3.6 KiB
3.6 KiB
Projects Data Source Module
This module extends functionality of google_projects data source by retrieving all the projects under a specific parent
recursively with only one API call against Cloud Asset Inventory service.
A good usage pattern would be when we want all the projects under a specific folder (including nested subfolders) to be included into VPC Service Controls. Instead of manually maintaining the list of project numbers as an input to the vpc-sc
module we can use that module to retrieve all the project numbers dynamically.
IAM Permissions required
roles/cloudasset.viewer
on theparent
level or above
Examples
All projects in my org
module "my-org" {
source = "./fabric/modules/projects-data-source"
parent = "organizations/123456789"
}
output "project_numbers" {
value = module.my-org.project_numbers
}
# tftest skip (uses data sources)
My dev projects based on parent and label
module "my-dev" {
source = "./fabric/modules/projects-data-source"
parent = "folders/123456789"
query = "labels.env:DEV state:ACTIVE"
}
output "dev-projects" {
value = module.my-dev.projects
}
# tftest skip (uses data sources)
Projects under org with folder/project exclusions
module "my-filtered" {
source = "./fabric/modules/projects-data-source"
parent = "organizations/123456789"
ignore_projects = [
"sandbox-*", # wildcard ignore
"project-full-id", # specific project id
"0123456789" # specific project number
]
include_projects = [
"sandbox-114", # include specific project which was excluded by wildcard
"415216609246" # include specific project which was excluded by wildcard (by project number)
]
ignore_folders = [ # subfolders are ingoner as well
"343991594985",
"437102807785",
"345245235245"
]
query = "state:ACTIVE"
}
output "filtered-projects" {
value = module.my-filtered.projects
}
# tftest skip (uses data sources)
Variables
name | description | type | required | default |
---|---|---|---|---|
parent | Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. | string |
✓ | |
ignore_folders | A list of folder IDs or numbers to be excluded from the output, all the subfolders and projects are excluded from the output regardless of the include_projects variable. | list(string) |
[] |
|
ignore_projects | A list of project IDs, numbers or prefixes to exclude matching projects from the module output. | list(string) |
[] |
|
include_projects | A list of project IDs/numbers to include to the output if some of them are excluded by ignore_projects wildcard entries. |
list(string) |
[] |
|
query | A string query as defined in the Query Syntax. | string |
"state:ACTIVE" |
Outputs
name | description | sensitive |
---|---|---|
project_numbers | List of project numbers. | |
projects | List of projects in StandardResourceMetadata format. |