From a156baacdaff542c9e4d402b5b6055a90085afe4 Mon Sep 17 00:00:00 2001 From: Brett Curtis Date: Thu, 21 Dec 2023 09:15:50 -0500 Subject: [PATCH] Issue template for custom IAM roles (#179) --- .../add-update-custom-iam-role.yml | 73 +++++++++++++++++++ .github/ISSUE_TEMPLATE/add-update-folder.yml | 14 +++- .../add-update-identity-group.yml | 14 +++- .pre-commit-config.yaml | 2 +- global/infra/README.md | 2 +- global/infra/tfvars/production.tfvars | 22 +++++- 6 files changed, 121 insertions(+), 6 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/add-update-custom-iam-role.yml diff --git a/.github/ISSUE_TEMPLATE/add-update-custom-iam-role.yml b/.github/ISSUE_TEMPLATE/add-update-custom-iam-role.yml new file mode 100644 index 0000000..5526862 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/add-update-custom-iam-role.yml @@ -0,0 +1,73 @@ +name: Add or update custom IAM role +description: Service interface for adding or updating custom IAM roles. +title: Add or update custom IAM role +labels: + - "enhancement" + - "good-first-issue" + +body: + - type: textarea + id: markdown-text + attributes: + label: "Developer notes:" + value: | + + [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/osinfra-io/github-terraform-codespace) + validations: + required: true + + - type: markdown + attributes: + value: | + Please fill out the following details to request a custom IAM role. + + - type: input + id: email-address + attributes: + label: "Email address:" + description: How can we get in touch with you if we need more info? + placeholder: email@example.com + validations: + required: true + + - type: input + id: role-id + attributes: + label: "Role ID:" + description: The name of the role you'd like to add or update. + placeholder: "my.customRole" + validations: + required: true + + - type: input + id: role-title + attributes: + label: "Role title:" + description: A short title for the role. + placeholder: "My Custom Role" + validations: + required: true + + - type: input + id: role-description + attributes: + label: "Role description:" + description: A short description of the role. + placeholder: "This role is used to..." + validations: + required: true + + - type: input + id: role-permissions + attributes: + label: "Role permissions:" + description: A list of permissions that should be granted to the role. + placeholder: "compute.firewalls.create, compute.firewalls.delete" + + - type: textarea + id: comments + attributes: + label: "Additional comments:" + description: Anything else you'd like to add that would help us understand your request better? + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/add-update-folder.yml b/.github/ISSUE_TEMPLATE/add-update-folder.yml index 8e9b053..08b5eef 100644 --- a/.github/ISSUE_TEMPLATE/add-update-folder.yml +++ b/.github/ISSUE_TEMPLATE/add-update-folder.yml @@ -1,9 +1,21 @@ name: Add or update folder description: Service interface for adding or updating Google folders. title: Add or update folder -labels: ["enhancement"] +labels: + - "enhancement" + - "good-first-issue" body: + - type: textarea + id: markdown-text + attributes: + label: "Developer notes:" + value: | + + [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/osinfra-io/github-terraform-codespace) + validations: + required: true + - type: markdown attributes: value: | diff --git a/.github/ISSUE_TEMPLATE/add-update-identity-group.yml b/.github/ISSUE_TEMPLATE/add-update-identity-group.yml index 793b53c..e7b3777 100644 --- a/.github/ISSUE_TEMPLATE/add-update-identity-group.yml +++ b/.github/ISSUE_TEMPLATE/add-update-identity-group.yml @@ -1,9 +1,21 @@ name: Add or update identity group description: Service interface for adding or updating a identity group in the Open Source Infrastructure (as Code) organization. title: Add or update identity group -labels: ["enhancement"] +labels: + - "enhancement" + - "good-first-issue" body: + - type: textarea + id: markdown-text + attributes: + label: "Developer notes:" + value: | + + [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/osinfra-io/github-terraform-codespace) + validations: + required: true + - type: markdown attributes: value: | diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c2f845d..4ac4d0a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,7 +12,7 @@ repos: - id: no-commit-to-branch - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.6 + rev: v1.85.0 hooks: - id: terraform_fmt diff --git a/global/infra/README.md b/global/infra/README.md index 8edbd90..0f5cb19 100644 --- a/global/infra/README.md +++ b/global/infra/README.md @@ -9,7 +9,7 @@ No requirements. | Name | Version | |------|---------| -| [google](#provider\_google) | 5.7.0 | +| [google](#provider\_google) | 5.10.0 | ## Modules diff --git a/global/infra/tfvars/production.tfvars b/global/infra/tfvars/production.tfvars index b4afcb4..158518b 100644 --- a/global/infra/tfvars/production.tfvars +++ b/global/infra/tfvars/production.tfvars @@ -679,7 +679,25 @@ identity_groups = { } organization_custom_iam_roles = { - host-gke-firewall-management = { + dns-records-admin = { + description = "Allows for the management of DNS records" + permissions = [ + "dns.changes.create", + "dns.changes.get", + "dns.resourceRecordSets.create", + "dns.resourceRecordSets.delete", + "dns.resourceRecordSets.get", + "dns.resourceRecordSets.list", + "dns.resourceRecordSets.update" + ] + + # Align with Google's role naming convention + + role_id = "dns.recordsAdmin" + title = "DNS Records Admin" + } + + k8s-host-firewall-management = { description = "Allows for a GKE cluster in a service project to create and manage the firewall resources in your host project" permissions = [ "compute.firewalls.create", @@ -693,6 +711,6 @@ organization_custom_iam_roles = { # Align with Google's role naming convention role_id = "kubernetes.hostFirewallManagement" - title = "Host Kubernetes Firewall Management" + title = "Kubernetes Host Firewall Management" } }