Merge pull request #948 from GoogleCloudPlatform/jccb/fix-944

Use display_name instead of description for FAST service accounts
GoogleCloudPlatform · Nov 3, 2022 · 3160d61 · 3160d61
2 parents f912369 + dc81b26
commit 3160d61
Show file tree

Hide file tree

Showing 14 changed files with 109 additions and 109 deletions.
diff --git a/fast/stages/00-bootstrap/automation.tf b/fast/stages/00-bootstrap/automation.tf
@@ -111,11 +111,11 @@ module "automation-tf-bootstrap-gcs" {
 }
 
 module "automation-tf-bootstrap-sa" {
-  source      = "../../../modules/iam-service-account"
-  project_id  = module.automation-project.project_id
-  name        = "bootstrap-0"
-  description = "Terraform organization bootstrap service account."
-  prefix      = local.prefix
+  source       = "../../../modules/iam-service-account"
+  project_id   = module.automation-project.project_id
+  name         = "bootstrap-0"
+  display_name = "Terraform organization bootstrap service account."
+  prefix       = local.prefix
   # allow SA used by CI/CD workflow to impersonate this SA
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
@@ -144,11 +144,11 @@ module "automation-tf-cicd-gcs" {
 }
 
 module "automation-tf-cicd-provisioning-sa" {
-  source      = "../../../modules/iam-service-account"
-  project_id  = module.automation-project.project_id
-  name        = "cicd-0"
-  description = "Terraform stage 1 CICD service account."
-  prefix      = local.prefix
+  source       = "../../../modules/iam-service-account"
+  project_id   = module.automation-project.project_id
+  name         = "cicd-0"
+  display_name = "Terraform stage 1 CICD service account."
+  prefix       = local.prefix
   # allow SA used by CI/CD workflow to impersonate this SA
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
@@ -177,11 +177,11 @@ module "automation-tf-resman-gcs" {
 }
 
 module "automation-tf-resman-sa" {
-  source      = "../../../modules/iam-service-account"
-  project_id  = module.automation-project.project_id
-  name        = "resman-0"
-  description = "Terraform stage 1 resman service account."
-  prefix      = local.prefix
+  source       = "../../../modules/iam-service-account"
+  project_id   = module.automation-project.project_id
+  name         = "resman-0"
+  display_name = "Terraform stage 1 resman service account."
+  prefix       = local.prefix
   # allow SA used by CI/CD workflow to impersonate this SA
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([

diff --git a/fast/stages/00-bootstrap/cicd.tf b/fast/stages/00-bootstrap/cicd.tf
@@ -87,12 +87,12 @@ module "automation-tf-cicd-repo" {
 # SAs used by CI/CD workflows to impersonate automation SAs
 
 module "automation-tf-cicd-sa" {
-  source      = "../../../modules/iam-service-account"
-  for_each    = local.cicd_repositories
-  project_id  = module.automation-project.project_id
-  name        = "${each.key}-1"
-  description = "Terraform CI/CD ${each.key} service account."
-  prefix      = local.prefix
+  source       = "../../../modules/iam-service-account"
+  for_each     = local.cicd_repositories
+  project_id   = module.automation-project.project_id
+  name         = "${each.key}-1"
+  display_name = "Terraform CI/CD ${each.key} service account."
+  prefix       = local.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos

diff --git a/fast/stages/01-resman/branch-data-platform.tf b/fast/stages/01-resman/branch-data-platform.tf
@@ -77,12 +77,12 @@ module "branch-dp-prod-folder" {
 # automation service accounts and buckets
 
 module "branch-dp-dev-sa" {
-  source      = "../../../modules/iam-service-account"
-  count       = var.fast_features.data_platform ? 1 : 0
-  project_id  = var.automation.project_id
-  name        = "dev-resman-dp-0"
-  description = "Terraform data platform development service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  count        = var.fast_features.data_platform ? 1 : 0
+  project_id   = var.automation.project_id
+  name         = "dev-resman-dp-0"
+  display_name = "Terraform data platform development service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
       try(module.branch-dp-dev-sa-cicd.0.iam_email, null)
@@ -94,12 +94,12 @@ module "branch-dp-dev-sa" {
 }
 
 module "branch-dp-prod-sa" {
-  source      = "../../../modules/iam-service-account"
-  count       = var.fast_features.data_platform ? 1 : 0
-  project_id  = var.automation.project_id
-  name        = "prod-resman-dp-0"
-  description = "Terraform data platform production service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  count        = var.fast_features.data_platform ? 1 : 0
+  project_id   = var.automation.project_id
+  name         = "prod-resman-dp-0"
+  display_name = "Terraform data platform production service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
       try(module.branch-dp-prod-sa-cicd.0.iam_email, null)

diff --git a/fast/stages/01-resman/branch-gke.tf b/fast/stages/01-resman/branch-gke.tf
@@ -69,12 +69,12 @@ module "branch-gke-prod-folder" {
 }
 
 module "branch-gke-dev-sa" {
-  source      = "../../../modules/iam-service-account"
-  count       = var.fast_features.gke ? 1 : 0
-  project_id  = var.automation.project_id
-  name        = "dev-resman-gke-0"
-  description = "Terraform gke multitenant dev service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  count        = var.fast_features.gke ? 1 : 0
+  project_id   = var.automation.project_id
+  name         = "dev-resman-gke-0"
+  display_name = "Terraform gke multitenant dev service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = concat(
       ["group:${local.groups.gcp-devops}"],
@@ -89,12 +89,12 @@ module "branch-gke-dev-sa" {
 }
 
 module "branch-gke-prod-sa" {
-  source      = "../../../modules/iam-service-account"
-  count       = var.fast_features.gke ? 1 : 0
-  project_id  = var.automation.project_id
-  name        = "prod-resman-gke-0"
-  description = "Terraform gke multitenant prod service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  count        = var.fast_features.gke ? 1 : 0
+  project_id   = var.automation.project_id
+  name         = "prod-resman-gke-0"
+  display_name = "Terraform gke multitenant prod service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = concat(
       ["group:${local.groups.gcp-devops}"],

diff --git a/fast/stages/01-resman/branch-networking.tf b/fast/stages/01-resman/branch-networking.tf
@@ -86,11 +86,11 @@ module "branch-network-dev-folder" {
 # automation service account and bucket
 
 module "branch-network-sa" {
-  source      = "../../../modules/iam-service-account"
-  project_id  = var.automation.project_id
-  name        = "prod-resman-net-0"
-  description = "Terraform resman networking service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  project_id   = var.automation.project_id
+  name         = "prod-resman-net-0"
+  display_name = "Terraform resman networking service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
       try(module.branch-network-sa-cicd.0.iam_email, null)

diff --git a/fast/stages/01-resman/branch-project-factory.tf b/fast/stages/01-resman/branch-project-factory.tf
@@ -22,8 +22,8 @@ module "branch-pf-dev-sa" {
   project_id = var.automation.project_id
   name       = "dev-resman-pf-0"
   # naming: environment in description
-  description = "Terraform project factory development service account."
-  prefix      = var.prefix
+  display_name = "Terraform project factory development service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
       try(module.branch-pf-dev-sa-cicd.0.iam_email, null)
@@ -40,8 +40,8 @@ module "branch-pf-prod-sa" {
   project_id = var.automation.project_id
   name       = "prod-resman-pf-0"
   # naming: environment in description
-  description = "Terraform project factory production service account."
-  prefix      = var.prefix
+  display_name = "Terraform project factory production service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
       try(module.branch-pf-prod-sa-cicd.0.iam_email, null)

diff --git a/fast/stages/01-resman/branch-sandbox.tf b/fast/stages/01-resman/branch-sandbox.tf
@@ -68,10 +68,10 @@ moved {
 }
 
 module "branch-sandbox-sa" {
-  source      = "../../../modules/iam-service-account"
-  count       = var.fast_features.sandbox ? 1 : 0
-  project_id  = var.automation.project_id
-  name        = "dev-resman-sbox-0"
-  description = "Terraform resman sandbox service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  count        = var.fast_features.sandbox ? 1 : 0
+  project_id   = var.automation.project_id
+  name         = "dev-resman-sbox-0"
+  display_name = "Terraform resman sandbox service account."
+  prefix       = var.prefix
 }
diff --git a/fast/stages/01-resman/branch-security.tf b/fast/stages/01-resman/branch-security.tf
@@ -49,11 +49,11 @@ module "branch-security-folder" {
 # automation service account and bucket
 
 module "branch-security-sa" {
-  source      = "../../../modules/iam-service-account"
-  project_id  = var.automation.project_id
-  name        = "prod-resman-sec-0"
-  description = "Terraform resman security service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  project_id   = var.automation.project_id
+  name         = "prod-resman-sec-0"
+  display_name = "Terraform resman security service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = compact([
       try(module.branch-security-sa-cicd.0.iam_email, null)

diff --git a/fast/stages/01-resman/branch-teams.tf b/fast/stages/01-resman/branch-teams.tf
@@ -40,12 +40,12 @@ module "branch-teams-folder" {
 }
 
 module "branch-teams-sa" {
-  source      = "../../../modules/iam-service-account"
-  count       = var.fast_features.teams ? 1 : 0
-  project_id  = var.automation.project_id
-  name        = "prod-resman-teams-0"
-  description = "Terraform resman teams service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  count        = var.fast_features.teams ? 1 : 0
+  project_id   = var.automation.project_id
+  name         = "prod-resman-teams-0"
+  display_name = "Terraform resman teams service account."
+  prefix       = var.prefix
   iam_storage_roles = {
     (var.automation.outputs_bucket) = ["roles/storage.admin"]
   }
@@ -83,12 +83,12 @@ module "branch-teams-team-folder" {
 }
 
 module "branch-teams-team-sa" {
-  source      = "../../../modules/iam-service-account"
-  for_each    = var.fast_features.teams ? coalesce(var.team_folders, {}) : {}
-  project_id  = var.automation.project_id
-  name        = "prod-teams-${each.key}-0"
-  description = "Terraform team ${each.key} service account."
-  prefix      = var.prefix
+  source       = "../../../modules/iam-service-account"
+  for_each     = var.fast_features.teams ? coalesce(var.team_folders, {}) : {}
+  project_id   = var.automation.project_id
+  name         = "prod-teams-${each.key}-0"
+  display_name = "Terraform team ${each.key} service account."
+  prefix       = var.prefix
   iam = {
     "roles/iam.serviceAccountTokenCreator" = (
       each.value.impersonation_groups == null

diff --git a/fast/stages/01-resman/cicd-data-platform.tf b/fast/stages/01-resman/cicd-data-platform.tf
@@ -95,10 +95,10 @@ module "branch-dp-dev-sa-cicd" {
     ? { 0 = local.cicd_repositories.data_platform_dev }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "dev-resman-dp-1"
-  description = "Terraform CI/CD data platform development service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "dev-resman-dp-1"
+  display_name = "Terraform CI/CD data platform development service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos
@@ -138,10 +138,10 @@ module "branch-dp-prod-sa-cicd" {
     ? { 0 = local.cicd_repositories.data_platform_prod }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "prod-resman-dp-1"
-  description = "Terraform CI/CD data platform production service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "prod-resman-dp-1"
+  display_name = "Terraform CI/CD data platform production service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos

diff --git a/fast/stages/01-resman/cicd-gke.tf b/fast/stages/01-resman/cicd-gke.tf
@@ -95,10 +95,10 @@ module "branch-gke-dev-sa-cicd" {
     ? { 0 = local.cicd_repositories.gke_dev }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "dev-resman-gke-1"
-  description = "Terraform CI/CD GKE development service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "dev-resman-gke-1"
+  display_name = "Terraform CI/CD GKE development service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos
@@ -138,10 +138,10 @@ module "branch-gke-prod-sa-cicd" {
     ? { 0 = local.cicd_repositories.gke_prod }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "prod-resman-gke-1"
-  description = "Terraform CI/CD GKE production service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "prod-resman-gke-1"
+  display_name = "Terraform CI/CD GKE production service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos

diff --git a/fast/stages/01-resman/cicd-networking.tf b/fast/stages/01-resman/cicd-networking.tf
@@ -57,10 +57,10 @@ module "branch-network-sa-cicd" {
     ? { 0 = local.cicd_repositories.networking }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "prod-resman-net-1"
-  description = "Terraform CI/CD stage 2 networking service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "prod-resman-net-1"
+  display_name = "Terraform CI/CD stage 2 networking service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos

diff --git a/fast/stages/01-resman/cicd-project-factory.tf b/fast/stages/01-resman/cicd-project-factory.tf
@@ -106,10 +106,10 @@ module "branch-pf-dev-sa-cicd" {
     ? { 0 = local.cicd_repositories.project_factory_dev }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "dev-pf-resman-pf-1"
-  description = "Terraform CI/CD project factory development service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "dev-pf-resman-pf-1"
+  display_name = "Terraform CI/CD project factory development service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos
@@ -154,10 +154,10 @@ module "branch-pf-prod-sa-cicd" {
     ? { 0 = local.cicd_repositories.project_factory_prod }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "prod-pf-resman-pf-1"
-  description = "Terraform CI/CD project factory production service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "prod-pf-resman-pf-1"
+  display_name = "Terraform CI/CD project factory production service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos

diff --git a/fast/stages/01-resman/cicd-security.tf b/fast/stages/01-resman/cicd-security.tf
@@ -57,10 +57,10 @@ module "branch-security-sa-cicd" {
     ? { 0 = local.cicd_repositories.security }
     : {}
   )
-  project_id  = var.automation.project_id
-  name        = "prod-resman-sec-1"
-  description = "Terraform CI/CD stage 2 security service account."
-  prefix      = var.prefix
+  project_id   = var.automation.project_id
+  name         = "prod-resman-sec-1"
+  display_name = "Terraform CI/CD stage 2 security service account."
+  prefix       = var.prefix
   iam = (
     each.value.type == "sourcerepo"
     # used directly from the cloud build trigger for source repos