Skip to content

Commit 951cfaa

Browse files
qz267Zheng Qinq2w
authored
fix: per module requirements configs for cloud-spanner (#81)
Co-authored-by: Zheng Qin <zhengqin@google.com> Co-authored-by: abhishek kumar tiwari <abhishektiwari571@gmail.com>
1 parent 3bdc91f commit 951cfaa

5 files changed

Lines changed: 47 additions & 38 deletions

File tree

Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
# Make will use bash instead of sh
1919
SHELL := /usr/bin/env bash
2020

21-
DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.23
21+
DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.25
2222
DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
2323
REGISTRY_URL := gcr.io/cloud-foundation-cicd
2424

@@ -81,7 +81,7 @@ docker_generate_docs:
8181
-e ENABLE_BPMETADATA=1 \
8282
-v "$(CURDIR)":/workspace \
8383
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
84-
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display'
84+
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs --display --per-module-requirements'
8585

8686
# Generate metadata
8787
.PHONY: docker_generate_metadata_w_display

metadata.yaml

Lines changed: 3 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -227,20 +227,12 @@ spec:
227227
roles:
228228
- level: Project
229229
roles:
230-
- roles/owner
230+
- roles/spanner.admin
231+
- roles/resourcemanager.projectIamAdmin
231232
services:
232-
- iam.googleapis.com
233233
- cloudresourcemanager.googleapis.com
234-
- storage-api.googleapis.com
235-
- serviceusage.googleapis.com
236-
- workflows.googleapis.com
237-
- cloudscheduler.googleapis.com
234+
- iam.googleapis.com
238235
- spanner.googleapis.com
239-
- pubsub.googleapis.com
240-
- logging.googleapis.com
241-
- storage.googleapis.com
242-
- appengine.googleapis.com
243-
- cloudkms.googleapis.com
244236
providerVersions:
245237
- source: hashicorp/google
246238
version: ">= 6.1, < 7"

modules/schedule_spanner_backup/metadata.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -83,18 +83,18 @@ spec:
8383
roles:
8484
- roles/owner
8585
services:
86-
- iam.googleapis.com
86+
- appengine.googleapis.com
87+
- cloudkms.googleapis.com
8788
- cloudresourcemanager.googleapis.com
88-
- storage-api.googleapis.com
89-
- serviceusage.googleapis.com
90-
- workflows.googleapis.com
9189
- cloudscheduler.googleapis.com
92-
- spanner.googleapis.com
93-
- pubsub.googleapis.com
90+
- iam.googleapis.com
9491
- logging.googleapis.com
92+
- pubsub.googleapis.com
93+
- serviceusage.googleapis.com
94+
- spanner.googleapis.com
95+
- storage-api.googleapis.com
9596
- storage.googleapis.com
96-
- appengine.googleapis.com
97-
- cloudkms.googleapis.com
97+
- workflows.googleapis.com
9898
providerVersions:
9999
- source: hashicorp/google
100100
version: ">= 6.1, < 7"

test/setup/iam.tf

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,16 @@
1515
*/
1616

1717
locals {
18-
int_required_roles = [
19-
"roles/owner"
20-
]
18+
per_module_roles = {
19+
root = [
20+
"roles/spanner.admin",
21+
"roles/resourcemanager.projectIamAdmin",
22+
]
23+
schedule_spanner_backup = [
24+
"roles/owner"
25+
]
26+
}
27+
int_required_roles = tolist(toset(flatten(values(local.per_module_roles))))
2128
}
2229

2330
resource "google_service_account" "int_test" {

test/setup/main.tf

Lines changed: 24 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,29 @@
1313
* See the License for the specific language governing permissions and
1414
* limitations under the License.
1515
*/
16+
locals {
17+
per_module_services = {
18+
root = [
19+
"iam.googleapis.com",
20+
"cloudresourcemanager.googleapis.com",
21+
"spanner.googleapis.com",
22+
]
23+
schedule_spanner_backup = [
24+
"iam.googleapis.com",
25+
"cloudresourcemanager.googleapis.com",
26+
"storage-api.googleapis.com",
27+
"serviceusage.googleapis.com",
28+
"workflows.googleapis.com",
29+
"cloudscheduler.googleapis.com",
30+
"spanner.googleapis.com",
31+
"pubsub.googleapis.com",
32+
"logging.googleapis.com",
33+
"storage.googleapis.com",
34+
"appengine.googleapis.com",
35+
"cloudkms.googleapis.com",
36+
]
37+
}
38+
}
1639

1740
module "project" {
1841
source = "terraform-google-modules/project-factory/google"
@@ -24,18 +47,5 @@ module "project" {
2447
folder_id = var.folder_id
2548
billing_account = var.billing_account
2649

27-
activate_apis = [
28-
"iam.googleapis.com",
29-
"cloudresourcemanager.googleapis.com",
30-
"storage-api.googleapis.com",
31-
"serviceusage.googleapis.com",
32-
"workflows.googleapis.com",
33-
"cloudscheduler.googleapis.com",
34-
"spanner.googleapis.com",
35-
"pubsub.googleapis.com",
36-
"logging.googleapis.com",
37-
"storage.googleapis.com",
38-
"appengine.googleapis.com",
39-
"cloudkms.googleapis.com",
40-
]
50+
activate_apis = tolist(toset(flatten(values(local.per_module_services))))
4151
}

0 commit comments

Comments
 (0)