.googleapis.com",
22+
"serviceusage.googleapis.com",
23+
]
24+
redis-cluster = [
25+
"redis.googleapis.com",
26+
"cloudkms.googleapis.com",
27+
"serviceusage.googleapis.com",
28+
]
29+
memcache = [
30+
"memcache.googleapis.com",
31+
"redis.googleapis.com",
32+
"serviceusage.googleapis.com",
33+
]
34+
root = [
35+
"redis.googleapis.com",
36+
"memcache.googleapis.com",
37+
"serviceusage.googleapis.com",
38+
"iam.googleapis.com",
39+
"cloudresourcemanager.googleapis.com",
40+
]
41+
}
42+
}
43+
1744
module "project" {
1845
source = "terraform-google-modules/project-factory/google"
1946
version = "~> 18.0"
@@ -27,17 +54,12 @@ module "project" {
2754
auto_create_network = true
2855
deletion_policy = "DELETE"
2956

30-
activate_apis = [
31-
"cloudresourcemanager.googleapis.com",
32-
"serviceusage.googleapis.com",
33-
"redis.googleapis.com",
34-
"memcache.googleapis.com",
57+
activate_apis = concat([
3558
"serviceconsumermanagement.googleapis.com",
3659
"networkconnectivity.googleapis.com",
3760
"compute.googleapis.com",
3861
"memorystore.googleapis.com",
39-
"cloudkms.googleapis.com"
40-
]
62+
], flatten(values(local.per_module_services)))
4163
}
4264

4365

0 commit comments

Comments
 (0)