Issue template for custom IAM roles (#179)

osinfra-io · Dec 21, 2023 · a156baa · a156baa
1 parent 04f2193
commit a156baa
Show file tree

Hide file tree

Showing 6 changed files with 121 additions and 6 deletions.
diff --git a/.github/ISSUE_TEMPLATE/add-update-custom-iam-role.yml b/.github/ISSUE_TEMPLATE/add-update-custom-iam-role.yml
@@ -0,0 +1,73 @@
+name: Add or update custom IAM role
+description: Service interface for adding or updating custom IAM roles.
+title: Add or update custom IAM role
+labels: 
+   - "enhancement"
+   - "good-first-issue"
+
+body:
+  - type: textarea
+    id: markdown-text
+    attributes:
+      label: "Developer notes:"
+      value: |
+        <!-- Do not edit this section. It is intended to provide the developer working on this issue with additional context and instructions. -->
+        [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/osinfra-io/github-terraform-codespace)
+    validations:
+      required: true
+
+  - type: markdown
+    attributes:
+      value: |
+        Please fill out the following details to request a custom IAM role.
+
+  - type: input
+    id: email-address
+    attributes:
+      label: "Email address:"
+      description: How can we get in touch with you if we need more info?
+      placeholder: [email protected]
+    validations:
+      required: true
+
+  - type: input
+    id: role-id
+    attributes:
+      label: "Role ID:"
+      description: The name of the role you'd like to add or update.
+      placeholder: "my.customRole"
+    validations:
+      required: true
+
+  - type: input
+    id: role-title
+    attributes:
+      label: "Role title:"
+      description: A short title for the role.
+      placeholder: "My Custom Role"
+    validations:
+      required: true
+
+  - type: input
+    id: role-description
+    attributes:
+      label: "Role description:"
+      description: A short description of the role.
+      placeholder: "This role is used to..."
+    validations:
+      required: true
+
+  - type: input
+    id: role-permissions
+    attributes:
+      label: "Role permissions:"
+      description: A list of permissions that should be granted to the role.
+      placeholder: "compute.firewalls.create, compute.firewalls.delete"
+
+  - type: textarea
+    id: comments
+    attributes:
+      label: "Additional comments:"
+      description: Anything else you'd like to add that would help us understand your request better?
+    validations:
+      required: false
diff --git a/.github/ISSUE_TEMPLATE/add-update-folder.yml b/.github/ISSUE_TEMPLATE/add-update-folder.yml
@@ -1,9 +1,21 @@
 name: Add or update folder
 description: Service interface for adding or updating Google folders.
 title: Add or update folder
-labels: ["enhancement"]
+labels:
+   - "enhancement"
+   - "good-first-issue"
 
 body:
+  - type: textarea
+    id: markdown-text
+    attributes:
+      label: "Developer notes:"
+      value: |
+        <!-- Do not edit this section. It is intended to provide the developer working on this issue with additional context and instructions. -->
+        [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/osinfra-io/github-terraform-codespace)
+    validations:
+      required: true
+
   - type: markdown
     attributes:
       value: |

diff --git a/.github/ISSUE_TEMPLATE/add-update-identity-group.yml b/.github/ISSUE_TEMPLATE/add-update-identity-group.yml
@@ -1,9 +1,21 @@
 name: Add or update identity group
 description: Service interface for adding or updating a identity group in the Open Source Infrastructure (as Code) organization.
 title: Add or update identity group
-labels: ["enhancement"]
+labels:
+   - "enhancement"
+   - "good-first-issue"
 
 body:
+  - type: textarea
+    id: markdown-text
+    attributes:
+      label: "Developer notes:"
+      value: |
+        <!-- Do not edit this section. It is intended to provide the developer working on this issue with additional context and instructions. -->
+        [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/osinfra-io/github-terraform-codespace)
+    validations:
+      required: true
+
   - type: markdown
     attributes:
       value: |

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -12,7 +12,7 @@ repos:
       - id: no-commit-to-branch
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.83.6
+    rev: v1.85.0
     hooks:
       - id: terraform_fmt
 

diff --git a/global/infra/README.md b/global/infra/README.md
@@ -9,7 +9,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 5.7.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 5.10.0 |
 
 ## Modules
 

diff --git a/global/infra/tfvars/production.tfvars b/global/infra/tfvars/production.tfvars
@@ -679,7 +679,25 @@ identity_groups = {
 }
 
 organization_custom_iam_roles = {
-  host-gke-firewall-management = {
+  dns-records-admin = {
+    description = "Allows for the management of DNS records"
+    permissions = [
+      "dns.changes.create",
+      "dns.changes.get",
+      "dns.resourceRecordSets.create",
+      "dns.resourceRecordSets.delete",
+      "dns.resourceRecordSets.get",
+      "dns.resourceRecordSets.list",
+      "dns.resourceRecordSets.update"
+    ]
+
+    # Align with Google's role naming convention
+
+    role_id = "dns.recordsAdmin"
+    title   = "DNS Records Admin"
+  }
+
+  k8s-host-firewall-management = {
     description = "Allows for a GKE cluster in a service project to create and manage the firewall resources in your host project"
     permissions = [
       "compute.firewalls.create",
@@ -693,6 +711,6 @@ organization_custom_iam_roles = {
     # Align with Google's role naming convention
 
     role_id = "kubernetes.hostFirewallManagement"
-    title   = "Host Kubernetes Firewall Management"
+    title   = "Kubernetes Host Firewall Management"
   }
 }