storage

JamesWoolfenden · Nov 21, 2023 · 37b942f · 37b942f
1 parent 90fd72b
commit 37b942f
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 22 deletions.
diff --git a/src/coverage/google.md b/src/coverage/google.md
@@ -681,18 +681,6 @@ Datasource percentage coverage 29.96
 ./resource.ps1 google_spanner_instance_iam_policy
 ./resource.ps1 google_sql_source_representation_instance
 ./resource.ps1 google_sql_ssl_cert
-./resource.ps1 google_storage_bucket_access_control
-./resource.ps1 google_storage_bucket_iam_member
-./resource.ps1 google_storage_bucket_iam_policy
-./resource.ps1 google_storage_default_object_access_control
-./resource.ps1 google_storage_default_object_acl
-./resource.ps1 google_storage_hmac_key
-./resource.ps1 google_storage_insights_report_config
-./resource.ps1 google_storage_notification
-./resource.ps1 google_storage_object_access_control
-./resource.ps1 google_storage_object_acl
-./resource.ps1 google_storage_transfer_agent_pool
-./resource.ps1 google_storage_transfer_job
 ./resource.ps1 google_tags_location_tag_binding
 ./resource.ps1 google_tags_tag_binding
 ./resource.ps1 google_tags_tag_key

diff --git a/src/files_gcp.go b/src/files_gcp.go
@@ -189,3 +189,27 @@ var googleCloudRunV2Job []byte
 
 //go:embed mapping/google/resource/cloudscheduler/google_cloud_scheduler_job.json
 var googleCloudSchedulerJob []byte
+
+//go:embed mapping/google/resource/storage/google_storage_bucket_access_control.json
+var googleStorageBucketAccessControl []byte
+
+//go:embed mapping/google/resource/storage/google_storage_bucket_iam_member.json
+var googleStorageBucketIamMember []byte
+
+//go:embed mapping/google/resource/storage/google_storage_bucket_iam_policy.json
+var googleStorageBucketIamPolicy []byte
+
+//go:embed mapping/google/resource/storage/google_storage_default_object_access_control.json
+var googleStorageDefaultObjectAccessControl []byte
+
+//go:embed mapping/google/resource/storage/google_storage_default_object_acl.json
+var googleStorageDefaultObjectAcl []byte
+
+//go:embed mapping/google/resource/storage/google_storage_hmac_key.json
+var googleStorageHmacKey []byte
+
+//go:embed mapping/google/resource/storage/google_storage_insights_report_config.json
+var googleStorageInsightsReportConfig []byte
+
+//go:embed mapping/google/resource/storage/google_storage_object_access_control.json
+var googleStorageObjectAccessControl []byte
diff --git a/src/gcp.go b/src/gcp.go
@@ -121,6 +121,14 @@ func GCPLookup(result string) interface{} {
 		"google_storage_bucket_acl":                       googleStorageBucketACL,
 		"google_storage_bucket_iam_binding":               googleStorageBucketIamBinding,
 		"google_storage_bucket_object":                    googleStorageBucketObject,
+		"google_storage_bucket_access_control":            googleStorageBucketAccessControl,
+		"google_storage_bucket_iam_member":                googleStorageBucketIamMember,
+		"google_storage_bucket_iam_policy":                googleStorageBucketIamPolicy,
+		"google_storage_default_object_access_control":    googleStorageDefaultObjectAccessControl,
+		"google_storage_default_object_acl":               googleStorageDefaultObjectAcl,
+		"google_storage_hmac_key":                         googleStorageHmacKey,
+		"google_storage_insights_report_config":           googleStorageInsightsReportConfig,
+		"google_storage_object_access_control":            googleStorageObjectAccessControl,
 	}
 
 	return TFLookup[result]

diff --git a/terraform/google/role/google_project_iam_custom_role.tf b/terraform/google/role/google_project_iam_custom_role.tf
@@ -4,15 +4,25 @@ resource "google_project_iam_custom_role" "pike" {
   title       = "pike terraform user"
   description = "A user with least privileges"
   permissions = [
-    //google_alloydb_locations
-    "alloydb.locations.list",
-    //google_alloydb_supported_database_flags
-    "alloydb.supportedDatabaseFlags.list",
-    //google_beyondcorp_app_connection
-    "beyondcorp.appConnections.get",
-    //google_beyondcorp_app_connector
-    "beyondcorp.appConnectors.get",
-    //google_beyondcorp_app_gateway
-    "beyondcorp.appGateways.get"
+    //google_storage_bucket_access_control, google_storage_default_object_access_control,google_storage_default_object_acl
+    "storage.buckets.get",
+    "storage.buckets.update",
+    //google_storage_object_access_control
+    "storage.objects.update",
+    //google_storage_bucket_iam_member
+    "storage.buckets.getIamPolicy",
+    //google_storage_bucket_iam_policy
+    "storage.buckets.setIamPolicy",
+    //google_storage_object_access_control
+    "storage.objects.get",
+    "storage.objects.getIamPolicy",
+    "storage.objects.setIamPolicy",
+    //google_storage_insights_report_config
+    "storageinsights.reportConfigs.create",
+    //google_storage_hmac_key
+    "storage.hmacKeys.create",
+    "storage.hmacKeys.get",
+    "storage.hmacKeys.update",
+    "storage.hmacKeys.delete"
   ]
 }