Update

2022-10-23 13:02:53 +03:00
parent d2f681f56e
commit 7cceb86b38
17 changed files with 672 additions and 318 deletions
--- a/topics/gcp/exercises/assign_roles/exercise.md
+++ b/topics/gcp/exercises/assign_roles/exercise.md
@@ -0,0 +1,13 @@
+# Assign Roles
+
+## Objectives
+
+1. Assign the following roles to a member in your organization
+   1. Compute Storage Admin
+   2. Compute Network Admin
+   3. Compute Security Admin
+2. Verify roles were assigned
+
+## Solution
+
+Click [here](solution.md) to view the solution
--- a/topics/gcp/exercises/assign_roles/main.tf
+++ b/topics/gcp/exercises/assign_roles/main.tf
@@ -0,0 +1,19 @@
+locals {
+  roles = [
+    "roles/compute.storageAdmin",
+    "roles/compute.networkAdmin",
+    "roles/compute.securityAdmin"
+  ]
+}
+
+resource "google_service_account" "some_member" {
+  account_id   = "${substr(var.env_id, 0, min(length(var.env_id), 10))}-some-member"
+  display_name = "${var.env_id} some-member"
+}
+
+resource "google_project_iam_member" "storageAdminMaster" {
+  for_each = toset(concat(local.roles))
+  project  = "${var.project_id}"
+  role     = each.key
+  member   = "serviceAccount:${google_service_account.some_member.email}"
+}
--- a/topics/gcp/exercises/assign_roles/solution.md
+++ b/topics/gcp/exercises/assign_roles/solution.md
@@ -0,0 +1,23 @@
+# Assign Roles
+
+## Objectives
+
+1. Assign the following roles to a member in your organization
+   1. Compute Storage Admin
+   2. Compute Network Admin
+   3. Compute Security Admin
+2. Verify roles were assigned
+
+## Solution
+
+### Console
+
+1. Go to IAM & Admin
+2. Click on IAM and then on the "Add" button
+   1. Choose the member account to whom the roles will be added
+   2. Under select role, search for the specified roles under "Objectives" and click on "Save"
+2. The member should now be able to go to the compute engine API and see the resources there.
+
+### Terraform
+
+Click [here](main.tf) to view the Terraform main.tf file
--- a/topics/gcp/exercises/assign_roles/vars.tf
+++ b/topics/gcp/exercises/assign_roles/vars.tf
@@ -0,0 +1,7 @@
+variable "project_id" {
+  type = string
+}
+
+variable "env_id" {
+  type = string
+}
--- a/topics/gcp/exercises/assign_roles/versions.tf
+++ b/topics/gcp/exercises/assign_roles/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+    required_version = ">=1.3.0"
+
+    required_providers {
+        google = {
+            source  = "hashicorp/google"
+            version = ">= 4.10.0, < 5.0"
+        }
+    }
+}