Output role information from organization module
This commit is contained in:
parent
b86d696e17
commit
a1152003c6
|
@ -3,10 +3,12 @@
|
|||
All notable changes to this project will be documented in this file.
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
- new `apigee-organization` and `apigee-x-instance`
|
||||
- generate `email` and `iam_email` statically in the `iam-service-account` module
|
||||
- new `billing-budget` module
|
||||
- fix `scheduled-asset-inventory-export-bq` module
|
||||
- output custom role information from the `organization` module
|
||||
|
||||
## [5.1.0] - 2021-08-30
|
||||
|
||||
|
|
|
@ -151,6 +151,23 @@ module "org" {
|
|||
# tftest:modules=5:resources=11
|
||||
```
|
||||
|
||||
## Custom Roles
|
||||
```hcl
|
||||
module "org" {
|
||||
source = "./modules/organization"
|
||||
organization_id = var.organization_id
|
||||
custom_roles = {
|
||||
"myRole" = [
|
||||
"compute.instances.list",
|
||||
]
|
||||
}
|
||||
iam = {
|
||||
(module.org.custom_role_id.myRole) = ["user:me@example.com"]
|
||||
}
|
||||
}
|
||||
# tftest:modules=1:resources=2
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
|
@ -177,6 +194,8 @@ module "org" {
|
|||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| custom_role_id | Map of custom role IDs created in the organization. | |
|
||||
| custom_roles | Map of custom roles resources created in the organization. | |
|
||||
| firewall_policies | Map of firewall policy resources created in the organization. | |
|
||||
| firewall_policy_id | Map of firewall policy ids created in the organization. | |
|
||||
| organization_id | Organization id dependent on module resources. | |
|
||||
|
|
|
@ -50,3 +50,21 @@ output "sink_writer_identities" {
|
|||
for name, sink in google_logging_organization_sink.sink : name => sink.writer_identity
|
||||
}
|
||||
}
|
||||
|
||||
output "custom_roles" {
|
||||
description = "Map of custom roles resources created in the organization."
|
||||
value = google_organization_iam_custom_role.roles
|
||||
}
|
||||
|
||||
output "custom_role_id" {
|
||||
description = "Map of custom role IDs created in the organization."
|
||||
value = {
|
||||
for role_id, role in google_organization_iam_custom_role.roles :
|
||||
# build the string manually so that role IDs can be used as map
|
||||
# keys (useful for folder/organization/project-level iam bindings)
|
||||
(role_id) => "${var.organization_id}/roles/${role_id}"
|
||||
}
|
||||
depends_on = [
|
||||
google_organization_iam_custom_role.roles
|
||||
]
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue