fix: Add missing permission to single-project deployments (#82)

* fix: Add missing permission to single-project deployments

* chore: Pin google required version to 3.X

Author: tembleking

examples/organization/README.md

@@ -61,15 +61,15 @@ module "secure-for-cloud_example_organization" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
-| <a name="requirement_google-beta"></a> [google-beta](#requirement\_google-beta) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
+| <a name="requirement_google-beta"></a> [google-beta](#requirement\_google-beta) | ~> 3.67.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.21 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.67.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.67.0 |
 
 ## Modules
 

examples/organization/versions.tf

@@ -4,11 +4,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     sysdig = {
       source  = "sysdiglabs/sysdig"

examples/single-project-k8s/README.md

@@ -56,15 +56,15 @@ Notice that:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.15.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >=2.3.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.19 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.67.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.67.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | >=2.3.0 |
 
 ## Modules

examples/single-project-k8s/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     sysdig = {
       source  = "sysdiglabs/sysdig"

examples/single-project/README.md

@@ -59,15 +59,15 @@ module "secure-for-cloud_example_single-project" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
-| <a name="requirement_google-beta"></a> [google-beta](#requirement\_google-beta) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
+| <a name="requirement_google-beta"></a> [google-beta](#requirement\_google-beta) | ~> 3.67.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.21 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.67.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.67.0 |
 
 ## Modules
 

examples/single-project/versions.tf

@@ -4,11 +4,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     sysdig = {
       source  = "sysdiglabs/sysdig"

modules/infrastructure/organization_sink/README.md

@@ -6,13 +6,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.67.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.67.0 |
 
 ## Modules
 

modules/infrastructure/organization_sink/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
   }
 }

modules/infrastructure/project_sink/README.md

@@ -6,13 +6,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.67.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.67.0 |
 
 ## Modules
 

modules/infrastructure/project_sink/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
   }
 }

modules/infrastructure/pubsub_push_http_subscription/README.md

@@ -9,13 +9,13 @@ already exists in the project. It will create the topic if it doesn't exist.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.67.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.67.0 |
 
 ## Modules
 

modules/infrastructure/pubsub_push_http_subscription/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
   }
 }

modules/infrastructure/secrets/README.md

@@ -6,13 +6,13 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | >= 3.67.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 3.67.0 |
 
 ## Modules
 

modules/infrastructure/secrets/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
   }
 }

modules/services/cloud-bench/README.md

@@ -17,8 +17,8 @@ module "cloud_benchmark_gcp" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | >= 3.67.0 |
-| <a name="requirement_google-beta"></a> [google-beta](#requirement\_google-beta) | >= 3.67.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 3.67.0 |
+| <a name="requirement_google-beta"></a> [google-beta](#requirement\_google-beta) | ~> 3.67.0 |
 | <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 0.5.21 |
 
 ## Providers

modules/services/cloud-bench/task/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     sysdig = {
       source  = "sysdiglabs/sysdig"

modules/services/cloud-bench/trust_relationship/versions.tf

@@ -4,11 +4,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     sysdig = {
       source  = "sysdiglabs/sysdig"

modules/services/cloud-bench/versions.tf

@@ -4,11 +4,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     sysdig = {
       source  = "sysdiglabs/sysdig"

modules/services/cloud-connector/README.md

@@ -48,6 +48,7 @@ No modules.
 | [google_eventarc_trigger.trigger](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/eventarc_trigger) | resource |
 | [google_project_iam_member.builder](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
 | [google_project_iam_member.event_receiver](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
+| [google_project_iam_member.run_viewer](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
 | [google_project_iam_member.service_account_user_itself](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
 | [google_project_iam_member.token_creator](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
 | [google_storage_bucket.bucket](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource |

modules/services/cloud-connector/cloud_run.tf

@@ -122,3 +122,8 @@ resource "google_cloud_run_service_iam_member" "run_invoker" {
   project  = google_cloud_run_service.cloud_connector.project
   location = google_cloud_run_service.cloud_connector.location
 }
+
+resource "google_project_iam_member" "run_viewer" {
+  member = "serviceAccount:${var.cloud_connector_sa_email}"
+  role   = "roles/run.viewer"
+}

test/fixtures/organization/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     random = {
       version = ">= 3.1.0"

test/fixtures/single-project/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.67.0"
+      version = "~> 3.67.0"
     }
     random = {
       version = ">= 3.1.0"