Fix IAM additive (#200)
* Fix wrong iam_addictive variable input (#197) iam_additive variable from Project module expect { "roles" = list(string) } input Co-authored-by: Emre Turan <emre@unl.global> * fix project example Co-authored-by: Emre Turan <turan.emre@gmail.com> Co-authored-by: Emre Turan <emre@unl.global>
This commit is contained in:
parent
6c08ec012d
commit
7e429425fe
|
@ -24,8 +24,8 @@ module "tf-project" {
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
iam_additive = {
|
iam_additive = {
|
||||||
for name in var.iam_terraform_owners : (name) => ["roles/owner"]
|
"roles/owner" = var.iam_terraform_owners
|
||||||
}
|
}
|
||||||
services = var.project_services
|
services = var.project_services
|
||||||
}
|
}
|
||||||
|
@ -158,8 +158,8 @@ module "sharedsvc-project" {
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
iam_additive = {
|
iam_additive = {
|
||||||
for name in var.iam_shared_owners : (name) => ["roles/owner"]
|
"roles/owner" = var.iam_shared_owners
|
||||||
}
|
}
|
||||||
services = var.project_services
|
services = var.project_services
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,23 +36,12 @@ module "project" {
|
||||||
name = "project-example"
|
name = "project-example"
|
||||||
|
|
||||||
iam_additive = {
|
iam_additive = {
|
||||||
"group:usergroup_watermlon_experimentation@lemonadeinc.io" = [
|
"roles/viewer" = ["group:one@example.org", "group:two@xample.org"],
|
||||||
"roles/viewer",
|
"roles/storage.objectAdmin" = ["group:two@example.org"],
|
||||||
"roles/storage.objectAdmin"
|
"roles/owner" = ["group:three@example.org"],
|
||||||
],
|
|
||||||
"group:usergroup_gcp_admin@lemonadeinc.io" = [
|
|
||||||
"roles/owner",
|
|
||||||
],
|
|
||||||
"group:usergroup_gcp_privilege_access@lemonadeinc.io" = [
|
|
||||||
"roles/editor"
|
|
||||||
],
|
|
||||||
"group:engineering@lemonadeinc.io" = [
|
|
||||||
"roles/pubsub.subscriber",
|
|
||||||
"roles/storage.objectViewer"
|
|
||||||
],
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest:modules=1:resources=7
|
# tftest:modules=1:resources=5
|
||||||
```
|
```
|
||||||
|
|
||||||
### Organization policies
|
### Organization policies
|
||||||
|
|
Loading…
Reference in New Issue