Skip to content

Commit

Permalink
Adds service identity force creation
Browse files Browse the repository at this point in the history
  • Loading branch information
@amandakarina
amandakarina committed Oct 18, 2024
1 parent 3c3c24d commit 09eb514
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 8 deletions.
11 changes: 11 additions & 0 deletions 5-appinfra/modules/cicd-pipeline/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,17 @@ data "google_project" "project" {
project_id = var.project_id
}

resource "google_project_service_identity" "cloudbuild_service_identity" {
provider = google-beta

project = var.project_id
service = "cloudbuild.googleapis.com"
}

data google_compute_default_service_account "compute_service_identity"{
project = var.project_id
}

resource "google_sourcerepo_repository" "app_repo" {
project = var.project_id
name = var.repo_name
Expand Down
8 changes: 4 additions & 4 deletions 5-appinfra/modules/cicd-pipeline/project-iam-bindings.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,21 +30,21 @@ module "project-iam-bindings" {

bindings = {
"roles/cloudtrace.agent" = [
"serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
data.google_compute_default_service_account.compute_service_identity.member
],
"roles/monitoring.metricWriter" = [
"serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
data.google_compute_default_service_account.compute_service_identity.member
],
"roles/logging.logWriter" = setunion(
[
"serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com",
data.google_compute_default_service_account.compute_service_identity.member,
"serviceAccount:${google_service_account.cloud_deploy.email}"
],
local.cloud_build_sas
),
"roles/cloudbuild.builds.builder" = setunion(
[
"serviceAccount:${data.google_project.project.number}@cloudbuild.gserviceaccount.com",
google_project_service_identity.cloudbuild_service_identity.member,
],
local.cloud_build_sas
),
Expand Down
9 changes: 5 additions & 4 deletions examples/standalone_single_project/3-fleetscope.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@ locals {
network_project_id = module.multitenant_infra.network_project_id
}

# import {
# id = "projects/${local.cluster_project_id}/locations/global/features/fleetobservability"
# to = module.fleetscope_infra.google_gke_hub_feature.fleet-o11y
# }
import {
id = "projects/${local.cluster_project_id}/locations/global/features/fleetobservability"
to = module.fleetscope_infra.google_gke_hub_feature.fleet-o11y
}

module "fleetscope_infra" {
source = "../../3-fleetscope/modules/env_baseline"
Expand All @@ -35,4 +35,5 @@ module "fleetscope_infra" {
fleet_project_id = local.fleet_project_id
namespace_ids = var.teams
cluster_membership_ids = module.multitenant_infra.cluster_membership_ids
depends_on = [ module.multitenant_infra ]
}
1 change: 1 addition & 0 deletions examples/standalone_single_project/5-appinfra.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,5 @@ module "cicd" {
app_build_trigger_yaml = "cloudbuild.yaml"

buckets_force_destroy = true
depends_on = [ module.fleetscope_infra ]
}

0 comments on commit 09eb514

Please sign in to comment.