Skip to content

Commit

Permalink
feat!: added sub-modules for PAM and Secure Source Manager (#222)
Browse files Browse the repository at this point in the history
  • Loading branch information
imrannayer authored Sep 4, 2024
1 parent d4e0a38 commit 87f34e0
Show file tree
Hide file tree
Showing 88 changed files with 1,988 additions and 86 deletions.
2 changes: 1 addition & 1 deletion examples/bigquery_dataset/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*********************************************/
module "bigquery_dataset_iam_binding" {
source = "terraform-google-modules/iam/google//modules/bigquery_datasets_iam"
version = "~> 7.0"
version = "~> 8.0"

project = var.project_id
bigquery_datasets = [
Expand Down
2 changes: 1 addition & 1 deletion examples/billing_account/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ locals {
*****************************************/
module "billing-account-iam" {
source = "terraform-google-modules/iam/google//modules/billing_accounts_iam"
version = "~> 7.0"
version = "~> 8.0"

billing_account_ids = [var.billing_account_id]

Expand Down
2 changes: 1 addition & 1 deletion examples/cloud_run_service/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

module "cloud_run_service_iam_binding" {
source = "terraform-google-modules/iam/google//modules/cloud_run_services_iam"
version = "~> 7.0"
version = "~> 8.0"

project = var.cloud_run_service_project
location = var.cloud_run_service_location
Expand Down
2 changes: 1 addition & 1 deletion examples/custom_role_org/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ resource "random_id" "rand_custom_id" {
*****************************************/
module "custom-roles-org" {
source = "terraform-google-modules/iam/google//modules/custom_role_iam"
version = "~> 7.0"
version = "~> 8.0"

target_level = "org"
target_id = var.org_id
Expand Down
2 changes: 1 addition & 1 deletion examples/custom_role_project/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "custom-role-project" {
source = "terraform-google-modules/iam/google//modules/custom_role_iam"
version = "~> 7.0"
version = "~> 8.0"

target_level = "project"
target_id = var.project_id
Expand Down
2 changes: 1 addition & 1 deletion examples/dns_zone/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*********************************************/
module "dns_zones_iam_binding" {
source = "terraform-google-modules/iam/google//modules/dns_zones_iam"
version = "~> 7.0"
version = "~> 8.0"

project = var.project_id
managed_zones = [
Expand Down
2 changes: 1 addition & 1 deletion examples/folder/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "folder-iam" {
source = "terraform-google-modules/iam/google//modules/folders_iam"
version = "~> 7.0"
version = "~> 8.0"

folders = [var.folder_one, var.folder_two]

Expand Down
2 changes: 1 addition & 1 deletion examples/kms_crypto_key/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "kms_crypto_key_iam_binding" {
source = "terraform-google-modules/iam/google//modules/kms_crypto_keys_iam"
version = "~> 7.0"
version = "~> 8.0"

kms_crypto_keys = [var.kms_crypto_key_one, var.kms_crypto_key_two]

Expand Down
2 changes: 1 addition & 1 deletion examples/kms_key_ring/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "kms_key_ring_iam_binding" {
source = "terraform-google-modules/iam/google//modules/kms_key_rings_iam"
version = "~> 7.0"
version = "~> 8.0"

kms_key_rings = [var.kms_key_ring_one, var.kms_key_ring_two]
mode = "additive"
Expand Down
2 changes: 1 addition & 1 deletion examples/member_iam/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ resource "google_service_account" "member_iam_test" {

module "member_roles" {
source = "terraform-google-modules/iam/google//modules/member_iam"
version = "~> 7.0"
version = "~> 8.0"

service_account_address = google_service_account.member_iam_test.email
project_id = var.project_id
Expand Down
2 changes: 1 addition & 1 deletion examples/organization/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "organization_iam_binding" {
source = "terraform-google-modules/iam/google//modules/organizations_iam"
version = "~> 7.0"
version = "~> 8.0"

organizations = [var.organization_one, var.organization_two]
mode = "authoritative"
Expand Down
16 changes: 16 additions & 0 deletions examples/privileged_access_manager/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# DNS ZOne Example

This example illustrates how to use the `privileged_access_manager` submodule

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| project\_id | Project ID to create BigQuery resources in | `string` | n/a | yes |

## Outputs

No outputs.

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
39 changes: 39 additions & 0 deletions examples/privileged_access_manager/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

module "entitlement" {
source = "terraform-google-modules/iam/google//modules/privileged_access_manager"
version = "~> 8.0"

entitlement_id = "example-entitlement"
parent_id = var.project_id
parent_type = "project"
entitlement_requesters = [
"user:requester@example.com",
]
entitlement_approvers = [
"user:approver@example.com",
]
role_bindings = [
{
role = "roles/storage.admin"
condition_expression = "request.time < timestamp(\"2024-04-23T18:30:00.000Z\")"
},
{
role = "roles/bigquery.admin"
}
]
}
20 changes: 20 additions & 0 deletions examples/privileged_access_manager/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

variable "project_id" {
type = string
description = "Project ID to create BigQuery resources in"
}
2 changes: 1 addition & 1 deletion examples/project/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "project_iam_binding" {
source = "terraform-google-modules/iam/google//modules/projects_iam"
version = "~> 7.0"
version = "~> 8.0"

projects = [var.project_one, var.project_two]
mode = "additive"
Expand Down
2 changes: 1 addition & 1 deletion examples/project_conditions/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "project_iam_binding" {
source = "terraform-google-modules/iam/google//modules/projects_iam"
version = "~> 7.0"
version = "~> 8.0"

projects = [var.project_one, var.project_two]
mode = "additive"
Expand Down
2 changes: 1 addition & 1 deletion examples/pubsub_subscription/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "pubsub_subscription_iam_binding" {
source = "terraform-google-modules/iam/google//modules/pubsub_subscriptions_iam"
version = "~> 7.0"
version = "~> 8.0"

project = var.pubsub_subscription_project
pubsub_subscriptions = [var.pubsub_subscription_one, var.pubsub_subscription_two]
Expand Down
2 changes: 1 addition & 1 deletion examples/pubsub_topic/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "pubsub_topic_iam_binding" {
source = "terraform-google-modules/iam/google//modules/pubsub_topics_iam"
version = "~> 7.0"
version = "~> 8.0"

project = var.pubsub_topic_project
pubsub_topics = [var.pubsub_topic_one, var.pubsub_topic_two]
Expand Down
2 changes: 1 addition & 1 deletion examples/secret_manager/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
*****************************************/
module "folder-iam" {
source = "terraform-google-modules/iam/google//modules/secret_manager_iam"
version = "~> 7.0"
version = "~> 8.0"

project = var.project_id
secrets = [var.secret_one, var.secret_two]
Expand Down
22 changes: 22 additions & 0 deletions examples/secure_source_manager/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# DNS ZOne Example

This example illustrates how to use the `privileged_access_manager` submodule

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| group\_email | Email for group to receive roles (ex. group@example.com) | `string` | n/a | yes |
| project\_id | Project ID to create BigQuery resources in | `string` | n/a | yes |
| sa\_email | Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com) | `string` | n/a | yes |
| user\_email | Email for user to receive roles (Ex. user@example.com) | `string` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| instance\_id | SSM Instance ID |
| repository\_id | SSM repository ID |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
91 changes: 91 additions & 0 deletions examples/secure_source_manager/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

resource "google_secure_source_manager_instance" "default" {
location = "us-central1"
instance_id = "ssm-instance"
project = var.project_id
}

resource "google_secure_source_manager_repository" "default" {
project = var.project_id
location = "us-central1"
repository_id = "ssm-repo1"
instance = google_secure_source_manager_instance.default.name

description = "test repository"
initial_config {
default_branch = "main"
}
}

module "ssm_instance_iam_binding" {
source = "terraform-google-modules/iam/google//modules/secure_source_manager_iam"
version = "~> 8.0"

project = var.project_id
location = "us-central1"

entity_ids = {
instance_ids = [google_secure_source_manager_instance.default.instance_id]
}

mode = "additive"

bindings = {
"roles/securesourcemanager.instanceAccessor" = [
"serviceAccount:${var.sa_email}",
"group:${var.group_email}",
"user:${var.user_email}",
]
"roles/securesourcemanager.instanceManager" = [
"serviceAccount:${var.sa_email}",
"group:${var.group_email}",
"user:${var.user_email}",
]
}

depends_on = [google_secure_source_manager_instance.default]
}

module "ssm_repository_iam_binding" {
source = "terraform-google-modules/iam/google//modules/secure_source_manager_iam"
version = "~> 8.0"

project = var.project_id
location = "us-central1"

entity_ids = {
repository_ids = [google_secure_source_manager_repository.default.repository_id]
}

mode = "additive"

bindings = {
"roles/securesourcemanager.repoReader" = [
"serviceAccount:${var.sa_email}",
"group:${var.group_email}",
"user:${var.user_email}",
]
"roles/securesourcemanager.repoWriter" = [
"serviceAccount:${var.sa_email}",
"group:${var.group_email}",
"user:${var.user_email}",
]
}

depends_on = [google_secure_source_manager_repository.default]
}
25 changes: 25 additions & 0 deletions examples/secure_source_manager/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

output "instance_id" {
value = google_secure_source_manager_instance.default.instance_id
description = "SSM Instance ID"
}

output "repository_id" {
value = google_secure_source_manager_repository.default.repository_id
description = "SSM repository ID"
}
35 changes: 35 additions & 0 deletions examples/secure_source_manager/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/**
* Copyright 2024 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

variable "group_email" {
type = string
description = "Email for group to receive roles (ex. group@example.com)"
}

variable "sa_email" {
type = string
description = "Email for Service Account to receive roles (Ex. default-sa@example-project-id.iam.gserviceaccount.com)"
}

variable "user_email" {
type = string
description = "Email for user to receive roles (Ex. user@example.com)"
}

variable "project_id" {
type = string
description = "Project ID to create BigQuery resources in"
}
Loading

0 comments on commit 87f34e0

Please sign in to comment.