fix missing conditions in top-level-folders IAM

fast/stages/1-resman/data/top-level-folders/teams.yaml

@@ -36,6 +36,7 @@ iam_bindings:
       description: Allow to check buckets and contact policies
       expression: |
         resource.matchTag('${organization.id}/${tag_names.context}', 'project-factory')
+
 # don't create a context tag since this uses the pf tag
 is_fast_context: false
 tag_bindings:

fast/stages/1-resman/stage-2.tf

@@ -185,13 +185,15 @@ module "stage2-folder" {
       members = [
         for m in v.members : lookup(local.principals_iam, m, m)
       ]
-      role = lookup(var.custom_roles, v.role, v.role)
+      role      = lookup(var.custom_roles, v.role, v.role)
+      condition = v.condition
     })
   }
   iam_bindings_additive = {
     for k, v in each.value.folder_config.iam_bindings_additive : k => merge(v, {
-      member = lookup(local.principals_iam, v.member, v.member)
-      role   = lookup(var.custom_roles, v.role, v.role)
+      member    = lookup(local.principals_iam, v.member, v.member)
+      role      = lookup(var.custom_roles, v.role, v.role)
+      condition = v.condition
     })
   }
   iam_by_principals = {

fast/stages/1-resman/top-level-folders.tf

@@ -100,7 +100,8 @@ module "top-level-folder" {
         ? module.top-level-sa[each.key].iam_email
         : lookup(local.top_level_sa, member, member)
       ]
-      role = lookup(var.custom_roles, v.role, v.role)
+      role      = lookup(var.custom_roles, v.role, v.role)
+      condition = v.condition
     }
   }
   iam_bindings_additive = {
@@ -110,7 +111,8 @@ module "top-level-folder" {
         ? module.top-level-sa[each.key].iam_email
         : lookup(local.principals_iam, v.member, v.member)
       )
-      role = lookup(var.custom_roles, v.role, v.role)
+      role      = lookup(var.custom_roles, v.role, v.role)
+      condition = v.condition
     })
   }
   iam_by_principals = {