Skip to content

Commit

Permalink
fix: Fixes roles and apis on modules readmes (#39)
Browse files Browse the repository at this point in the history 
Co-authored-by: Grant Sorbo <gtsorbo@mac.com>
  • Loading branch information
@amandakarina @gtsorbo
amandakarina and gtsorbo authored May 30, 2023
1 parent 17717c1 commit 787eb14
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 26 deletions.
14 changes: 10 additions & 4 deletions modules/secure-cloud-function-core/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ module "secure_cloud_function_core" {

The following dependencies must be available:

* [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
* [Terraform](https://www.terraform.io/downloads.html) >= 1.3
* [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) plugin < 5.0

### APIs
Expand All @@ -97,14 +97,20 @@ A project with the following APIs enabled must be used to host the
resources of this module:

* Serverless Project
* Google Cloud Function Service: `cloudfunctions.googleapis.com`
* Google Compute Service: `compute.googleapis.com`
* Container Scanning: `containerscanning.googleapis.com`

### Service Account

A service account with the following roles must be used to provision
the resources of this module:

* Viewer: `roles/viewer`
* Cloud Function Developer: `roles/cloudfunctions.developer`
* Compute Network User: `roles/compute.networkUser`
* Artifact Registry Reader: `roles/artifactregistry.reader`
* Artifact Registry Admin: `roles/artifactregistry.admin`
* Cloud Build Editor: `roles/cloudbuild.builds.editor`
* Cloud Build Worker Pool Owner: `roles/cloudbuild.workerPoolOwner`
* Pub/Sub Admin: `roles/pubsub.admin`
* Storage Admin: `roles/storage.admin`
* Service Usage Admin: `roles/serviceusage.serviceUsageAdmin`
* Eventarc Developer: `roles/eventarc.developer`
36 changes: 15 additions & 21 deletions modules/secure-cloud-function/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,26 +158,15 @@ module "secure_cloud_run" {

The following dependencies must be available:

* [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
* [Terraform](https://www.terraform.io/downloads.html) >= 1.3
* [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) < 5.0

### APIs

The Secure-cloud-function module will enable the following APIs to the Serverlesss Project:
The Secure-cloud-function module will enable the following APIs to the Serverless Project:

* Google VPC Access API: `vpcaccess.googleapis.com`
* Compute API: `compute.googleapis.com`
* Container Registry API: `container.googleapis.com`
* Cloud Function API: `run.googleapis.com`

The Secure-cloud-function module will enable the following APIs to the VPC Project:

* Google VPC Access API: `vpcaccess.googleapis.com`
* Compute API: `compute.googleapis.com`

The Secure-cloud-function module will enable the following APIs to the KMS Project:

* Cloud KMS API: `cloudkms.googleapis.com`
* Serverless Project
* Container Scanning: `containerscanning.googleapis.com`

### Service Account

Expand All @@ -192,10 +181,15 @@ the resources of this module:
* KMS Project
* Cloud KMS Admin: `roles/cloudkms.admin`
* Serverless Project
* Security Admin: `roles/compute.securityAdmin`
* Serverless VPC Access Admin: `roles/vpcaccess.admin`
* Cloud Function Developer: `roles/run.developer`
* Viewer: `roles/viewer`
* Cloud Function Developer: `roles/cloudfunctions.developer`
* Compute Network User: `roles/compute.networkUser`
* Artifact Registry Reader: `roles/artifactregistry.reader`

**Note:** [Secret Manager Secret Accessor](https://cloud.google.com/run/docs/configuring/secrets#access-secret) role must be granted to the Cloud Function service account to allow read access on the secret.
* Artifact Registry Admin: `roles/artifactregistry.admin`
* Cloud Build Editor: `roles/cloudbuild.builds.editor`
* Cloud Build Worker Pool Owner: `roles/cloudbuild.workerPoolOwner`
* Pub/Sub Admin: `roles/pubsub.admin`
* Storage Admin: `roles/storage.admin`
* Service Usage Admin: `roles/serviceusage.serviceUsageAdmin`
* Eventarc Developer: `roles/eventarc.developer`
* Organization Policy Administrator: `roles/orgpolicy.policyAdmin`
* Project IAM Admin: `roles/resourcemanager.projectIamAdmin`
3 changes: 2 additions & 1 deletion modules/secure-cloud-serverless-security/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ module "cloud_serverless_security" {

The following dependencies must be available:

* [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0
* [Terraform](https://www.terraform.io/downloads.html) >= 1.3
* [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) < 5.0

### APIs
Expand All @@ -110,3 +110,4 @@ the resources of this module:
* Cloud KMS Admin: `roles/cloudkms.admin`
* Serverless Project
* Organization Policy Administrator: `roles/orgpolicy.policyAdmin`
* Project IAM Admin: `roles/resourcemanager.projectIamAdmin`

0 comments on commit 787eb14

Please sign in to comment.