App-Infra Dependencies Capability
Purpose: Make dependencies explicit when applications rely on resources like Pub/Sub, GCS, and Cloud SQL.
Why this capability exists
Dependencies currently live across multiple repos and are hard to discover as a complete picture. This capability defines a consistent dependency contract.
Dependency categories
| Category | Examples | Typical owner |
|---|---|---|
| Data stores | Cloud SQL databases and users | Platform + app team |
| Messaging | Pub/Sub topics and subscriptions | Platform + app team |
| Object storage | GCS buckets, IAM access | Platform + app team |
| Identity | GSA roles and bindings | Platform |
| Runtime config | ConfigMap and Secret keys | App team |
Required dependency contract per service
Each service page should include:
- Dependency inventory
- Upstream and downstream connections
- Required IAM roles
- Environment-specific differences
- Validation commands
Source starting points
iot-infrastructure/docs/reference/applications/iot-ble-processing.mdiot-infrastructure/docs/guides/adding-an-application-module.mdiot-manifests/docs/reference/development-guide.md
Definition of done checklist
- [ ] All external dependencies are listed in one place
- [ ] IAM expectations are explicit
- [ ] Environment-specific settings are explicit
- [ ] Validation and rollback notes are present
- [ ] Owning team is documented