kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid setting empty IAM binding in subnet factory (#731)

Browse Source 
* avoid setting empty IAM binding in subnet factory

* fix tests
This commit is contained in:
Ludovico Magnocavallo
2022-07-11 21:11:52 +02:00
committed by GitHub
parent fc6265b766
commit 1abfdacd56
2 changed files with 19 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/net-vpc/subnets.tf
View File

@@ -30,9 +30,9 @@ locals {
subnet = k
role = "roles/compute.networkUser"
members = concat(
formatlist("group:%s", try(v.iam_groups, [])),
formatlist("user:%s", try(v.iam_users, [])),
formatlist("serviceAccount:%s", try(v.iam_service_accounts, []))
formatlist("group:%s", lookup(v, "iam_groups", [])),
formatlist("user:%s", lookup(v, "iam_users", [])),
formatlist("serviceAccount:%s", lookup(v, "iam_service_accounts", []))
)
}
]
@@ -73,7 +73,8 @@ locals {
local._factory_descriptions, var.subnet_descriptions
)
subnet_iam_members = concat(
local._factory_iam_members, local._subnet_iam_members
[for k in local._factory_iam_members : k if length(k.members) > 0],
local._subnet_iam_members
)
subnet_flow_logs = merge(
local._factory_flow_logs, local._subnet_flow_logs