Fix 0-bootstrap iam_by_principals not taking into account all principals (#2267)

* Fix 0-bootstrap iam_by_principals not taking into account all principals * Add test-case for iam_by_principals for 0-bootstrap stage --------- Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2024-05-12 21:02:04 +02:00
parent 6a3c7fe444
commit af253c9702
5 changed files with 53 additions and 3 deletions
--- a/fast/stages/0-bootstrap/organization.tf
+++ b/fast/stages/0-bootstrap/organization.tf
@@ -138,8 +138,14 @@ module "organization" {
  organization_id = module.organization-logging.id
  # human (groups) IAM bindings
  iam_by_principals = {
-    for k, v in local.iam_principals :
-    k => distinct(concat(v, lookup(var.iam_by_principals, k, [])))
+    for key in distinct(concat(
+      keys(local.iam_principals),
+      keys(var.iam_by_principals),
+    )) :
+    key => distinct(concat(
+      lookup(local.iam_principals, key, []),
+      lookup(var.iam_by_principals, key, []),
+    ))
  }
  # machine (service accounts) IAM bindings
  iam = merge(