Remove iam_roles from service accounts, folder and organization modules
This commit is contained in:
Julio Castillo
@@ -48,7 +48,6 @@ module "folder" {
|
||||
| name | Folder name. | <code title="">string</code> | ✓ | |
|
||||
| parent | Parent in folders/folder_id or organizations/org_id format. | <code title="string validation { condition = can(regex("(organizations|folders)/[0-9]+", var.parent)) error_message = "Parent must be of the form folders/folder_id or organizations/organization_id." }">string</code> | ✓ | |
|
||||
| *iam_members* | List of IAM members keyed by role. | <code title="map(set(string))">map(set(string))</code> | | <code title="">null</code> |
|
||||
| *iam_roles* | List of IAM roles. | <code title="set(string)">set(string)</code> | | <code title="">null</code> |
|
||||
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code title="map(bool)">map(bool)</code> | | <code title="">{}</code> |
|
||||
| *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map(object({ inherit_from_parent = bool suggested_value = string status = bool values = list(string) }))">map(object({...}))</code> | | <code title="">{}</code> |
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ resource "google_folder" "folder" {
|
||||
}
|
||||
|
||||
resource "google_folder_iam_binding" "authoritative" {
|
||||
for_each = var.iam_roles
|
||||
for_each = toset(keys(var.iam_members))
|
||||
folder = google_folder.folder.name
|
||||
role = each.key
|
||||
members = lookup(var.iam_members, each.key, [])
|
||||
|
||||
@@ -20,12 +20,6 @@ variable "iam_members" {
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "iam_roles" {
|
||||
description = "List of IAM roles."
|
||||
type = set(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Folder name."
|
||||
type = string
|
||||
|
||||
Reference in New Issue
Block a user