Fix IAM additive (#200)
* Fix wrong iam_addictive variable input (#197) iam_additive variable from Project module expect { "roles" = list(string) } input Co-authored-by: Emre Turan <emre@unl.global> * fix project example Co-authored-by: Emre Turan <turan.emre@gmail.com> Co-authored-by: Emre Turan <emre@unl.global>
This commit is contained in:
parent
6c08ec012d
commit
7e429425fe
|
@ -25,7 +25,7 @@ module "tf-project" {
|
|||
prefix = var.prefix
|
||||
billing_account = var.billing_account_id
|
||||
iam_additive = {
|
||||
for name in var.iam_terraform_owners : (name) => ["roles/owner"]
|
||||
"roles/owner" = var.iam_terraform_owners
|
||||
}
|
||||
services = var.project_services
|
||||
}
|
||||
|
@ -159,7 +159,7 @@ module "sharedsvc-project" {
|
|||
prefix = var.prefix
|
||||
billing_account = var.billing_account_id
|
||||
iam_additive = {
|
||||
for name in var.iam_shared_owners : (name) => ["roles/owner"]
|
||||
"roles/owner" = var.iam_shared_owners
|
||||
}
|
||||
services = var.project_services
|
||||
}
|
||||
|
|
|
@ -36,23 +36,12 @@ module "project" {
|
|||
name = "project-example"
|
||||
|
||||
iam_additive = {
|
||||
"group:usergroup_watermlon_experimentation@lemonadeinc.io" = [
|
||||
"roles/viewer",
|
||||
"roles/storage.objectAdmin"
|
||||
],
|
||||
"group:usergroup_gcp_admin@lemonadeinc.io" = [
|
||||
"roles/owner",
|
||||
],
|
||||
"group:usergroup_gcp_privilege_access@lemonadeinc.io" = [
|
||||
"roles/editor"
|
||||
],
|
||||
"group:engineering@lemonadeinc.io" = [
|
||||
"roles/pubsub.subscriber",
|
||||
"roles/storage.objectViewer"
|
||||
],
|
||||
"roles/viewer" = ["group:one@example.org", "group:two@xample.org"],
|
||||
"roles/storage.objectAdmin" = ["group:two@example.org"],
|
||||
"roles/owner" = ["group:three@example.org"],
|
||||
}
|
||||
}
|
||||
# tftest:modules=1:resources=7
|
||||
# tftest:modules=1:resources=5
|
||||
```
|
||||
|
||||
### Organization policies
|
||||
|
|
Loading…
Reference in New Issue