From 6d014395fd637df1aea0407827714cb8a3da6531 Mon Sep 17 00:00:00 2001 From: Tycho Bokdam Date: Mon, 26 Aug 2024 19:28:10 +0200 Subject: [PATCH 1/3] refactor(pulumi): Add BaseResource abstraction and refactor existing resources to extend it --- packages/pulumi/gcp/resources/base.resource.ts | 7 +++++++ packages/pulumi/gcp/resources/bucket.resource.ts | 7 ++++++- packages/pulumi/gcp/resources/dns.resource.ts | 7 ++++++- packages/pulumi/gcp/resources/iam-binding.resource.ts | 3 ++- packages/pulumi/gcp/resources/iam-custom-role.resource.ts | 3 ++- packages/pulumi/gcp/resources/iam-member.resource.ts | 3 ++- packages/pulumi/gcp/resources/pub-sub-topic.resource.ts | 3 ++- packages/pulumi/gcp/resources/queue.resource.ts | 7 +++++-- packages/pulumi/gcp/resources/secret.resource.ts | 3 ++- packages/pulumi/gcp/resources/service-account.resource.ts | 7 ++++++- 10 files changed, 40 insertions(+), 10 deletions(-) create mode 100644 packages/pulumi/gcp/resources/base.resource.ts diff --git a/packages/pulumi/gcp/resources/base.resource.ts b/packages/pulumi/gcp/resources/base.resource.ts new file mode 100644 index 00000000..c64761b0 --- /dev/null +++ b/packages/pulumi/gcp/resources/base.resource.ts @@ -0,0 +1,7 @@ +import * as pulumi from '@pulumi/pulumi' + +export abstract class BaseResource extends pulumi.ComponentResource { + + public abstract create(): void + +} diff --git a/packages/pulumi/gcp/resources/bucket.resource.ts b/packages/pulumi/gcp/resources/bucket.resource.ts index f0211c1d..95b8a6ff 100644 --- a/packages/pulumi/gcp/resources/bucket.resource.ts +++ b/packages/pulumi/gcp/resources/bucket.resource.ts @@ -3,8 +3,9 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { buildName, getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' -export class BucketResource extends pulumi.ComponentResource { +export class BucketResource extends BaseResource { private readonly bucket: gcp.storage.Bucket @@ -79,4 +80,8 @@ export class BucketResource extends pulumi.ComponentResource { }) } + public create(): void { + // Do nothing + } + } diff --git a/packages/pulumi/gcp/resources/dns.resource.ts b/packages/pulumi/gcp/resources/dns.resource.ts index bc04ce82..16d5dc54 100644 --- a/packages/pulumi/gcp/resources/dns.resource.ts +++ b/packages/pulumi/gcp/resources/dns.resource.ts @@ -2,11 +2,12 @@ import * as gcp from '@pulumi/gcp' import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' +import { BaseResource } from './base.resource' export type DNS_TYPE = 'A' | 'AAAA' | 'MX' | 'TXT' | 'CNAME' export type DNS_VALUES = string | Array -export class DNSResource extends pulumi.ComponentResource { +export class DNSResource extends BaseResource { private readonly friendlyDomain: string public readonly zone: gcp.dns.ManagedZone @@ -145,6 +146,10 @@ export class DNSResource extends pulumi.ComponentResource { return this } + public create(): void { + // Do nothing + } + private resourceName(subDomain: string, type: DNS_TYPE): string { const resourceName = `${this.friendlyDomain}-${type.toLowerCase()}` diff --git a/packages/pulumi/gcp/resources/iam-binding.resource.ts b/packages/pulumi/gcp/resources/iam-binding.resource.ts index 0c0ef809..e2cf8675 100644 --- a/packages/pulumi/gcp/resources/iam-binding.resource.ts +++ b/packages/pulumi/gcp/resources/iam-binding.resource.ts @@ -3,8 +3,9 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' -export class IAMBindingResource extends pulumi.ComponentResource { +export class IAMBindingResource extends BaseResource { private readonly friendlyRoleName: string private members: pulumi.Input[] = [] diff --git a/packages/pulumi/gcp/resources/iam-custom-role.resource.ts b/packages/pulumi/gcp/resources/iam-custom-role.resource.ts index d825996c..9422d199 100644 --- a/packages/pulumi/gcp/resources/iam-custom-role.resource.ts +++ b/packages/pulumi/gcp/resources/iam-custom-role.resource.ts @@ -3,8 +3,9 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' -export class IAMCustomRoleResource extends pulumi.ComponentResource { +export class IAMCustomRoleResource extends BaseResource { private readonly role: gcp.projects.IAMCustomRole diff --git a/packages/pulumi/gcp/resources/iam-member.resource.ts b/packages/pulumi/gcp/resources/iam-member.resource.ts index 4f0b7924..a2cc3ce8 100644 --- a/packages/pulumi/gcp/resources/iam-member.resource.ts +++ b/packages/pulumi/gcp/resources/iam-member.resource.ts @@ -3,8 +3,9 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' -export class IAMMemberResource extends pulumi.ComponentResource { +export class IAMMemberResource extends BaseResource { constructor( private readonly member: string, diff --git a/packages/pulumi/gcp/resources/pub-sub-topic.resource.ts b/packages/pulumi/gcp/resources/pub-sub-topic.resource.ts index 432eb77b..747d9a67 100644 --- a/packages/pulumi/gcp/resources/pub-sub-topic.resource.ts +++ b/packages/pulumi/gcp/resources/pub-sub-topic.resource.ts @@ -3,8 +3,9 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { buildName, getFriendlyName, getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' -export class PubSubTopicResource extends pulumi.ComponentResource { +export class PubSubTopicResource extends BaseResource { private readonly topic: gcp.pubsub.Topic diff --git a/packages/pulumi/gcp/resources/queue.resource.ts b/packages/pulumi/gcp/resources/queue.resource.ts index 44cde8fb..4c5be434 100644 --- a/packages/pulumi/gcp/resources/queue.resource.ts +++ b/packages/pulumi/gcp/resources/queue.resource.ts @@ -3,8 +3,9 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { buildName, getFriendlyMemberName, getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' -export class QueueResource extends pulumi.ComponentResource { +export class QueueResource extends BaseResource { private readonly queue: gcp.cloudtasks.Queue @@ -26,7 +27,9 @@ export class QueueResource extends pulumi.ComponentResource { }) } - public create() {} + public create(): void { + // Do nothing + } public addEnqueuer(member: pulumi.Output): QueueResource { return this.addMember(member, 'roles/cloudtasks.enqueuer') diff --git a/packages/pulumi/gcp/resources/secret.resource.ts b/packages/pulumi/gcp/resources/secret.resource.ts index a4decbc8..ca8fa049 100644 --- a/packages/pulumi/gcp/resources/secret.resource.ts +++ b/packages/pulumi/gcp/resources/secret.resource.ts @@ -3,13 +3,14 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { buildName, getFriendlyMemberName, getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' const secretsConfig = new pulumi.Config('gcpR-secrets') /** * When adding secrets, make sure they are added to the namespace "gcpR-secrets" */ -export class SecretResource extends pulumi.ComponentResource { +export class SecretResource extends BaseResource { private readonly secret: gcp.secretmanager.Secret diff --git a/packages/pulumi/gcp/resources/service-account.resource.ts b/packages/pulumi/gcp/resources/service-account.resource.ts index ceb55b88..b5551441 100644 --- a/packages/pulumi/gcp/resources/service-account.resource.ts +++ b/packages/pulumi/gcp/resources/service-account.resource.ts @@ -3,8 +3,9 @@ import * as pulumi from '@pulumi/pulumi' import { GCP_PROJECT_ID } from '../config' import { buildName, getFriendlyRoleName } from '../naming' +import { BaseResource } from './base.resource' -export class ServiceAccountResource extends pulumi.ComponentResource { +export class ServiceAccountResource extends BaseResource { private readonly account: gcp.serviceaccount.Account @@ -75,4 +76,8 @@ export class ServiceAccountResource extends pulumi.ComponentResource { return this } + public create(): void { + // Do nothing + } + } From 7471839c32a387092cf890d76336cad10c00411f Mon Sep 17 00:00:00 2001 From: Tycho Bokdam Date: Mon, 26 Aug 2024 19:58:05 +0200 Subject: [PATCH 2/3] fix(pulumi): Simplify IAM custom role creation using args spread --- packages/pulumi/gcp/resources/iam-custom-role.resource.ts | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/packages/pulumi/gcp/resources/iam-custom-role.resource.ts b/packages/pulumi/gcp/resources/iam-custom-role.resource.ts index 9422d199..0e562507 100644 --- a/packages/pulumi/gcp/resources/iam-custom-role.resource.ts +++ b/packages/pulumi/gcp/resources/iam-custom-role.resource.ts @@ -22,10 +22,7 @@ export class IAMCustomRoleResource extends BaseResource { this.role = new gcp.projects.IAMCustomRole(friendlyRoleName, { project: GCP_PROJECT_ID, roleId, - title: 'Act as Service Account', - permissions: [ - 'iam.serviceAccounts.actAs' - ] + ...args }, { ...iamOpts, parent: this From eda0431327e7752202f1b6074b800b2e9659c338 Mon Sep 17 00:00:00 2001 From: Tycho Bokdam Date: Mon, 26 Aug 2024 20:02:00 +0200 Subject: [PATCH 3/3] feat(pulumi): Refactor import organization and remove unused code - Simplified imports in packages/pulumi/gcp/index.ts - Removed unnecessary `create` method in bucket.resource.ts - Deleted unused IAM permissions block from iam-roles.ts - Added regions and iam-permissions exports separately for better structure --- packages/pulumi/gcp/iam-permissions.ts | 238 +++++++++++++++++ packages/pulumi/gcp/iam-roles.ts | 239 ------------------ packages/pulumi/gcp/index.ts | 2 + packages/pulumi/gcp/regions.ts | 47 ++++ .../pulumi/gcp/resources/bucket.resource.ts | 8 +- packages/pulumi/gcp/resources/dns.resource.ts | 5 +- .../pulumi/gcp/resources/secret.resource.ts | 2 +- 7 files changed, 294 insertions(+), 247 deletions(-) create mode 100644 packages/pulumi/gcp/iam-permissions.ts create mode 100644 packages/pulumi/gcp/regions.ts diff --git a/packages/pulumi/gcp/iam-permissions.ts b/packages/pulumi/gcp/iam-permissions.ts new file mode 100644 index 00000000..702d6b88 --- /dev/null +++ b/packages/pulumi/gcp/iam-permissions.ts @@ -0,0 +1,238 @@ +export const iamPermissions = { + cloudSql: { + backupRuns: { + create: 'cloudsql.backupRuns.create', + delete: 'cloudsql.backupRuns.delete', + get: 'cloudsql.backupRuns.get', + list: 'cloudsql.backupRuns.list', + update: 'cloudsql.backupRuns.update' + }, + databases: { + create: 'cloudsql.databases.create', + delete: 'cloudsql.databases.delete', + get: 'cloudsql.databases.get', + list: 'cloudsql.databases.list', + update: 'cloudsql.databases.update', + getIamPolicy: 'cloudsql.databases.getIamPolicy', + setIamPolicy: 'cloudsql.databases.setIamPolicy' + }, + instances: { + create: 'cloudsql.instances.create', + delete: 'cloudsql.instances.delete', + get: 'cloudsql.instances.get', + list: 'cloudsql.instances.list', + update: 'cloudsql.instances.update', + getIamPolicy: 'cloudsql.instances.getIamPolicy', + setIamPolicy: 'cloudsql.instances.setIamPolicy' + } + }, + pubSub: { + subscriptions: { + consume: 'pubsub.subscriptions.consume', + create: 'pubsub.subscriptions.create', + delete: 'pubsub.subscriptions.delete', + get: 'pubsub.subscriptions.get', + list: 'pubsub.subscriptions.list', + update: 'pubsub.subscriptions.update', + getIamPolicy: 'pubsub.subscriptions.getIamPolicy', + setIamPolicy: 'pubsub.subscriptions.setIamPolicy' + }, + topics: { + attachSubscription: 'pubsub.topics.attachSubscription', + create: 'pubsub.topics.create', + delete: 'pubsub.topics.delete', + get: 'pubsub.topics.get', + list: 'pubsub.topics.list', + publish: 'pubsub.topics.publish', + update: 'pubsub.topics.update', + getIamPolicy: 'pubsub.topics.getIamPolicy', + setIamPolicy: 'pubsub.topics.setIamPolicy' + } + }, + storage: { + buckets: { + create: 'storage.buckets.create', + delete: 'storage.buckets.delete', + get: 'storage.buckets.get', + list: 'storage.buckets.list', + update: 'storage.buckets.update', + getIamPolicy: 'storage.buckets.getIamPolicy', + setIamPolicy: 'storage.buckets.setIamPolicy' + }, + objects: { + create: 'storage.objects.create', + delete: 'storage.objects.delete', + get: 'storage.objects.get', + list: 'storage.objects.list', + update: 'storage.objects.update', + getIamPolicy: 'storage.objects.getIamPolicy', + setIamPolicy: 'storage.objects.setIamPolicy' + } + }, + bigQuery: { + datasets: { + create: 'bigquery.datasets.create', + delete: 'bigquery.datasets.delete', + get: 'bigquery.datasets.get', + list: 'bigquery.datasets.list', + update: 'bigquery.datasets.update', + getIamPolicy: 'bigquery.datasets.getIamPolicy', + setIamPolicy: 'bigquery.datasets.setIamPolicy' + }, + jobs: { + create: 'bigquery.jobs.create', + get: 'bigquery.jobs.get', + list: 'bigquery.jobs.list', + cancel: 'bigquery.jobs.cancel' + }, + tables: { + create: 'bigquery.tables.create', + delete: 'bigquery.tables.delete', + export: 'bigquery.tables.export', + get: 'bigquery.tables.get', + list: 'bigquery.tables.list', + update: 'bigquery.tables.update', + getIamPolicy: 'bigquery.tables.getIamPolicy', + setIamPolicy: 'bigquery.tables.setIamPolicy' + } + }, + computeEngine: { + instances: { + start: 'compute.instances.start', + stop: 'compute.instances.stop', + create: 'compute.instances.create', + delete: 'compute.instances.delete', + get: 'compute.instances.get', + list: 'compute.instances.list', + update: 'compute.instances.update', + getIamPolicy: 'compute.instances.getIamPolicy', + setIamPolicy: 'compute.instances.setIamPolicy' + }, + images: { + create: 'compute.images.create', + delete: 'compute.images.delete', + get: 'compute.images.get', + list: 'compute.images.list', + update: 'compute.images.update' + }, + disks: { + create: 'compute.disks.create', + delete: 'compute.disks.delete', + get: 'compute.disks.get', + list: 'compute.disks.list', + update: 'compute.disks.update', + getIamPolicy: 'compute.disks.getIamPolicy', + setIamPolicy: 'compute.disks.setIamPolicy' + } + }, + functions: { + functions: { + create: 'cloudfunctions.functions.create', + delete: 'cloudfunctions.functions.delete', + get: 'cloudfunctions.functions.get', + list: 'cloudfunctions.functions.list', + update: 'cloudfunctions.functions.update', + getIamPolicy: 'cloudfunctions.functions.getIamPolicy', + setIamPolicy: 'cloudfunctions.functions.setIamPolicy' + }, + operations: { + get: 'cloudfunctions.operations.get', + list: 'cloudfunctions.operations.list' + } + }, + iam: { + roles: { + create: 'iam.roles.create', + delete: 'iam.roles.delete', + get: 'iam.roles.get', + list: 'iam.roles.list', + update: 'iam.roles.update' + }, + serviceAccountKeys: { + create: 'iam.serviceAccountKeys.create', + delete: 'iam.serviceAccountKeys.delete', + get: 'iam.serviceAccountKeys.get' + }, + serviceAccounts: { + actAs: 'iam.serviceAccounts.actAs', + create: 'iam.serviceAccounts.create', + delete: 'iam.serviceAccounts.delete', + disable: 'iam.serviceAccounts.disable', + enable: 'iam.serviceAccounts.enable', + get: 'iam.serviceAccounts.get', + list: 'iam.serviceAccounts.list', + signBlob: 'iam.serviceAccounts.signBlob', + signJwt: 'iam.serviceAccounts.signJwt', + testIamPermissions: 'iam.serviceAccounts.testIamPermissions', + update: 'iam.serviceAccounts.update', + getIamPolicy: 'iam.serviceAccounts.getIamPolicy', + setIamPolicy: 'iam.serviceAccounts.setIamPolicy' + } + }, + cloudRun: { + services: { + create: 'run.services.create', + delete: 'run.services.delete', + get: 'run.services.get', + list: 'run.services.list', + update: 'run.services.update', + getIamPolicy: 'run.services.getIamPolicy', + setIamPolicy: 'run.services.setIamPolicy' + }, + revisions: { + get: 'run.revisions.get', + list: 'run.revisions.list' + }, + configurations: { + get: 'run.configurations.get', + list: 'run.configurations.list' + } + }, + firestore: { + documents: { + create: 'firestore.documents.create', + delete: 'firestore.documents.delete', + get: 'firestore.documents.get', + list: 'firestore.documents.list', + update: 'firestore.documents.update' + }, + indexes: { + create: 'firestore.indexes.create', + delete: 'firestore.indexes.delete', + get: 'firestore.indexes.get', + list: 'firestore.indexes.list' + } + }, + logging: { + logs: { + create: 'logging.logs.create', + delete: 'logging.logs.delete', + list: 'logging.logs.list', + update: 'logging.logs.update' + }, + logEntries: { + create: 'logging.logEntries.create', + list: 'logging.logEntries.list' + }, + metrics: { + create: 'logging.metrics.create', + delete: 'logging.metrics.delete', + get: 'logging.metrics.get', + list: 'logging.metrics.list', + update: 'logging.metrics.update' + } + }, + monitoring: { + alertPolicies: { + create: 'monitoring.alertPolicies.create', + delete: 'monitoring.alertPolicies.delete', + get: 'monitoring.alertPolicies.get', + list: 'monitoring.alertPolicies.list', + update: 'monitoring.alertPolicies.update' + }, + metricsScopes: { + get: 'monitoring.metricsScopes.get', + list: 'monitoring.metricsScopes.list' + } + } +} diff --git a/packages/pulumi/gcp/iam-roles.ts b/packages/pulumi/gcp/iam-roles.ts index 62aca878..040a46a0 100644 --- a/packages/pulumi/gcp/iam-roles.ts +++ b/packages/pulumi/gcp/iam-roles.ts @@ -192,243 +192,4 @@ export const iamRoles = { // Provides read-only access to Cloud Spanner instance configs viewer: 'roles/spanner.viewer' } -}; - -export const iamPermissions = { - cloudSql: { - backupRuns: { - create: 'cloudsql.backupRuns.create', - delete: 'cloudsql.backupRuns.delete', - get: 'cloudsql.backupRuns.get', - list: 'cloudsql.backupRuns.list', - update: 'cloudsql.backupRuns.update' - }, - databases: { - create: 'cloudsql.databases.create', - delete: 'cloudsql.databases.delete', - get: 'cloudsql.databases.get', - list: 'cloudsql.databases.list', - update: 'cloudsql.databases.update', - getIamPolicy: 'cloudsql.databases.getIamPolicy', - setIamPolicy: 'cloudsql.databases.setIamPolicy' - }, - instances: { - create: 'cloudsql.instances.create', - delete: 'cloudsql.instances.delete', - get: 'cloudsql.instances.get', - list: 'cloudsql.instances.list', - update: 'cloudsql.instances.update', - getIamPolicy: 'cloudsql.instances.getIamPolicy', - setIamPolicy: 'cloudsql.instances.setIamPolicy' - } - }, - pubSub: { - subscriptions: { - consume: 'pubsub.subscriptions.consume', - create: 'pubsub.subscriptions.create', - delete: 'pubsub.subscriptions.delete', - get: 'pubsub.subscriptions.get', - list: 'pubsub.subscriptions.list', - update: 'pubsub.subscriptions.update', - getIamPolicy: 'pubsub.subscriptions.getIamPolicy', - setIamPolicy: 'pubsub.subscriptions.setIamPolicy' - }, - topics: { - attachSubscription: 'pubsub.topics.attachSubscription', - create: 'pubsub.topics.create', - delete: 'pubsub.topics.delete', - get: 'pubsub.topics.get', - list: 'pubsub.topics.list', - publish: 'pubsub.topics.publish', - update: 'pubsub.topics.update', - getIamPolicy: 'pubsub.topics.getIamPolicy', - setIamPolicy: 'pubsub.topics.setIamPolicy' - } - }, - storage: { - buckets: { - create: 'storage.buckets.create', - delete: 'storage.buckets.delete', - get: 'storage.buckets.get', - list: 'storage.buckets.list', - update: 'storage.buckets.update', - getIamPolicy: 'storage.buckets.getIamPolicy', - setIamPolicy: 'storage.buckets.setIamPolicy' - }, - objects: { - create: 'storage.objects.create', - delete: 'storage.objects.delete', - get: 'storage.objects.get', - list: 'storage.objects.list', - update: 'storage.objects.update', - getIamPolicy: 'storage.objects.getIamPolicy', - setIamPolicy: 'storage.objects.setIamPolicy' - } - }, - bigQuery: { - datasets: { - create: 'bigquery.datasets.create', - delete: 'bigquery.datasets.delete', - get: 'bigquery.datasets.get', - list: 'bigquery.datasets.list', - update: 'bigquery.datasets.update', - getIamPolicy: 'bigquery.datasets.getIamPolicy', - setIamPolicy: 'bigquery.datasets.setIamPolicy' - }, - jobs: { - create: 'bigquery.jobs.create', - get: 'bigquery.jobs.get', - list: 'bigquery.jobs.list', - cancel: 'bigquery.jobs.cancel' - }, - tables: { - create: 'bigquery.tables.create', - delete: 'bigquery.tables.delete', - export: 'bigquery.tables.export', - get: 'bigquery.tables.get', - list: 'bigquery.tables.list', - update: 'bigquery.tables.update', - getIamPolicy: 'bigquery.tables.getIamPolicy', - setIamPolicy: 'bigquery.tables.setIamPolicy' - } - }, - computeEngine: { - instances: { - start: 'compute.instances.start', - stop: 'compute.instances.stop', - create: 'compute.instances.create', - delete: 'compute.instances.delete', - get: 'compute.instances.get', - list: 'compute.instances.list', - update: 'compute.instances.update', - getIamPolicy: 'compute.instances.getIamPolicy', - setIamPolicy: 'compute.instances.setIamPolicy' - }, - images: { - create: 'compute.images.create', - delete: 'compute.images.delete', - get: 'compute.images.get', - list: 'compute.images.list', - update: 'compute.images.update' - }, - disks: { - create: 'compute.disks.create', - delete: 'compute.disks.delete', - get: 'compute.disks.get', - list: 'compute.disks.list', - update: 'compute.disks.update', - getIamPolicy: 'compute.disks.getIamPolicy', - setIamPolicy: 'compute.disks.setIamPolicy' - } - }, - functions: { - functions: { - create: 'cloudfunctions.functions.create', - delete: 'cloudfunctions.functions.delete', - get: 'cloudfunctions.functions.get', - list: 'cloudfunctions.functions.list', - update: 'cloudfunctions.functions.update', - getIamPolicy: 'cloudfunctions.functions.getIamPolicy', - setIamPolicy: 'cloudfunctions.functions.setIamPolicy' - }, - operations: { - get: 'cloudfunctions.operations.get', - list: 'cloudfunctions.operations.list' - } - }, - iam: { - roles: { - create: 'iam.roles.create', - delete: 'iam.roles.delete', - get: 'iam.roles.get', - list: 'iam.roles.list', - update: 'iam.roles.update' - }, - serviceAccountKeys: { - create: 'iam.serviceAccountKeys.create', - delete: 'iam.serviceAccountKeys.delete', - get: 'iam.serviceAccountKeys.get' - }, - serviceAccounts: { - actAs: 'iam.serviceAccounts.actAs', - create: 'iam.serviceAccounts.create', - delete: 'iam.serviceAccounts.delete', - disable: 'iam.serviceAccounts.disable', - enable: 'iam.serviceAccounts.enable', - get: 'iam.serviceAccounts.get', - list: 'iam.serviceAccounts.list', - signBlob: 'iam.serviceAccounts.signBlob', - signJwt: 'iam.serviceAccounts.signJwt', - testIamPermissions: 'iam.serviceAccounts.testIamPermissions', - update: 'iam.serviceAccounts.update', - getIamPolicy: 'iam.serviceAccounts.getIamPolicy', - setIamPolicy: 'iam.serviceAccounts.setIamPolicy' - } - }, - cloudRun: { - services: { - create: 'run.services.create', - delete: 'run.services.delete', - get: 'run.services.get', - list: 'run.services.list', - update: 'run.services.update', - getIamPolicy: 'run.services.getIamPolicy', - setIamPolicy: 'run.services.setIamPolicy' - }, - revisions: { - get: 'run.revisions.get', - list: 'run.revisions.list' - }, - configurations: { - get: 'run.configurations.get', - list: 'run.configurations.list' - } - }, - firestore: { - documents: { - create: 'firestore.documents.create', - delete: 'firestore.documents.delete', - get: 'firestore.documents.get', - list: 'firestore.documents.list', - update: 'firestore.documents.update' - }, - indexes: { - create: 'firestore.indexes.create', - delete: 'firestore.indexes.delete', - get: 'firestore.indexes.get', - list: 'firestore.indexes.list' - } - }, - logging: { - logs: { - create: 'logging.logs.create', - delete: 'logging.logs.delete', - list: 'logging.logs.list', - update: 'logging.logs.update' - }, - logEntries: { - create: 'logging.logEntries.create', - list: 'logging.logEntries.list' - }, - metrics: { - create: 'logging.metrics.create', - delete: 'logging.metrics.delete', - get: 'logging.metrics.get', - list: 'logging.metrics.list', - update: 'logging.metrics.update' - } - }, - monitoring: { - alertPolicies: { - create: 'monitoring.alertPolicies.create', - delete: 'monitoring.alertPolicies.delete', - get: 'monitoring.alertPolicies.get', - list: 'monitoring.alertPolicies.list', - update: 'monitoring.alertPolicies.update' - }, - metricsScopes: { - get: 'monitoring.metricsScopes.get', - list: 'monitoring.metricsScopes.list' - } - } } diff --git a/packages/pulumi/gcp/index.ts b/packages/pulumi/gcp/index.ts index 03545762..c11a23ee 100644 --- a/packages/pulumi/gcp/index.ts +++ b/packages/pulumi/gcp/index.ts @@ -1,6 +1,8 @@ export * from './config' export * from './default-service-accounts' export * from './iam-roles' +export * from './regions' +export * from './iam-permissions' export * from './resources/bucket.resource' export * from './resources/dns.resource' export * from './resources/iam-binding.resource' diff --git a/packages/pulumi/gcp/regions.ts b/packages/pulumi/gcp/regions.ts new file mode 100644 index 00000000..4b07cd47 --- /dev/null +++ b/packages/pulumi/gcp/regions.ts @@ -0,0 +1,47 @@ +export const regions = { + global: { + eu: 'EU', + us: 'US' + }, + asia: { + east1: 'ASIA-EAST1', + east2: 'ASIA-EAST2', + northeast1: 'ASIA-NORTHEAST1', + northeast2: 'ASIA-NORTHEAST2', + northeast3: 'ASIA-NORTHEAST3', + south1: 'ASIA-SOUTH1', + south2: 'ASIA-SOUTH2', + southeast1: 'ASIA-SOUTHEAST1', + southeast2: 'ASIA-SOUTHEAST2' + }, + australia: { + southeast1: 'AUSTRALIA-SOUTHEAST1', + southeast2: 'AUSTRALIA-SOUTHEAST2' + }, + europe: { + central2: 'EUROPE-CENTRAL2', + north1: 'EUROPE-NORTH1', + west1: 'EUROPE-WEST1', + west2: 'EUROPE-WEST2', + west3: 'EUROPE-WEST3', + west4: 'EUROPE-WEST4', + west6: 'EUROPE-WEST6' + }, + northAmerica: { + northeast1: 'NORTHAMERICA-NORTHEAST1', + northeast2: 'NORTHAMERICA-NORTHEAST2' + }, + southAmerica: { + east1: 'SOUTHAMERICA-EAST1', + west1: 'SOUTHAMERICA-WEST1' + }, + us: { + central1: 'US-CENTRAL1', + east1: 'US-EAST1', + east4: 'US-EAST4', + west1: 'US-WEST1', + west2: 'US-WEST2', + west3: 'US-WEST3', + west4: 'US-WEST4' + } +} diff --git a/packages/pulumi/gcp/resources/bucket.resource.ts b/packages/pulumi/gcp/resources/bucket.resource.ts index 95b8a6ff..efe5dc99 100644 --- a/packages/pulumi/gcp/resources/bucket.resource.ts +++ b/packages/pulumi/gcp/resources/bucket.resource.ts @@ -57,6 +57,10 @@ export class BucketResource extends BaseResource { return this } + public create(): void { + // Do nothing + } + private addMember(member: pulumi.Output, role: string): void { member.apply((parsedMember) => { this.createMember(parsedMember, role) @@ -80,8 +84,4 @@ export class BucketResource extends BaseResource { }) } - public create(): void { - // Do nothing - } - } diff --git a/packages/pulumi/gcp/resources/dns.resource.ts b/packages/pulumi/gcp/resources/dns.resource.ts index 16d5dc54..24e59ae0 100644 --- a/packages/pulumi/gcp/resources/dns.resource.ts +++ b/packages/pulumi/gcp/resources/dns.resource.ts @@ -9,13 +9,12 @@ export type DNS_VALUES = string | Array export class DNSResource extends BaseResource { - private readonly friendlyDomain: string + public static gmailSpfInclude = 'include:_spf.google.com' public readonly zone: gcp.dns.ManagedZone + private readonly friendlyDomain: string private emailDisabled = false - public static gmailSpfInclude = 'include:_spf.google.com' - constructor( private readonly domain: string, private readonly enableDnssec = true, diff --git a/packages/pulumi/gcp/resources/secret.resource.ts b/packages/pulumi/gcp/resources/secret.resource.ts index ca8fa049..a4faf20d 100644 --- a/packages/pulumi/gcp/resources/secret.resource.ts +++ b/packages/pulumi/gcp/resources/secret.resource.ts @@ -18,7 +18,7 @@ export class SecretResource extends BaseResource { private readonly secretName: string, private readonly args: Partial = {}, private readonly opts: pulumi.ComponentResourceOptions = {}, - private readonly secretOpts: pulumi.ComponentResourceOptions = {}, + private readonly secretOpts: pulumi.ComponentResourceOptions = {} ) { super('secret-resource', secretName, {}, opts)