use new variable names in organization module
This commit is contained in:
parent
7c05b49714
commit
d2c84de8ff
|
@ -13,7 +13,7 @@ This module allows managing several organization properties:
|
|||
module "org" {
|
||||
source = "./modules/organization"
|
||||
org_id = 1234567890
|
||||
iam_members = { "roles/projectCreator" = ["group:cloud-admins@example.org"] }
|
||||
iam = { "roles/projectCreator" = ["group:cloud-admins@example.org"] }
|
||||
policy_boolean = {
|
||||
"constraints/compute.disableGuestAttributesAccess" = true
|
||||
"constraints/compute.skipDefaultNetworkCreation" = true
|
||||
|
@ -36,9 +36,9 @@ module "org" {
|
|||
|---|---|:---: |:---:|:---:|
|
||||
| org_id | Organization id in nnnnnn format. | <code title="">number</code> | ✓ | |
|
||||
| *custom_roles* | Map of role name => list of permissions to create in this project. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *iam_additive_bindings* | Map of roles lists used to set non authoritative bindings, keyed by members. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *iam* | IAM bindings, in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *iam_additive* | Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *iam_audit_config* | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | <code title="map(map(list(string)))">map(map(list(string)))</code> | | <code title="">{}</code> |
|
||||
| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||||
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map(object({ inherit_from_parent = bool suggested_value = string status = bool values = list(string) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
locals {
|
||||
iam_additive_pairs = flatten([
|
||||
for member, roles in var.iam_additive_bindings : [
|
||||
for member, roles in var.iam_additive : [
|
||||
for role in roles :
|
||||
{ role = role, member = member }
|
||||
]
|
||||
|
@ -37,14 +37,14 @@ resource "google_organization_iam_custom_role" "roles" {
|
|||
}
|
||||
|
||||
resource "google_organization_iam_binding" "authoritative" {
|
||||
for_each = var.iam_members
|
||||
for_each = var.iam
|
||||
org_id = var.org_id
|
||||
role = each.key
|
||||
members = each.value
|
||||
}
|
||||
|
||||
resource "google_organization_iam_member" "additive" {
|
||||
for_each = length(var.iam_additive_bindings) > 0 ? local.iam_additive : {}
|
||||
for_each = length(var.iam_additive) > 0 ? local.iam_additive : {}
|
||||
org_id = var.org_id
|
||||
role = each.value.role
|
||||
member = each.value.member
|
||||
|
|
|
@ -20,14 +20,14 @@ variable "custom_roles" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
description = "Map of member lists used to set authoritative bindings, keyed by role."
|
||||
variable "iam" {
|
||||
description = "IAM bindings, in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "iam_additive_bindings" {
|
||||
description = "Map of roles lists used to set non authoritative bindings, keyed by members."
|
||||
variable "iam_additive" {
|
||||
description = "Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -15,12 +15,12 @@
|
|||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/organization"
|
||||
org_id = 1234567890
|
||||
custom_roles = var.custom_roles
|
||||
iam_members = var.iam_members
|
||||
iam_additive_bindings = var.iam_additive_bindings
|
||||
iam_audit_config = var.iam_audit_config
|
||||
policy_boolean = var.policy_boolean
|
||||
policy_list = var.policy_list
|
||||
source = "../../../../modules/organization"
|
||||
org_id = 1234567890
|
||||
custom_roles = var.custom_roles
|
||||
iam = var.iam
|
||||
iam_additive = var.iam_additive
|
||||
iam_audit_config = var.iam_audit_config
|
||||
policy_boolean = var.policy_boolean
|
||||
policy_list = var.policy_list
|
||||
}
|
||||
|
|
|
@ -19,12 +19,12 @@ variable "custom_roles" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
variable "iam" {
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "iam_additive_bindings" {
|
||||
variable "iam_additive" {
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue