Fix 0-bootstrap iam_by_principals not taking into account all principals (#2267)
* Fix 0-bootstrap iam_by_principals not taking into account all principals * Add test-case for iam_by_principals for 0-bootstrap stage --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
This commit is contained in:
parent
6a3c7fe444
commit
af253c9702
|
@ -138,8 +138,14 @@ module "organization" {
|
|||
organization_id = module.organization-logging.id
|
||||
# human (groups) IAM bindings
|
||||
iam_by_principals = {
|
||||
for k, v in local.iam_principals :
|
||||
k => distinct(concat(v, lookup(var.iam_by_principals, k, [])))
|
||||
for key in distinct(concat(
|
||||
keys(local.iam_principals),
|
||||
keys(var.iam_by_principals),
|
||||
)) :
|
||||
key => distinct(concat(
|
||||
lookup(local.iam_principals, key, []),
|
||||
lookup(var.iam_by_principals, key, []),
|
||||
))
|
||||
}
|
||||
# machine (service accounts) IAM bindings
|
||||
iam = merge(
|
||||
|
|
|
@ -92,7 +92,7 @@ class FabricTestItem(pytest.Item):
|
|||
self.tf_var_files, self.extra_files)
|
||||
except AssertionError:
|
||||
def full_paths(x):
|
||||
return [(self.parent.path.parent / x ) for x in x]
|
||||
return [str(self.parent.path.parent / x ) for x in x]
|
||||
print(f'Error in inventory file: {" ".join(full_paths(self.inventory))}')
|
||||
print(f'To regenerate inventory run: python tools/plan_summary.py {self.module} {" ".join(full_paths(self.tf_var_files))}')
|
||||
raise
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
organization = {
|
||||
domain = "fast.example.com"
|
||||
id = 123456789012
|
||||
customer_id = "C00000000"
|
||||
}
|
||||
billing_account = {
|
||||
id = "000000-111111-222222"
|
||||
}
|
||||
essential_contacts = "gcp-organization-admins@fast.example.com"
|
||||
iam_by_principals = {
|
||||
"user:other@fast.example.com" = ["roles/browser"]
|
||||
}
|
||||
prefix = "fast"
|
||||
org_policies_config = {
|
||||
import_defaults = false
|
||||
}
|
||||
outputs_location = "/fast-config"
|
||||
groups = {
|
||||
gcp-support = "group:gcp-support@example.com"
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.organization.google_organization_iam_binding.authoritative["roles/browser"]:
|
||||
condition: []
|
||||
members:
|
||||
- domain:fast.example.com
|
||||
- user:other@fast.example.com
|
||||
org_id: '123456789012'
|
||||
role: roles/browser
|
|
@ -25,3 +25,5 @@ tests:
|
|||
- simple.yaml
|
||||
- simple_projects.yaml
|
||||
- simple_sas.yaml
|
||||
|
||||
iam_by_principals:
|
||||
|
|
Loading…
Reference in New Issue