hunfabric/modules/organization

Organization Module

This module allows managing several organization properties:

• IAM bindings, both authoritative and additive
• custom IAM roles
• audit logging configuration for services
• organization policies

Example

module "org" {
  source      = "./modules/organization"
  org_id      = 1234567890
  iam_roles   = ["roles/projectCreator"]
  iam_members = { "roles/projectCreator" = ["group:cloud-admins@example.org"] }
  policy_boolean = {
    "constraints/compute.disableGuestAttributesAccess" = true
    "constraints/compute.skipDefaultNetworkCreation" = true
  }
  policy_list = {
    "constraints/compute.trustedImageProjects" = {
      inherit_from_parent = null
      suggested_value = null
      status = true
      values = ["projects/my-project"]
    }
  }
}

Variables

name	description	type	required	default
org_id	Organization id in nnnnnn format.	number	✓
custom_roles	Map of role name => list of permissions to create in this project.	map(list(string))		{}
iam_additive_members	Map of member lists used to set non authoritative bindings, keyed by role.	map(list(string))		{}
iam_additive_roles	List of roles used to set non authoritative bindings.	list(string)		[]
iam_audit_config	Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service.	map(map(list(string)))		{}
iam_members	Map of member lists used to set authoritative bindings, keyed by role.	map(list(string))		{}
iam_roles	List of roles used to set authoritative bindings.	list(string)		[]
policy_boolean	Map of boolean org policies and enforcement value, set value to null for policy restore.	map(bool)		{}
policy_list	Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny.	map(object({...}))		{}

Outputs

name	description	sensitive
org_id	Organization id dependent on module resources.