Skip to content

Commit

Permalink
cloud run
Browse files Browse the repository at this point in the history
  • Loading branch information
@JamesWoolfenden
JamesWoolfenden committed Jan 31, 2024
1 parent 384990e commit 137bf32
Show file tree
Hide file tree
Showing 13 changed files with 206 additions and 62 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,6 @@ jobs:
run: go test ./... -coverprofile=./cover.out

- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@41dd13387183a0c1e7e237138dc1cbd8e9c53f11 # v3.1.5
uses: codecov/codecov-action@9cc74bf7e13a810454a28846494ddbc3795eb693 # v3.1.6
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
8 changes: 1 addition & 7 deletions src/coverage/google.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# todo google

Resource percentage coverage 15.78
Resource percentage coverage 16.49
Datasource percentage coverage 91.35

./resource.ps1 google_access_context_manager_access_level_condition
Expand Down Expand Up @@ -100,12 +100,6 @@ Datasource percentage coverage 91.35
./resource.ps1 google_cloud_run_service_iam_binding
./resource.ps1 google_cloud_run_service_iam_member
./resource.ps1 google_cloud_run_service_iam_policy
./resource.ps1 google_cloud_run_v2_job_iam_binding
./resource.ps1 google_cloud_run_v2_job_iam_member
./resource.ps1 google_cloud_run_v2_job_iam_policy
./resource.ps1 google_cloud_run_v2_service_iam_binding
./resource.ps1 google_cloud_run_v2_service_iam_member
./resource.ps1 google_cloud_run_v2_service_iam_policy
./resource.ps1 google_cloud_tasks_queue
./resource.ps1 google_cloud_tasks_queue_iam_binding
./resource.ps1 google_cloud_tasks_queue_iam_member
Expand Down
9 changes: 9 additions & 0 deletions src/files_gcp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,3 +330,12 @@ var googleApiGatewayGateway []byte

//go:embed mapping/google/resource/apigateway/google_api_gateway_gateway_iam.json
var googleApiGatewayGatewayIam []byte

//go:embed mapping/google/resource/run/google_cloud_run_v2_service.json
var googleCloudRunV2Service []byte

//go:embed mapping/google/resource/run/google_cloud_run_v2_job_iam.json
var googleCloudRunV2JobIam []byte

//go:embed mapping/google/resource/run/google_cloud_run_v2_service_iam.json
var googleCloudRunV2ServiceIam []byte
114 changes: 60 additions & 54 deletions src/gcp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,41 @@ func GetGCPResourcePermissions(result ResourceV2) ([]string, error) {

func GCPLookup(result string) interface{} {
TFLookup := map[string]interface{}{
"google_access_context_manager_access_level": googleAccessContextManagerAccessLevel,
"google_access_context_manager_access_levels": googleAccessContextManagerAccessLevels,
"google_access_context_manager_access_policy": googleAccessContextManagerAccessPolicy,
"google_access_context_manager_access_policy_iam_binding": googleAccessContextManagerAccessPolicyIam,
"google_access_context_manager_access_policy_iam_member": googleAccessContextManagerAccessPolicyIam,
"google_access_context_manager_access_policy_iam_policy": googleAccessContextManagerAccessPolicyIam,
"google_access_context_manager_authorized_orgs_desc": googleAccessContextManagerAuthorizedOrgsDesc,
"google_access_context_manager_gcp_user_access_binding": googleAccessContextManagerGcpUserAccessBinding,
"google_access_context_manager_service_perimeter": googleAccessContextManagerServicePerimeter,
"google_access_context_manager_service_perimeters": googleAccessContextManagerServicePerimeters,
"google_alloydb_backup": googleAlloydbBackup,
"google_alloydb_cluster": googleAlloydbCluster,
"google_alloydb_instance": googleAlloydbInstance,
"google_alloydb_user": googleAlloydbUser,
"google_api_gateway_api": googleApiGatewayApi,
"google_api_gateway_api_config": googleApiGatewayApiConfig,
"google_api_gateway_api_config_iam_binding": googleApiGatewayApiConfigIam,
"google_api_gateway_api_config_iam_member": googleApiGatewayApiConfigIam,
"google_api_gateway_api_config_iam_policy": googleApiGatewayApiConfigIam,
"google_api_gateway_api_iam_binding": googleApiGatewayApiIam,
"google_api_gateway_api_iam_member": googleApiGatewayApiIam,
"google_api_gateway_api_iam_policy": googleApiGatewayApiIam,
"google_api_gateway_gateway": googleApiGatewayGateway,
"google_api_gateway_gateway_iam_binding": googleApiGatewayGatewayIam,
"google_api_gateway_gateway_iam_member": googleApiGatewayGatewayIam,
"google_api_gateway_gateway_iam_policy": googleApiGatewayGatewayIam,
"google_artifact_registry_repository": googleArtifactRegistryRepository,
"google_artifact_registry_repository_iam_binding": googleArtifactRegistryRepositoryIamBinding,
"google_artifact_registry_repository_iam_member": googleArtifactRegistryRepositoryIamMember,
"google_artifact_registry_repository_iam_policy": googleArtifactRegistryRepositoryIamPolicy,
"google_bigquery_dataset": googleBigqueryDataset,
"google_bigquery_job": googleBigqueryJob,
"google_bigquery_table": placeholder,
"google_bigtable_app_profile": googleBigtableAppProfile,
"google_bigtable_gc_policy": googleBigtableGcPolicy,
"google_bigtable_instance": googleBigtableInstance,
"google_bigtable_instance_iam_binding": googleBigTableInstanceIam,
"google_bigtable_instance_iam_member": googleBigTableInstanceIam,
Expand All @@ -58,8 +86,15 @@ func GCPLookup(result string) interface{} {
"google_bigtable_table_iam_member": googleBigTableTableIam,
"google_bigtable_table_iam_policy": googleBigTableTableIam,
"google_cloud_run_v2_job": googleCloudRunV2Job,
"google_cloud_run_v2_service": googleCloudRunV2Job,
"google_cloud_run_v2_job_iam_binding": googleCloudRunV2JobIam,
"google_cloud_run_v2_job_iam_member": googleCloudRunV2JobIam,
"google_cloud_run_v2_job_iam_policy": googleCloudRunV2JobIam,
"google_cloud_run_v2_service": googleCloudRunV2Service,
"google_cloud_run_v2_service_iam_binding": googleCloudRunV2ServiceIam,
"google_cloud_run_v2_service_iam_member": googleCloudRunV2ServiceIam,
"google_cloud_run_v2_service_iam_policy": googleCloudRunV2ServiceIam,
"google_cloud_scheduler_job": googleCloudSchedulerJob,
"google_cloudbuild_trigger": googleCloudbuildTrigger,
"google_cloudfunctions_function": googleCloudfunctionsFunction,
"google_cloudfunctions_function_iam_member": googleCloudfunctionsFunctionIamPolicy,
"google_cloudfunctions_function_iam_policy": googleCloudfunctionsFunctionIamPolicy,
Expand All @@ -78,6 +113,19 @@ func GCPLookup(result string) interface{} {
"google_dns_managed_zone": googleDnsmanagedZone,
"google_dns_policy": googleDNSPolicy,
"google_dns_record_set": googleDNSRecordSet,
"google_firebase_android_app": googleFirebaseAndroidApp,
"google_firebase_apple_app": googleFirebaseAppleApp,
"google_firebase_database_instance": googleFirebaseDatabaseInstance,
"google_firebase_hosting_channel": googleFirebaseHostingSite,
"google_firebase_hosting_custom_domain": googleFirebaseHostingSite,
"google_firebase_hosting_release": googleFirebaseHostingSite,
"google_firebase_hosting_site": googleFirebaseHostingSite,
"google_firebase_hosting_version": googleFirebaseHostingSite,
"google_firebase_project": googleFirebaseProject,
"google_firebase_storage_bucket": googleFirebaseStorageBucket,
"google_firebase_web_app": googleFirebaseWebApp,
"google_firebaserules_release": googleFirebaserulesRelease,
"google_firebaserules_ruleset": googleFirebaserulesRuleset,
"google_kms_crypto_key": googleKmsCryptoKey,
"google_kms_crypto_key_iam_binding": googlekmsCryptoKeyIamBinding,
"google_kms_crypto_key_iam_member": googlekmsCryptoKeyIamMember,
Expand Down Expand Up @@ -108,74 +156,32 @@ func GCPLookup(result string) interface{} {
"google_service_account_iam_member": googleServiceAccountIamMember,
"google_service_account_iam_policy": googleServiceAccountIamPolicy,
"google_service_account_key": googleServiceAccountKey,
"google_service_directory_endpoint": googleServiceDirectoryEndpoint,
"google_service_directory_namespace": googleServiceDirectoryNamespace,
"google_service_directory_namespace_iam_binding": googleServiceDirectoryNamespaceIamBinding,
"google_service_directory_namespace_iam_member": googleServiceDirectoryNamespaceIamMember,
"google_service_directory_namespace_iam_policy": googleServiceDirectoryNamespaceIamPolicy,
"google_service_directory_service": googleServiceDirectoryService,
"google_service_directory_service_iam_binding": googleServiceDirectoryServiceIamBinding,
"google_service_directory_service_iam_member": googleServiceDirectoryServiceIamMember,
"google_service_directory_service_iam_policy": googleServiceDirectoryServiceIamPolicy,
"google_service_networking_connection": googleServiceNetworkingConnection,
"google_sourcerepo_repository": googleSourcerepoRepository,
"google_sql_database": googleSQLDatabase,
"google_sql_database_instance": googleSQLDatabaseInstance,
"google_sql_user": googleSQLUser,
"google_storage_bucket": googleStorageBucket,
"google_storage_bucket_access_control": googleStorageBucketAccessControl,
"google_storage_bucket_acl": googleStorageBucketACL,
"google_storage_bucket_iam_binding": googleStorageBucketIamBinding,
"google_storage_bucket_object": googleStorageBucketObject,
"google_storage_bucket_access_control": googleStorageBucketAccessControl,
"google_storage_bucket_iam_member": googleStorageBucketIamMember,
"google_storage_bucket_iam_policy": googleStorageBucketIamPolicy,
"google_storage_bucket_object": googleStorageBucketObject,
"google_storage_default_object_access_control": googleStorageDefaultObjectAccessControl,
"google_storage_default_object_acl": googleStorageDefaultObjectACL,
"google_storage_hmac_key": googleStorageHmacKey,
"google_storage_insights_report_config": googleStorageInsightsReportConfig,
"google_storage_object_access_control": googleStorageObjectAccessControl,
"google_cloudbuild_trigger": googleCloudbuildTrigger,
"google_service_directory_endpoint": googleServiceDirectoryEndpoint,
"google_service_directory_namespace": googleServiceDirectoryNamespace,
"google_service_directory_namespace_iam_binding": googleServiceDirectoryNamespaceIamBinding,
"google_service_directory_namespace_iam_member": googleServiceDirectoryNamespaceIamMember,
"google_service_directory_namespace_iam_policy": googleServiceDirectoryNamespaceIamPolicy,
"google_service_directory_service": googleServiceDirectoryService,
"google_service_directory_service_iam_binding": googleServiceDirectoryServiceIamBinding,
"google_service_directory_service_iam_member": googleServiceDirectoryServiceIamMember,
"google_service_directory_service_iam_policy": googleServiceDirectoryServiceIamPolicy,
"google_access_context_manager_access_level": googleAccessContextManagerAccessLevel,
"google_access_context_manager_access_levels": googleAccessContextManagerAccessLevels,
"google_access_context_manager_access_policy": googleAccessContextManagerAccessPolicy,
"google_access_context_manager_access_policy_iam_binding": googleAccessContextManagerAccessPolicyIam,
"google_access_context_manager_access_policy_iam_member": googleAccessContextManagerAccessPolicyIam,
"google_access_context_manager_access_policy_iam_policy": googleAccessContextManagerAccessPolicyIam,
"google_access_context_manager_authorized_orgs_desc": googleAccessContextManagerAuthorizedOrgsDesc,
"google_access_context_manager_gcp_user_access_binding": googleAccessContextManagerGcpUserAccessBinding,
"google_access_context_manager_service_perimeter": googleAccessContextManagerServicePerimeter,
"google_access_context_manager_service_perimeters": googleAccessContextManagerServicePerimeters,
"google_alloydb_backup": googleAlloydbBackup,
"google_alloydb_cluster": googleAlloydbCluster,
"google_alloydb_instance": googleAlloydbInstance,
"google_alloydb_user": googleAlloydbUser,
"google_firebase_android_app": googleFirebaseAndroidApp,
"google_firebase_apple_app": googleFirebaseAppleApp,
"google_firebase_database_instance": googleFirebaseDatabaseInstance,
"google_firebase_hosting_channel": googleFirebaseHostingSite,
"google_firebase_hosting_custom_domain": googleFirebaseHostingSite,
"google_firebase_hosting_release": googleFirebaseHostingSite,
"google_firebase_hosting_site": googleFirebaseHostingSite,
"google_firebase_hosting_version": googleFirebaseHostingSite,
"google_firebase_project": googleFirebaseProject,
"google_firebase_storage_bucket": googleFirebaseStorageBucket,
"google_firebase_web_app": googleFirebaseWebApp,
"google_firebaserules_release": googleFirebaserulesRelease,
"google_firebaserules_ruleset": googleFirebaserulesRuleset,
"google_bigtable_app_profile": googleBigtableAppProfile,
"google_bigtable_gc_policy": googleBigtableGcPolicy,
"google_api_gateway_api": googleApiGatewayApi,
"google_api_gateway_api_config": googleApiGatewayApiConfig,
"google_api_gateway_api_config_iam_binding": googleApiGatewayApiConfigIam,
"google_api_gateway_api_config_iam_member": googleApiGatewayApiConfigIam,
"google_api_gateway_api_config_iam_policy": googleApiGatewayApiConfigIam,
"google_api_gateway_api_iam_binding": googleApiGatewayApiIam,
"google_api_gateway_api_iam_member": googleApiGatewayApiIam,
"google_api_gateway_api_iam_policy": googleApiGatewayApiIam,
"google_api_gateway_gateway": googleApiGatewayGateway,
"google_api_gateway_gateway_iam_binding": googleApiGatewayGatewayIam,
"google_api_gateway_gateway_iam_member": googleApiGatewayGatewayIam,
"google_api_gateway_gateway_iam_policy": googleApiGatewayGatewayIam,
}

return TFLookup[result]
Expand Down
14 changes: 14 additions & 0 deletions src/mapping/google/resource/run/google_cloud_run_v2_job_iam.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[
{
"apply": [
"run.jobs.setIamPolicy",
"run.jobs.getIamPolicy"
],
"attributes": {
"tags": []
},
"destroy": [],
"modify": [],
"plan": []
}
]
20 changes: 20 additions & 0 deletions src/mapping/google/resource/run/google_cloud_run_v2_service.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
[
{
"apply": [
"run.services.create",
"run.services.get",
"run.services.delete",
"run.services.update"
],
"attributes": {
"tags": []
},
"destroy": [
"run.services.delete"
],
"modify": [
"run.services.update"
],
"plan": []
}
]
14 changes: 14 additions & 0 deletions src/mapping/google/resource/run/google_cloud_run_v2_service_iam.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[
{
"apply": [
"run.services.setIamPolicy",
"run.services.getIamPolicy"
],
"attributes": {
"tags": []
},
"destroy": [],
"modify": [],
"plan": []
}
]
29 changes: 29 additions & 0 deletions terraform/google/backup/google_cloud_run_v2_job_iam_binding.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
data "google_iam_policy" "admin2" {
binding {
role = "roles/viewer"
members = [
"user:crwoolfenden@gmail.com",
]
}
}

resource "google_cloud_run_v2_job_iam_binding" "policy" {
name = google_cloud_run_v2_job.default.name
role = "roles/viewer"
members = [
"user:crwoolfenden@gmail.com",
]
}

resource "google_cloud_run_v2_job" "default" {
name = "cloudrun-job"
location = "europe-west2"

template {
template {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
}
}
}
}
6 changes: 6 additions & 0 deletions terraform/google/backup/google_cloud_run_v2_job_iam_member.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
resource "google_cloud_run_v2_job_iam_member" "pike" {

name = google_cloud_run_v2_job.default.name
role = "roles/viewer"
member = "user:crwoolfenden@gmail.com"
}
13 changes: 13 additions & 0 deletions terraform/google/backup/google_cloud_run_v2_job_iam_policy.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
data "google_iam_policy" "admin6" {
binding {
role = "roles/viewer"
members = [
"user:crwoolfenden@gmail.com",
]
}
}

resource "google_cloud_run_v2_job_iam_policy" "policy" {
name = google_cloud_run_v2_job.default.name
policy_data = data.google_iam_policy.admin6.policy_data
}
8 changes: 8 additions & 0 deletions terraform/google/backup/google_cloud_run_v2_service_iam_binding.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource "google_cloud_run_v2_service_iam_binding" "pike" {

name = google_cloud_run_v2_service.pike.name
role = "roles/viewer"
members = [
"user:crwoolfenden@gmail.com",
]
}
5 changes: 5 additions & 0 deletions terraform/google/backup/google_cloud_run_v2_service_iam_member.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resource "google_cloud_run_v2_service_iam_member" "pike" {
name = google_cloud_run_v2_service.pike.name
role = "roles/viewer"
member = "user:crwoolfenden@gmail.com"
}
26 changes: 26 additions & 0 deletions terraform/google/backup/google_cloud_run_v2_service_iam_policy.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
data "google_iam_policy" "admin" {
binding {
role = "roles/viewer"
members = [
"user:crwoolfenden@gmail.com",
]
}
}

resource "google_cloud_run_v2_service_iam_policy" "pike" {

name = google_cloud_run_v2_service.pike.name
policy_data = data.google_iam_policy.admin.policy_data
}

resource "google_cloud_run_v2_service" "pike" {
name = "pike"
ingress = "INGRESS_TRAFFIC_ALL"
location = "europe-west2"

template {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
}
}
}

0 comments on commit 137bf32

Please sign in to comment.