-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathoutput.tf
110 lines (105 loc) · 3.54 KB
/
output.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
output "private_key" {
value = var.create_service_account ? base64decode(google_service_account_key.castai_key[0].private_key) : ""
sensitive = true
depends_on = [
# Wait for binding and custom role creation
# so Service Account will have proper permissions level
google_project_iam_member.project,
google_project_iam_member.scoped_project,
google_project_iam_custom_role.castai_role
]
}
output "service_account_id" {
value = var.create_service_account ? google_service_account.castai_service_account[0].account_id : ""
}
output "service_account_email" {
value = var.create_service_account ? google_service_account.castai_service_account[0].email : ""
}
output "default_compute_manager_permissions" {
value = [
"container.clusters.get",
"container.clusters.update",
"container.certificateSigningRequests.approve",
"compute.instances.get",
"compute.instances.list",
"compute.instances.create",
"compute.instances.start",
"compute.instances.stop",
"compute.instances.delete",
"compute.instances.setLabels",
"compute.instances.setServiceAccount",
"compute.instances.setMetadata",
"compute.instances.setTags",
"compute.instanceGroupManagers.get",
"compute.instanceGroupManagers.update",
"compute.instanceGroups.get",
"compute.networks.use",
"compute.networks.useExternalIp",
"compute.subnetworks.get",
"compute.subnetworks.use",
"compute.subnetworks.useExternalIp",
"compute.addresses.use",
"compute.disks.use",
"compute.disks.create",
"compute.disks.setLabels",
"compute.images.get",
"compute.images.useReadOnly",
"compute.instanceTemplates.get",
"compute.instanceTemplates.list",
"compute.instanceTemplates.create",
"compute.instanceTemplates.delete",
"compute.regionOperations.get",
"compute.zoneOperations.get",
"compute.zones.list",
"compute.zones.get",
"serviceusage.services.list",
"resourcemanager.projects.getIamPolicy",
"compute.targetPools.get",
"compute.targetPools.addInstance",
"compute.targetPools.removeInstance",
"compute.instances.use"]
}
output "default_castai_role_permissions" {
value = [
"container.clusters.get",
"container.clusters.update",
"container.certificateSigningRequests.approve",
"compute.instances.get",
"compute.instances.list",
"compute.instances.create",
"compute.instances.start",
"compute.instances.stop",
"compute.instances.delete",
"compute.instances.setLabels",
"compute.instances.setServiceAccount",
"compute.instances.setMetadata",
"compute.instances.setTags",
"compute.instanceGroupManagers.get",
"compute.instanceGroupManagers.update",
"compute.instanceGroups.get",
"compute.networks.use",
"compute.networks.useExternalIp",
"compute.subnetworks.get",
"compute.subnetworks.use",
"compute.subnetworks.useExternalIp",
"compute.addresses.use",
"compute.disks.use",
"compute.disks.create",
"compute.disks.setLabels",
"compute.images.get",
"compute.images.useReadOnly",
"compute.instanceTemplates.get",
"compute.instanceTemplates.list",
"compute.instanceTemplates.create",
"compute.instanceTemplates.delete",
"compute.regionOperations.get",
"compute.zoneOperations.get",
"compute.zones.list",
"compute.zones.get",
"serviceusage.services.list",
"resourcemanager.projects.getIamPolicy",
"compute.targetPools.get",
"compute.targetPools.addInstance",
"compute.targetPools.removeInstance",
"compute.instances.use"]
}