Merge pull request #359 from terraform-google-modules/jccb/bq-roles
Allow custom and predefined roles in bq dataset access rules
This commit is contained in:
commit
37e946c334
|
@ -181,7 +181,7 @@ module "bigquery-dataset" {
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| id | Dataset id. | <code title="">string</code> | ✓ | |
|
||||
| project_id | Id of the project where datasets will be created. | <code title="">string</code> | ✓ | |
|
||||
| *access* | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | <code title="map(object({ role = string type = string }))">map(object({...}))</code> | | <code title="{} validation { condition = can([ for k, v in var.access : index(["OWNER", "READER", "WRITER"], v.role) ]) error_message = "Access role must be one of 'OWNER', 'READER', 'WRITER'." } validation { condition = can([ for k, v in var.access : index(["domain", "group", "special_group", "user", "view"], v.type) ]) error_message = "Access type must be one of 'domain', 'group', 'special_group', 'user', 'view'." }">...</code> |
|
||||
| *access* | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | <code title="map(object({ role = string type = string }))">map(object({...}))</code> | | <code title="{} validation { condition = can([ for k, v in var.access : index(["domain", "group", "special_group", "user", "view"], v.type) ]) error_message = "Access type must be one of 'domain', 'group', 'special_group', 'user', 'view'." }">...</code> |
|
||||
| *access_identities* | Map of access identities used for basic access roles. View identities have the format 'project_id|dataset_id|table_id'. | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||||
| *dataset_access* | Set access in the dataset resource instead of using separate resources. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *description* | Optional description. | <code title="">string</code> | | <code title="">Terraform managed.</code> |
|
||||
|
|
|
@ -209,5 +209,4 @@ resource "google_bigquery_table" "views" {
|
|||
query = each.value.query
|
||||
use_legacy_sql = each.value.use_legacy_sql
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -21,13 +21,6 @@ variable "access" {
|
|||
type = string
|
||||
}))
|
||||
default = {}
|
||||
validation {
|
||||
condition = can([
|
||||
for k, v in var.access :
|
||||
index(["OWNER", "READER", "WRITER"], v.role)
|
||||
])
|
||||
error_message = "Access role must be one of 'OWNER', 'READER', 'WRITER'."
|
||||
}
|
||||
validation {
|
||||
condition = can([
|
||||
for k, v in var.access :
|
||||
|
|
Loading…
Reference in New Issue