Add bucket IAM policy read #2838
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow the Project factory read only SA to retrieve buckets IAM policy for buckets created by the PF
juliocc
requested changes
Jan 25, 2025
|
This will allow the project factory CICD read only account to retrieve ram policy for the bucket under the PF management. |
|
This can probably be implemented better now that we have interpolation for IAM conditions. Please check the latest code in the fast-dev branch. |
…ation use (GoogleCloudPlatform#2862) Co-authored-by: Zoran Zaric <[email protected]>
Resources in subnet are in use for ~1-2h after removal of Cloud Run instance (see: https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#delete-subnet) b/332419038
* wip * WIP * wip * wip * apply untested * tests * support tag expansion for tenant-level installations in IAM conditions * fix stage config output * inventories * remove dev files * tfdoc * enable org policies for stage folders * resman README * tfdoc * stage 3 documentation * inventory * support extra_dirs in testing franework * remove org policy files from stage 1 * Add principal interpolation to iam_by_principals (GoogleCloudPlatform#2847) * Add principal interpolation to iam_by_principals * Fix tests * relax schemas * relax schemas --------- Co-authored-by: Julio Castillo <[email protected]>
…2848) * Support project creation in different universes * Fix typo * Revert prefix validation * Add test * Call new test * Do not override project name
…m#2852) * Allow universe-bound projects to exclude services * Update README
* Initial support for universes in bootstrap * Add var description * Add universe to globals output * Fix typo * Update README * Allow universes to exclude services * Move service exclusion to project module * Move service exclusion loging to the project module --------- Co-authored-by: Ludovico Magnocavallo <[email protected]>
* Expose custom constraint factory in bootstrap * Silence linter * Fix tests
…atform#2841) * Add cAdvisor Metrics to Autopilot/Standard GKE Cluster * Fix tests --------- Co-authored-by: AnnaHeigl <[email protected]> Co-authored-by: Julio Castillo <[email protected]>
…latform#2855) * add support for advanced machine features to compute-vm * fix validation * Update modules/compute-vm/variables.tf Co-authored-by: Wiktor Niesiobędzki <[email protected]> --------- Co-authored-by: Wiktor Niesiobędzki <[email protected]>
Fixed some issue with WIF and providers templating in workflows.
Allow the Project factory read only SA to retrieve buckets IAM policy for buckets created by the PF
|
Indeed it's a great improvement |
|
Your PR is bringing in changes from multiple branches which makes it difficult to understand what the actual changes are. Please target fast-dev and clean up the unrelated changes so we can properly review this. |
|
Ok I will make a new clean PR. It will be the easiest. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allow the Project factory read only SA to retrieve buckets IAM policy for buckets created by the PF
PR rebuilt on top of a clean fast-dev version
Checklist
I applicable, I acknowledge that I have:
terraform fmton all modified filestools/tfdoc.py