feat: Pam integration to the google_permissions module #229
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jasonthomas
reviewed
Dec 9, 2024
| @@ -0,0 +1,32 @@ | |||
|
|
|||
| module "google_permissions" { | |||
jasonthomas
reviewed
Dec 9, 2024
jasonthomas
reviewed
Dec 9, 2024
jasonthomas
reviewed
Dec 9, 2024
| } | ||
|
|
||
| # now we handle the additional entitlements - these need to be created for BOTH environments | ||
| # now we handle the additional entitlements - these need to be created for BOTH environments |
Member
There was a problem hiding this comment.
Suggested change
| # now we handle the additional entitlements - these need to be created for BOTH environments |
jasonthomas
reviewed
Dec 9, 2024
jasonthomas
reviewed
Dec 9, 2024
jasonthomas
reviewed
Dec 9, 2024
jasonthomas
reviewed
Dec 9, 2024
jasonthomas
previously approved these changes
Dec 13, 2024
jasonthomas
approved these changes
Dec 13, 2024
Contributor
|
🎉 This PR is included in version 2.6.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
amitchell-moz
pushed a commit
that referenced
this pull request
Dec 18, 2024
* initial entitlement integration * check prod/non-prod vars * cleaning up pathing * missed the beta for pam * correct ent role list allowed * correct ent role list allowed - rm local * hardcode google-beta * removed validation (for now) * interpolate fail * forgot local - fixed * did + again on str, fixed * wrong service name enabled * wrong service name enabled - fixed * iam brought into tf, now borked * borked test, temp fix * removed all enabling of API * revert * added disable_on_destroy false for services * remove api on again * going to nuke dependent services * put service api in loop * hardcoded * one more try - iam fix * force rm'd iam from tf * added depends_on, separated prod, non * missed the instance key * more conditions to count * rm'd service enable, add folder entitle * enable svc * forgot comment out fol ent * fixed parent * number of resource changes * cp error - double resource * HACK: add my user to all installs * working hack - same as prev * temp remove nonprod entitlement * readd entitlement * added more perms for sa pam * added count on data project resources * forgot count on reference to resource counted * typo on c&p * roles/ needed * try again -- wrong proj * enable other resources * found roles - pam * hc org number, fix typo in role * adding back entitlement * mod to hardcode dev * cleanup after working * removing me as owner - hack * forgot to delete * added org id var * fixed err in desc of org id * removed PAM svc add + related * formatting tf * removed extra depends_on * tf fmt * moved from google-beta to GA version * adding req'd approval iam perms * var.var typo * tf fmt forgotten * tidying up - foreach used * integrate python func for slack * remove alert trigger - false alarm * tf fmt of new files * duh - set and each * fixed errors in tf * toset * TODO - remove my perms * adding back tghe hack to add me to owner * bad cp * bucket name fix * remove prod/nonprod from bucket name * moved bucket to nonprod * perms for builder * perms for builder - each'd * perms for builder - each'd * perms for builder - each'd * add run.invoker * pubsub perms * each.key. again * trying to find the right way to add perms * just going to leave off the perms for pubsub * add guards ensuring at least one project for slack * same as prev + tf fmt * adding pam_entitlement * tf plan works w/lookup... run next * fixed additional entitlements * slack fix+remove, merge mess entitlement fix * clean up legacy tf for new ent yaml * integrated publish to slack * removed extra iam sa account * chore: remove impersonate_service_account * removed data src * removed python code for slack * removed owner_jfrancis perms grant * fixed bool * fix bool problem owner create * CR fixes * fixed dupe project id envs * basic example add * missed var name change in prev * removed branch * app_code default empty string * caught empty app_code legacy * chore(google_permissions): update README --------- Co-authored-by: Jason Thomas <jason@lithiumfox.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Major mods to get the PAM stuff working