add config for gcp ga4 project #1484
Conversation
|
@Nyzl if this is ready for review - could you assign reviewers? If not, please make it a draft. |
| ] | ||
| } | ||
|
|
||
| resource "google_project_iam_binding" "project-GDS_BQ_read_access" { |
There was a problem hiding this comment.
| resource "google_project_iam_binding" "project-GDS_BQ_read_access" { | |
| resource "google_project_iam_binding" "project-gds-bq-read-access" { |
Can we at least normalise the names for the terraform resources?
There was a problem hiding this comment.
yes, much cleaner and easier to read
There was a problem hiding this comment.
Nit: normalise dashes "-" to underscores "_" as per terraform conventions. https://developer.hashicorp.com/terraform/language/style#resource-naming
terraform/deployments/ga4-analytics/project_iam_custom_roles.tf
Outdated
Show resolved
Hide resolved
terraform/deployments/ga4-analytics/project_iam_custom_roles.tf
Outdated
Show resolved
Hide resolved
| create_ignore_already_exists = "true" | ||
| } | ||
|
|
||
| resource "google_service_account" "sa--search-analytics-pipeline" { |
There was a problem hiding this comment.
Nit:
| resource "google_service_account" "sa--search-analytics-pipeline" { | |
| resource "google_service_account" "search_analytics_pipeline" { |
Don't think the "sa--" prefix adds anything to the resources names. Also use "_" rather than "-"s
| title = "GDS BQ user" | ||
| } | ||
|
|
||
| resource "google_project_iam_custom_role" "roles--gds_bigquery_editor" { |
There was a problem hiding this comment.
| resource "google_project_iam_custom_role" "roles--gds_bigquery_editor" { | |
| resource "google_project_iam_custom_role" "gds_bigquery_editor" { |
Nit: don't think the prefix adds anything to the name
| @@ -0,0 +1,144 @@ | |||
| resource "google_project_iam_custom_role" "roles--gds_bigquery_read_access" { | |||
| description = "Created on: 2023-10-27" | |||
There was a problem hiding this comment.
Can we have a description which describes the purpose of the role?
| @@ -0,0 +1,3 @@ | |||
| output "google_project_id" { | |||
| value = google_project.project.project_id | |||
| } | |||
There was a problem hiding this comment.
Is this being used by anything?
| @@ -0,0 +1,25 @@ | |||
| resource "google_service_account" "sa--ga4-analytics-352613" { | |||
There was a problem hiding this comment.
| resource "google_service_account" "sa--ga4-analytics-352613" { | |
| resource "google_service_account" "ga4-analytics" { |
Avoiding naming with arbitrary descriptors (we don't need to know the project id in the tf resource name)
| @@ -0,0 +1,25 @@ | |||
| resource "google_service_account" "sa--ga4-analytics-352613" { | |||
| account_id = "ga4-analytics-352613" | |||
There was a problem hiding this comment.
If this is meant to be the same as the project id - could we use a reference to the project id?
|
thank you @theseanything, it's good to be picky and get into the habit of writing to standard |
|
@Nyzl any update on this PR? Looks ready to go - just 1 comment here that optional: https://github.com/alphagov/govuk-infrastructure/pull/1484/files#r1856384597 |
|
sorry @theseanything i always seem to get side tracked. Yes i think that final suggestion is good to go. Would you be able to merge please? |
Adds Terraform configuration of the GA4 project in GCP.
This covers project creation, service accounts, roles and project level permissions