Google Cloud Folder Module
This module allow creation and management of sets of folders sharing a common parent, and their individual IAM bindings. It also allows setting a common set of organization policies on all folders.
Examples
IAM bindings
module "folder" {
source = "./modules/folder"
parent = "organizations/1234567890"
names = ["Folder one", "Folder two]
iam_members = {
"Folder one" = {
"roles/owner" => ["group:users@example.com"]
}
}
iam_roles = {
"Folder one" = ["roles/owner"]
}
}
Organization policies
module "folder" {
source = "./modules/folder"
parent = "organizations/1234567890"
names = ["Folder one", "Folder two]
policy_boolean = {
"constraints/compute.disableGuestAttributesAccess" = true
"constraints/compute.skipDefaultNetworkCreation" = true
}
policy_list = {
"constraints/compute.trustedImageProjects" = {
inherit_from_parent = null
suggested_value = null
status = true
values = ["projects/my-project"]
}
}
}
Variables
| name |
description |
type |
required |
default |
| parent |
Parent in folders/folder_id or organizations/org_id format. |
string |
✓ |
|
| iam_members |
List of IAM members keyed by folder name and role. |
map(map(list(string))) |
|
null |
| iam_roles |
List of IAM roles keyed by folder name. |
map(list(string)) |
|
null |
| names |
Folder names. |
list(string) |
|
[] |
| policy_boolean |
Map of boolean org policies and enforcement value, set value to null for policy restore. |
map(bool) |
|
{} |
| policy_list |
Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. |
map(object({...})) |
|
{} |
Outputs
| name |
description |
sensitive |
| folder |
Folder resource (for single use). |
|
| folders |
Folder resources. |
|
| id |
Folder id (for single use). |
|
| ids |
Folder ids. |
|
| ids_list |
List of folder ids. |
|
| name |
Folder name (for single use). |
|
| names |
Folder names. |
|
| names_list |
List of folder names. |
|
a280dd880d