zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/project/README.md

3.7 KiB
Raw Blame History

Project Module

Example

module "project" {
  source          = "./modules/project"
  parent          = var.folder.id
  billing_account = var.billing_account_id
  prefix          = "foo"
  name            = "project-example"
  oslogin         = true
  oslogin_admins  = var.admins
  services = concat(var.project_services, [
    "cloudkms.googleapis.com", "accesscontextmanager.googleapis.com"
  ])
  iam_roles = ["roles/container.hostServiceAgentUser"]
  iam_members = { "roles/container.hostServiceAgentUser" = [
    "serviceAccount:${var.gke_service_account}"
  ] }
}

Variables

name description type required default
name Project name and id suffix. string
parent The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id. string
auto_create_network Whether to create the default network for the project bool false
billing_account Billing account id. string
custom_roles Map of role name => list of permissions to create in this project. map(list(string)) {}
iam_additive_members Map of member lists used to set non authoritative bindings, keyed by role. map(list(string)) {}
iam_additive_roles List of roles used to set non authoritative bindings. list(string) []
iam_members Map of member lists used to set authoritative bindings, keyed by role. map(list(string)) {}
iam_roles List of roles used to set authoritative bindings. list(string) []
labels Resource labels. map(string) {}
lien_reason If non-empty, creates a project lien with this description. string
oslogin Enable OS Login. bool false
oslogin_admins List of IAM-style identities that will be granted roles necessary for OS Login administrators. list(string) []
oslogin_users List of IAM-style identities that will be granted roles necessary for OS Login users. list(string) []
prefix Prefix used to generate project id and name. string null
services Service APIs to enable. list(string) []

Outputs

name description sensitive
cloudsvc_service_account Cloud services service account (depends on services).
custom_roles Ids of the created custom roles.
gce_service_account Default GCE service account (depends on services).
gcr_service_account Default GCR service account (depends on services).
gke_service_account Default GKE service account (depends on services).
iam_project_id Project id (depends on services and IAM bindings).
name Name (depends on services).
number Project number (depends on services).
project_id Project id (depends on services).