Remove iam_roles from net-vpc
This commit is contained in:
parent
405a3c23d5
commit
c75230adf3
|
@ -86,12 +86,6 @@ module "vpc-host" {
|
|||
local.service_project_1.project_id,
|
||||
local.service_project_2.project_id
|
||||
]
|
||||
iam_roles = {
|
||||
"europe-west1/subnet-1" = [
|
||||
"roles/compute.networkUser",
|
||||
"roles/compute.securityAdmin"
|
||||
]
|
||||
}
|
||||
iam_members = {
|
||||
"europe-west1/subnet-1" = {
|
||||
"roles/compute.networkUser" = [
|
||||
|
@ -117,7 +111,6 @@ module "vpc-host" {
|
|||
| *delete_default_routes_on_create* | Set to true to delete the default routes at creation time. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *description* | An optional description of this resource (triggers recreation on change). | <code title="">string</code> | | <code title="">Terraform-managed.</code> |
|
||||
| *iam_members* | List of IAM members keyed by subnet 'region/name' and role. | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">{}</code> |
|
||||
| *iam_roles* | List of IAM roles keyed by subnet 'region/name'. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *log_config_defaults* | Default configuration for flow logs when enabled. | <code title="object({ aggregation_interval = string flow_sampling = number metadata = string })">object({...})</code> | | <code title="{ aggregation_interval = "INTERVAL_5_SEC" flow_sampling = 0.5 metadata = "INCLUDE_ALL_METADATA" }">...</code> |
|
||||
| *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | <code title="map(map(string))">map(map(string))</code> | | <code title="">{}</code> |
|
||||
| *peering_config* | VPC peering configuration. | <code title="object({ peer_vpc_self_link = string export_routes = bool import_routes = bool })">object({...})</code> | | <code title="">null</code> |
|
||||
|
|
|
@ -16,14 +16,16 @@
|
|||
|
||||
locals {
|
||||
iam_members = var.iam_members == null ? {} : var.iam_members
|
||||
iam_pairs = var.iam_roles == null ? [] : flatten([
|
||||
for subnet, roles in var.iam_roles :
|
||||
[for role in roles : { subnet = subnet, role = role }]
|
||||
])
|
||||
iam_keypairs = {
|
||||
for pair in local.iam_pairs :
|
||||
"${pair.subnet}-${pair.role}" => pair
|
||||
subnet_iam_members = flatten([
|
||||
for subnet, roles in local.iam_members : [
|
||||
for role, members in roles : {
|
||||
subnet = subnet
|
||||
role = role
|
||||
members = members
|
||||
}
|
||||
]
|
||||
])
|
||||
|
||||
log_configs = var.log_configs == null ? {} : var.log_configs
|
||||
peer_network = (
|
||||
var.peering_config == null
|
||||
|
@ -152,14 +154,15 @@ resource "google_compute_subnetwork" "subnetwork" {
|
|||
}
|
||||
|
||||
resource "google_compute_subnetwork_iam_binding" "binding" {
|
||||
for_each = local.iam_keypairs
|
||||
for_each = {
|
||||
for binding in local.subnet_iam_members :
|
||||
"${binding.subnet}.${binding.role}" => binding
|
||||
}
|
||||
project = var.project_id
|
||||
subnetwork = google_compute_subnetwork.subnetwork[each.value.subnet].name
|
||||
region = google_compute_subnetwork.subnetwork[each.value.subnet].region
|
||||
role = each.value.role
|
||||
members = lookup(
|
||||
lookup(local.iam_members, each.value.subnet, {}), each.value.role, []
|
||||
)
|
||||
members = each.value.members
|
||||
}
|
||||
|
||||
resource "google_compute_route" "gateway" {
|
||||
|
|
|
@ -32,12 +32,6 @@ variable "description" {
|
|||
default = "Terraform-managed."
|
||||
}
|
||||
|
||||
variable "iam_roles" {
|
||||
description = "List of IAM roles keyed by subnet 'region/name'."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
description = "List of IAM members keyed by subnet 'region/name' and role."
|
||||
type = map(map(list(string)))
|
||||
|
|
|
@ -107,10 +107,6 @@ module "vpc-shared" {
|
|||
}
|
||||
}
|
||||
]
|
||||
iam_roles = {
|
||||
"${var.region}/gke" = ["roles/compute.networkUser", "roles/compute.securityAdmin"]
|
||||
"${var.region}/gce" = ["roles/compute.networkUser"]
|
||||
}
|
||||
iam_members = {
|
||||
"${var.region}/gce" = {
|
||||
"roles/compute.networkUser" = concat(var.owners_gce, [
|
||||
|
|
|
@ -19,7 +19,6 @@ module "test" {
|
|||
project_id = var.project_id
|
||||
name = var.name
|
||||
iam_members = var.iam_members
|
||||
iam_roles = var.iam_roles
|
||||
log_configs = var.log_configs
|
||||
log_config_defaults = var.log_config_defaults
|
||||
peering_config = var.peering_config
|
||||
|
|
|
@ -29,13 +29,8 @@ variable "auto_create_subnetworks" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "iam_roles" {
|
||||
type = map(list(string))
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
type = map(map(list(string)))
|
||||
type = map(map(set(string)))
|
||||
default = null
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue