Skip to content

Commit

Permalink
chore: add secretmanager / dataform perms
Browse files Browse the repository at this point in the history
  • Loading branch information
@bodymindarts
bodymindarts committed Sep 6, 2024
1 parent dd44da6 commit a5ec0c9
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 2 deletions.
3 changes: 2 additions & 1 deletion modules/bootstrap/gcp/services.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ locals {
"bigqueryconnection.googleapis.com",
"maps-backend.googleapis.com",
"apikeys.googleapis.com",
"datamigration.googleapis.com"
"datamigration.googleapis.com",
"secretmanager.googleapis.com"
]
}

Expand Down
14 changes: 13 additions & 1 deletion modules/inception/gcp/inception-roles.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,16 @@ resource "google_project_iam_custom_role" "inception_make" {
"storage.buckets.get",
"storage.buckets.getIamPolicy",
"storage.buckets.setIamPolicy",
"secretmanager.secrets.create",
"secretmanager.secrets.get",
"secretmanager.secrets.list",
"secretmanager.secrets.update",
"secretmanager.secrets.setIamPolicy",
"secretmanager.secrets.getIamPolicy",
"secretmanager.versions.access",
"secretmanager.versions.add",
"secretmanager.versions.get",
"secretmanager.versions.list",
]
}

Expand All @@ -74,7 +84,9 @@ resource "google_project_iam_custom_role" "inception_destroy" {
"resourcemanager.projects.get",
"servicenetworking.services.get",
"servicenetworking.services.deleteConnection",
"serviceusage.operations.get"
"serviceusage.operations.get",
"secretmanager.secrets.delete",
"secretmanager.versions.destroy",
]
}

Expand Down
17 changes: 17 additions & 0 deletions modules/inception/gcp/platform-roles.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,20 @@ resource "google_project_iam_custom_role" "platform_make" {
"datamigration.connectionprofiles.create",
"datamigration.connectionprofiles.get",
"datamigration.operations.get",
"dataform.releaseConfigs.create",
"dataform.releaseConfigs.get",
"dataform.releaseConfigs.list",
"dataform.releaseConfigs.update",
"dataform.repositories.create",
"dataform.repositories.get",
"dataform.repositories.getIamPolicy",
"dataform.repositories.list",
"dataform.repositories.setIamPolicy",
"dataform.repositories.update",
"dataform.workflowConfigs.create",
"dataform.workflowConfigs.get",
"dataform.workflowConfigs.list",
"dataform.workflowConfigs.update",
]
}

Expand Down Expand Up @@ -118,5 +132,8 @@ resource "google_project_iam_custom_role" "platform_destroy" {
"datamigration.connectionprofiles.delete",
"bigquery.datasets.delete",
"bigquery.tables.delete",
"dataform.releaseConfigs.delete",
"dataform.repositories.delete",
"dataform.workflowConfigs.delete",
]
}

0 comments on commit a5ec0c9

Please sign in to comment.