Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use gcp for IAM instead of google-native #366

Merged
merged 5 commits into from
Apr 19, 2024
Merged

fix: use gcp for IAM instead of google-native #366

merged 5 commits into from
Apr 19, 2024

Conversation

braaar
Copy link
Member

@braaar braaar commented Apr 18, 2024
edited

fixes #311

There is a bug in the google-native provider related to IAM such that drift detection gets screwed up

@braaar braaar requested a review from a team as a code owner April 18, 2024 08:39
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 19, 2024
edited

🍹 preview on branches-main/branches/branches-main/main

Pulumi report 
Previewing update (branches/main)

View Live: https://app.pulumi.com/branches/branches-main/main/previews/40fccb09-618b-48a4-89c4-ca97639d39b8

@ Previewing update.............

@ Previewing update........
pulumi:pulumi:Stack branches-main-main running 
@ Previewing update...........
pulumi:providers:gcp google-null-provider  
pulumi:providers:github getbranches  
gcp:organizations:Project main-project  
@ Previewing update....
pulumi:providers:google-native google-native-main-provider  
pulumi:providers:gcp google-main-provider  
google-native:container/v1:Cluster core-cluster  
+  gcp:projects:IAMBinding cluster-developers-cluster-access create 
gcp:serviceAccount:Account branches-slack-logger  
gcp:projects:Service branches-core-cloudresourcemanager.googleapis.com  
+  gcp:projects:IAMBinding caller-cluster-access create 
bjerkio:github:github-with-docker-service abax-vwfs  
+  gcp:projects:IAMBinding main-project-iam-binding create 
gcp:projects:Service branches-core-cloudprofiler.googleapis.com  
gcp:projects:Service branches-core-eventarc.googleapis.com  
gcp:projects:Service branches-core-run.googleapis.com  
gcp:projects:Service branches-core-dns.googleapis.com  
gcp:iam:WorkloadIdentityPool main-github  
gcp:projects:Service branches-core-sqladmin.googleapis.com  
gcp:projects:Service branches-core-cloudbuild.googleapis.com  
gcp:projects:Service branches-core-cloudtrace.googleapis.com  
gcp:projects:Service branches-core-cloudfunctions.googleapis.com  
gcp:projects:Service branches-core-iam.googleapis.com  
gcp:projects:Service branches-core-container.googleapis.com  
gcp:projects:Service branches-core-artifactregistry.googleapis.com  
gcp:projects:Service branches-core-cloudkms.googleapis.com  
bjerkio:github:github-with-docker-service abax-minuba  
gcp:storage:Bucket postgres-backup  
gcp:projects:Service branches-core-clouderrorreporting.googleapis.com  
gcp:serviceAccount:Account postgres-backup  
gcp:projects:Service branches-core-iamcredentials.googleapis.com  
gcp:projects:Service branches-core-cloudbilling.googleapis.com  
gcp:projects:Service branches-core-logging.googleapis.com  
gcp:projects:Service branches-core-compute.googleapis.com  
gcp:projects:Service branches-core-servicemanagement.googleapis.com  
bjerkio:github:github-with-docker-service tripletex-project-reporter  
bjerkio:github:github-with-docker-service abax-procore  
gcp:projects:Service branches-core-stackdriver.googleapis.com  
gcp:pubsub:Topic branches-slack-logger  
gcp:projects:Service branches-core-monitoring.googleapis.com  
@ Previewing update....    gcp:projects:Service branches-core-servicecontrol.googleapis.com  

gcp:cloudrunv2:Service branches-slack-logger  
gcp:projects:IAMMember branches-slack-logger  
gcp:serviceAccount:Account abax-vwfs  
github:index:ActionsSecret abax-vwfs-google-projects  
gcp:iam:WorkloadIdentityPoolProvider main-github  
gcp:serviceAccount:Account abax-minuba  
github:index:ActionsSecret abax-minuba-google-projects  
gcp:serviceAccount:IAMMember postgres-backup  
gcp:storage:BucketIAMMember postgres-backup  [diff: ~bucket]
gcp:serviceAccount:Account tripletex-project-reporter  
github:index:ActionsSecret tripletex-project-reporter-google-projects  
gcp:serviceAccount:Account abax-procore  
github:index:ActionsSecret abax-procore-google-projects  
gcp:logging:ProjectSink branches-slack-logger  
gcp:artifactregistry:Repository artifact-registry  
pulumi:providers:kubernetes k8s-provider  
gcp:cloudrunv2:ServiceIamMember branches-slack-logger  [diff: ~name]
gcp:eventarc:Trigger branches-slack-logger  
gcp:serviceAccount:IAMMember iam-infra-token-abax-vwfs  
gcp:serviceAccount:IAMMember iam-workload-abax-vwfs  
gcp:projects:IAMMember abax-vwfs  
github:index:ActionsSecret abax-vwfs-service-account  
github:index:ActionsSecret abax-procore-identity-provider  
github:index:ActionsSecret abax-vwfs-identity-provider  
github:index:ActionsSecret abax-minuba-identity-provider  
github:index:ActionsSecret tripletex-project-reporter-identity-provider  
gcp:projects:IAMMember abax-minuba  
github:index:ActionsSecret abax-minuba-service-account  
gcp:serviceAccount:IAMMember iam-workload-abax-minuba  
gcp:serviceAccount:IAMMember iam-infra-token-abax-minuba  
gcp:serviceAccount:IAMMember iam-workload-tripletex-project-reporter  
gcp:serviceAccount:IAMMember iam-infra-token-tripletex-project-reporter  
gcp:projects:IAMMember tripletex-project-reporter  
github:index:ActionsSecret tripletex-project-reporter-service-account  
gcp:serviceAccount:IAMMember iam-infra-token-abax-procore  
gcp:projects:IAMMember abax-procore  
gcp:serviceAccount:IAMMember iam-workload-abax-procore  
github:index:ActionsSecret abax-procore-service-account  
gcp:pubsub:TopicIAMMember branches-slack-logger  [diff: ~topic]
gcp:artifactregistry:RepositoryIamMember abax-procore  
github:index:ActionsSecret abax-minuba-container-repository  
gcp:artifactregistry:RepositoryIamMember abax-minuba  
github:index:ActionsSecret abax-vwfs-container-repository  
github:index:ActionsSecret tripletex-project-reporter-container-repository  
github:index:ActionsSecret abax-procore-container-repository  
gcp:artifactregistry:RepositoryIamMember tripletex-project-reporter  
gcp:artifactregistry:RepositoryIamMember abax-vwfs  
@ Previewing update..........
kubernetes:acid.zalan.do/v1:postgresql unleash  
kubernetes:core/v1:ServiceAccount postgres-backup  
branches:k8s:standard-database abax-minuba  
branches:k8s:standard-deployment abax-procore  
branches:k8s:standard-deployment abax-minuba-ui  
kubernetes:core/v1:Secret vaultwarden-yubico-secret  
branches:k8s:standard-database abax-vwfs  
branches:k8s:standard-deployment abax-vwfs  
kubernetes:acid.zalan.do/v1:postgresql vaultwarden  
kubernetes:helm.sh/v3:Chart postgres-operator  
kubernetes:core/v1:Namespace caddy-system  
kubernetes:helm.sh/v3:Chart caddy-ingress  
kubernetes:core/v1:Secret todoist-github-secrets  
kubernetes:core/v1:Secret vaultwarden-admin-token  
kubernetes:core/v1:Secret reports-tripletex-secrets  
kubernetes:apps/v1:Deployment unleash-deployment  
kubernetes:acid.zalan.do/v1:postgresql abax-minuba  
kubernetes:core/v1:Secret abax-minuba-ui  
kubernetes:core/v1:Secret abax-procore  
kubernetes:core/v1:Secret abax-vwfs  
kubernetes:acid.zalan.do/v1:postgresql abax-vwfs  
kubernetes:apps/v1:Deployment todoist-github-deployment  
kubernetes:apps/v1:Deployment vaultwarden-deployment  
kubernetes:apps/v1:Deployment tripletex-project-reporter-deployment  
kubernetes:core/v1:Service unleash-service  
kubernetes:apps/v1:Deployment abax-minuba-ui  
kubernetes:apps/v1:Deployment abax-procore  
kubernetes:apps/v1:Deployment abax-vwfs  
kubernetes:core/v1:Service todoist-github-service  
kubernetes:core/v1:Service vaultwarden-service  
kubernetes:networking.k8s.io/v1:Ingress unleash-ingress  
kubernetes:core/v1:Service tripletex-project-reporter-service  
kubernetes:core/v1:Service abax-minuba-ui  
kubernetes:batch/v1:CronJob abax-minuba-cronjob  
kubernetes:core/v1:Service abax-procore  
kubernetes:batch/v1:CronJob abax-procore-cronjob  
kubernetes:core/v1:Service abax-vwfs  
kubernetes:networking.k8s.io/v1:Ingress todoist-github-ingress  
kubernetes:networking.k8s.io/v1:Ingress vaultwarden-ingress  
kubernetes:networking.k8s.io/v1:Ingress tripletex-project-reporter-ingress  
kubernetes:networking.k8s.io/v1:Ingress abax-minuba-ui  
kubernetes:networking.k8s.io/v1:Ingress abax-procore  
kubernetes:networking.k8s.io/v1:Ingress abax-vwfs  
@ Previewing update....
kubernetes:policy/v1:PodDisruptionBudget caddy-system/caddy-ingress-caddy-ingress-controller  
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole caddy-system/caddy-ingress-controller-role  [diff: ~metadata]
kubernetes:core/v1:ConfigMap caddy-system/caddy-ingress-controller-configmap  
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding caddy-system/caddy-ingress-controller-role-binding  [diff: ~metadata]
kubernetes:apps/v1:Deployment caddy-system/caddy-ingress-caddy-ingress-controller  
kubernetes:core/v1:ServiceAccount caddy-system/caddy-ingress-controller  
kubernetes:core/v1:Service caddy-system/caddy-ingress-caddy-ingress-controller  
kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition postgresteams.acid.zalan.do  
kubernetes:core/v1:Service default/postgres-operator  
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding postgres-operator  
kubernetes:core/v1:ServiceAccount default/postgres-operator  
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole postgres-backup  
kubernetes:acid.zalan.do/v1:OperatorConfiguration default/postgres-operator  
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole postgres-operator  
kubernetes:apps/v1:Deployment default/postgres-operator  
~  kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition operatorconfigurations.acid.zalan.do update [diff: ~spec]
kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition postgresqls.acid.zalan.do  
@ Previewing update....
-  google-native:cloudresourcemanager/v3:ProjectIamMember main-project-iam-member delete 
-  google-native:cloudresourcemanager/v3:ProjectIamMember group:developers@bjerk.io-cluster-access delete 
-  google-native:cloudresourcemanager/v3:ProjectIamMember caller-cluster-access delete 
pulumi:pulumi:Stack branches-main-main  
Resources:
+ 3 to create
~ 1 to update
- 3 to delete
7 changes. 144 unchanged

@braaar braaar requested a review from simenandre April 19, 2024 05:28
@braaar braaar mentioned this pull request Apr 19, 2024
Open
@braaar braaar merged commit 61978d0 into main Apr 19, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simenandre simenandre Awaiting requested review from simenandre

Assignees

@braaar braaar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Drift check is failing due to IamMembers
1 participant
@braaar