Introduce iam_by_principals_conditional (#3649)
* Introduce iam_by_principals_conditional * Add iam_by_principals_conditional to project factory * Update IAM ADR * Update project factory readme * Sync FAST schemas * Update organization schema * Add resman tests for iam_by_principals_conditional * Update PF project-defaults.tf * Update copyright
This commit is contained in:
Julio Castillo
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright 2025 Google LLC
|
||||
* Copyright 2026 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -80,13 +80,14 @@ module "folder-1-iam" {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
}
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
context = merge(local.ctx, {
|
||||
iam_principals = local.ctx_iam_principals
|
||||
project_ids = local.ctx_project_ids
|
||||
@@ -129,13 +130,14 @@ module "folder-2-iam" {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
}
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
context = merge(local.ctx, {
|
||||
folder_ids = merge(local.ctx.folder_ids, {
|
||||
for k, v in module.folder-1 : k => v.id
|
||||
@@ -181,13 +183,14 @@ module "folder-3-iam" {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
}
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
context = merge(local.ctx, {
|
||||
folder_ids = merge(local.ctx.folder_ids, {
|
||||
for k, v in module.folder-2 : k => v.id
|
||||
@@ -233,13 +236,14 @@ module "folder-4-iam" {
|
||||
# we do anything that can refer to IAM and custom roles in this call
|
||||
pam_entitlements = try(each.value.factories_config.pam_entitlements, null)
|
||||
}
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
folder_create = false
|
||||
autokey_config = lookup(each.value, "autokey_config", null)
|
||||
iam = lookup(each.value, "iam", {})
|
||||
iam_bindings = lookup(each.value, "iam_bindings", {})
|
||||
iam_bindings_additive = lookup(each.value, "iam_bindings_additive", {})
|
||||
iam_by_principals = lookup(each.value, "iam_by_principals", {})
|
||||
iam_by_principals_conditional = lookup(each.value, "iam_by_principals_conditional", {})
|
||||
logging_data_access = lookup(each.value, "data_access_logs", {})
|
||||
context = merge(local.ctx, {
|
||||
folder_ids = merge(local.ctx.folder_ids, {
|
||||
for k, v in module.folder-3 : k => v.id
|
||||
|
||||
Reference in New Issue
Block a user