Skip to content

Latest commit

 

History

History
 
 

secure-source-manager-instance

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Secure Source Manager

This module allows to create a Secure Source Manager instance and repositories in it. Additionally it allows creating instance IAM bindings and repository IAM bindings.

Examples

Public instance

module "ssm_instance" {
  source      = "./fabric/modules/secure-source-manager-instance"
  project_id  = var.project_id
  instance_id = "my-instance"
  location    = var.region
  repositories = {
    my-repository = {
      location = var.region
    }
  }
}
# tftest modules=1 resources=2 inventory=public-instance.yaml

Public instance with CMEK

module "ssm_instance" {
  source      = "./fabric/modules/secure-source-manager-instance"
  project_id  = var.project_id
  instance_id = "my-instance"
  location    = var.region
  kms_key     = "projects/another-project-id/locations/${var.region}/keyRings/my-key-ring/cryptoKeys/my-key"
  repositories = {
    my-repository = {}
  }
}
# tftest modules=1 resources=2 inventory=public-instance-with-cmek.yaml

Private instance

module "ssm_instance" {
  source      = "./fabric/modules/secure-source-manager-instance"
  project_id  = var.project_id
  instance_id = "my-instance"
  location    = var.region
  ca_pool     = "projects/another-project/locations/${var.region}/caPools/my-ca-pool"
  repositories = {
    my-repository = {}
  }
}
# tftest modules=1 resources=2 inventory=private-instance.yaml

IAM

module "ssm_instance" {
  source      = "./fabric/modules/secure-source-manager-instance"
  project_id  = var.project_id
  instance_id = "my-instance"
  location    = var.region
  iam = {
    "roles/securesourcemanager.instanceOwner" = [
      "group:[email protected]"
    ]
  }
  repositories = {
    my-repository = {
      iam = {
        "roles/securesourcemanager.repoAdmin" = [
          "group:[email protected]"
        ]
      }
    }
  }
}
# tftest modules=1 resources=4 inventory=iam.yaml
module "ssm_instance" {
  source      = "./fabric/modules/secure-source-manager-instance"
  project_id  = var.project_id
  instance_id = "my-instance"
  location    = var.region
  iam_bindings_additive = {
    my-instance-admin = {
      role   = "roles/securesourcemanager.instanceOwner"
      member = "group:[email protected]"
    }
  }
  repositories = {
    my-repository = {
      iam_bindings_additive = {
        my-repository-admin = {
          role   = "roles/securesourcemanager.repoAdmin"
          member = "group:[email protected]"
        }
      }
    }
  }
}
# tftest modules=1 resources=4 inventory=iam-bindings.yaml
module "ssm_instance" {
  source      = "./fabric/modules/secure-source-manager-instance"
  project_id  = var.project_id
  instance_id = "my-instance"
  location    = var.region
  iam_bindings = {
    my-instance-admin = {
      role = "roles/securesourcemanager.instanceOwner"
      members = [
        "group:[email protected]"
      ]
    }
  }
  repositories = {
    my-repository = {
      iam_bindings = {
        my-repository-admin = {
          role = "roles/securesourcemanager.repoAdmin"
          members = [
            "group:[email protected]"
          ]
        }
      }
    }
  }
}
# tftest modules=1 resources=4 inventory=iam-bindings-additive.yaml

Variables

name description type required default
instance_id Instance ID. string
location Location. string
project_id Project ID. string
repositories Repositories. map(object({…}))
ca_pool CA pool. string null
iam IAM bindings. map(list(string)) {}
iam_bindings IAM bindings. map(object({…})) {}
iam_bindings_additive IAM bindings. map(object({…})) {}
instance_create Create SSM Instance. When set to false, uses instance_id to reference existing SSM instance. bool true
kms_key KMS key. string null
labels Instance labels. map(string) null

Outputs

name description sensitive
instance Instance.
instance_id Instance id.
repositories Repositories.
repository_ids Repository ids.