Skip to content

Commit 148e902

Browse files
roger2hkroger2hk
committed
Support conformance env lifecycle in GCP CI Cloud Build
1 parent 852cbf3 commit 148e902

File tree

5 files changed

+14
-21
lines changed

5 files changed

+14
-21
lines changed

deployment/live/gcp/cloudbuild/README.md

Lines changed: 8 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@ is responsible for:
77

88
1. Building the `cmd/gcp` and `cmd/gcp/ci` docker images from the `main` branch,
99
1. Deploying the `cmd/gcp/ci` image to Cloud Run,
10-
1. TODO: Creating a fresh conformance testing environment,
11-
1. TODO: Running the conformance test against the newly build conformance docker image,
12-
1. TODO: Turning-down the conformance testing environment.
10+
1. Creating a fresh conformance testing environment,
11+
1. Running the conformance test against the newly build conformance docker image,
12+
1. Turning-down the conformance testing environment.
1313

1414
## Initial setup
1515

@@ -25,20 +25,10 @@ and the GitHub repository.
2525

2626
## Externally managed IAM
2727

28-
In case your GCP organization manages the IAM externally, execute the following commands to import the IAM member resources.
29-
30-
Example:
28+
In case your GCP organization manages the IAM externally, execute the following command before executing `terragrunt apply`.
3129

3230
```sh
33-
terragrunt import google_project_iam_member.logging_log_writer "static-ct roles/logging.logWriter serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
34-
terragrunt import google_project_iam_member.service_usage_viewer "static-ct roles/serviceusage.serviceUsageViewer serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
35-
terragrunt import google_project_iam_member.storage_admin "static-ct roles/storage.admin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
36-
terragrunt import google_project_iam_member.spanner_admin "static-ct roles/spanner.admin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
37-
terragrunt import google_project_iam_member.secretmanager_admin "static-ct roles/secretmanager.admin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
38-
terragrunt import google_project_iam_member.iam_service_account_open_id_token_creator "static-ct roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
39-
terragrunt import google_project_iam_member.iam_service_account_viewer "static-ct roles/iam.serviceAccountViewer serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
40-
terragrunt import google_project_iam_member.iam_service_account_admin "static-ct roles/iam.serviceAccountAdmin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
41-
terragrunt import google_project_iam_member.resourcemanager_project_iam_admin "static-ct roles/resourcemanager.projectIamAdmin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
42-
terragrunt import google_project_iam_member.run_admin "static-ct roles/run.admin serviceAccount:cloudbuild-prod
43-
-sa@static-ct.iam.gserviceaccount.com"
44-
```
31+
export SKIP_IAM=true
32+
```
33+
34+
Note that the `SKIP_IAM` value in Cloud Build is propagated to the conformance testing environment.

deployment/modules/gcp/cloudbuild/main.tf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,7 @@ resource "google_cloudbuild_trigger" "build_trigger" {
6969
dir = "deployment/live/gcp/ci"
7070
env = [
7171
"GOOGLE_PROJECT=${var.project_id}",
72+
"SKIP_IAM=${var.skip_iam}",
7273
"TF_IN_AUTOMATION=1",
7374
"TF_INPUT=false",
7475
"TF_VAR_project_id=${var.project_id}"
@@ -128,6 +129,7 @@ resource "google_cloudbuild_trigger" "build_trigger" {
128129
dir = "deployment/live/gcp/ci"
129130
env = [
130131
"GOOGLE_PROJECT=${var.project_id}",
132+
"SKIP_IAM=${var.skip_iam}",
131133
"TF_IN_AUTOMATION=1",
132134
"TF_INPUT=false",
133135
"TF_VAR_project_id=${var.project_id}"
@@ -171,6 +173,7 @@ resource "google_cloudbuild_trigger" "build_trigger" {
171173
dir = "deployment/live/gcp/ci"
172174
env = [
173175
"GOOGLE_PROJECT=${var.project_id}",
176+
"SKIP_IAM=${var.skip_iam}",
174177
"TF_IN_AUTOMATION=1",
175178
"TF_INPUT=false",
176179
"TF_VAR_project_id=${var.project_id}"

deployment/modules/gcp/cloudbuild/variables.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,6 @@ variable "github_owner" {
2424
}
2525

2626
variable "skip_iam" {
27-
description = "Skip for IAM externally managed GCP projects"
27+
description = "Skip for GCP projects with externally managed IAM"
2828
type = bool
2929
}

deployment/modules/gcp/cloudrun/variables.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,6 @@ variable "signer_private_key_secret_name" {
5454
}
5555

5656
variable "skip_iam" {
57-
description = "Skip for IAM externally managed GCP projects"
57+
description = "Skip for GCP projects with externally managed IAM"
5858
type = bool
5959
}

deployment/modules/gcp/conformance/variables.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,6 @@ variable "server_docker_image" {
2929
}
3030

3131
variable "skip_iam" {
32-
description = "Skip for IAM externally managed GCP projects"
32+
description = "Skip for GCP projects with externally managed IAM"
3333
type = bool
3434
}

0 commit comments

Comments
 (0)