Add bucket IAM policy read #2824
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow the Project factory read only SA to retrieve buckets IAM policy
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
Where is this applied to the project factory read-only service account? |
|
This must be manually declared while creating top-level-folders. By doing so I also found a glitch in the conditional bindings code for top level folders and proposed a fix. |
|
Thanks a lot for this! Can you rebase to fast-dev, as a fix has already been applied there :) |
…and security (GoogleCloudPlatform#2787) * resman * resman tests * untested sec changes * plan fixes * tests, tfdoc, test apply * boilerplate * resource naming
…factor factories variable in net stages (GoogleCloudPlatform#2801) * net a * extend change to other networking stages * refactor factories config variable in net a * net b and c * complete net b * fix errors, add mtu * fix * fix * fix errors
…latform#2800) * security fixes * change netsec to be a virtual stage in resman * remove netsec bits from security stage, leave CAs in place * netsec - security profile groups * export regions to networking tfvars * netsec - trust stores * netsec refactor, untested * netsec plan working * netsec apply * netsec apply errors * netsec diagram * update diagram * move addon stages to addons folder * remove top-level assets folder * deprecate and remove fast plugins * addon tests * dynamic addon providers and cicd, untested * stage 1 addons in stage 0, refactor stage 0 cicd * addons and cicd refactor in stage 0 with tests * refactor stage 0 cicd * readd removed block * small bootstrap cicd fixes * refactor stage 1 cicd * resman tests * remove plugins from networking tests * fix fast tests * ngfw addon outputs * try to fix unrelated tflint error in bootstrap * remove common tfvars from bootstrap tests to fix linter errors * tfdoc * minimal readmes and links fixes * tfdoc * trim down test inventories * fix plan test * tfdoc * allow configuring output files names * fix tls inspection after adding count to project module * comment fixes * tfdoc
…2810) * remove obsolete stage-links script * update networking stages fast envs * add security policy groups FAST variable and context to net stages * small networking/ngfw fixes
…dPlatform#2815) Co-authored-by: Luca Prete <[email protected]>
…rchical policy YAML files (GoogleCloudPlatform#2817) * fix permadiff in stage 0 * add missing schema * update test inventories
…atform#2818) * Top level folder factory support for automation SA IAM * Fixes iam_bindings and iam_bindings_additive for top-level-folder --------- Co-authored-by: Ludovico Magnocavallo <[email protected]>
* prototype implementation, untested * halfway through refactor * refactor cas module pool variable * apply cas module refactor to ngfw fast addon * untested * test * tflint * tflint * tfdoc * fix brainfarts * tfdoc * update ca pool type in security stage
* align services use in ngfw add-on with swp * update ngfw README example
juliocc
reviewed
Jan 24, 2025
…and security (GoogleCloudPlatform#2787) * resman * resman tests * untested sec changes * plan fixes * tests, tfdoc, test apply * boilerplate * resource naming
…latform#2800) * security fixes * change netsec to be a virtual stage in resman * remove netsec bits from security stage, leave CAs in place * netsec - security profile groups * export regions to networking tfvars * netsec - trust stores * netsec refactor, untested * netsec plan working * netsec apply * netsec apply errors * netsec diagram * update diagram * move addon stages to addons folder * remove top-level assets folder * deprecate and remove fast plugins * addon tests * dynamic addon providers and cicd, untested * stage 1 addons in stage 0, refactor stage 0 cicd * addons and cicd refactor in stage 0 with tests * refactor stage 0 cicd * readd removed block * small bootstrap cicd fixes * refactor stage 1 cicd * resman tests * remove plugins from networking tests * fix fast tests * ngfw addon outputs * try to fix unrelated tflint error in bootstrap * remove common tfvars from bootstrap tests to fix linter errors * tfdoc * minimal readmes and links fixes * tfdoc * trim down test inventories * fix plan test * tfdoc * allow configuring output files names * fix tls inspection after adding count to project module * comment fixes * tfdoc
juliocc
requested changes
Jan 24, 2025
| @@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file. | |||
|
|
|||
There was a problem hiding this comment.
this file is automatically generated. Please don't touch it.
|
This has become a bit hard to follow, I'm closing this but feel free to reopen by applying your changes on a clean rebase. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allow the Project factory read only SA to retrieve IAM policy for buckets created by by the project factory.
Checklist
I applicable, I acknowledge that I have:
terraform fmton all modified filestools/tfdoc.py