@@ -7,9 +7,9 @@ is responsible for:
7
7
8
8
1 . Building the ` cmd/gcp ` and ` cmd/gcp/ci ` docker images from the ` main ` branch,
9
9
1 . Deploying the ` cmd/gcp/ci ` image to Cloud Run,
10
- 1 . TODO: Creating a fresh conformance testing environment,
11
- 1 . TODO: Running the conformance test against the newly build conformance docker image,
12
- 1 . TODO: Turning-down the conformance testing environment.
10
+ 1 . Creating a fresh conformance testing environment,
11
+ 1 . Running the conformance test against the newly build conformance docker image,
12
+ 1 . Turning-down the conformance testing environment.
13
13
14
14
## Initial setup
15
15
@@ -25,20 +25,10 @@ and the GitHub repository.
25
25
26
26
## Externally managed IAM
27
27
28
- In case your GCP organization manages the IAM externally, execute the following commands to import the IAM member resources.
29
-
30
- Example:
28
+ In case your GCP organization manages the IAM externally, execute the following command before executing ` terragrunt apply ` .
31
29
32
30
``` sh
33
- terragrunt import google_project_iam_member.logging_log_writer " static-ct roles/logging.logWriter serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
34
- terragrunt import google_project_iam_member.service_usage_viewer " static-ct roles/serviceusage.serviceUsageViewer serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
35
- terragrunt import google_project_iam_member.storage_admin " static-ct roles/storage.admin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
36
- terragrunt import google_project_iam_member.spanner_admin " static-ct roles/spanner.admin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
37
- terragrunt import google_project_iam_member.secretmanager_admin " static-ct roles/secretmanager.admin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
38
- terragrunt import google_project_iam_member.iam_service_account_open_id_token_creator " static-ct roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
39
- terragrunt import google_project_iam_member.iam_service_account_viewer " static-ct roles/iam.serviceAccountViewer serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
40
- terragrunt import google_project_iam_member.iam_service_account_admin " static-ct roles/iam.serviceAccountAdmin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
41
- terragrunt import google_project_iam_member.resourcemanager_project_iam_admin " static-ct roles/resourcemanager.projectIamAdmin serviceAccount:cloudbuild-prod-sa@static-ct.iam.gserviceaccount.com"
42
- terragrunt import google_project_iam_member.run_admin " static-ct roles/run.admin serviceAccount:cloudbuild-prod
43
- -sa@static-ct.iam.gserviceaccount.com"
44
- ```
31
+ export SKIP_IAM=true
32
+ ```
33
+
34
+ Note that the ` SKIP_IAM ` value in Cloud Build is propagated to the conformance testing environment.
0 commit comments