Add gke_operations service accounts to registry readers

osinfra-io · Sep 18, 2024 · 2cbbc13 · 2cbbc13
1 parent 7d329ef
commit 2cbbc13
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 7 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -11,7 +11,7 @@ repos:
       - id: check-symlinks
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.95.0
+    rev: v1.96.1
     hooks:
       - id: terraform_fmt
 
@@ -29,7 +29,7 @@ repos:
       - id: terraform_docs
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.2.253
+    rev: 3.2.255
     hooks:
       - id: checkov
         verbose: true

diff --git a/README.md b/README.md
@@ -87,8 +87,8 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.0.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.6.2 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.3.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.6.3 |
 
 ### Modules
 

diff --git a/regional/README.md b/regional/README.md
@@ -11,8 +11,8 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.0.1 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.6.2 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.3.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.6.3 |
 
 ## Modules
 
@@ -22,6 +22,7 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [google_cloud_identity_group_membership.registry_readers](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group_membership) | resource |
 | [google_container_cluster.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource |
 | [google_container_node_pool.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool) | resource |
 | [google_gke_hub_feature.multi_cluster_ingress](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature) | resource |

diff --git a/regional/main.tf b/regional/main.tf
@@ -13,6 +13,19 @@ data "google_project" "this" {
   project_id = var.project
 }
 
+# Identity Group Membership
+# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group_membership
+
+resource "google_cloud_identity_group_membership" "registry_readers" {
+  group = "${var.cluster_prefix}-registry-readers@osinfra.io"
+
+  preferred_member_key {
+    id = google_service_account.gke_operations.email
+  }
+
+  roles { name = "MEMBER" }
+}
+
 # Google Container Cluster Resource
 # https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster
 

diff --git a/regional/onboarding/README.md b/regional/onboarding/README.md
@@ -11,7 +11,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.0.1 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.3.0 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.32.0 |
 
 ## Modules