From abfad096ba8d32c7a40abd68b4db9bddaa1f4e33 Mon Sep 17 00:00:00 2001 From: adam Date: Tue, 14 Nov 2023 10:52:06 -0700 Subject: [PATCH] Add storage/SA objects for roundtable-dev --- .../data-curation/env/production.tfvars | 10 ++++++ environment/deployments/data-curation/main.tf | 34 ++++++++++++++++++- .../deployments/data-curation/variables.tf | 14 ++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/environment/deployments/data-curation/env/production.tfvars b/environment/deployments/data-curation/env/production.tfvars index aeccac63..61031bf8 100644 --- a/environment/deployments/data-curation/env/production.tfvars +++ b/environment/deployments/data-curation/env/production.tfvars @@ -80,5 +80,15 @@ git_lfs_ro_service_accounts = [ "serviceAccount:git-lfs-ro@roundtable-prod-f6fd.iam.gserviceaccount.com" ] +# Git LFS bucket access service accounts (Dev, RW). +git_lfs_rw_dev_service_accounts = [ + "serviceAccount:git-lfs-rw@roundtable-dev-abe2.iam.gserviceaccount.com" +] + +# Git LFS bucket access service accounts (Dev, RW). +git_lfs_ro_dev_service_accounts = [ + "serviceAccount:git-lfs-ro@roundtable-dev-abe2.iam.gserviceaccount.com" +] + # Increase this number to force Terraform to update the production environment. # Serial: 5 diff --git a/environment/deployments/data-curation/main.tf b/environment/deployments/data-curation/main.tf index fbbd5796..bb5cfee9 100644 --- a/environment/deployments/data-curation/main.tf +++ b/environment/deployments/data-curation/main.tf @@ -167,7 +167,7 @@ resource "google_storage_bucket_iam_binding" "dp02-hips-bucket-ro-iam-binding" { members = var.hips_service_accounts } -// Git LFS Storage Bucket +// Git LFS Storage Bucket (Prod) module "storage_bucket_5" { source = "../../../modules/bucket" project_id = module.project_factory.project_id @@ -199,6 +199,38 @@ resource "google_storage_bucket_iam_binding" "git-lfs-bucket-rw-iam-binding" { members = var.git_lfs_rw_service_accounts } +// Git LFS Storage Bucket (Dev) +module "storage_bucket_6" { + source = "../../../modules/bucket" + project_id = module.project_factory.project_id + storage_class = "REGIONAL" + location = "us-central1" + suffix_name = ["git-lfs-dev"] + prefix_name = "rubin" + versioning = { + git-lfs-dev = false + } + force_destroy = { + git-lfs-dev = false + } + labels = { + environment = var.environment + application = "giftless" + } +} +// RO storage access to Git-LFS Dev bucket +resource "google_storage_bucket_iam_binding" "git-lfs-bucket-dev-ro-iam-binding" { + bucket = module.storage_bucket_6.name + role = "roles/storage.objectViewer" + members = var.git_lfs_ro_dev_service_accounts +} +// RW storage access to Git-LFS Dev bucket +resource "google_storage_bucket_iam_binding" "git-lfs-bucket-rw-iam-binding" { + bucket = module.storage_bucket_6.name + role = "roles/storage.objectAdmin" + members = var.git_lfs_rw_dev_service_accounts +} + #--------------------------------------------------------------- // Data Curation Prod #--------------------------------------------------------------- diff --git a/environment/deployments/data-curation/variables.tf b/environment/deployments/data-curation/variables.tf index 994b3b2e..28186a5d 100644 --- a/environment/deployments/data-curation/variables.tf +++ b/environment/deployments/data-curation/variables.tf @@ -232,3 +232,17 @@ variable "git_lfs_rw_service_accounts" { description = "Service accounts used for Git-LFS Giftless access (RW)" default = [] } + +// Git LFS RO +variable "git_lfs_ro_dev_service_accounts" { + type = list(string) + description = "Service accounts used for Git-LFS Giftless Dev access (RO)" + default = [] +} + +// Git LFS RW +variable "git_lfs_rw_dev_service_accounts" { + type = list(string) + description = "Service accounts used for Git-LFS Giftless Dev access (RW)" + default = [] +}