# Organization Module This module allows managing several organization properties: - IAM bindings, both authoritative and additive - custom IAM roles - audit logging configuration for services - organization policies ## Example ```hcl module "org" { source = "./modules/organization" org_id = 1234567890 iam_roles = ["roles/projectCreator"] iam_members = { "roles/projectCreator" = ["group:cloud-admins@example.org"] } policy_boolean = { "constraints/compute.disableGuestAttributesAccess" = true "constraints/compute.skipDefaultNetworkCreation" = true } policy_list = { "constraints/compute.trustedImageProjects" = { inherit_from_parent = null suggested_value = null status = true values = ["projects/my-project"] } } } ``` ## Variables | name | description | type | required | default | |---|---|:---: |:---:|:---:| | org_id | Organization id in nnnnnn format. | number | ✓ | | | *custom_roles* | Map of role name => list of permissions to create in this project. | map(list(string)) | | {} | | *iam_additive_bindings* | Map of roles lists used to set non authoritative bindings, keyed by members. | map(list(string)) | | {} | | *iam_audit_config* | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | map(map(list(string))) | | {} | | *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | map(list(string)) | | {} | | *iam_roles* | List of roles used to set authoritative bindings. | list(string) | | [] | | *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | | *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({...})) | | {} | ## Outputs | name | description | sensitive | |---|---|:---:| | org_id | Organization id dependent on module resources. | |