Readme

Cloudshell tutorial

https://github.com/hashicorp/terraform-getting-started-gcp-cloud-shell/blob/master/tutorial/cloudshell_tutorial.md

Permission explanations for APIs

• run.googleapis.com Cloud Run API
• cloudresourcemanager.googleapis.com Cloud Resource Manager API

Permission explanations for Service Account role

• iam.serviceAccounts.actAs
  • When deploying, act as the default service account, which will grant further permissions required during deployment.
• run.operations.get
  • Required during deployment to confirm that deployment was successful.
• run.routes.invoke
  • Call the deployed Cloud Run services, in order to perform a render.
• run.services.create
  • Deploy new, and edit existing, Cloud Run services
• run.services.list
  • Get a list of existing Cloud Run services, to ensure no unintended overwriting.
• run.services.update
  • Update a Cloud Run service, for instance providing it with more Memory or CPU.
• storage.buckets.create
  • Create the storage bucket to store the bundled site, plus render output
• storage.buckets.get
  • ToDo...
• storage.buckets.list
  • Get a list of existing Cloud Storage resources, to ensure no unintended overwriting of storage buckets.
• storage.objects.create
  • Create new objects in storage. This could be bundled sites, or renders, or logs.
• storage.objects.delete
  • ToDo...
• storage.objects.list
  • ToDo...
• run.services.getIamPolicy
  • used to check the existing IAM policy on a service, before modifying it for (un)authenticated invoking.
• run.services.setIamPolicy
  • used to set the IAM policy on a service, to allow unauthenticated invoking, or remove unauthenticated invoking.