redis gcp

JamesWoolfenden · Oct 30, 2023 · 25e44cf · 25e44cf
1 parent 1ac8d7f
commit 25e44cf
Show file tree

Hide file tree

Showing 15 changed files with 54 additions and 50 deletions.
diff --git a/src/files_gcp.go b/src/files_gcp.go
@@ -177,3 +177,9 @@ var googleSecretManagerSecretIam []byte
 
 //go:embed  mapping/google/resource/secretmanager/google_secret_manager_secret_version.json
 var googleSecretManagerSecretVersion []byte
+
+//go:embed  mapping/google/resource/redis/google_redis_instance.json
+var googleRedisInstance []byte
+
+//go:embed  mapping/google/resource/resourcemanager/google_project_service.json
+var googleProjectService []byte
diff --git a/src/files_gcp_datasource.go b/src/files_gcp_datasource.go
@@ -169,5 +169,5 @@ var dataGoogleServiceAccountJwt []byte
 //go:embed  mapping/google/data/iam/google_service_account_key.json
 var dataGoogleServiceAccountKey []byte
 
-//go:embed  mapping/google/data/resourcemanager/google_project_service.json
-var googleProjectService []byte
+//go:embed  mapping/google/data/redis/google_redis_instance.json
+var dataGoogleRedisInstance []byte
diff --git a/src/gcp.go b/src/gcp.go
@@ -117,6 +117,7 @@ func GCPLookup(result string) interface{} {
 		"google_storage_bucket_acl":                       googleStorageBucketACL,
 		"google_storage_bucket_iam_binding":               googleStorageBucketIamBinding,
 		"google_storage_bucket_object":                    googleStorageBucketObject,
+		"google_redis_instance":                           googleRedisInstance,
 	}
 
 	return TFLookup[result]

diff --git a/src/gcp_datasource.go b/src/gcp_datasource.go
@@ -97,6 +97,7 @@ func GCPDataLookup(result string) interface{} {
 		"google_service_account_id_token":                        placeholder,
 		"google_service_account_jwt":                             dataGoogleServiceAccountJwt,
 		"google_service_account_key":                             dataGoogleServiceAccountKey,
+		"google_redis_instance":                                  dataGoogleRedisInstance,
 	}
 	return TFLookup[result]
 }
diff --git a/...ng/google/data/google_redis_instance.json → ...gle/data/redis/google_redis_instance.json b/...ng/google/data/google_redis_instance.json → ...gle/data/redis/google_redis_instance.json
@@ -6,6 +6,8 @@
     },
     "destroy": [],
     "modify": [],
-    "plan": []
+    "plan": [
+      "redis.instances.get"
+    ]
   }
 ]
diff --git a/src/mapping/google/resource/google_app_engine_standard_app_version.json b/src/mapping/google/resource/google_app_engine_standard_app_version.json
diff --git a/src/mapping/google/resource/google_redis_instance.json b/src/mapping/google/resource/google_redis_instance.json
diff --git a/src/mapping/google/resource/redis/google_redis_instance.json b/src/mapping/google/resource/redis/google_redis_instance.json
@@ -0,0 +1,23 @@
+[
+  {
+    "apply": [
+      "redis.instances.get",
+      "redis.instances.create",
+      "redis.operations.get",
+      "redis.instances.update",
+      "redis.instances.delete"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "redis.instances.delete"
+    ],
+    "modify": [
+      "redis.instances.update"
+    ],
+    "plan": [
+      "redis.instances.get"
+    ]
+  }
+]
diff --git a/terraform/google/Makefile b/terraform/google/Makefile
@@ -18,4 +18,7 @@ init:
 role: FORCE
 	GOOGLE_CLOUD_KEYFILE_JSON="" terraform  -chdir=./role apply -auto-approve
 
+role_init:
+	GOOGLE_CLOUD_KEYFILE_JSON="" terraform  -chdir=./role init
+
 FORCE:
diff --git a/terraform/google/backup/data.google_redis_instance.tf b/terraform/google/backup/data.google_redis_instance.tf
@@ -0,0 +1,3 @@
+data "google_redis_instance" "pike" {
+  name = google_redis_instance.pike.name
+}
diff --git a/terraform/google/backup/google_redis_instance.tf b/terraform/google/backup/google_redis_instance.tf
@@ -0,0 +1,7 @@
+resource "google_redis_instance" "pike" {
+  name           = "pike"
+  memory_size_gb = 1
+  labels = {
+    pike = "permissions"
+  }
+}
diff --git a/terraform/google/data.google_redis_instance.tf b/terraform/google/data.google_redis_instance.tf
diff --git a/terraform/google/google_app_engine_standard_app_version.tf b/terraform/google/google_app_engine_standard_app_version.tf
diff --git a/terraform/google/google_redis_instance.tf b/terraform/google/google_redis_instance.tf
diff --git a/terraform/google/role/google_project_iam_custom_role.tf b/terraform/google/role/google_project_iam_custom_role.tf
@@ -4,27 +4,10 @@ resource "google_project_iam_custom_role" "pike" {
   title       = "pike terraform user"
   description = "A user with least privileges"
   permissions = [
-    "resourcemanager.projects.get",
-
-    //google_pubsub_topic_iam_member
-    "pubsub.topics.getIamPolicy",
-    "pubsub.topics.setIamPolicy",
-
-    //google_secret_manager_secret
-    "secretmanager.secrets.create",
-    "secretmanager.secrets.get",
-    "secretmanager.secrets.update",
-    "secretmanager.secrets.delete",
-
-    //google_secret_manager_secret_iam_member
-    "secretmanager.secrets.getIamPolicy",
-    "secretmanager.secrets.setIamPolicy",
-
-    //google_secret_manager_secret_version
-    "secretmanager.versions.add",
-    "secretmanager.versions.enable",
-    "secretmanager.versions.get",
-    "secretmanager.versions.access",
-    "secretmanager.versions.destroy"
+    "redis.instances.get",
+    "redis.instances.create",
+    "redis.operations.get",
+    "redis.instances.update",
+    "redis.instances.delete"
   ]
 }