Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for custom monitoring metrics writer role #2239

Merged
merged 8 commits into from
Jan 17, 2025
Merged

feat: add support for custom monitoring metrics writer role #2239

merged 8 commits into from
Jan 17, 2025

Conversation

samuelarogbonlo
Copy link
Contributor

@samuelarogbonlo samuelarogbonlo commented Jan 11, 2025
edited
Loading

Pull Request: Custom Monitoring Metrics Writer Role Support

Fixes #2073

Description

This Pull Request adds the ability to specify a custom monitoring metrics writer role for the GKE node service account instead of using the default roles/monitoring.metricWriter role. This is particularly useful for organizations that restrict the use of default roles and require custom IAM roles with specific permissions.

Key Changes

  1. Added Variable
  • A new variable monitoring_metric_writer_role with a default value of roles/monitoring.metricWriter was added.
  • This allows users to specify a custom IAM role if needed.
  1. Backward Compatibility
    • Ensured backward compatibility by maintaining the default role (roles/monitoring.metricWriter) for users who do not override the variable.

Changes

  • Added new variable monitoring_metric_writer_role in modules/beta-private-cluster/variables.tf
  • Updated IAM role assignment in modules/beta-private-cluster/sa.tf to use the new variable
  • Added input validation to ensure proper role format
  • Maintained backward compatibility by defaulting to roles/monitoring.metricWriter

Testing Performed

Tested the following scenarios:

  • Default behavior (using roles/monitoring.metricWriter)
  • Custom role usage (using projects/{project_id}/roles/custom_metrics_writer)

Impact

  • Backward Compatible: Existing users do not need to make any changes, as the default behavior remains unchanged.
  • Enhanced Flexibility: Users can now assign custom roles for monitoring metrics, meeting organizational compliance requirements.

Checklist

  • [ ✅ ] Code follows repository style and conventions
  • [ ✅ ] All tests pass
  • [ ✅ ] Documentation has been updated
  • [ ✅ ] Backward compatibility is maintained
  • [ ✅ ] Added validation for input variable
  • [ ✅ ] Tested with both default and custom roles

@samuelarogbonlo samuelarogbonlo requested review from apeabody, ericyz and a team as code owners January 11, 2025 19:22
@google-cla Google CLA
Copy link

google-cla bot commented Jan 11, 2025

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@apeabody
Copy link
Collaborator

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Hi @samuelarogbonlo - Please address the CLA before we can review this PR. Thanks!

@samuelarogbonlo
Copy link
Contributor Author

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

I signed it!

apeabody
apeabody requested changes Jan 16, 2025
View reviewed changes
Copy link
Collaborator

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @samuelarogbonlo!

main.tf Outdated Show resolved Hide resolved
modules/beta-private-cluster/variables.tf Show resolved Hide resolved
@samuelarogbonlo
chore: remove test files and cleanup unintended changes
7916c38 
Signed-off-by: samuelarogbonlo <sbayo971@gmail.com>
@samuelarogbonlo
feat: add custom metrics writer role to autogen templates
df4ca10 
Signed-off-by: samuelarogbonlo <sbayo971@gmail.com>
@apeabody
Copy link
Collaborator

Thanks @samuelarogbonlo - Can you please run make build and make docker_generate_docs and commit the changes.

@samuelarogbonlo
chore: regenerate modules from templates
bf60dc9 
Generated module variants and documentation using make build.
Updates include custom metrics writer role changes across all variants.

Signed-off-by: samuelarogbonlo <sbayo971@gmail.com>
@samuelarogbonlo
Copy link
Contributor Author

Thanks @samuelarogbonlo - Can you please run make build and make docker_generate_docs and commit the changes.

Done

@apeabody
Copy link
Collaborator

/gcbrun

@apeabody apeabody merged commit 4aad5e9 into terraform-google-modules:main Jan 17, 2025
4 checks passed
@release-please release-please bot mentioned this pull request Jan 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apeabody apeabody apeabody approved these changes

@ericyz ericyz Awaiting requested review from ericyz ericyz is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Requesting the ability to add a custom monitoring metrics writer role to GKE node service account
2 participants
@samuelarogbonlo @apeabody