zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow custom and predefined roles in bq dataset access rules

This commit is contained in:
Julio Castillo 2021-11-08 10:56:43 +01:00
parent 0e0724b833
commit 1a35ba3478
3 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/bigquery-dataset/README.md
View File

@ -181,7 +181,7 @@ module "bigquery-dataset" {
|---|---|:---: |:---:|:---:|
| id | Dataset id. | <code title="">string</code> | ✓ | |
| project_id | Id of the project where datasets will be created. | <code title="">string</code> | ✓ | |
| *access* | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | <code title="map&#40;object&#40;&#123;&#10;role &#61; string&#10;type &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="&#123;&#125;&#10;validation &#123;&#10;condition &#61; can&#40;&#91;&#10;for k, v in var.access :&#10;index&#40;&#91;&#34;OWNER&#34;, &#34;READER&#34;, &#34;WRITER&#34;&#93;, v.role&#41;&#10;&#93;&#41;&#10;error_message &#61; &#34;Access role must be one of &#39;OWNER&#39;, &#39;READER&#39;, &#39;WRITER&#39;.&#34;&#10;&#125;&#10;validation &#123;&#10;condition &#61; can&#40;&#91;&#10;for k, v in var.access :&#10;index&#40;&#91;&#34;domain&#34;, &#34;group&#34;, &#34;special_group&#34;, &#34;user&#34;, &#34;view&#34;&#93;, v.type&#41;&#10;&#93;&#41;&#10;error_message &#61; &#34;Access type must be one of &#39;domain&#39;, &#39;group&#39;, &#39;special_group&#39;, &#39;user&#39;, &#39;view&#39;.&#34;&#10;&#125;">...</code> |
| *access* | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | <code title="map&#40;object&#40;&#123;&#10;role &#61; string&#10;type &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> | | <code title="&#123;&#125;&#10;validation &#123;&#10;condition &#61; can&#40;&#91;&#10;for k, v in var.access :&#10;index&#40;&#91;&#34;domain&#34;, &#34;group&#34;, &#34;special_group&#34;, &#34;user&#34;, &#34;view&#34;&#93;, v.type&#41;&#10;&#93;&#41;&#10;error_message &#61; &#34;Access type must be one of &#39;domain&#39;, &#39;group&#39;, &#39;special_group&#39;, &#39;user&#39;, &#39;view&#39;.&#34;&#10;&#125;">...</code> |
| *access_identities* | Map of access identities used for basic access roles. View identities have the format 'project_id|dataset_id|table_id'. | <code title="map&#40;string&#41;">map(string)</code> | | <code title="">{}</code> |
| *dataset_access* | Set access in the dataset resource instead of using separate resources. | <code title="">bool</code> | | <code title="">false</code> |
| *description* | Optional description. | <code title="">string</code> | | <code title="">Terraform managed.</code> |

1
modules/bigquery-dataset/main.tf
View File

@ -209,5 +209,4 @@ resource "google_bigquery_table" "views" {
query = each.value.query
use_legacy_sql = each.value.use_legacy_sql
}
}

7
modules/bigquery-dataset/variables.tf
View File

@ -21,13 +21,6 @@ variable "access" {
type = string
}))
default = {}
validation {
condition = can([
for k, v in var.access :
index(["OWNER", "READER", "WRITER"], v.role)
])
error_message = "Access role must be one of 'OWNER', 'READER', 'WRITER'."
}
validation {
condition = can([
for k, v in var.access :