refactor IAM additive bindings variables (#103)
* Invert the list for role/member mapping so that member is the key * Add iam_additive_bindings to replace iam_additive_members and iam_additive_roles, change test suite accordingly * attribute 'mode' added as it would error without * Update Readme to reflect the new variable iam_additive_bindings * test branch access * iam_additive_bindings to replace iam_additive roles and iam_additive_members * update foundation samples to new additive bindings format * set bq dataset options in foundation environments to allow destroying * trap exceptions raised during destroy in project module Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
This commit is contained in:
vanessabodard-voi
committed by
GitHub
GitHub
parent
0a8fe79477
commit
5af022a3ee
@@ -16,8 +16,8 @@
|
||||
|
||||
locals {
|
||||
iam_additive_pairs = flatten([
|
||||
for role in var.iam_additive_roles : [
|
||||
for member in lookup(var.iam_additive_members, role, []) :
|
||||
for member, roles in var.iam_additive_bindings : [
|
||||
for role in roles :
|
||||
{ role = role, member = member }
|
||||
]
|
||||
])
|
||||
@@ -44,7 +44,7 @@ resource "google_organization_iam_binding" "authoritative" {
|
||||
}
|
||||
|
||||
resource "google_organization_iam_member" "additive" {
|
||||
for_each = length(var.iam_additive_roles) > 0 ? local.iam_additive : {}
|
||||
for_each = length(var.iam_additive_bindings) > 0 ? local.iam_additive : {}
|
||||
org_id = var.org_id
|
||||
role = each.value.role
|
||||
member = each.value.member
|
||||
|
||||
Reference in New Issue
Block a user