-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
24a2e38
commit d2bd2a6
Showing
19 changed files
with
273 additions
and
75 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
package pike | ||
|
||
import ( | ||
_ "embed" // required for embed | ||
) | ||
|
||
//go:embed mapping/gcp/resource/google_compute_instance.json | ||
var googleComputeInstance []byte |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package pike | ||
|
||
import "log" | ||
|
||
// GetGCPDataPermissions gets permissions required for datasources | ||
func GetGCPDataPermissions(result ResourceV2) []string { | ||
|
||
TFLookup := map[string]interface{}{} | ||
|
||
var Permissions []string | ||
|
||
temp := TFLookup[result.Name] | ||
if temp != nil { | ||
Permissions = GetPermissionMap(TFLookup[result.Name].([]byte), result.Attributes) | ||
} else { | ||
log.Printf("data.%s not implemented", result.Name) | ||
} | ||
|
||
return Permissions | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package pike | ||
|
||
import ( | ||
"bytes" | ||
_ "embed" //required for embed | ||
"strings" | ||
"text/template" | ||
) | ||
|
||
//go:embed terraform.gcppolicy.template | ||
var policyGCPTemplate []byte | ||
|
||
// GCPPolicy create an IAM policy | ||
func GCPPolicy(permissions []string) (string, error) { | ||
test := strings.Join(permissions, "\", \n\t \"") | ||
|
||
type GCPPolicyDetails struct { | ||
Name string | ||
Project string | ||
RoleID string | ||
Permissions string | ||
} | ||
|
||
PolicyName := "terraform" + randSeq(8) | ||
theDetails := GCPPolicyDetails{PolicyName, "examplea", "terraform_pike", test} | ||
|
||
var output bytes.Buffer | ||
tmpl, err := template.New("test").Parse(string(policyGCPTemplate)) | ||
if err != nil { | ||
panic(err) | ||
} | ||
|
||
err = tmpl.Execute(&output, theDetails) | ||
|
||
if err != nil { | ||
panic(err) | ||
} | ||
return output.String(), nil | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
[ | ||
{ | ||
"apply": [ | ||
"compute.zones.get", | ||
"compute.instances.create", | ||
"compute.instances.get", | ||
"compute.disks.create", | ||
"compute.disks.create", | ||
"compute.subnetworks.use", | ||
"compute.subnetworks.useExternalIp", | ||
"compute.instances.setMetadata", | ||
"compute.instances.delete" | ||
], | ||
"attributes": { | ||
"tags": [ | ||
"compute.instances.setTags" | ||
] | ||
}, | ||
"destroy": [ | ||
"compute.instances.delete" | ||
], | ||
"modify": [], | ||
"plan": [] | ||
} | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
resource "google_project_iam_custom_role" "{{.Name}}" { | ||
project = "{{.Project}}" | ||
role_id = "{{.RoleID}}" | ||
title = "{{.Name}}" | ||
description = "A user with least privileges" | ||
permissions= [ | ||
"{{ .Permissions }}" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
clean: | ||
-rm -fr .terraform | ||
-rm .terraform.lock.hcl | ||
-rm terraform.tfstate | ||
-rm terraform.tfstate.backup | ||
apply: init | ||
terraform apply -auto-approve | ||
|
||
plan: init | ||
terraform plan | ||
|
||
destroy: init | ||
terraform destroy -auto-approve | ||
|
||
init: | ||
terraform init | ||
|
||
role: FORCE | ||
terraform -chdir=./role apply -auto-approve | ||
|
||
FORCE: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
resource "google_compute_instance" "default" { | ||
name = "test" | ||
machine_type = "e2-micro" | ||
zone = "europe-west2-a" | ||
|
||
|
||
|
||
boot_disk { | ||
initialize_params { | ||
image = "debian-cloud/debian-11" | ||
} | ||
} | ||
|
||
// Local SSD disk | ||
# scratch_disk { | ||
# interface = "SCSI" | ||
# } | ||
|
||
network_interface { | ||
network = "default" | ||
|
||
access_config { | ||
// Ephemeral public IP | ||
} | ||
} | ||
|
||
metadata = { | ||
foo = "bar" | ||
} | ||
|
||
metadata_startup_script = "echo hi > /test.txt" | ||
|
||
# service_account { | ||
# # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles. | ||
# email = google_service_account.default.email | ||
# scopes = ["cloud-platform"] | ||
# } | ||
|
||
tags = ["foo", "bar"] | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
provider "google" { | ||
project = "examplea" | ||
region = "europe-west2" | ||
zone = "europe-west2-a" | ||
credentials = "/Users/jameswoolfenden/examplea-pike.json" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
resource "google_project_iam_binding" "pike" { | ||
project = "examplea" | ||
role = google_project_iam_custom_role.pike.id | ||
|
||
members = [ | ||
"serviceAccount:${google_service_account.pike.email}", | ||
] | ||
} |
Oops, something went wrong.