sigs.k8s.io/cluster-api-provider-azure@v1.17.0/hack/terraform-gcr-init/user_project.tf (about) 1 resource "google_project" "project" { 2 name = "cluster-api-${var.short_name}" 3 project_id = "cluster-provider-azure-${var.short_name}" 4 org_id = "${var.org_id}" 5 billing_account = "${var.billing_account}" 6 } 7 8 resource "google_project_services" "project" { 9 project = "${google_project.project.project_id}" 10 services = ["containerregistry.googleapis.com", "pubsub.googleapis.com", "storage-api.googleapis.com"] 11 } 12 13 resource "google_project_iam_policy" "project" { 14 project = "${google_project.project.project_id}" 15 policy_data = "${data.google_iam_policy.owner.policy_data}" 16 } 17 18 data "google_iam_policy" "owner" { 19 binding { 20 role = "roles/owner" 21 22 members = [ 23 "${var.owners}", 24 ] 25 } 26 } 27 28 resource "null_resource" "gcr" { 29 // We have to push at least one image for the repository to be created. 30 provisioner "local-exec" { 31 command = "sh -c 'docker pull busybox && docker tag busybox gcr.io/${google_project.project.project_id}/busybox:init && docker push gcr.io/${google_project.project.project_id}/busybox:init'" 32 } 33 } 34 35 // This makes the bucket publicly readable 36 resource "google_storage_bucket_acl" "acl" { 37 bucket = "artifacts.${google_project.project.project_id}.appspot.com" 38 39 role_entity = [ 40 "OWNER:${var.owners}", 41 "READER:allUsers", 42 ] 43 44 provisioner "local-exec" { 45 command = "gsutil -m acl ch -r -u AllUsers:READ gs://artifacts.${google_project.project.project_id}.appspot.com" 46 } 47 48 depends_on = ["null_resource.gcr"] 49 }