Update READMEs with new variable names
This commit is contained in:
parent
8a672b1b13
commit
1df08caa7f
|
@ -37,7 +37,7 @@ module "private-dns" {
|
|||
| *peer_network* | Peering network self link, only valid for 'peering' zone types. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *recordsets* | List of DNS record objects to manage. | <code title="list(object({ name = string type = string ttl = number records = list(string) }))">list(object({...}))</code> | | <code title="">[]</code> |
|
||||
| *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code title="">string</code> | | <code title="">private</code> |
|
||||
| *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | <code title="">string</code> | | <code title="private validation { condition = contains(["public", "private", "forwarding", "peering", "service-directory"], var.type) error_message = "Zone must be one of 'public', 'private', 'forwarding', 'peering', 'service-directory'." }">...</code> |
|
||||
| *zone_create* | Create zone. When set to false, uses a data source to reference existing zone. | <code title="">bool</code> | | <code title="">true</code> |
|
||||
|
||||
## Outputs
|
||||
|
|
|
@ -46,7 +46,7 @@ module "folder" {
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| name | Folder name. | <code title="">string</code> | ✓ | |
|
||||
| parent | Parent in folders/folder_id or organizations/org_id format. | <code title="string validation { condition = can(regex("(organizations|folders)/[0-9]+", var.parent)) error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." }">string</code> | ✓ | |
|
||||
| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map(set(string))">map(set(string))</code> | | <code title="">null</code> |
|
||||
| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map(set(string))">map(set(string))</code> | | <code title="">{}</code> |
|
||||
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map(object({ inherit_from_parent = bool suggested_value = string status = bool values = list(string) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
|
||||
|
|
|
@ -36,10 +36,9 @@ module "folders-unit" {
|
|||
| short_name | Short name used as GCS bucket and service account prefixes, do not use capital letters or spaces. | <code title="">string</code> | ✓ | |
|
||||
| *environments* | Unit environments short names. | <code title="map(string)">map(string)</code> | | <code title="{ non-prod = "Non production" prod = "Production" }">...</code> |
|
||||
| *gcs_defaults* | Defaults use for the state GCS buckets. | <code title="map(string)">map(string)</code> | | <code title="{ location = "EU" storage_class = "MULTI_REGIONAL" }">...</code> |
|
||||
| *iam* | IAM bindings for the top-level folder in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *iam_billing_config* | Grant billing user role to service accounts, defaults to granting on the billing account. | <code title="object({ grant = bool target_org = bool })">object({...})</code> | | <code title="{ grant = true target_org = false }">...</code> |
|
||||
| *iam_enviroment_roles* | IAM roles granted to the environment service account on the environment sub-folder. | <code title="list(string)">list(string)</code> | | <code title="[ "roles/compute.networkAdmin", "roles/owner", "roles/resourcemanager.folderAdmin", "roles/resourcemanager.projectCreator", ]">...</code> |
|
||||
| *iam_members* | IAM members for roles applied on the unit folder. | <code title="map(list(string))">map(list(string))</code> | | <code title="">null</code> |
|
||||
| *iam_roles* | IAM roles applied on the unit folder. | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||||
| *iam_xpn_config* | Grant Shared VPC creation roles to service accounts, defaults to granting at folder level. | <code title="object({ grant = bool target_org = bool })">object({...})</code> | | <code title="{ grant = true target_org = false }">...</code> |
|
||||
| *prefix* | Optional prefix used for GCS bucket names to ensure uniqueness. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *service_account_keys* | Generate and store service account keys in the state file. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
|
|
|
@ -66,7 +66,7 @@ module "bucket" {
|
|||
| project_id | Bucket project id. | <code title="">string</code> | ✓ | |
|
||||
| *encryption_key* | KMS key that will be used for encryption. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *force_destroy* | Optional map to set force destroy keyed by name, defaults to false. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *iam_members* | IAM members keyed by bucket name and role. | <code title="map(set(string))">map(set(string))</code> | | <code title="">{}</code> |
|
||||
| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *labels* | Labels to be attached to all buckets. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *location* | Bucket location. | <code title="">string</code> | | <code title="">EU</code> |
|
||||
| *logging_config* | Bucket logging configuration. | <code title="object({ log_bucket = string log_object_prefix = string })">object({...})</code> | | <code title="">null</code> |
|
||||
|
|
|
@ -15,7 +15,7 @@ module "project" {
|
|||
"container.googleapis.com",
|
||||
"stackdriver.googleapis.com"
|
||||
]
|
||||
iam_members = {
|
||||
iam = {
|
||||
"roles/container.hostServiceAgentUser" = [
|
||||
"serviceAccount:${var.gke_service_account}"
|
||||
]
|
||||
|
@ -31,7 +31,7 @@ module "project" {
|
|||
name = "project-example"
|
||||
project_create = false
|
||||
|
||||
iam_additive_bindings = {
|
||||
iam_additive = {
|
||||
"group:usergroup_watermlon_experimentation@lemonadeinc.io" = [
|
||||
"roles/viewer",
|
||||
"roles/storage.objectAdmin"
|
||||
|
|
|
@ -25,7 +25,7 @@ module "secret-manager" {
|
|||
|
||||
### Secret IAM bindings
|
||||
|
||||
IAM bindings can be set per secret in the same way as for most other modules supporting IAM, using the `iam_members` variable.
|
||||
IAM bindings can be set per secret in the same way as for most other modules supporting IAM, using the `iam` variable.
|
||||
|
||||
```hcl
|
||||
module "secret-manager" {
|
||||
|
|
Loading…
Reference in New Issue