Context improvements: "all service accounts" principal in folder, org, project modules; custom roles in factory condition vars for FAST stage 0 (#3548)
* iam principalsets * fix folder * add custom roles to factory condition vars in stage 0 * project shared vpc IAM
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
5ee09daddc
commit
10e29e1eeb
@@ -21,12 +21,18 @@ locals {
|
||||
} if k != "condition_vars"
|
||||
}
|
||||
# add service agents into the iam_principals context namespace
|
||||
ctx = merge(
|
||||
local._ctx,
|
||||
{
|
||||
iam_principals = merge(local._ctx.iam_principals, local.service_agents_ctx)
|
||||
}
|
||||
)
|
||||
ctx = merge(local._ctx, {
|
||||
iam_principals = merge(
|
||||
local._ctx.iam_principals,
|
||||
local.service_agents_ctx,
|
||||
{
|
||||
"$iam_principalsets:service_accounts/all" = format(
|
||||
"principalSet://cloudresourcemanager.googleapis.com/organizations/%s/type/ServiceAccount",
|
||||
local.organization_id_numeric
|
||||
)
|
||||
}
|
||||
)
|
||||
})
|
||||
ctx_p = "$"
|
||||
organization_id_numeric = split("/", var.organization_id)[1]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user