zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/folders-unit/locals.tf

59 lines
2.1 KiB
HCL
Raw Blame History

/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
folder_roles = concat(var.iam_enviroment_roles, local.sa_xpn_folder_roles)
iam = var.iam == null ? {} : var.iam
folder_iam_service_account_bindings = {
for pair in setproduct(keys(var.environments), local.folder_roles) :
"${pair.0}-${pair.1}" => { environment = pair.0, role = pair.1 }
}
org_iam_service_account_bindings = {
for pair in setproduct(keys(var.environments), concat(
local.sa_xpn_org_roles,
local.sa_billing_org_roles,
local.sa_billing_org_roles)) :
"${pair.0}-${pair.1}" => { environment = pair.0, role = pair.1 }
}
billing_iam_service_account_bindings = {
for pair in setproduct(keys(var.environments), local.sa_billing_account_roles) :
"${pair.0}-${pair.1}" => { environment = pair.0, role = pair.1 }
}
service_accounts = {
for key, sa in google_service_account.environment :
key => "serviceAccount:${sa.email}"
}
sa_billing_account_roles = (
var.iam_billing_config.target_org ? [] : ["roles/billing.user"]
)
sa_billing_org_roles = (
! var.iam_billing_config.target_org ? [] : ["roles/billing.user"]
)
sa_xpn_folder_roles = (
local.sa_xpn_target_org ? [] : ["roles/compute.xpnAdmin"]
)
sa_xpn_org_roles = (
local.sa_xpn_target_org
? ["roles/compute.xpnAdmin", "roles/resourcemanager.organizationViewer"]
: ["roles/resourcemanager.organizationViewer"]
)
sa_xpn_target_org = (
var.iam_xpn_config.target_org
||
substr(var.root_node, 0, 13) == "organizations"
)
}
Reference in New Issue View Git Blame Copy Permalink