diff --git a/packages/pulumi/gcp/iam-permissions.ts b/packages/pulumi/gcp/iam-permissions.ts new file mode 100644 index 00000000..702d6b88 --- /dev/null +++ b/packages/pulumi/gcp/iam-permissions.ts @@ -0,0 +1,238 @@ +export const iamPermissions = { + cloudSql: { + backupRuns: { + create: 'cloudsql.backupRuns.create', + delete: 'cloudsql.backupRuns.delete', + get: 'cloudsql.backupRuns.get', + list: 'cloudsql.backupRuns.list', + update: 'cloudsql.backupRuns.update' + }, + databases: { + create: 'cloudsql.databases.create', + delete: 'cloudsql.databases.delete', + get: 'cloudsql.databases.get', + list: 'cloudsql.databases.list', + update: 'cloudsql.databases.update', + getIamPolicy: 'cloudsql.databases.getIamPolicy', + setIamPolicy: 'cloudsql.databases.setIamPolicy' + }, + instances: { + create: 'cloudsql.instances.create', + delete: 'cloudsql.instances.delete', + get: 'cloudsql.instances.get', + list: 'cloudsql.instances.list', + update: 'cloudsql.instances.update', + getIamPolicy: 'cloudsql.instances.getIamPolicy', + setIamPolicy: 'cloudsql.instances.setIamPolicy' + } + }, + pubSub: { + subscriptions: { + consume: 'pubsub.subscriptions.consume', + create: 'pubsub.subscriptions.create', + delete: 'pubsub.subscriptions.delete', + get: 'pubsub.subscriptions.get', + list: 'pubsub.subscriptions.list', + update: 'pubsub.subscriptions.update', + getIamPolicy: 'pubsub.subscriptions.getIamPolicy', + setIamPolicy: 'pubsub.subscriptions.setIamPolicy' + }, + topics: { + attachSubscription: 'pubsub.topics.attachSubscription', + create: 'pubsub.topics.create', + delete: 'pubsub.topics.delete', + get: 'pubsub.topics.get', + list: 'pubsub.topics.list', + publish: 'pubsub.topics.publish', + update: 'pubsub.topics.update', + getIamPolicy: 'pubsub.topics.getIamPolicy', + setIamPolicy: 'pubsub.topics.setIamPolicy' + } + }, + storage: { + buckets: { + create: 'storage.buckets.create', + delete: 'storage.buckets.delete', + get: 'storage.buckets.get', + list: 'storage.buckets.list', + update: 'storage.buckets.update', + getIamPolicy: 'storage.buckets.getIamPolicy', + setIamPolicy: 'storage.buckets.setIamPolicy' + }, + objects: { + create: 'storage.objects.create', + delete: 'storage.objects.delete', + get: 'storage.objects.get', + list: 'storage.objects.list', + update: 'storage.objects.update', + getIamPolicy: 'storage.objects.getIamPolicy', + setIamPolicy: 'storage.objects.setIamPolicy' + } + }, + bigQuery: { + datasets: { + create: 'bigquery.datasets.create', + delete: 'bigquery.datasets.delete', + get: 'bigquery.datasets.get', + list: 'bigquery.datasets.list', + update: 'bigquery.datasets.update', + getIamPolicy: 'bigquery.datasets.getIamPolicy', + setIamPolicy: 'bigquery.datasets.setIamPolicy' + }, + jobs: { + create: 'bigquery.jobs.create', + get: 'bigquery.jobs.get', + list: 'bigquery.jobs.list', + cancel: 'bigquery.jobs.cancel' + }, + tables: { + create: 'bigquery.tables.create', + delete: 'bigquery.tables.delete', + export: 'bigquery.tables.export', + get: 'bigquery.tables.get', + list: 'bigquery.tables.list', + update: 'bigquery.tables.update', + getIamPolicy: 'bigquery.tables.getIamPolicy', + setIamPolicy: 'bigquery.tables.setIamPolicy' + } + }, + computeEngine: { + instances: { + start: 'compute.instances.start', + stop: 'compute.instances.stop', + create: 'compute.instances.create', + delete: 'compute.instances.delete', + get: 'compute.instances.get', + list: 'compute.instances.list', + update: 'compute.instances.update', + getIamPolicy: 'compute.instances.getIamPolicy', + setIamPolicy: 'compute.instances.setIamPolicy' + }, + images: { + create: 'compute.images.create', + delete: 'compute.images.delete', + get: 'compute.images.get', + list: 'compute.images.list', + update: 'compute.images.update' + }, + disks: { + create: 'compute.disks.create', + delete: 'compute.disks.delete', + get: 'compute.disks.get', + list: 'compute.disks.list', + update: 'compute.disks.update', + getIamPolicy: 'compute.disks.getIamPolicy', + setIamPolicy: 'compute.disks.setIamPolicy' + } + }, + functions: { + functions: { + create: 'cloudfunctions.functions.create', + delete: 'cloudfunctions.functions.delete', + get: 'cloudfunctions.functions.get', + list: 'cloudfunctions.functions.list', + update: 'cloudfunctions.functions.update', + getIamPolicy: 'cloudfunctions.functions.getIamPolicy', + setIamPolicy: 'cloudfunctions.functions.setIamPolicy' + }, + operations: { + get: 'cloudfunctions.operations.get', + list: 'cloudfunctions.operations.list' + } + }, + iam: { + roles: { + create: 'iam.roles.create', + delete: 'iam.roles.delete', + get: 'iam.roles.get', + list: 'iam.roles.list', + update: 'iam.roles.update' + }, + serviceAccountKeys: { + create: 'iam.serviceAccountKeys.create', + delete: 'iam.serviceAccountKeys.delete', + get: 'iam.serviceAccountKeys.get' + }, + serviceAccounts: { + actAs: 'iam.serviceAccounts.actAs', + create: 'iam.serviceAccounts.create', + delete: 'iam.serviceAccounts.delete', + disable: 'iam.serviceAccounts.disable', + enable: 'iam.serviceAccounts.enable', + get: 'iam.serviceAccounts.get', + list: 'iam.serviceAccounts.list', + signBlob: 'iam.serviceAccounts.signBlob', + signJwt: 'iam.serviceAccounts.signJwt', + testIamPermissions: 'iam.serviceAccounts.testIamPermissions', + update: 'iam.serviceAccounts.update', + getIamPolicy: 'iam.serviceAccounts.getIamPolicy', + setIamPolicy: 'iam.serviceAccounts.setIamPolicy' + } + }, + cloudRun: { + services: { + create: 'run.services.create', + delete: 'run.services.delete', + get: 'run.services.get', + list: 'run.services.list', + update: 'run.services.update', + getIamPolicy: 'run.services.getIamPolicy', + setIamPolicy: 'run.services.setIamPolicy' + }, + revisions: { + get: 'run.revisions.get', + list: 'run.revisions.list' + }, + configurations: { + get: 'run.configurations.get', + list: 'run.configurations.list' + } + }, + firestore: { + documents: { + create: 'firestore.documents.create', + delete: 'firestore.documents.delete', + get: 'firestore.documents.get', + list: 'firestore.documents.list', + update: 'firestore.documents.update' + }, + indexes: { + create: 'firestore.indexes.create', + delete: 'firestore.indexes.delete', + get: 'firestore.indexes.get', + list: 'firestore.indexes.list' + } + }, + logging: { + logs: { + create: 'logging.logs.create', + delete: 'logging.logs.delete', + list: 'logging.logs.list', + update: 'logging.logs.update' + }, + logEntries: { + create: 'logging.logEntries.create', + list: 'logging.logEntries.list' + }, + metrics: { + create: 'logging.metrics.create', + delete: 'logging.metrics.delete', + get: 'logging.metrics.get', + list: 'logging.metrics.list', + update: 'logging.metrics.update' + } + }, + monitoring: { + alertPolicies: { + create: 'monitoring.alertPolicies.create', + delete: 'monitoring.alertPolicies.delete', + get: 'monitoring.alertPolicies.get', + list: 'monitoring.alertPolicies.list', + update: 'monitoring.alertPolicies.update' + }, + metricsScopes: { + get: 'monitoring.metricsScopes.get', + list: 'monitoring.metricsScopes.list' + } + } +} diff --git a/packages/pulumi/gcp/iam-roles.ts b/packages/pulumi/gcp/iam-roles.ts index 62aca878..040a46a0 100644 --- a/packages/pulumi/gcp/iam-roles.ts +++ b/packages/pulumi/gcp/iam-roles.ts @@ -192,243 +192,4 @@ export const iamRoles = { // Provides read-only access to Cloud Spanner instance configs viewer: 'roles/spanner.viewer' } -}; - -export const iamPermissions = { - cloudSql: { - backupRuns: { - create: 'cloudsql.backupRuns.create', - delete: 'cloudsql.backupRuns.delete', - get: 'cloudsql.backupRuns.get', - list: 'cloudsql.backupRuns.list', - update: 'cloudsql.backupRuns.update' - }, - databases: { - create: 'cloudsql.databases.create', - delete: 'cloudsql.databases.delete', - get: 'cloudsql.databases.get', - list: 'cloudsql.databases.list', - update: 'cloudsql.databases.update', - getIamPolicy: 'cloudsql.databases.getIamPolicy', - setIamPolicy: 'cloudsql.databases.setIamPolicy' - }, - instances: { - create: 'cloudsql.instances.create', - delete: 'cloudsql.instances.delete', - get: 'cloudsql.instances.get', - list: 'cloudsql.instances.list', - update: 'cloudsql.instances.update', - getIamPolicy: 'cloudsql.instances.getIamPolicy', - setIamPolicy: 'cloudsql.instances.setIamPolicy' - } - }, - pubSub: { - subscriptions: { - consume: 'pubsub.subscriptions.consume', - create: 'pubsub.subscriptions.create', - delete: 'pubsub.subscriptions.delete', - get: 'pubsub.subscriptions.get', - list: 'pubsub.subscriptions.list', - update: 'pubsub.subscriptions.update', - getIamPolicy: 'pubsub.subscriptions.getIamPolicy', - setIamPolicy: 'pubsub.subscriptions.setIamPolicy' - }, - topics: { - attachSubscription: 'pubsub.topics.attachSubscription', - create: 'pubsub.topics.create', - delete: 'pubsub.topics.delete', - get: 'pubsub.topics.get', - list: 'pubsub.topics.list', - publish: 'pubsub.topics.publish', - update: 'pubsub.topics.update', - getIamPolicy: 'pubsub.topics.getIamPolicy', - setIamPolicy: 'pubsub.topics.setIamPolicy' - } - }, - storage: { - buckets: { - create: 'storage.buckets.create', - delete: 'storage.buckets.delete', - get: 'storage.buckets.get', - list: 'storage.buckets.list', - update: 'storage.buckets.update', - getIamPolicy: 'storage.buckets.getIamPolicy', - setIamPolicy: 'storage.buckets.setIamPolicy' - }, - objects: { - create: 'storage.objects.create', - delete: 'storage.objects.delete', - get: 'storage.objects.get', - list: 'storage.objects.list', - update: 'storage.objects.update', - getIamPolicy: 'storage.objects.getIamPolicy', - setIamPolicy: 'storage.objects.setIamPolicy' - } - }, - bigQuery: { - datasets: { - create: 'bigquery.datasets.create', - delete: 'bigquery.datasets.delete', - get: 'bigquery.datasets.get', - list: 'bigquery.datasets.list', - update: 'bigquery.datasets.update', - getIamPolicy: 'bigquery.datasets.getIamPolicy', - setIamPolicy: 'bigquery.datasets.setIamPolicy' - }, - jobs: { - create: 'bigquery.jobs.create', - get: 'bigquery.jobs.get', - list: 'bigquery.jobs.list', - cancel: 'bigquery.jobs.cancel' - }, - tables: { - create: 'bigquery.tables.create', - delete: 'bigquery.tables.delete', - export: 'bigquery.tables.export', - get: 'bigquery.tables.get', - list: 'bigquery.tables.list', - update: 'bigquery.tables.update', - getIamPolicy: 'bigquery.tables.getIamPolicy', - setIamPolicy: 'bigquery.tables.setIamPolicy' - } - }, - computeEngine: { - instances: { - start: 'compute.instances.start', - stop: 'compute.instances.stop', - create: 'compute.instances.create', - delete: 'compute.instances.delete', - get: 'compute.instances.get', - list: 'compute.instances.list', - update: 'compute.instances.update', - getIamPolicy: 'compute.instances.getIamPolicy', - setIamPolicy: 'compute.instances.setIamPolicy' - }, - images: { - create: 'compute.images.create', - delete: 'compute.images.delete', - get: 'compute.images.get', - list: 'compute.images.list', - update: 'compute.images.update' - }, - disks: { - create: 'compute.disks.create', - delete: 'compute.disks.delete', - get: 'compute.disks.get', - list: 'compute.disks.list', - update: 'compute.disks.update', - getIamPolicy: 'compute.disks.getIamPolicy', - setIamPolicy: 'compute.disks.setIamPolicy' - } - }, - functions: { - functions: { - create: 'cloudfunctions.functions.create', - delete: 'cloudfunctions.functions.delete', - get: 'cloudfunctions.functions.get', - list: 'cloudfunctions.functions.list', - update: 'cloudfunctions.functions.update', - getIamPolicy: 'cloudfunctions.functions.getIamPolicy', - setIamPolicy: 'cloudfunctions.functions.setIamPolicy' - }, - operations: { - get: 'cloudfunctions.operations.get', - list: 'cloudfunctions.operations.list' - } - }, - iam: { - roles: { - create: 'iam.roles.create', - delete: 'iam.roles.delete', - get: 'iam.roles.get', - list: 'iam.roles.list', - update: 'iam.roles.update' - }, - serviceAccountKeys: { - create: 'iam.serviceAccountKeys.create', - delete: 'iam.serviceAccountKeys.delete', - get: 'iam.serviceAccountKeys.get' - }, - serviceAccounts: { - actAs: 'iam.serviceAccounts.actAs', - create: 'iam.serviceAccounts.create', - delete: 'iam.serviceAccounts.delete', - disable: 'iam.serviceAccounts.disable', - enable: 'iam.serviceAccounts.enable', - get: 'iam.serviceAccounts.get', - list: 'iam.serviceAccounts.list', - signBlob: 'iam.serviceAccounts.signBlob', - signJwt: 'iam.serviceAccounts.signJwt', - testIamPermissions: 'iam.serviceAccounts.testIamPermissions', - update: 'iam.serviceAccounts.update', - getIamPolicy: 'iam.serviceAccounts.getIamPolicy', - setIamPolicy: 'iam.serviceAccounts.setIamPolicy' - } - }, - cloudRun: { - services: { - create: 'run.services.create', - delete: 'run.services.delete', - get: 'run.services.get', - list: 'run.services.list', - update: 'run.services.update', - getIamPolicy: 'run.services.getIamPolicy', - setIamPolicy: 'run.services.setIamPolicy' - }, - revisions: { - get: 'run.revisions.get', - list: 'run.revisions.list' - }, - configurations: { - get: 'run.configurations.get', - list: 'run.configurations.list' - } - }, - firestore: { - documents: { - create: 'firestore.documents.create', - delete: 'firestore.documents.delete', - get: 'firestore.documents.get', - list: 'firestore.documents.list', - update: 'firestore.documents.update' - }, - indexes: { - create: 'firestore.indexes.create', - delete: 'firestore.indexes.delete', - get: 'firestore.indexes.get', - list: 'firestore.indexes.list' - } - }, - logging: { - logs: { - create: 'logging.logs.create', - delete: 'logging.logs.delete', - list: 'logging.logs.list', - update: 'logging.logs.update' - }, - logEntries: { - create: 'logging.logEntries.create', - list: 'logging.logEntries.list' - }, - metrics: { - create: 'logging.metrics.create', - delete: 'logging.metrics.delete', - get: 'logging.metrics.get', - list: 'logging.metrics.list', - update: 'logging.metrics.update' - } - }, - monitoring: { - alertPolicies: { - create: 'monitoring.alertPolicies.create', - delete: 'monitoring.alertPolicies.delete', - get: 'monitoring.alertPolicies.get', - list: 'monitoring.alertPolicies.list', - update: 'monitoring.alertPolicies.update' - }, - metricsScopes: { - get: 'monitoring.metricsScopes.get', - list: 'monitoring.metricsScopes.list' - } - } } diff --git a/packages/pulumi/gcp/index.ts b/packages/pulumi/gcp/index.ts index 03545762..c11a23ee 100644 --- a/packages/pulumi/gcp/index.ts +++ b/packages/pulumi/gcp/index.ts @@ -1,6 +1,8 @@ export * from './config' export * from './default-service-accounts' export * from './iam-roles' +export * from './regions' +export * from './iam-permissions' export * from './resources/bucket.resource' export * from './resources/dns.resource' export * from './resources/iam-binding.resource' diff --git a/packages/pulumi/gcp/regions.ts b/packages/pulumi/gcp/regions.ts new file mode 100644 index 00000000..4b07cd47 --- /dev/null +++ b/packages/pulumi/gcp/regions.ts @@ -0,0 +1,47 @@ +export const regions = { + global: { + eu: 'EU', + us: 'US' + }, + asia: { + east1: 'ASIA-EAST1', + east2: 'ASIA-EAST2', + northeast1: 'ASIA-NORTHEAST1', + northeast2: 'ASIA-NORTHEAST2', + northeast3: 'ASIA-NORTHEAST3', + south1: 'ASIA-SOUTH1', + south2: 'ASIA-SOUTH2', + southeast1: 'ASIA-SOUTHEAST1', + southeast2: 'ASIA-SOUTHEAST2' + }, + australia: { + southeast1: 'AUSTRALIA-SOUTHEAST1', + southeast2: 'AUSTRALIA-SOUTHEAST2' + }, + europe: { + central2: 'EUROPE-CENTRAL2', + north1: 'EUROPE-NORTH1', + west1: 'EUROPE-WEST1', + west2: 'EUROPE-WEST2', + west3: 'EUROPE-WEST3', + west4: 'EUROPE-WEST4', + west6: 'EUROPE-WEST6' + }, + northAmerica: { + northeast1: 'NORTHAMERICA-NORTHEAST1', + northeast2: 'NORTHAMERICA-NORTHEAST2' + }, + southAmerica: { + east1: 'SOUTHAMERICA-EAST1', + west1: 'SOUTHAMERICA-WEST1' + }, + us: { + central1: 'US-CENTRAL1', + east1: 'US-EAST1', + east4: 'US-EAST4', + west1: 'US-WEST1', + west2: 'US-WEST2', + west3: 'US-WEST3', + west4: 'US-WEST4' + } +} diff --git a/packages/pulumi/gcp/resources/bucket.resource.ts b/packages/pulumi/gcp/resources/bucket.resource.ts index 95b8a6ff..efe5dc99 100644 --- a/packages/pulumi/gcp/resources/bucket.resource.ts +++ b/packages/pulumi/gcp/resources/bucket.resource.ts @@ -57,6 +57,10 @@ export class BucketResource extends BaseResource { return this } + public create(): void { + // Do nothing + } + private addMember(member: pulumi.Output, role: string): void { member.apply((parsedMember) => { this.createMember(parsedMember, role) @@ -80,8 +84,4 @@ export class BucketResource extends BaseResource { }) } - public create(): void { - // Do nothing - } - } diff --git a/packages/pulumi/gcp/resources/dns.resource.ts b/packages/pulumi/gcp/resources/dns.resource.ts index 16d5dc54..24e59ae0 100644 --- a/packages/pulumi/gcp/resources/dns.resource.ts +++ b/packages/pulumi/gcp/resources/dns.resource.ts @@ -9,13 +9,12 @@ export type DNS_VALUES = string | Array export class DNSResource extends BaseResource { - private readonly friendlyDomain: string + public static gmailSpfInclude = 'include:_spf.google.com' public readonly zone: gcp.dns.ManagedZone + private readonly friendlyDomain: string private emailDisabled = false - public static gmailSpfInclude = 'include:_spf.google.com' - constructor( private readonly domain: string, private readonly enableDnssec = true, diff --git a/packages/pulumi/gcp/resources/secret.resource.ts b/packages/pulumi/gcp/resources/secret.resource.ts index ca8fa049..a4faf20d 100644 --- a/packages/pulumi/gcp/resources/secret.resource.ts +++ b/packages/pulumi/gcp/resources/secret.resource.ts @@ -18,7 +18,7 @@ export class SecretResource extends BaseResource { private readonly secretName: string, private readonly args: Partial = {}, private readonly opts: pulumi.ComponentResourceOptions = {}, - private readonly secretOpts: pulumi.ComponentResourceOptions = {}, + private readonly secretOpts: pulumi.ComponentResourceOptions = {} ) { super('secret-resource', secretName, {}, opts)