feat: pass variable for additive by principal (#3731)

* feat: pass variable for additive by principal * fix reference
2026-02-12 08:53:30 +00:00
parent 944ee9aaae
commit c09a5d3e24
4 changed files with 10 additions and 4 deletions
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
--- a/modules/project-factory/folders.tf
+++ b/modules/project-factory/folders.tf
@@ -88,6 +88,7 @@ module "folder-1-iam" {
  iam_bindings                  = lookup(each.value, "iam_bindings", {})
  iam_bindings_additive         = lookup(each.value, "iam_bindings_additive", {})
  iam_by_principals             = lookup(each.value, "iam_by_principals", {})
+  iam_by_principals_additive    = lookup(each.value, "iam_by_principals_additive", {})
  iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
  logging_data_access           = lookup(each.value, "data_access_logs", {})
  context = merge(local.ctx, {
@@ -140,6 +141,7 @@ module "folder-2-iam" {
  iam_bindings                  = lookup(each.value, "iam_bindings", {})
  iam_bindings_additive         = lookup(each.value, "iam_bindings_additive", {})
  iam_by_principals             = lookup(each.value, "iam_by_principals", {})
+  iam_by_principals_additive    = lookup(each.value, "iam_by_principals_additive", {})
  iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
  logging_data_access           = lookup(each.value, "data_access_logs", {})
  context = merge(local.ctx, {
@@ -195,6 +197,7 @@ module "folder-3-iam" {
  iam_bindings                  = lookup(each.value, "iam_bindings", {})
  iam_bindings_additive         = lookup(each.value, "iam_bindings_additive", {})
  iam_by_principals             = lookup(each.value, "iam_by_principals", {})
+  iam_by_principals_additive    = lookup(each.value, "iam_by_principals_additive", {})
  iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
  logging_data_access           = lookup(each.value, "data_access_logs", {})
  context = merge(local.ctx, {
@@ -250,6 +253,7 @@ module "folder-4-iam" {
  iam_bindings                  = lookup(each.value, "iam_bindings", {})
  iam_bindings_additive         = lookup(each.value, "iam_bindings_additive", {})
  iam_by_principals             = lookup(each.value, "iam_by_principals", {})
+  iam_by_principals_additive    = lookup(each.value, "iam_by_principals_additive", {})
  iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
  logging_data_access           = lookup(each.value, "data_access_logs", {})
  context = merge(local.ctx, {
--- a/modules/project-factory/variables-folders.tf
+++ b/modules/project-factory/variables-folders.tf
@@ -71,7 +71,8 @@ variable "folders" {
        description = optional(string)
      }))
    })), {})
-    iam_by_principals = optional(map(list(string)), {})
+    iam_by_principals          = optional(map(list(string)), {})
+    iam_by_principals_additive = optional(map(list(string)), {})
    iam_by_principals_conditional = optional(map(object({
      roles = list(string)
      condition = object({
--- a/modules/project-factory/variables-projects.tf
+++ b/modules/project-factory/variables-projects.tf
@@ -250,7 +250,8 @@ variable "projects" {
        description = optional(string)
      }))
    })), {})
-    iam_by_principals = optional(map(list(string)), {})
+    iam_by_principals          = optional(map(list(string)), {})
+    iam_by_principals_additive = optional(map(list(string)), {})
    iam_by_principals_conditional = optional(map(object({
      roles = list(string)
      condition = object({