Add config for Compute Engine

GoogleCloudPlatform · Jul 29, 2023 · ba2da80 · ba2da80
1 parent dd98af0
commit ba2da80
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/modules/project/README.md b/modules/project/README.md
@@ -272,14 +272,15 @@ module "host-project" {
 module "service-project" {
   source = "./fabric/modules/project"
   name   = "my-service-project"
+  services = [
+    "container.googleapis.com",
+  ]
   shared_vpc_service_config = {
     host_project = module.host-project.project_id
-    service_iam_grants = [
-      "container.googleapis.com",
-    ]
+    service_iam_grants = module.service-project.services
   }
 }
-# tftest modules=2 resources=8 inventory=shared-vpc-auto-grants.yaml
+# tftest modules=2 resources=9 inventory=shared-vpc-auto-grants.yaml
 ```
 
 ## Organization Policies

diff --git a/modules/project/sharedvpc-agent-iam.yaml b/modules/project/sharedvpc-agent-iam.yaml
@@ -20,6 +20,13 @@
       - roles/compute.networkUser
       - roles/composer.sharedVpcAgent
 
+# Compute Engine
+# TODO: identify docs
+- service: compute.googleapis.com
+  agents:
+    cloudservices:
+      - roles/compute.networkUser
+
 # Google Kubernetes Engine
 # https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc#enabling_and_granting_roles
 - service: container.googleapis.com