From f396741d6cce892c3b823ec1260677086758fdfc Mon Sep 17 00:00:00 2001 From: oikarinen <7252104+oikarinen@users.noreply.github.com> Date: Tue, 21 May 2024 22:16:44 +0300 Subject: [PATCH] fix(cai): modules must not define providers (#1132) Co-authored-by: Daniel Andrade Co-authored-by: eeaton --- 1-org/envs/shared/cai_monitoring.tf | 13 ++++++------ 1-org/modules/cai-monitoring/README.md | 2 -- 1-org/modules/cai-monitoring/providers.tf | 25 ----------------------- 1-org/modules/cai-monitoring/variables.tf | 5 ----- 4 files changed, 6 insertions(+), 39 deletions(-) delete mode 100644 1-org/modules/cai-monitoring/providers.tf diff --git a/1-org/envs/shared/cai_monitoring.tf b/1-org/envs/shared/cai_monitoring.tf index ff9311bfa..ad8e7e545 100644 --- a/1-org/envs/shared/cai_monitoring.tf +++ b/1-org/envs/shared/cai_monitoring.tf @@ -28,11 +28,10 @@ module "kms" { module "cai_monitoring" { source = "../../modules/cai-monitoring" - org_id = local.org_id - billing_account = local.billing_account - project_id = module.scc_notifications.project_id - location = local.default_region - enable_cmek = true - encryption_key = module.kms.keys["key-cai-monitoring"] - impersonate_sa_email = local.org_step_terraform_service_account_email + org_id = local.org_id + billing_account = local.billing_account + project_id = module.scc_notifications.project_id + location = local.default_region + enable_cmek = true + encryption_key = module.kms.keys["key-cai-monitoring"] } diff --git a/1-org/modules/cai-monitoring/README.md b/1-org/modules/cai-monitoring/README.md index d01c95c6b..449b04c60 100644 --- a/1-org/modules/cai-monitoring/README.md +++ b/1-org/modules/cai-monitoring/README.md @@ -13,7 +13,6 @@ module "secure_cai_notification" { region = encryption_key = labels = - impersonate_sa_email = roles_to_monitor = } ``` @@ -26,7 +25,6 @@ module "secure_cai_notification" { | billing\_account | The ID of the billing account to associate projects with. | `string` | n/a | yes | | enable\_cmek | The KMS Key to Encrypt Artifact Registry repository, Cloud Storage Bucket and Pub/Sub. | `bool` | `false` | no | | encryption\_key | The KMS Key to Encrypt Artifact Registry repository, Cloud Storage Bucket and Pub/Sub. | `string` | `null` | no | -| impersonate\_sa\_email | The Service Account email who will execute terraform code. | `string` | n/a | yes | | labels | Labels to be assigned to resources. | `map(any)` | `{}` | no | | location | Default location to create resources where applicable. | `string` | `"us-central1"` | no | | org\_id | GCP Organization ID | `string` | n/a | yes | diff --git a/1-org/modules/cai-monitoring/providers.tf b/1-org/modules/cai-monitoring/providers.tf deleted file mode 100644 index a801ce2f3..000000000 --- a/1-org/modules/cai-monitoring/providers.tf +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -provider "google" { - impersonate_service_account = var.impersonate_sa_email - request_timeout = "60s" -} - -provider "google-beta" { - impersonate_service_account = var.impersonate_sa_email - request_timeout = "60s" -} diff --git a/1-org/modules/cai-monitoring/variables.tf b/1-org/modules/cai-monitoring/variables.tf index a6652cc8d..0e07c4346 100644 --- a/1-org/modules/cai-monitoring/variables.tf +++ b/1-org/modules/cai-monitoring/variables.tf @@ -53,11 +53,6 @@ variable "labels" { default = {} } -variable "impersonate_sa_email" { - description = "The Service Account email who will execute terraform code." - type = string -} - variable "roles_to_monitor" { description = "List of roles that will save a SCC Finding if granted to any member (service account, user or group) on an update in the IAM Policy." type = list(string)