From 787eb14bfe34f9c51160f0451f5017e39b4cca67 Mon Sep 17 00:00:00 2001 From: Amanda Karina Lopes de Oliveira Date: Tue, 30 May 2023 14:38:37 -0300 Subject: [PATCH] fix: Fixes roles and apis on modules readmes (#39) Co-authored-by: Grant Sorbo --- modules/secure-cloud-function-core/README.md | 14 +++++--- modules/secure-cloud-function/README.md | 36 ++++++++----------- .../README.md | 3 +- 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/modules/secure-cloud-function-core/README.md b/modules/secure-cloud-function-core/README.md index 0726c798..49f23b8c 100644 --- a/modules/secure-cloud-function-core/README.md +++ b/modules/secure-cloud-function-core/README.md @@ -88,7 +88,7 @@ module "secure_cloud_function_core" { The following dependencies must be available: -* [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0 +* [Terraform](https://www.terraform.io/downloads.html) >= 1.3 * [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) plugin < 5.0 ### APIs @@ -97,14 +97,20 @@ A project with the following APIs enabled must be used to host the resources of this module: * Serverless Project - * Google Cloud Function Service: `cloudfunctions.googleapis.com` - * Google Compute Service: `compute.googleapis.com` + * Container Scanning: `containerscanning.googleapis.com` ### Service Account A service account with the following roles must be used to provision the resources of this module: +* Viewer: `roles/viewer` * Cloud Function Developer: `roles/cloudfunctions.developer` * Compute Network User: `roles/compute.networkUser` -* Artifact Registry Reader: `roles/artifactregistry.reader` +* Artifact Registry Admin: `roles/artifactregistry.admin` +* Cloud Build Editor: `roles/cloudbuild.builds.editor` +* Cloud Build Worker Pool Owner: `roles/cloudbuild.workerPoolOwner` +* Pub/Sub Admin: `roles/pubsub.admin` +* Storage Admin: `roles/storage.admin` +* Service Usage Admin: `roles/serviceusage.serviceUsageAdmin` +* Eventarc Developer: `roles/eventarc.developer` diff --git a/modules/secure-cloud-function/README.md b/modules/secure-cloud-function/README.md index 63de0541..3b6cbf49 100644 --- a/modules/secure-cloud-function/README.md +++ b/modules/secure-cloud-function/README.md @@ -158,26 +158,15 @@ module "secure_cloud_run" { The following dependencies must be available: -* [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0 +* [Terraform](https://www.terraform.io/downloads.html) >= 1.3 * [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) < 5.0 ### APIs -The Secure-cloud-function module will enable the following APIs to the Serverlesss Project: +The Secure-cloud-function module will enable the following APIs to the Serverless Project: -* Google VPC Access API: `vpcaccess.googleapis.com` -* Compute API: `compute.googleapis.com` -* Container Registry API: `container.googleapis.com` -* Cloud Function API: `run.googleapis.com` - -The Secure-cloud-function module will enable the following APIs to the VPC Project: - -* Google VPC Access API: `vpcaccess.googleapis.com` -* Compute API: `compute.googleapis.com` - -The Secure-cloud-function module will enable the following APIs to the KMS Project: - -* Cloud KMS API: `cloudkms.googleapis.com` +* Serverless Project + * Container Scanning: `containerscanning.googleapis.com` ### Service Account @@ -192,10 +181,15 @@ the resources of this module: * KMS Project * Cloud KMS Admin: `roles/cloudkms.admin` * Serverless Project - * Security Admin: `roles/compute.securityAdmin` - * Serverless VPC Access Admin: `roles/vpcaccess.admin` - * Cloud Function Developer: `roles/run.developer` + * Viewer: `roles/viewer` + * Cloud Function Developer: `roles/cloudfunctions.developer` * Compute Network User: `roles/compute.networkUser` - * Artifact Registry Reader: `roles/artifactregistry.reader` - -**Note:** [Secret Manager Secret Accessor](https://cloud.google.com/run/docs/configuring/secrets#access-secret) role must be granted to the Cloud Function service account to allow read access on the secret. + * Artifact Registry Admin: `roles/artifactregistry.admin` + * Cloud Build Editor: `roles/cloudbuild.builds.editor` + * Cloud Build Worker Pool Owner: `roles/cloudbuild.workerPoolOwner` + * Pub/Sub Admin: `roles/pubsub.admin` + * Storage Admin: `roles/storage.admin` + * Service Usage Admin: `roles/serviceusage.serviceUsageAdmin` + * Eventarc Developer: `roles/eventarc.developer` + * Organization Policy Administrator: `roles/orgpolicy.policyAdmin` + * Project IAM Admin: `roles/resourcemanager.projectIamAdmin` diff --git a/modules/secure-cloud-serverless-security/README.md b/modules/secure-cloud-serverless-security/README.md index e578275e..d09a7961 100644 --- a/modules/secure-cloud-serverless-security/README.md +++ b/modules/secure-cloud-serverless-security/README.md @@ -90,7 +90,7 @@ module "cloud_serverless_security" { The following dependencies must be available: -* [Terraform](https://www.terraform.io/downloads.html) >= 0.13.0 +* [Terraform](https://www.terraform.io/downloads.html) >= 1.3 * [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) < 5.0 ### APIs @@ -110,3 +110,4 @@ the resources of this module: * Cloud KMS Admin: `roles/cloudkms.admin` * Serverless Project * Organization Policy Administrator: `roles/orgpolicy.policyAdmin` + * Project IAM Admin: `roles/resourcemanager.projectIamAdmin`