Commit da8eb39c authored by Craig Furman's avatar Craig Furman

Give a sandbox project access to staging bootstrap

parent a853d538
......@@ -1704,17 +1704,15 @@ module "gitlab_object_storage" {
environment = "${var.environment}"
service_account_email = "${var.service_account_email}"
gcs_service_account_email = "${var.gcs_service_account_email}"
testing_service_account_emails = "${var.testing_service_account_emails}"
gcs_storage_analytics_group_email = "${var.gcs_storage_analytics_group_email}"
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/storage-buckets.git?ref=v1.2.0"
source = "git::ssh://git@ops.gitlab.net/gitlab-com/gl-infra/terraform-modules/google/storage-buckets.git?ref=v1.3.0"
}
resource "google_kms_key_ring_iam_binding" "bootstrap" {
key_ring_id = "${var.project}/global/gitlab-${var.environment}-bootstrap"
role = "roles/cloudkms.cryptoKeyDecrypter"
members = [
"serviceAccount:${var.service_account_email}",
]
members = "${concat(list("serviceAccount:${var.service_account_email}"), var.testing_service_account_emails)}"
}
resource "google_kms_key_ring_iam_binding" "secrets" {
......
......@@ -486,6 +486,13 @@ variable "service_account_email" {
default = "terraform@gitlab-production.iam.gserviceaccount.com"
}
# Set this in gstg, not gprd
variable "testing_service_account_emails" {
type = "list"
description = "for chef bootstrapping instances in sandbox GCP projects"
default = []
}
variable "gcs_service_account_email" {
type = "string"
default = "gitlab-object-storage-prd@gitlab-production.iam.gserviceaccount.com"
......
......@@ -479,6 +479,12 @@ variable "service_account_email" {
default = "terraform@gitlab-staging-1.iam.gserviceaccount.com"
}
variable "testing_service_account_emails" {
type = "list"
description = "for chef bootstrapping instances in sandbox GCP projects"
default = ["chef-bootstrap@gl-zfs-storage-sandbox.iam.gserviceaccount.com"]
}
variable "gcs_service_account_email" {
type = "string"
default = "gitlab-object-storage@gitlab-staging-1.iam.gserviceaccount.com"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment