fix(organization): use correct role for bindings
Previously, setting a binding was using the binding `key` as the the role, which does not necessarily have the correct format. Causing errors like: ``` │ Error: Error applying IAM policy for organization "***REDACTED***": Error setting IAM policy for organization "***REDACTED***": googleapi: Error 400: The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}"., badRequest │ │ with module.organization.google_organization_iam_binding.bindings["sa_resman_delegated_iam"], │ on ../../../modules/organization/iam.tf line 51, in resource "google_organization_iam_binding" "bindings": │ 51: resource "google_organization_iam_binding" "bindings" { ```
This commit is contained in:
parent
d36c53bbae
commit
54d880fe3a
|
@ -51,7 +51,7 @@ resource "google_organization_iam_binding" "authoritative" {
|
|||
resource "google_organization_iam_binding" "bindings" {
|
||||
for_each = var.iam_bindings
|
||||
org_id = local.organization_id_numeric
|
||||
role = each.key
|
||||
role = each.value.role
|
||||
members = each.value.members
|
||||
dynamic "condition" {
|
||||
for_each = each.value.condition == null ? [] : [""]
|
||||
|
|
|
@ -53,6 +53,7 @@ variable "iam_bindings" {
|
|||
description = "Authoritative IAM bindings in {ROLE => {members = [], condition = {}}}."
|
||||
type = map(object({
|
||||
members = list(string)
|
||||
role = string
|
||||
condition = optional(object({
|
||||
expression = string
|
||||
title = string
|
||||
|
|
Loading…
Reference in New Issue