From 4b911a6047db6062fcd3d78e181b99a9fda26eef Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Tue, 23 Jan 2024 07:34:03 +0100 Subject: [PATCH] update checklist parsing for top-level key (#1997) --- fast/stages/0-bootstrap/checklist.tf | 16 +- fast/stages/1-resman/checklist.tf | 8 +- tests/fast/stages/s0_bootstrap/checklist.yaml | 293 ++++- .../s0_bootstrap/data/checklist-data.json | 1011 ++++++++++++----- .../s0_bootstrap/data/checklist-org-iam.json | 212 ++-- tests/fast/stages/s1_resman/checklist.yaml | 402 ++++++- 6 files changed, 1478 insertions(+), 464 deletions(-) diff --git a/fast/stages/0-bootstrap/checklist.tf b/fast/stages/0-bootstrap/checklist.tf index d31abf4efb..ef7cb3b350 100644 --- a/fast/stages/0-bootstrap/checklist.tf +++ b/fast/stages/0-bootstrap/checklist.tf @@ -38,14 +38,14 @@ locals { ) # check that files are for the correct organization and ignore them if not _cl_data = ( - try(local._cl_data_raw.organization.id, null) != tostring(var.organization.id) + try(local._cl_data_raw.cloud_setup_config.organization.id, null) != tostring(var.organization.id) ? null - : local._cl_data_raw + : local._cl_data_raw.cloud_setup_config ) _cl_org = ( - try(local._cl_org_raw.organization.id, null) != tostring(var.organization.id) + try(local._cl_org_raw.cloud_setup_org_iam.organization.id, null) != tostring(var.organization.id) ? null - : local._cl_org_raw + : local._cl_org_raw.cloud_setup_org_iam ) # do a first pass on IAM bindings to identify groups and normalize _cl_org_iam_bindings = { @@ -93,14 +93,14 @@ check "checklist" { assert { condition = ( var.factories_config.checklist_data == null || - try(local._cl_data_raw.version, null) == "0.1.0" + try(local._cl_data_raw.cloud_setup_config.version, null) == "0.1.0" ) error_message = "Checklist data version mismatch." } assert { condition = ( var.factories_config.checklist_org_iam == null || - try(local._cl_org_raw.version, null) == "0.1.0" + try(local._cl_org_raw.cloud_setup_org_iam.version, null) == "0.1.0" ) error_message = "Checklist org IAM version mismatch." } @@ -108,14 +108,14 @@ check "checklist" { assert { condition = ( var.factories_config.checklist_data == null || - try(local._cl_data_raw.organization.id, null) == tostring(var.organization.id) + try(local._cl_data_raw.cloud_setup_config.organization.id, null) == tostring(var.organization.id) ) error_message = "Checklist data organization id mismatch, file ignored." } assert { condition = ( var.factories_config.checklist_org_iam == null || - try(local._cl_org_raw.organization.id, null) == tostring(var.organization.id) + try(local._cl_org_raw.cloud_setup_org_iam.organization.id, null) == tostring(var.organization.id) ) error_message = "Checklist org IAM organization id mismatch, file ignored." } diff --git a/fast/stages/1-resman/checklist.tf b/fast/stages/1-resman/checklist.tf index 1b9c1756b0..55b57bc8c0 100644 --- a/fast/stages/1-resman/checklist.tf +++ b/fast/stages/1-resman/checklist.tf @@ -23,9 +23,9 @@ locals { ) # check that files are for the correct organization and ignore them if not _cl_data = ( - try(local._cl_data_raw.organization.id, null) != tostring(var.organization.id) + try(local._cl_data_raw.cloud_setup_config.organization.id, null) != tostring(var.organization.id) ? null - : local._cl_data_raw + : local._cl_data_raw.cloud_setup_config ) # normalized IAM bindings one element per binding _cl_iam = local._cl_data == null ? [] : flatten([ @@ -57,7 +57,7 @@ check "checklist" { assert { condition = ( var.factories_config.checklist_data == null || - try(local._cl_data_raw.version, null) == "0.1.0" + try(local._cl_data_raw.cloud_setup_config.version, null) == "0.1.0" ) error_message = "Checklist data version mismatch." } @@ -65,7 +65,7 @@ check "checklist" { assert { condition = ( var.factories_config.checklist_data == null || - try(local._cl_data_raw.organization.id, null) == tostring(var.organization.id) + try(local._cl_data_raw.cloud_setup_config.organization.id, null) == tostring(var.organization.id) ) error_message = "Checklist data organization id mismatch, file ignored." } diff --git a/tests/fast/stages/s0_bootstrap/checklist.yaml b/tests/fast/stages/s0_bootstrap/checklist.yaml index e2717b3b11..cce88a5d28 100644 --- a/tests/fast/stages/s0_bootstrap/checklist.yaml +++ b/tests/fast/stages/s0_bootstrap/checklist.yaml @@ -40,13 +40,93 @@ values: locked: null project: fast-prod-audit-logs-0 retention_days: 30 - module.organization.google_organization_iam_binding.authoritative["roles/securitycenter.admin"]: + module.organization.google_organization_iam_binding.authoritative["roles/billing.creator"]: + condition: [] + members: + - group:gcp-billing-admins@fast.example.com + org_id: '123456789012' + role: roles/billing.creator + module.organization.google_organization_iam_binding.authoritative["roles/browser"]: + condition: [] + members: + - domain:fast.example.com + org_id: '123456789012' + role: roles/browser + module.organization.google_organization_iam_binding.authoritative["roles/cloudasset.owner"]: condition: [] members: + - group:gcp-network-admins@fast.example.com - group:gcp-organization-admins@fast.example.com - group:gcp-security-admins@fast.example.com org_id: '123456789012' - role: roles/securitycenter.admin + role: roles/cloudasset.owner + module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.admin"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/cloudsupport.admin + module.organization.google_organization_iam_binding.authoritative["roles/cloudsupport.techSupportEditor"]: + condition: [] + members: + - group:gcp-devops@fast.example.com + - group:gcp-network-admins@fast.example.com + - group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/cloudsupport.techSupportEditor + module.organization.google_organization_iam_binding.authoritative["roles/compute.osAdminLogin"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/compute.osAdminLogin + module.organization.google_organization_iam_binding.authoritative["roles/compute.osLoginExternalUser"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/compute.osLoginExternalUser + module.organization.google_organization_iam_binding.authoritative["roles/iam.securityReviewer"]: + condition: [] + members: + - group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/iam.securityReviewer + module.organization.google_organization_iam_binding.authoritative["roles/logging.admin"]: + condition: [] + members: + - group:gcp-security-admins@fast.example.com + - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/logging.admin + module.organization.google_organization_iam_binding.authoritative["roles/logging.viewer"]: + condition: [] + members: + - group:gcp-devops@fast.example.com + - serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + - serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/logging.viewer + module.organization.google_organization_iam_binding.authoritative["roles/monitoring.viewer"]: + condition: [] + members: + - group:gcp-devops@fast.example.com + org_id: '123456789012' + role: roles/monitoring.viewer + module.organization.google_organization_iam_binding.authoritative["roles/owner"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/owner + module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.folderAdmin"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/resourcemanager.folderAdmin module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.folderViewer"]: condition: [] members: @@ -56,21 +136,226 @@ values: - serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com org_id: '123456789012' role: roles/resourcemanager.folderViewer + module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.organizationAdmin"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/resourcemanager.organizationAdmin + module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectCreator"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/resourcemanager.projectCreator + module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.projectMover"]: + condition: [] + members: + - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/resourcemanager.projectMover + module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagAdmin"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + - serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/resourcemanager.tagAdmin + module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagUser"]: + condition: [] + members: + - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/resourcemanager.tagUser + module.organization.google_organization_iam_binding.authoritative["roles/resourcemanager.tagViewer"]: + condition: [] + members: + - serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + - serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/resourcemanager.tagViewer + module.organization.google_organization_iam_binding.authoritative["roles/securitycenter.admin"]: + condition: [] + members: + - group:gcp-organization-admins@fast.example.com + - group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/securitycenter.admin + module.organization.google_organization_iam_binding.authoritative["roles/serviceusage.serviceUsageViewer"]: + condition: [] + members: + - serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/serviceusage.serviceUsageViewer + module.organization.google_organization_iam_binding.bindings["organization_iam_admin_conditional"]: + condition: + - description: Automation service account delegated grants. + expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/accesscontextmanager.policyAdmin','roles/compute.orgFirewallPolicyAdmin','roles/compute.xpnAdmin','roles/orgpolicy.policyAdmin','roles/resourcemanager.organizationViewer','organizations/123456789012/roles/tenantNetworkAdmin','roles/billing.admin','roles/billing.costsManager','roles/billing.user']) + title: automation_sa_delegated_grants + members: + - serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: organizations/123456789012/roles/organizationIamAdmin + ? module.organization.google_organization_iam_member.bindings["roles/accesscontextmanager.policyAdmin-group:gcp-security-admins@fast.example.com"] + : condition: [] + member: group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/accesscontextmanager.policyAdmin + ? module.organization.google_organization_iam_member.bindings["roles/billing.admin-group:gcp-billing-admins@fast.example.com"] + : condition: [] + member: group:gcp-billing-admins@fast.example.com + org_id: '123456789012' + role: roles/billing.admin + ? module.organization.google_organization_iam_member.bindings["roles/billing.admin-group:gcp-organization-admins@fast.example.com"] + : condition: [] + member: group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/billing.admin + ? module.organization.google_organization_iam_member.bindings["roles/billing.admin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/billing.admin + ? module.organization.google_organization_iam_member.bindings["roles/billing.admin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/billing.admin + ? module.organization.google_organization_iam_member.bindings["roles/billing.user-group:gcp-organization-admins@fast.example.com"] + : condition: [] + member: group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/billing.user + ? module.organization.google_organization_iam_member.bindings["roles/billing.viewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/billing.viewer + ? module.organization.google_organization_iam_member.bindings["roles/billing.viewer-serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/billing.viewer + ? module.organization.google_organization_iam_member.bindings["roles/compute.networkAdmin-group:gcp-network-admins@fast.example.com"] + : condition: [] + member: group:gcp-network-admins@fast.example.com + org_id: '123456789012' + role: roles/compute.networkAdmin + ? module.organization.google_organization_iam_member.bindings["roles/compute.orgFirewallPolicyAdmin-group:gcp-network-admins@fast.example.com"] + : condition: [] + member: group:gcp-network-admins@fast.example.com + org_id: '123456789012' + role: roles/compute.orgFirewallPolicyAdmin + ? module.organization.google_organization_iam_member.bindings["roles/compute.securityAdmin-group:gcp-network-admins@fast.example.com"] + : condition: [] + member: group:gcp-network-admins@fast.example.com + org_id: '123456789012' + role: roles/compute.securityAdmin ? module.organization.google_organization_iam_member.bindings["roles/compute.viewer-group:gcp-security-admins@fast.example.com"] : condition: [] member: group:gcp-security-admins@fast.example.com org_id: '123456789012' role: roles/compute.viewer + ? module.organization.google_organization_iam_member.bindings["roles/compute.xpnAdmin-group:gcp-network-admins@fast.example.com"] + : condition: [] + member: group:gcp-network-admins@fast.example.com + org_id: '123456789012' + role: roles/compute.xpnAdmin ? module.organization.google_organization_iam_member.bindings["roles/container.viewer-group:gcp-security-admins@fast.example.com"] : condition: [] member: group:gcp-security-admins@fast.example.com org_id: '123456789012' role: roles/container.viewer - ? module.organization.google_organization_iam_member.bindings["roles/monitoring.admin-group:gcp-monitoring-admins@fast.example.com"] + ? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-group:gcp-organization-admins@fast.example.com"] + : condition: [] + member: group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/iam.organizationRoleAdmin + ? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-group:gcp-security-admins@fast.example.com"] + : condition: [] + member: group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/iam.organizationRoleAdmin + ? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleAdmin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/iam.organizationRoleAdmin + ? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleViewer-group:gcp-security-admins@fast.example.com"] : condition: [] - member: group:gcp-monitoring-admins@fast.example.com + member: group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/iam.organizationRoleViewer + ? module.organization.google_organization_iam_member.bindings["roles/iam.organizationRoleViewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/iam.organizationRoleViewer + ? module.organization.google_organization_iam_member.bindings["roles/logging.configWriter-group:gcp-security-admins@fast.example.com"] + : condition: [] + member: group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/logging.configWriter + ? module.organization.google_organization_iam_member.bindings["roles/logging.privateLogViewer-group:gcp-security-admins@fast.example.com"] + : condition: [] + member: group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/logging.privateLogViewer + ? module.organization.google_organization_iam_member.bindings["roles/monitoring.admin-group:gcp-monitoring-admins@fast-onboarding-0.joonix.net"] + : condition: [] + member: group:gcp-monitoring-admins@fast-onboarding-0.joonix.net org_id: '123456789012' role: roles/monitoring.admin + ? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-group:gcp-organization-admins@fast.example.com"] + : condition: [] + member: group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/orgpolicy.policyAdmin + ? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-group:gcp-security-admins@fast.example.com"] + : condition: [] + member: group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/orgpolicy.policyAdmin + ? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-bootstrap-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/orgpolicy.policyAdmin + ? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyAdmin-serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-resman-0@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/orgpolicy.policyAdmin + ? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyViewer-serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-bootstrap-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/orgpolicy.policyViewer + ? module.organization.google_organization_iam_member.bindings["roles/orgpolicy.policyViewer-serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com"] + : condition: [] + member: serviceAccount:fast-prod-resman-0r@fast-prod-iac-core-0.iam.gserviceaccount.com + org_id: '123456789012' + role: roles/orgpolicy.policyViewer + ? module.organization.google_organization_iam_member.bindings["roles/resourcemanager.folderIamAdmin-group:gcp-security-admins@fast.example.com"] + : condition: [] + member: group:gcp-security-admins@fast.example.com + org_id: '123456789012' + role: roles/resourcemanager.folderIamAdmin + ? module.organization.google_organization_iam_member.bindings["roles/resourcemanager.organizationViewer-group:gcp-billing-admins@fast.example.com"] + : condition: [] + member: group:gcp-billing-admins@fast.example.com + org_id: '123456789012' + role: roles/resourcemanager.organizationViewer + ? module.organization.google_organization_iam_member.bindings["roles/storage.objectAdmin-group:gcp-organization-admins@fast.example.com"] + : condition: [] + member: group:gcp-organization-admins@fast.example.com + org_id: '123456789012' + role: roles/storage.objectAdmin + counts: google_bigquery_dataset: 1 google_bigquery_default_service_account: 3 diff --git a/tests/fast/stages/s0_bootstrap/data/checklist-data.json b/tests/fast/stages/s0_bootstrap/data/checklist-data.json index aa196d3083..3195a0733f 100644 --- a/tests/fast/stages/s0_bootstrap/data/checklist-data.json +++ b/tests/fast/stages/s0_bootstrap/data/checklist-data.json @@ -1,311 +1,746 @@ { - "version": "0.1.0", - "organization": { - "id": "123456789012", - "name": "fast.example.com" - }, - "billing_account": {}, - "resource_hierarchy": { - "template": "TEAM_ENV", - "environments": [ + "cloud_setup_config": { + "version": "0.1.0", + "organization": { + "id": "123456789012", + "name": "fast.example.com" + }, + "billing_account": {}, + "resource_hierarchy": { + "template": "DIV_TEAM_ENV", + "environments": [ + { + "name": "Production", + "recommendation": "ENV_REC_PROD" + }, + { + "name": "Non-Production", + "recommendation": "ENV_REC_NONPROD" + }, + { + "name": "Development", + "recommendation": "ENV_REC_DEV" + } + ], + "business_units": [ + { + "name": "Department 1", + "teams": [ + { + "name": "Team 1" + }, + { + "name": "Team 2" + }, + { + "name": "Team 3" + }, + { + "name": "Team 4" + } + ] + }, + { + "name": "Department 2", + "teams": [ + { + "name": "Team 1" + }, + { + "name": "Team 2" + }, + { + "name": "Team 3" + }, + { + "name": "Team 4" + } + ] + }, + { + "name": "Department 3", + "teams": [ + { + "name": "Team 1" + }, + { + "name": "Team 2" + }, + { + "name": "Team 3" + }, + { + "name": "Team 4" + } + ] + } + ], + "top_level_teams": [ + { + "name": "Team 1" + }, + { + "name": "Team 2" + }, + { + "name": "Team 3" + } + ] + }, + "folders": [ { - "name": "Production", - "recommendation": "ENV_REC_PROD" + "reference_id": "Common", + "parent": "ROOT", + "display_name": "Common" }, { - "name": "Non-Production", - "recommendation": "ENV_REC_NONPROD" + "reference_id": "Department 1", + "parent": "ROOT", + "display_name": "Department 1" }, { - "name": "Development", - "recommendation": "ENV_REC_DEV" - } - ], - "business_units": [ + "reference_id": "Department 1/Team 1", + "parent": "Department 1", + "display_name": "Team 1" + }, { - "name": "Department 1", - "teams": [ - { - "name": "Team 1" - }, - { - "name": "Team 2" - }, - { - "name": "Team 3" - }, - { - "name": "Team 4" - } - ] + "reference_id": "Department 1/Team 1/Production", + "parent": "Department 1/Team 1", + "display_name": "Production" }, { - "name": "Department 2", - "teams": [ - { - "name": "Team 1" - }, - { - "name": "Team 2" - }, - { - "name": "Team 3" - }, - { - "name": "Team 4" - } - ] + "reference_id": "Department 1/Team 1/Non-Production", + "parent": "Department 1/Team 1", + "display_name": "Non-Production" }, { - "name": "Department 3", - "teams": [ - { - "name": "Team 1" - }, - { - "name": "Team 2" - }, - { - "name": "Team 3" - }, - { - "name": "Team 4" - } - ] + "reference_id": "Department 1/Team 1/Development", + "parent": "Department 1/Team 1", + "display_name": "Development" + }, + { + "reference_id": "Department 1/Team 2", + "parent": "Department 1", + "display_name": "Team 2" + }, + { + "reference_id": "Department 1/Team 2/Production", + "parent": "Department 1/Team 2", + "display_name": "Production" + }, + { + "reference_id": "Department 1/Team 2/Non-Production", + "parent": "Department 1/Team 2", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 1/Team 2/Development", + "parent": "Department 1/Team 2", + "display_name": "Development" + }, + { + "reference_id": "Department 1/Team 3", + "parent": "Department 1", + "display_name": "Team 3" + }, + { + "reference_id": "Department 1/Team 3/Production", + "parent": "Department 1/Team 3", + "display_name": "Production" + }, + { + "reference_id": "Department 1/Team 3/Non-Production", + "parent": "Department 1/Team 3", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 1/Team 3/Development", + "parent": "Department 1/Team 3", + "display_name": "Development" + }, + { + "reference_id": "Department 1/Team 4", + "parent": "Department 1", + "display_name": "Team 4" + }, + { + "reference_id": "Department 1/Team 4/Production", + "parent": "Department 1/Team 4", + "display_name": "Production" + }, + { + "reference_id": "Department 1/Team 4/Non-Production", + "parent": "Department 1/Team 4", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 1/Team 4/Development", + "parent": "Department 1/Team 4", + "display_name": "Development" + }, + { + "reference_id": "Department 2", + "parent": "ROOT", + "display_name": "Department 2" + }, + { + "reference_id": "Department 2/Team 1", + "parent": "Department 2", + "display_name": "Team 1" + }, + { + "reference_id": "Department 2/Team 1/Production", + "parent": "Department 2/Team 1", + "display_name": "Production" + }, + { + "reference_id": "Department 2/Team 1/Non-Production", + "parent": "Department 2/Team 1", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 2/Team 1/Development", + "parent": "Department 2/Team 1", + "display_name": "Development" + }, + { + "reference_id": "Department 2/Team 2", + "parent": "Department 2", + "display_name": "Team 2" + }, + { + "reference_id": "Department 2/Team 2/Production", + "parent": "Department 2/Team 2", + "display_name": "Production" + }, + { + "reference_id": "Department 2/Team 2/Non-Production", + "parent": "Department 2/Team 2", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 2/Team 2/Development", + "parent": "Department 2/Team 2", + "display_name": "Development" + }, + { + "reference_id": "Department 2/Team 3", + "parent": "Department 2", + "display_name": "Team 3" + }, + { + "reference_id": "Department 2/Team 3/Production", + "parent": "Department 2/Team 3", + "display_name": "Production" + }, + { + "reference_id": "Department 2/Team 3/Non-Production", + "parent": "Department 2/Team 3", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 2/Team 3/Development", + "parent": "Department 2/Team 3", + "display_name": "Development" + }, + { + "reference_id": "Department 2/Team 4", + "parent": "Department 2", + "display_name": "Team 4" + }, + { + "reference_id": "Department 2/Team 4/Production", + "parent": "Department 2/Team 4", + "display_name": "Production" + }, + { + "reference_id": "Department 2/Team 4/Non-Production", + "parent": "Department 2/Team 4", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 2/Team 4/Development", + "parent": "Department 2/Team 4", + "display_name": "Development" + }, + { + "reference_id": "Department 3", + "parent": "ROOT", + "display_name": "Department 3" + }, + { + "reference_id": "Department 3/Team 1", + "parent": "Department 3", + "display_name": "Team 1" + }, + { + "reference_id": "Department 3/Team 1/Production", + "parent": "Department 3/Team 1", + "display_name": "Production" + }, + { + "reference_id": "Department 3/Team 1/Non-Production", + "parent": "Department 3/Team 1", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 3/Team 1/Development", + "parent": "Department 3/Team 1", + "display_name": "Development" + }, + { + "reference_id": "Department 3/Team 2", + "parent": "Department 3", + "display_name": "Team 2" + }, + { + "reference_id": "Department 3/Team 2/Production", + "parent": "Department 3/Team 2", + "display_name": "Production" + }, + { + "reference_id": "Department 3/Team 2/Non-Production", + "parent": "Department 3/Team 2", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 3/Team 2/Development", + "parent": "Department 3/Team 2", + "display_name": "Development" + }, + { + "reference_id": "Department 3/Team 3", + "parent": "Department 3", + "display_name": "Team 3" + }, + { + "reference_id": "Department 3/Team 3/Production", + "parent": "Department 3/Team 3", + "display_name": "Production" + }, + { + "reference_id": "Department 3/Team 3/Non-Production", + "parent": "Department 3/Team 3", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 3/Team 3/Development", + "parent": "Department 3/Team 3", + "display_name": "Development" + }, + { + "reference_id": "Department 3/Team 4", + "parent": "Department 3", + "display_name": "Team 4" + }, + { + "reference_id": "Department 3/Team 4/Production", + "parent": "Department 3/Team 4", + "display_name": "Production" + }, + { + "reference_id": "Department 3/Team 4/Non-Production", + "parent": "Department 3/Team 4", + "display_name": "Non-Production" + }, + { + "reference_id": "Department 3/Team 4/Development", + "parent": "Department 3/Team 4", + "display_name": "Development" } ], - "top_level_teams": [ + "projects": [ + { + "id": "vpc-host-prod-us602-dp794", + "name": "vpc-host-prod", + "parent": "Common", + "recommendation": "PROJ_REC_VPC_HOST_PROD" + }, + { + "id": "vpc-host-nonprod-us602-dp794", + "name": "vpc-host-nonprod", + "parent": "Common", + "recommendation": "PROJ_REC_VPC_HOST_NONPROD" + }, + { + "id": "logging-us602-dp794", + "name": "logging", + "parent": "Common", + "recommendation": "PROJ_REC_LOGGING" + }, { - "name": "Team 1" + "id": "monitoring-prod-us602-dp794", + "name": "monitoring-prod", + "parent": "Common", + "recommendation": "PROJ_REC_MONITORING_PROD" }, { - "name": "Team 2" + "id": "monitoring-nonprod-us602-dp794", + "name": "monitoring-nonprod", + "parent": "Common", + "recommendation": "PROJ_REC_MONITORING_NONPROD" }, { - "name": "Team 3" + "id": "monitoring-dev-us602-dp794", + "name": "monitoring-dev", + "parent": "Common", + "recommendation": "PROJ_REC_MONITORING_DEV" } - ] - }, - "folders": [ - { - "reference_id": "Common", - "parent": "ROOT", - "display_name": "Common" - }, - { - "reference_id": "Team 1", - "parent": "ROOT", - "display_name": "Team 1" - }, - { - "reference_id": "Team 1/Production", - "parent": "Team 1", - "display_name": "Production" - }, - { - "reference_id": "Team 1/Non-Production", - "parent": "Team 1", - "display_name": "Non-Production" - }, - { - "reference_id": "Team 1/Development", - "parent": "Team 1", - "display_name": "Development" - }, - { - "reference_id": "Team 2", - "parent": "ROOT", - "display_name": "Team 2" - }, - { - "reference_id": "Team 2/Production", - "parent": "Team 2", - "display_name": "Production" - }, - { - "reference_id": "Team 2/Non-Production", - "parent": "Team 2", - "display_name": "Non-Production" - }, - { - "reference_id": "Team 2/Development", - "parent": "Team 2", - "display_name": "Development" - }, - { - "reference_id": "Team 3", - "parent": "ROOT", - "display_name": "Team 3" - }, - { - "reference_id": "Team 3/Production", - "parent": "Team 3", - "display_name": "Production" - }, - { - "reference_id": "Team 3/Non-Production", - "parent": "Team 3", - "display_name": "Non-Production" - }, - { - "reference_id": "Team 3/Development", - "parent": "Team 3", - "display_name": "Development" - } - ], - "projects": [ - { - "id": "vpc-host-prod-eh785-eh349", - "name": "vpc-host-prod", - "parent": "Common", - "recommendation": "PROJ_REC_VPC_HOST_PROD" - }, - { - "id": "vpc-host-nonprod-eh785-eh349", - "name": "vpc-host-nonprod", - "parent": "Common", - "recommendation": "PROJ_REC_VPC_HOST_NONPROD" - }, - { - "id": "logging-eh785-eh349", - "name": "logging", - "parent": "Common", - "recommendation": "PROJ_REC_LOGGING" - }, - { - "id": "monitoring-prod-eh785-eh349", - "name": "monitoring-prod", - "parent": "Common", - "recommendation": "PROJ_REC_MONITORING_PROD" - }, - { - "id": "monitoring-nonprod-eh785-eh349", - "name": "monitoring-nonprod", - "parent": "Common", - "recommendation": "PROJ_REC_MONITORING_NONPROD" - }, - { - "id": "monitoring-dev-eh785-eh349", - "name": "monitoring-dev", - "parent": "Common", - "recommendation": "PROJ_REC_MONITORING_DEV" + ], + "logging": { + "sinks": [ + { + "destination": { + "project_id": "logging-us602-dp794", + "name": "fast-onboarding-0.joonix-logging", + "location": "europe-west1", + "retention_period_seconds": "2592000" + }, + "role": "SINK_LOG_BUCKET" + } + ] }, - { - "id": "m2-elevated-oven-410710", - "name": "Test 0", - "parent": "Common", - "recommendation": "PROJ_REC_NONE" - } - ], - "logging": { - "sinks": [ - { - "destination": { - "project_id": "logging-eh785-eh349", - "name": "checklist-test.joonix-logging", - "location": "europe-west1", - "retention_period_seconds": "2592000" - }, - "role": "SINK_LOG_BUCKET" + "access_control": [ + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 1/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 2/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 3/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 4/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 1/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 2/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 3/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 4/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 1/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 2/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 3/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 4/Non-Production" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 1/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 2/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 3/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 1/Team 4/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 1/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 2/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 3/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 2/Team 4/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 1/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 2/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 3/Development" + } + }, + { + "principal": "group:gcp-developers@fast-onboarding-0.joonix.net", + "group_id": "DEVELOPERS", + "role": [ + "roles/compute.instanceAdmin.v1", + "roles/container.admin" + ], + "resource": { + "type": "FOLDER", + "id": "Department 3/Team 4/Development" + } + }, + { + "principal": "group:gcp-logging-viewers@fast-onboarding-0.joonix.net", + "group_id": "LOGGING_VIEWERS", + "role": [ + "roles/logging.viewer", + "roles/logging.privateLogViewer", + "roles/bigquery.dataViewer", + "roles/owner" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } + }, + { + "principal": "group:gcp-logging-viewers@fast-onboarding-0.joonix.net", + "group_id": "LOGGING_VIEWERS", + "role": [ + "roles/logging.viewer", + "roles/logging.privateLogViewer", + "roles/bigquery.dataViewer", + "roles/owner" + ], + "resource": { + "type": "PROJECT", + "id": "vpc-host-prod-us602-dp794" + } + }, + { + "principal": "group:gcp-logging-viewers@fast-onboarding-0.joonix.net", + "group_id": "LOGGING_VIEWERS", + "role": [ + "roles/logging.viewer", + "roles/logging.privateLogViewer", + "roles/bigquery.dataViewer" + ], + "resource": { + "type": "PROJECT", + "id": "logging-us602-dp794" + } + }, + { + "principal": "group:gcp-security-admins@fast-onboarding-0.joonix.net", + "group_id": "SECURITY_ADMINS", + "role": [ + "roles/bigquery.dataViewer" + ], + "resource": { + "type": "PROJECT", + "id": "logging-us602-dp794" + } } ] - }, - "access_control": [ - { - "principal": "group:gcp-developers@fast.example.com", - "group_id": "DEVELOPERS", - "role": [ - "roles/compute.instanceAdmin.v1", - "roles/container.admin" - ], - "resource": { - "type": "FOLDER", - "id": "Team 1/Non-Production" - } - }, - { - "principal": "group:gcp-developers@fast.example.com", - "group_id": "DEVELOPERS", - "role": [ - "roles/compute.instanceAdmin.v1", - "roles/container.admin" - ], - "resource": { - "type": "FOLDER", - "id": "Team 2/Non-Production" - } - }, - { - "principal": "group:gcp-developers@fast.example.com", - "group_id": "DEVELOPERS", - "role": [ - "roles/compute.instanceAdmin.v1", - "roles/container.admin" - ], - "resource": { - "type": "FOLDER", - "id": "Team 3/Non-Production" - } - }, - { - "principal": "group:gcp-developers@fast.example.com", - "group_id": "DEVELOPERS", - "role": [ - "roles/compute.instanceAdmin.v1", - "roles/container.admin" - ], - "resource": { - "type": "FOLDER", - "id": "Team 1/Development" - } - }, - { - "principal": "group:gcp-developers@fast.example.com", - "group_id": "DEVELOPERS", - "role": [ - "roles/compute.instanceAdmin.v1", - "roles/container.admin" - ], - "resource": { - "type": "FOLDER", - "id": "Team 2/Development" - } - }, - { - "principal": "group:gcp-developers@fast.example.com", - "group_id": "DEVELOPERS", - "role": [ - "roles/compute.instanceAdmin.v1", - "roles/container.admin" - ], - "resource": { - "type": "FOLDER", - "id": "Team 3/Development" - } - }, - { - "principal": "group:gcp-logging-viewers@fast.example.com", - "group_id": "LOGGING_VIEWERS", - "role": [ - "roles/logging.viewer", - "roles/logging.privateLogViewer", - "roles/bigquery.dataViewer" - ], - "resource": { - "type": "PROJECT", - "id": "logging-eh785-eh349" - } - }, - { - "principal": "group:gcp-security-admins@fast.example.com", - "group_id": "SECURITY_ADMINS", - "role": [ - "roles/bigquery.dataViewer" - ], - "resource": { - "type": "PROJECT", - "id": "logging-eh785-eh349" - } - } - ] + } } \ No newline at end of file diff --git a/tests/fast/stages/s0_bootstrap/data/checklist-org-iam.json b/tests/fast/stages/s0_bootstrap/data/checklist-org-iam.json index 20ea259e76..e405563513 100644 --- a/tests/fast/stages/s0_bootstrap/data/checklist-org-iam.json +++ b/tests/fast/stages/s0_bootstrap/data/checklist-org-iam.json @@ -1,112 +1,108 @@ { - "version": "0.1.0", - "organization": { - "id": "123456789012", - "name": "fast.example.com" - }, - "iam_bindings": [ - { - "principal": "group:gcp-organization-admins@fast.example.com", - "group_id": "ORG_ADMINS", - "role": [ - "roles/resourcemanager.organizationAdmin", - "roles/resourcemanager.folderAdmin", - "roles/resourcemanager.projectCreator", - "roles/billing.user", - "roles/iam.organizationRoleAdmin", - "roles/orgpolicy.policyAdmin", - "roles/securitycenter.admin", - "roles/cloudsupport.admin", - "roles/owner", - "roles/cloudasset.owner", - "roles/compute.osAdminLogin", - "roles/compute.osLoginExternalUser", - "roles/resourcemanager.tagAdmin", - "roles/compute.xpnAdmin" - ], - "resource": { - "type": "ORGANIZATION", - "id": "123456789012" - } - }, - { - "principal": "group:gcp-billing-admins@fast.example.com", - "group_id": "BILLING_ADMINS", - "role": [ - "roles/billing.admin", - "roles/billing.creator", - "roles/resourcemanager.organizationViewer" - ], - "resource": { - "type": "ORGANIZATION", - "id": "123456789012" - } - }, - { - "principal": "group:gcp-network-admins@fast.example.com", - "group_id": "NETWORK_ADMINS", - "role": [ - "roles/compute.networkAdmin", - "roles/compute.xpnAdmin", - "roles/compute.securityAdmin", - "roles/resourcemanager.folderViewer" - ], - "resource": { - "type": "ORGANIZATION", - "id": "123456789012" - } - }, - { - "principal": "group:gcp-logging-admins@fast.example.com", - "group_id": "LOGGING_ADMINS", - "role": [ - "roles/logging.admin" - ], - "resource": { - "type": "ORGANIZATION", - "id": "123456789012" - } - }, - { - "principal": "group:gcp-monitoring-admins@fast.example.com", - "group_id": "MONITORING_ADMINS", - "role": [ - "roles/monitoring.admin" - ], - "resource": { - "type": "ORGANIZATION", - "id": "123456789012" - } - }, - { - "principal": "group:gcp-security-admins@fast.example.com", - "group_id": "SECURITY_ADMINS", - "role": [ - "roles/orgpolicy.policyAdmin", - "roles/iam.securityReviewer", - "roles/iam.organizationRoleViewer", - "roles/securitycenter.admin", - "roles/resourcemanager.folderIamAdmin", - "roles/logging.privateLogViewer", - "roles/logging.configWriter", - "roles/container.viewer", - "roles/compute.viewer" - ], - "resource": { - "type": "ORGANIZATION", - "id": "123456789012" - } + "cloud_setup_org_iam": { + "version": "0.1.0", + "organization": { + "id": "123456789012", + "name": "fast.example.com" }, - { - "principal": "group:gcp-devops@fast.example.com", - "group_id": "DEVOPS", - "role": [ - "roles/resourcemanager.folderViewer" - ], - "resource": { - "type": "ORGANIZATION", - "id": "123456789012" + "iam_bindings": [ + { + "principal": "group:gcp-organization-admins@fast-onboarding-0.joonix.net", + "group_id": "ORG_ADMINS", + "role": [ + "roles/storage.objectAdmin", + "roles/resourcemanager.folderAdmin", + "roles/resourcemanager.projectCreator", + "roles/billing.user", + "roles/iam.organizationRoleAdmin", + "roles/orgpolicy.policyAdmin", + "roles/securitycenter.admin", + "roles/cloudsupport.admin" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } + }, + { + "principal": "group:gcp-billing-admins@fast-onboarding-0.joonix.net", + "group_id": "BILLING_ADMINS", + "role": [ + "roles/billing.admin", + "roles/billing.creator", + "roles/resourcemanager.organizationViewer" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } + }, + { + "principal": "group:gcp-network-admins@fast-onboarding-0.joonix.net", + "group_id": "NETWORK_ADMINS", + "role": [ + "roles/compute.networkAdmin", + "roles/compute.xpnAdmin", + "roles/compute.securityAdmin", + "roles/resourcemanager.folderViewer" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } + }, + { + "principal": "group:gcp-logging-admins@fast-onboarding-0.joonix.net", + "group_id": "LOGGING_ADMINS", + "role": [ + "roles/logging.admin" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } + }, + { + "principal": "group:gcp-monitoring-admins@fast-onboarding-0.joonix.net", + "group_id": "MONITORING_ADMINS", + "role": [ + "roles/monitoring.admin" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } + }, + { + "principal": "group:gcp-security-admins@fast-onboarding-0.joonix.net", + "group_id": "SECURITY_ADMINS", + "role": [ + "roles/orgpolicy.policyAdmin", + "roles/iam.securityReviewer", + "roles/iam.organizationRoleViewer", + "roles/securitycenter.admin", + "roles/resourcemanager.folderIamAdmin", + "roles/logging.privateLogViewer", + "roles/logging.configWriter", + "roles/container.viewer", + "roles/compute.viewer" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } + }, + { + "principal": "group:gcp-devops@fast-onboarding-0.joonix.net", + "group_id": "DEVOPS", + "role": [ + "roles/resourcemanager.folderViewer" + ], + "resource": { + "type": "ORGANIZATION", + "id": "656131167402" + } } - } - ] + ] + } } \ No newline at end of file diff --git a/tests/fast/stages/s1_resman/checklist.yaml b/tests/fast/stages/s1_resman/checklist.yaml index fef6ea925a..efb36ef29b 100644 --- a/tests/fast/stages/s1_resman/checklist.yaml +++ b/tests/fast/stages/s1_resman/checklist.yaml @@ -17,108 +17,406 @@ values: display_name: Common parent: organizations/123456789012 timeouts: null - module.checklist-folder-1["Team 1"].google_folder.folder[0]: - display_name: Team 1 + module.checklist-folder-1["Department 1"].google_folder.folder[0]: + display_name: Department 1 parent: organizations/123456789012 timeouts: null - module.checklist-folder-1["Team 2"].google_folder.folder[0]: - display_name: Team 2 + module.checklist-folder-1["Department 2"].google_folder.folder[0]: + display_name: Department 2 parent: organizations/123456789012 timeouts: null - module.checklist-folder-1["Team 3"].google_folder.folder[0]: - display_name: Team 3 + module.checklist-folder-1["Department 3"].google_folder.folder[0]: + display_name: Department 3 parent: organizations/123456789012 timeouts: null - module.checklist-folder-2["Team 1/Development"].google_folder.folder[0]: + module.checklist-folder-2["Department 1/Team 1"].google_folder.folder[0]: + display_name: Team 1 + timeouts: null + module.checklist-folder-2["Department 1/Team 2"].google_folder.folder[0]: + display_name: Team 2 + timeouts: null + module.checklist-folder-2["Department 1/Team 3"].google_folder.folder[0]: + display_name: Team 3 + timeouts: null + module.checklist-folder-2["Department 1/Team 4"].google_folder.folder[0]: + display_name: Team 4 + timeouts: null + module.checklist-folder-2["Department 2/Team 1"].google_folder.folder[0]: + display_name: Team 1 + timeouts: null + module.checklist-folder-2["Department 2/Team 2"].google_folder.folder[0]: + display_name: Team 2 + timeouts: null + module.checklist-folder-2["Department 2/Team 3"].google_folder.folder[0]: + display_name: Team 3 + timeouts: null + module.checklist-folder-2["Department 2/Team 4"].google_folder.folder[0]: + display_name: Team 4 + timeouts: null + module.checklist-folder-2["Department 3/Team 1"].google_folder.folder[0]: + display_name: Team 1 + timeouts: null + module.checklist-folder-2["Department 3/Team 2"].google_folder.folder[0]: + display_name: Team 2 + timeouts: null + module.checklist-folder-2["Department 3/Team 3"].google_folder.folder[0]: + display_name: Team 3 + timeouts: null + module.checklist-folder-2["Department 3/Team 4"].google_folder.folder[0]: + display_name: Team 4 + timeouts: null + module.checklist-folder-3["Department 1/Team 1/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 1/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 1/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 1/Team 2/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 1/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 2/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 1/Team 3/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 1/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 3/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 1/Team 4/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 1/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 1/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 1/Team 4/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 2/Team 1/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 2/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 2/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 2/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 2/Team 1/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 2/Team 2/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 2/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 2/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 2/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 2/Team 2/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 2/Team 3/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 2/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 2/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 2/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 2/Team 3/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 2/Team 4/Development"].google_folder.folder[0]: display_name: Development timeouts: null - module.checklist-folder-2["Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]: - condition: [] + ? module.checklist-folder-3["Department 2/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/compute.instanceAdmin.v1 - module.checklist-folder-2["Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]: - condition: [] + ? module.checklist-folder-3["Department 2/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/container.admin - module.checklist-folder-2["Team 1/Non-Production"].google_folder.folder[0]: + module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder.folder[0]: display_name: Non-Production timeouts: null - ? module.checklist-folder-2["Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + ? module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/compute.instanceAdmin.v1 - module.checklist-folder-2["Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]: - condition: [] + ? module.checklist-folder-3["Department 2/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/container.admin - module.checklist-folder-2["Team 1/Production"].google_folder.folder[0]: + module.checklist-folder-3["Department 2/Team 4/Production"].google_folder.folder[0]: display_name: Production timeouts: null - module.checklist-folder-2["Team 2/Development"].google_folder.folder[0]: + module.checklist-folder-3["Department 3/Team 1/Development"].google_folder.folder[0]: display_name: Development timeouts: null - module.checklist-folder-2["Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]: - condition: [] + ? module.checklist-folder-3["Department 3/Team 1/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/compute.instanceAdmin.v1 - module.checklist-folder-2["Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]: - condition: [] + ? module.checklist-folder-3["Department 3/Team 1/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/container.admin - module.checklist-folder-2["Team 2/Non-Production"].google_folder.folder[0]: + module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder.folder[0]: display_name: Non-Production timeouts: null - ? module.checklist-folder-2["Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + ? module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/compute.instanceAdmin.v1 - module.checklist-folder-2["Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]: - condition: [] + ? module.checklist-folder-3["Department 3/Team 1/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/container.admin - module.checklist-folder-2["Team 2/Production"].google_folder.folder[0]: + module.checklist-folder-3["Department 3/Team 1/Production"].google_folder.folder[0]: display_name: Production timeouts: null - module.checklist-folder-2["Team 3/Development"].google_folder.folder[0]: + module.checklist-folder-3["Department 3/Team 2/Development"].google_folder.folder[0]: display_name: Development timeouts: null - module.checklist-folder-2["Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"]: - condition: [] + ? module.checklist-folder-3["Department 3/Team 2/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/compute.instanceAdmin.v1 - module.checklist-folder-2["Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"]: - condition: [] + ? module.checklist-folder-3["Department 3/Team 2/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/container.admin - module.checklist-folder-2["Team 3/Non-Production"].google_folder.folder[0]: + module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder.folder[0]: display_name: Non-Production timeouts: null - ? module.checklist-folder-2["Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + ? module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/compute.instanceAdmin.v1 - module.checklist-folder-2["Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"]: - condition: [] + ? module.checklist-folder-3["Department 3/Team 2/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] members: - - group:gcp-developers@fast.example.com + - group:gcp-developers@fast-onboarding-0.joonix.net role: roles/container.admin - module.checklist-folder-2["Team 3/Production"].google_folder.folder[0]: + module.checklist-folder-3["Department 3/Team 2/Production"].google_folder.folder[0]: display_name: Production timeouts: null + module.checklist-folder-3["Department 3/Team 3/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 3/Team 3/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 3/Team 3/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 3/Team 3/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 3/Team 3/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + module.checklist-folder-3["Department 3/Team 4/Development"].google_folder.folder[0]: + display_name: Development + timeouts: null + ? module.checklist-folder-3["Department 3/Team 4/Development"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 3/Team 4/Development"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder.folder[0]: + display_name: Non-Production + timeouts: null + ? module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/compute.instanceAdmin.v1"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/compute.instanceAdmin.v1 + ? module.checklist-folder-3["Department 3/Team 4/Non-Production"].google_folder_iam_binding.authoritative["roles/container.admin"] + : condition: [] + members: + - group:gcp-developers@fast-onboarding-0.joonix.net + role: roles/container.admin + module.checklist-folder-3["Department 3/Team 4/Production"].google_folder.folder[0]: + display_name: Production + timeouts: null + counts: - google_folder: 18 - google_folder_iam_binding: 31 + google_folder: 57 + google_folder_iam_binding: 67 google_organization_iam_member: 5 google_project_iam_member: 4 google_service_account: 4 @@ -130,5 +428,5 @@ counts: google_tags_tag_binding: 5 google_tags_tag_key: 3 google_tags_tag_value: 9 - modules: 25 - resources: 98 + modules: 64 + resources: 173