Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add storage bucket IAM resources #41

Merged
merged 5 commits into from
Aug 17, 2018
Merged

Add storage bucket IAM resources #41

merged 5 commits into from
Aug 17, 2018

Conversation

skpaterson
Copy link

Adding Storage Bucket IAM resources. More details below:

  • Added google_storage_bucket_iam_binding(s), google_storage_bucket_acl, google_storage_default_object_acl, google_storage_bucket_object and google_storage_object_acl
  • Added controls & docs for all of the above
  • Included terraform constructs for storage buckets, IAM bindings, members, policies and ACLs
  • Added version constraint for Google terraform provider
  • Updated default bucket count in storage buckets test
  • Improved profile creation instructions and updated resource list in README

@@ -41,7 +41,13 @@ module GCPInspecConfig
:gcp_ext_vm_data_disk_name => "gcp-inspec-generic-ext-linux-vm-data-disk",
:gcp_ext_vm_data_disk_size => "f1-micro",
:gcp_ext_vm_data_disk_image => "ubuntu-os-cloud/ubuntu-1604-lts",
:gcp_storage_bucket_name => "gcp-inspec-storage-bucket-#{(0...15).map { (65 + rand(26)).chr }.join.downcase}",
:gcp_storage_bucket_name => "gcp-inspec-storage-bucket-#{(0...25).map { (65 + rand(26)).chr }.join.downcase}",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor but this could surely be pulled out into an any_string function

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed, can revisit next time round


control 'gcp-storage-object-acl-1.0' do

only_if { gcp_enable_privileged_resources.to_i == 1 }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the benefit of to_i?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we're comparing integers - the config comes through as a string

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah - at a glance looked like boolean to integer

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's funny as I'd have preferred to use booleans but tf converts true/false values to "0" and "1" - https://www.terraform.io/docs/configuration/variables.html

@davymcaleer davymcaleer merged commit ca77ca5 into master Aug 17, 2018
@skpaterson skpaterson deleted the storage-bucket-iam branch August 24, 2018 08:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants