-
Notifications
You must be signed in to change notification settings - Fork 533
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added the grant_services_network_role flag to control network IAM #618
feat: added the grant_services_network_role flag to control network IAM #618
Conversation
Thanks for the PR! 🚀 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with small nit
Co-authored-by: Bharath KKB <bharathkrishnakb@gmail.com>
I will update the PR with the changes in the description for various modules and updated docs. |
@kaariger / @bharathkkb ========================= on main.tf line 16, in module "project-factory": An argument named "grant_services_network_role" is not expected here. ========================= Below is the code: module "project-factory" { |
Hi @sandy-0007 it should be available in our next release. I did notice a bug which I have opened a PR to fix. Once that is merged you can temporarily try pulling from the main branch to validate if the flag is working as expected and switch to a pinned version after release. |
Can I know when is the next release planned for? And thanks for fixing the bug. Once the PR #619 is merged, could you please share me the details on how I can use this branch to test my terraform code locally. |
You can use the main branch of the repo like shown below to test it. #620 can be tracked for release which we can cut after validation. We generally cut a release ~ 2 weeks but in this case we can do it sooner due to bugfix in #619. module "project-factory" {
source = "github.com/terraform-google-modules/terraform-google-project-factory"
name = "pf-test-1"
random_project_id = true
...
} |
Looks like the code from #619 is working. I have tested "grant_services_network_role", its working as desired. Now I could see the below changes. Why is it trying to remove the installed API's?
|
Below is the code used for this testing...
|
@bharathkkb Since the code #619 is working as desired, you can move forward with merging it to the master. Also it has not removed any API's. So we are good here to move on with merging this. |
@bharathkkb, Can #620 be merged? as I'm convinced with the functionality of #619. |
Added a new flag (grant_services_network_role) to control whether service project service accounts are granted the roles/compute.networkUser on the shared VPC host project. The default value for this flag is true for backwards compatibility.
fixes #603