From c09a5d3e245624a2eb8be26678a6b2aca7b11aaa Mon Sep 17 00:00:00 2001
From: Ashley Abbott <22324335+ashley-abbott@users.noreply.github.com>
Date: Thu, 12 Feb 2026 08:53:30 +0000
Subject: [PATCH] feat: pass variable for additive by principal (#3731)
* feat: pass variable for additive by principal
* fix reference
---
modules/project-factory/README.md | 4 ++--
modules/project-factory/folders.tf | 4 ++++
modules/project-factory/variables-folders.tf | 3 ++-
modules/project-factory/variables-projects.tf | 3 ++-
4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/modules/project-factory/README.md b/modules/project-factory/README.md
index 591cf7dd9..4f0dcc8f0 100644
--- a/modules/project-factory/README.md
+++ b/modules/project-factory/README.md
@@ -863,9 +863,9 @@ compute.disableSerialPortAccess:
| [data_defaults](variables.tf#L42) | Optional default values used when corresponding project or folder data from files are missing. | object({…}) | | {} |
| [data_merges](variables.tf#L107) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | object({…}) | | {} |
| [data_overrides](variables.tf#L126) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | object({…}) | | {} |
-| [folders](variables-folders.tf#L17) | Folders data merged with factory data. | map(object({…})) | | {} |
+| [folders](variables-folders.tf#L17) | Folders data merged with factory data. | map(object({…})) | | {} |
| [notification_channels](variables-billing.tf#L17) | Notification channels used by budget alerts. | map(object({…})) | | {} |
-| [projects](variables-projects.tf#L17) | Projects data merged with factory data. | map(object({…})) | | {} |
+| [projects](variables-projects.tf#L17) | Projects data merged with factory data. | map(object({…})) | | {} |
## Outputs
diff --git a/modules/project-factory/folders.tf b/modules/project-factory/folders.tf
index bea5d77cb..dfdac38e0 100644
--- a/modules/project-factory/folders.tf
+++ b/modules/project-factory/folders.tf
@@ -88,6 +88,7 @@ module "folder-1-iam" {
iam_bindings = lookup(each.value, "iam_bindings", {})
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
iam_by_principals = lookup(each.value, "iam_by_principals", {})
+ iam_by_principals_additive = lookup(each.value, "iam_by_principals_additive", {})
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
logging_data_access = lookup(each.value, "data_access_logs", {})
context = merge(local.ctx, {
@@ -140,6 +141,7 @@ module "folder-2-iam" {
iam_bindings = lookup(each.value, "iam_bindings", {})
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
iam_by_principals = lookup(each.value, "iam_by_principals", {})
+ iam_by_principals_additive = lookup(each.value, "iam_by_principals_additive", {})
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
logging_data_access = lookup(each.value, "data_access_logs", {})
context = merge(local.ctx, {
@@ -195,6 +197,7 @@ module "folder-3-iam" {
iam_bindings = lookup(each.value, "iam_bindings", {})
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
iam_by_principals = lookup(each.value, "iam_by_principals", {})
+ iam_by_principals_additive = lookup(each.value, "iam_by_principals_additive", {})
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
logging_data_access = lookup(each.value, "data_access_logs", {})
context = merge(local.ctx, {
@@ -250,6 +253,7 @@ module "folder-4-iam" {
iam_bindings = lookup(each.value, "iam_bindings", {})
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
iam_by_principals = lookup(each.value, "iam_by_principals", {})
+ iam_by_principals_additive = lookup(each.value, "iam_by_principals_additive", {})
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
logging_data_access = lookup(each.value, "data_access_logs", {})
context = merge(local.ctx, {
diff --git a/modules/project-factory/variables-folders.tf b/modules/project-factory/variables-folders.tf
index dfeafa62f..d98fc70da 100644
--- a/modules/project-factory/variables-folders.tf
+++ b/modules/project-factory/variables-folders.tf
@@ -71,7 +71,8 @@ variable "folders" {
description = optional(string)
}))
})), {})
- iam_by_principals = optional(map(list(string)), {})
+ iam_by_principals = optional(map(list(string)), {})
+ iam_by_principals_additive = optional(map(list(string)), {})
iam_by_principals_conditional = optional(map(object({
roles = list(string)
condition = object({
diff --git a/modules/project-factory/variables-projects.tf b/modules/project-factory/variables-projects.tf
index 88f69a388..392ef0997 100644
--- a/modules/project-factory/variables-projects.tf
+++ b/modules/project-factory/variables-projects.tf
@@ -250,7 +250,8 @@ variable "projects" {
description = optional(string)
}))
})), {})
- iam_by_principals = optional(map(list(string)), {})
+ iam_by_principals = optional(map(list(string)), {})
+ iam_by_principals_additive = optional(map(list(string)), {})
iam_by_principals_conditional = optional(map(object({
roles = list(string)
condition = object({