Implement proper support for data access logs in resource manager modules (#1497)
* organization module * rename iam_bindings_authoritative to iam_policy, fix tests * add support for data access logs and iam policy to folder module * test inventories * add support for data access logs and iam policy to project module
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
438a3134e2
commit
551dc581e8
@@ -124,3 +124,34 @@ resource "google_project_iam_member" "oslogin_users" {
|
||||
role = "roles/compute.osLogin"
|
||||
member = each.value
|
||||
}
|
||||
|
||||
resource "google_project_iam_policy" "authoritative" {
|
||||
count = var.iam_policy != null ? 1 : 0
|
||||
project = local.project.project_id
|
||||
policy_data = data.google_iam_policy.authoritative.0.policy_data
|
||||
}
|
||||
|
||||
data "google_iam_policy" "authoritative" {
|
||||
count = var.iam_policy != null ? 1 : 0
|
||||
dynamic "binding" {
|
||||
for_each = try(var.iam_policy, {})
|
||||
content {
|
||||
role = binding.key
|
||||
members = binding.value
|
||||
}
|
||||
}
|
||||
dynamic "audit_config" {
|
||||
for_each = var.logging_data_access
|
||||
content {
|
||||
service = audit_config.key
|
||||
dynamic "audit_log_configs" {
|
||||
for_each = audit_config.value
|
||||
iterator = config
|
||||
content {
|
||||
log_type = config.key
|
||||
exempted_members = config.value
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user