kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add support for service account principalsets to project factory (#3181)

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-06-20 08:10:21 +02:00
committed by GitHub
parent a2f3545d7c
commit 81fe7061be
2 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/project-factory/README.md
View File

@@ -214,16 +214,19 @@ The following table lists the available context interpolations. External context
| | | | IaC service accounts |
| | | | other project service accounts |
| | | | other project IaC service accounts |
| | | | project number in principals |
| project | tag bindings | `tag_values` | |
| project | IAM principals | `iam_principals` | project service accounts |
| | | | IaC service accounts |
| | | | other project service accounts |
| | | | other project service agents |
| | | | other project IaC service accounts |
| | | | project number in principals |
| bucket | IAM principals | `iam_principals` | project service accounts |
| | | | IaC service accounts |
| | | | other project service accounts |
| | | | other project IaC service accounts |
| | | | project number in principals |
| service account | IAM projects | `vpc_host_projects` | |
| service account | `iam_sa_roles` | | service accounts in the same project |
| IaC bucket | IAM principals | `iam_principals` | IaC service accounts |

36
modules/project-factory/main.tf
View File

@@ -155,7 +155,9 @@ module "projects-iam" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(vv, ":")
? vv
? templatestring(
vv, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${vv}' in project '${each.key}'")
)
)
@@ -180,7 +182,9 @@ module "projects-iam" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(vv, ":")
? vv
? templatestring(
vv, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${vv}' in project '${each.key}'")
)
)
@@ -206,7 +210,9 @@ module "projects-iam" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(v.member, ":")
? v.member
? templatestring(
v.member, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${v.member}' in project '${each.key}'")
)
)
@@ -231,7 +237,9 @@ module "projects-iam" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(k, ":")
? k
? templatestring(
k, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${k}' in project '${each.key}'")
)
) => [
@@ -267,7 +275,9 @@ module "projects-iam" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(v.member, ":")
? v.member
? templatestring(
v.member, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${v.member}' in project '${each.key}'")
)
)
@@ -290,7 +300,9 @@ module "projects-iam" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(vv, ":")
? vv
? templatestring(
vv, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${vv}' in project '${each.key}'")
)
)
@@ -329,7 +341,9 @@ module "buckets" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(vv, ":")
? vv
? templatestring(
vv, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${vv}' in project '${each.value.project_key}'")
)
)
@@ -352,7 +366,9 @@ module "buckets" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(vv, ":")
? vv
? templatestring(
vv, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${vv}' in project '${each.value.project}'")
)
)
@@ -375,7 +391,9 @@ module "buckets" {
# passthrough + error handling using tonumber until Terraform gets fail/raise function
(
strcontains(v.member, ":")
? v.member
? templatestring(
v.member, { project_number = module.projects[each.key].number }
)
: tonumber("[Error] Invalid member: '${v.member}' in project '${each.value.project}'")
)
)