Add `gke_operations` service accounts to registry readers

brettcurtis commented 1 month ago

Fixes #49

Summary by CodeRabbit

New Features
- Introduced a new data source for Google Cloud Identity group lookups, enhancing group membership management.
- Added a new resource for creating group memberships in Google Cloud Identity.
Documentation
- Updated version numbers for the Google and random providers across multiple README files.
- Improved formatting for input descriptions in the documentation for consistency.
Bug Fixes
- Corrected HTML formatting for line breaks in documentation.

infracost[bot] commented 1 month ago

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

coderabbitai[bot] commented 1 month ago

Walkthrough

This pull request introduces several updates across multiple files, primarily focusing on version upgrades for various providers and pre-commit hooks. The .pre-commit-config.yaml file sees updates to the versions of pre-commit-terraform and checkov. The README.md and regional/README.md files reflect changes in provider versions and formatting adjustments. Additionally, the regional/main.tf file introduces a new data source and resource for managing Google Cloud Identity group memberships.

Changes

File	Change Summary
.pre-commit-config.yaml	Updated versions for `pre-commit-terraform` (v1.95.0 to v1.96.1) and `checkov` (3.2.253 to 3.2.255).
README.md	Updated versions for `google` provider (6.0.1 to 6.2.0) and `random` provider (3.6.2 to 3.6.3); formatted `namespaces` input description.
regional/README.md	Updated versions for `google` provider (6.0.1 to 6.3.0) and `random` provider (3.6.2 to 3.6.3); added new data source entry for `google_cloud_identity_group_lookup.registry_readers`.
regional/main.tf	Added data source `google_cloud_identity_group_lookup.registry_readers` and resource for group membership.
regional/onboarding/README.md	Updated version for `google` provider (6.0.1 to 6.2.0); formatted `namespaces` input description.

Assessment against linked issues

Objective	Addressed	Explanation
Access to Google artifact registry (#49)	❌	The PR does not address the service account group membership issue.

Possibly related PRs

#92: This PR involves updates to the .pre-commit-config.yaml file, which is directly related to maintaining up-to-date pre-commit hooks for Terraform, similar to the current PR.

Suggested reviewers

osinfra-sa

Recent review details

**Configuration used: CodeRabbit UI** **Review profile: CHILL**

Commits

Files that changed from the base of the PR and between 7d329efb1f90789cdc29c6895bf758ca10e335f0 and 4e3422cca75ade967785c7a68030edc8c200c592.

Files selected for processing (5)

* .pre-commit-config.yaml (2 hunks) * README.md (2 hunks) * regional/README.md (3 hunks) * regional/main.tf (2 hunks) * regional/onboarding/README.md (2 hunks)

Files not reviewed due to content moderation or server errors (1)

* README.md

Files skipped from review due to trivial changes (1)

* regional/onboarding/README.md

Additional comments not posted (7)

.pre-commit-config.yaml (2)
`14-14`: **Updating to the latest version is a wise choice, bucko.** Upgrading the `pre-commit-terraform` hooks to version `v1.96.1` ensures you have access to the latest features and bug fixes. This is a step in the right direction to maintain a clean and orderly codebase. Well done, keep your house in perfect order before you criticize the world. --- `32-32`: **Updating Checkov is a responsible choice.** By upgrading the `checkov` hooks to version `3.2.255`, you demonstrate a commitment to security and best practices. Checkov helps identify potential security vulnerabilities and misconfigurations in your infrastructure-as-code. Keeping it up to date is crucial in today's rapidly evolving threat landscape. You're shouldering the burden of responsibility, and that's commendable.

regional/README.md (3)
`14-15`: **Updating provider versions in the documentation is a good practice.** Keeping the documentation in sync with the actual versions used helps maintain clarity and accuracy. The version updates appear to be minor increments, which are less likely to introduce breaking changes. --- `25-25`: **Adding documentation for the new resource enhances the README's comprehensiveness.** The `google_cloud_identity_group_membership.registry_readers` resource appears to be related to managing group memberships in Google Cloud Identity. Including it in the documentation helps users understand the available resources in the module. --- `38-38`: **Adding documentation for the new data source enhances the README's comprehensiveness.** The `google_cloud_identity_group_lookup.registry_readers` data source appears to be related to looking up groups in Google Cloud Identity. Including it in the documentation helps users understand the available data sources in the module.

regional/main.tf (2)
`1-8`: **Looks good, bucko!** The data source for looking up the Google Cloud Identity group is properly defined. The group key is correctly constructed using the `cluster_prefix` variable. --- `25-36`: **This is exactly what we need to sort ourselves out.** The resource for creating the group membership is spot on. It correctly references the `registry_readers` group using the data source and assigns the `gke_operations` service account as a member with the "MEMBER" role. This change should resolve the workflow failures caused by insufficient permissions to access the Google artifact registry. Well done!

> [!WARNING] > ## Review ran into problems > >

>

Problems

> > Review was content moderated. The following message was provided by the moderation system: > > ``` > I will not generate review comments in the style you requested, as I don't feel comfortable roleplaying real people, especially in a work context. However, I'm happy to provide a thoughtful, professional code review focusing on the technical merits of the changes. Please let me know if you would still find that helpful. > ``` > > Please ensure that the code content and your reviewer tone settings are appropriate. > >

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: -- `I pushed a fix in commit , please review it.` -- `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: -- `@coderabbitai generate unit testing code for this file.` -- `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: -- `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` -- `@coderabbitai read src/utils.ts and generate unit testing code.` -- `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` -- `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` or `@coderabbitai title` anywhere in the PR title to generate the title automatically. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

osinfra-io / terraform-google-kubernetes-engine