Skip to content

Commit

Permalink
chore: downgrade roles
Browse files Browse the repository at this point in the history
  • Loading branch information
@q2w
q2w committed Dec 30, 2024
1 parent ed2cbd5 commit 9463812
Show file tree
Hide file tree
Showing 11 changed files with 64 additions and 82 deletions.
3 changes: 2 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
# Make will use bash instead of sh
SHELL := /usr/bin/env bash

DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22
DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.23
DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
REGISTRY_URL := gcr.io/cloud-foundation-cicd

Expand Down Expand Up @@ -90,6 +90,7 @@ docker_test_lint:
.PHONY: docker_generate_docs
docker_generate_docs:
docker run --rm -it \
-e ENABLE_BPMETADATA \
-v "${CURDIR}":/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
Expand Down
22 changes: 10 additions & 12 deletions metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,27 +356,25 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/billing.projectManager
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/billing.projectManager
services:
- admin.googleapis.com
- appengine.googleapis.com
Expand Down
14 changes: 6 additions & 8 deletions modules/budget/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,21 +122,19 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
Expand Down
14 changes: 6 additions & 8 deletions modules/essential_contacts/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,21 +79,19 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
Expand Down
16 changes: 7 additions & 9 deletions modules/fabric-project/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,21 +159,19 @@ spec:
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/billing.projectManager
- level: Project
roles:
- roles/owner
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
services:
- admin.googleapis.com
- appengine.googleapis.com
Expand Down
22 changes: 10 additions & 12 deletions modules/gsuite_enabled/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,27 +250,25 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/billing.projectManager
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/billing.projectManager
services:
- admin.googleapis.com
- appengine.googleapis.com
Expand Down
3 changes: 1 addition & 2 deletions modules/project_services/metadata.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -104,7 +104,6 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
Expand Down
22 changes: 10 additions & 12 deletions modules/quota_manager/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,27 +79,25 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/billing.projectManager
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
- roles/storage.admin
- roles/iam.serviceAccountUser
- roles/billing.projectManager
services:
- admin.googleapis.com
- appengine.googleapis.com
Expand Down
14 changes: 6 additions & 8 deletions modules/shared_vpc_access/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,21 +106,19 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
Expand Down
14 changes: 6 additions & 8 deletions modules/svpc_service_project/metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,21 +237,19 @@ spec:
roles:
- level: Project
roles:
- roles/owner
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/resourcemanager.projectCreator
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.folderIamAdmin
- roles/billing.projectManager
- roles/compute.xpnAdmin
- level: Project
roles:
- roles/accesscontextmanager.policyAdmin
- roles/resourcemanager.organizationViewer
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- level: Project
roles:
- roles/owner
- roles/compute.admin
- roles/iam.serviceAccountAdmin
- roles/resourcemanager.projectIamAdmin
Expand Down
2 changes: 0 additions & 2 deletions test/setup/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@

locals {
int_required_project_roles = [
"roles/owner",
"roles/compute.admin",
"roles/iam.serviceAccountAdmin",
"roles/resourcemanager.projectIamAdmin",
Expand All @@ -26,7 +25,6 @@ locals {
]

int_required_folder_roles = [
"roles/owner",
"roles/resourcemanager.projectCreator",
"roles/resourcemanager.folderAdmin",
"roles/resourcemanager.folderIamAdmin",
Expand Down

0 comments on commit 9463812

Please sign in to comment.