Commit be8a92a2 authored by Adam Robinson's avatar Adam Robinson
Browse files

fix bugs

parent 4cb702d7
locals {
short_mcomm = split("@", var.mcomm_group_email)[0]
short_mcomm = lower(replace(split("@", var.mcomm_group_email)[0],".","-"))
}
resource "gcp_folder" "customer_folder" {
resource "google_folder" "customer_folder" {
display_name = local.short_mcomm
parent = var.division_folder_ids[var.division]
}
......@@ -25,13 +25,20 @@ data "google_iam_policy" "customer_folder_policy" {
binding {
role = "roles/resourcemanager.projectCreator"
members = [
"user:${google_service_account.customer_service_account.name}",
"serviceAccount:${google_service_account.customer_service_account.email}",
]
}
binding {
role = "roles/resourcemanager.folderEditor"
members = [
"serviceAccount:${var.provisioning_service_account_email}",
]
}
}
resource "google_folder_iam_policy" "customer_folder_policy" {
folder = gcp_folder.customer_folder.name
folder = google_folder.customer_folder.name
policy_data = data.google_iam_policy.customer_folder_policy.policy_data
}
......@@ -58,11 +65,26 @@ resource "google_service_account" "customer_service_account" {
description = "${local.short_mcomm} Terraform Service Account"
}
data "google_iam_policy" "customer_service_account_policy" {
binding {
role = "roles/iam.serviceAccountKeyAdmin"
members = [
"group:${var.mcomm_group_email}",
]
}
}
resource "google_service_account_iam_policy" "customer_service_account_policy" {
service_account_id = google_service_account.customer_service_account.name
policy_data = data.google_iam_policy.customer_service_account_policy.policy_data
}
data "google_iam_policy" "customer_bucket_policy" {
binding {
role = "roles/storage.legacyBucketWriter"
members = [
"user:${google_service_account.customer_service_account.name}",
"serviceAccount:${google_service_account.customer_service_account.email}",
]
}
......@@ -83,31 +105,31 @@ resource "google_storage_bucket_iam_policy" "customer_bucket_policy" {
// Need to write to a customer database
resource "google_billing_subaccount" "customer_subaccount" {
display_name = "${local.short_mcomm}"
master_billing_account = var.master_billing_account_id
rename_on_destroy = true
}
resource "google_billing_account_iam_policy" "customer_billing_account_policy" {
billing_account_id = google_billing_subaccount.customer_subaccount.billing_account_id
policy_data = data.google_iam_policy.customer_billing_account_policy.policy_data
}
data "google_iam_policy" "customer_billing_account_policy" {
binding {
role = "roles/billing.user"
members = [
"user:${google_service_account.customer_service_account.name}",
]
}
binding {
role = "organizations/715302536254/roles/UM_billingUser"
members = [
"group:${var.mcomm_group_email}",
]
}
}
# resource "google_billing_subaccount" "customer_subaccount" {
# display_name = "${local.short_mcomm}"
# master_billing_account = var.master_billing_account_id
# rename_on_destroy = true
# }
# resource "google_billing_account_iam_policy" "customer_billing_account_policy" {
# billing_account_id = google_billing_subaccount.customer_subaccount.billing_account_id
# policy_data = data.google_iam_policy.customer_billing_account_policy.policy_data
# }
# data "google_iam_policy" "customer_billing_account_policy" {
# binding {
# role = "roles/billing.user"
# members = [
# "user:${google_service_account.customer_service_account.name}",
# ]
# }
# binding {
# role = "organizations/715302536254/roles/UM_billingUser"
# members = [
# "group:${var.mcomm_group_email}",
# ]
# }
# }
output "billing_account_id" {
value = google_billing_subaccount.customer_subaccount.billing_account_id
}
# output "billing_account_id" {
# value = google_billing_subaccount.customer_subaccount.billing_account_id
# }
output "terraform_service_account" {
value = google_service_account.customer_service_account.name
......@@ -11,5 +11,5 @@ output "terraform_state_bucket" {
}
output "folder_id" {
value = gcp_folder.customer_folder.id
value = google_folder.customer_folder.id
}
\ No newline at end of file
......@@ -41,4 +41,9 @@ variable "customer_service_account_project_id" {
variable "master_billing_account_id" {
type = string
description = "The ID of the master billing account"
}
\ No newline at end of file
}
variable "provisioning_service_account_email" {
type = string
description = "The email of the service account used to provision customers"
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment