Add config for Compute Engine

GoogleCloudPlatform · Jul 29, 2023 · 012a9b2 · 012a9b2
1 parent dd98af0
commit 012a9b2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 5 deletions.
diff --git a/modules/project/README.md b/modules/project/README.md
@@ -272,14 +272,15 @@ module "host-project" {
 module "service-project" {
   source = "./fabric/modules/project"
   name   = "my-service-project"
+  services = [
+    "container.googleapis.com",
+  ]
   shared_vpc_service_config = {
-    host_project = module.host-project.project_id
-    service_iam_grants = [
-      "container.googleapis.com",
-    ]
+    host_project       = module.host-project.project_id
+    service_iam_grants = module.service-project.services
   }
 }
-# tftest modules=2 resources=8 inventory=shared-vpc-auto-grants.yaml
+# tftest modules=2 resources=9 inventory=shared-vpc-auto-grants.yaml
 ```
 
 ## Organization Policies

diff --git a/modules/project/sharedvpc-agent-iam.yaml b/modules/project/sharedvpc-agent-iam.yaml
@@ -20,6 +20,13 @@
       - roles/compute.networkUser
       - roles/composer.sharedVpcAgent
 
+# Compute Engine
+# TODO: identify docs
+- service: compute.googleapis.com
+  agents:
+    cloudservices:
+      - roles/compute.networkUser
+
 # Google Kubernetes Engine
 # https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc#enabling_and_granting_roles
 - service: container.googleapis.com