Support iam_by_principals_additive in 0-org-setup (#3387)

* Support iam_by_principals_additive in 0-org-setup * Fix typo
2025-10-07 08:56:35 +02:00
parent 6b5226f16e
commit 3498338c87
7 changed files with 22 additions and 7 deletions
--- a/modules/organization/README.md
+++ b/modules/organization/README.md
@@ -128,7 +128,8 @@ IAM is managed via several variables that implement different features and level

 - `iam` and `iam_by_principals` configure authoritative bindings that manage individual roles exclusively, and are internally merged
 - `iam_bindings` configure authoritative bindings with optional support for conditions, and are not internally merged with the previous two variables
- `iam_bindings_additive` configure additive bindings via individual role/member pairs with optional support  conditions
+- `iam_bindings_additive` configure additive bindings via individual role/member pairs with optional support for conditions
+- `iam_by_principals_additive` configure additive bindings via individual principal/role pairs with optional support for conditions, and is internally merged with the previous variable

 The authoritative and additive approaches can be used together, provided different roles are managed by each. Some care must also be taken with the `iam_by_principals` variable to ensure that variable keys are static values, so that Terraform is able to compute the dependency graph.