Add or update identity group

Fixes #148
osinfra-io · Sep 20, 2023 · 420de3d · 420de3d
1 parent 66aaff3
commit 420de3d
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 16 deletions.
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -18,7 +18,6 @@ jobs:
   global_infra:
     name: "Global"
     uses: osinfra-io/github-terraform-called-workflows/.github/workflows/[email protected]
-    if: github.actor != 'osinfra-sa'
     with:
       checkout_ref: ${{ github.ref }}
       environment: production

diff --git a/global/infra/README.md b/global/infra/README.md
@@ -9,7 +9,7 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 4.82.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 4.83.0 |
 
 ## Modules
 

diff --git a/global/infra/tfvars/production.tfvars b/global/infra/tfvars/production.tfvars
@@ -217,9 +217,22 @@ folder_iam_policies = {
       },
       {
         members = [
+          "group:[email protected]",
           "serviceAccount:plt-lz-testing-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com"
         ]
         role = "roles/resourcemanager.projectCreator"
+      },
+      {
+        members = [
+          "group:[email protected]"
+        ]
+        role = "roles/resourcemanager.projectDeleter"
+      },
+      {
+        members = [
+          "group:[email protected]"
+        ]
+        role = "roles/resourcemanager.projectOwner"
       }
     ]
   }
@@ -390,7 +403,7 @@ identity_groups = {
     description  = "Billing users are able to attach billing accounts to projects"
     display_name = "Billing Users"
     managers     = []
-    members      = []
+    members      = ["[email protected]"]
     owners       = ["[email protected]"]
     roles = [
       "roles/billing.costsManager",
@@ -399,6 +412,24 @@ identity_groups = {
     ]
   }
 
+  github-sa = {
+    description  = "Email enabled group for the GitHub Service Account"
+    display_name = "GitHub Service Account"
+    managers     = []
+    members      = []
+    owners       = ["[email protected]"]
+    roles        = []
+  }
+
+  help = {
+    description  = "Email enabled group for contacting help"
+    display_name = "Help"
+    managers     = []
+    members      = []
+    owners       = ["[email protected]"]
+    roles        = []
+  }
+
   organization-admins = {
     description  = "Organization administrators have access to administer all resources belonging to the organization"
     display_name = "Organization Administrators"
@@ -421,22 +452,13 @@ identity_groups = {
     ]
   }
 
-  github-sa = {
-    description  = "Email enabled group for the GitHub Service Account"
-    display_name = "GitHub Service Account"
-    managers     = []
-    members      = []
-    owners       = ["[email protected]"]
-    roles        = []
-  }
-
-  help = {
-    description  = "Email enabled group for contacting help"
-    display_name = "Help"
+  platform-contributors = {
+    description  = "Platform contributors are able to contribute to the platform"
+    display_name = "Platform Contributors"
     managers     = []
     members      = []
     owners       = ["[email protected]"]
-    roles        = []
+    roles        = ["roles/viewer"]
   }
 
   security = {