# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: core.cnrm.cloud.google.com/v1alpha1 kind: ServiceMapping metadata: name: storage.cnrm.cloud.google.com namespace: cnrm-system spec: name: Storage version: v1beta1 serviceHostName: "storage.googleapis.com" resources: - name: google_storage_bucket kind: StorageBucket iamConfig: policyName: google_storage_bucket_iam_policy policyMemberName: google_storage_bucket_iam_member referenceField: name: bucket type: name supportsConditions: true metadataMapping: name: name labels: labels resourceID: targetField: name idTemplate: "{{name}}" # odd resource where the project is 'optional', needs more thought -- also not supported by gcloud (yet), problem applies to all Storage resources idTemplateCanBeUsedToMatchResourceName: false resourceAvailableInAssetInventory: true resourceReferences: - tfField: encryption.default_kms_key_name key: kmsKeyRef gvk: kind: KMSCryptoKey version: v1beta1 group: kms.cnrm.cloud.google.com targetField: self_link directives: - force_destroy containers: - type: project tfField: project - name: google_storage_bucket_access_control kind: StorageBucketAccessControl idTemplate: "{{bucket}}/{{entity}}" # odd resource where the project is 'optional', needs more thought -- also not supported by gcloud (yet), problem applies to all Storage resources idTemplateCanBeUsedToMatchResourceName: false resourceAvailableInAssetInventory: false resourceReferences: - key: bucketRef tfField: bucket parent: true description: |- Reference to the bucket. gvk: kind: StorageBucket version: v1beta1 group: storage.cnrm.cloud.google.com - name: google_storage_default_object_access_control kind: StorageDefaultObjectAccessControl idTemplate: "{{bucket}}/{{entity}}" # odd resource where the project is 'optional', needs more thought -- also not supported by gcloud (yet), problem applies to all Storage resources idTemplateCanBeUsedToMatchResourceName: false resourceAvailableInAssetInventory: false resourceReferences: - key: bucketRef tfField: bucket parent: true description: |- Reference to the bucket. gvk: kind: StorageBucket version: v1beta1 group: storage.cnrm.cloud.google.com - name: google_storage_notification kind: StorageNotification serverGeneratedIDField: "notification_id" resourceID: targetField: notification_id idTemplate: "{{bucket}}/notificationConfigs/{{notification_id}}" # odd resource where the project is 'optional', needs more thought -- also not supported by gcloud (yet), problem applies to all Storage resources idTemplateCanBeUsedToMatchResourceName: false resourceAvailableInAssetInventory: false resourceReferences: - key: bucketRef tfField: bucket parent: true gvk: kind: StorageBucket version: v1beta1 group: storage.cnrm.cloud.google.com - key: topicRef tfField: topic valueTemplate: "projects/{{project}}/topics/{{value}}" gvk: kind: PubSubTopic version: v1beta1 group: pubsub.cnrm.cloud.google.com