3.7 KiB
3.7 KiB
Project Module
Example
module "project" {
source = "./modules/project"
parent = var.folder.id
billing_account = var.billing_account_id
prefix = "foo"
name = "project-example"
oslogin = true
oslogin_admins = var.admins
services = concat(var.project_services, [
"cloudkms.googleapis.com", "accesscontextmanager.googleapis.com"
])
iam_roles = ["roles/container.hostServiceAgentUser"]
iam_members = { "roles/container.hostServiceAgentUser" = [
"serviceAccount:${var.gke_service_account}"
] }
}
Variables
name | description | type | required | default |
---|---|---|---|---|
name | Project name and id suffix. | string |
✓ | |
parent | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id. | string |
✓ | |
auto_create_network | Whether to create the default network for the project | bool |
false |
|
billing_account | Billing account id. | string |
|
|
custom_roles | Map of role name => list of permissions to create in this project. | map(list(string)) |
{} |
|
iam_additive_members | Map of member lists used to set non authoritative bindings, keyed by role. | map(list(string)) |
{} |
|
iam_additive_roles | List of roles used to set non authoritative bindings. | list(string) |
[] |
|
iam_members | Map of member lists used to set authoritative bindings, keyed by role. | map(list(string)) |
{} |
|
iam_roles | List of roles used to set authoritative bindings. | list(string) |
[] |
|
labels | Resource labels. | map(string) |
{} |
|
lien_reason | If non-empty, creates a project lien with this description. | string |
|
|
oslogin | Enable OS Login. | bool |
false |
|
oslogin_admins | List of IAM-style identities that will be granted roles necessary for OS Login administrators. | list(string) |
[] |
|
oslogin_users | List of IAM-style identities that will be granted roles necessary for OS Login users. | list(string) |
[] |
|
prefix | Prefix used to generate project id and name. | string |
null |
|
services | Service APIs to enable. | list(string) |
[] |
Outputs
name | description | sensitive |
---|---|---|
cloudsvc_service_account | Cloud services service account (depends on services). | |
custom_roles | Ids of the created custom roles. | |
gce_service_account | Default GCE service account (depends on services). | |
gcr_service_account | Default GCR service account (depends on services). | |
gke_service_account | Default GKE service account (depends on services). | |
iam_project_id | Project id (depends on services and IAM bindings). | |
name | Name (depends on services). | |
number | Project number (depends on services). | |
project_id | Project id (depends on services). |