kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ceb725bb84deabceb4a913e7bf60e6d5e43c67fa
hunfabric/modules/project/variables.tf
vanessabodard-voi 5af022a3ee refactor IAM additive bindings variables (#103) 
* Invert the list for role/member mapping so that member is the key

* Add iam_additive_bindings to replace iam_additive_members and iam_additive_roles, change test suite accordingly

* attribute 'mode' added as it would error without

* Update Readme to reflect the new variable iam_additive_bindings

* test branch access

* iam_additive_bindings to replace iam_additive roles and iam_additive_members

* update foundation samples to new additive bindings format

* set bq dataset options in foundation environments to allow destroying

* trap exceptions raised during destroy in project module

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2020-07-02 08:28:26 +02:00

141 lines
3.7 KiB
HCL
Raw Blame History

/**
* Copyright 2019 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "auto_create_network" {
description = "Whether to create the default network for the project"
type = bool
default = false
}
variable "billing_account" {
description = "Billing account id."
type = string
default = null
}
variable "custom_roles" {
description = "Map of role name => list of permissions to create in this project."
type = map(list(string))
default = {}
}
variable "iam_members" {
description = "Map of member lists used to set authoritative bindings, keyed by role."
type = map(list(string))
default = {}
}
variable "iam_roles" {
description = "List of roles used to set authoritative bindings."
type = list(string)
default = []
}
variable "iam_additive_bindings" {
description = "Map of roles lists used to set non authoritative bindings, keyed by members"
type = map(list(string))
default = {}
}
variable "labels" {
description = "Resource labels."
type = map(string)
default = {}
}
variable "lien_reason" {
description = "If non-empty, creates a project lien with this description."
type = string
default = ""
}
variable "name" {
description = "Project name and id suffix."
type = string
}
variable "oslogin" {
description = "Enable OS Login."
type = bool
default = false
}
variable "oslogin_admins" {
description = "List of IAM-style identities that will be granted roles necessary for OS Login administrators."
type = list(string)
default = []
}
variable "oslogin_users" {
description = "List of IAM-style identities that will be granted roles necessary for OS Login users."
type = list(string)
default = []
}
variable "parent" {
description = "Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format."
type = string
default = null
}
variable "policy_boolean" {
description = "Map of boolean org policies and enforcement value, set value to null for policy restore."
type = map(bool)
default = {}
}
variable "policy_list" {
description = "Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny."
type = map(object({
inherit_from_parent = bool
suggested_value = string
status = bool
values = list(string)
}))
default = {}
}
variable "prefix" {
description = "Prefix used to generate project id and name."
type = string
default = null
}
variable "project_create" {
description = "Create project. When set to false, uses a data source to reference existing project."
type = bool
default = true
}
variable "services" {
description = "Service APIs to enable."
type = list(string)
default = []
}
variable "service_config" {
description = "Configure service API activation."
type = object({
disable_on_destroy = bool
disable_dependent_services = bool
})
default = {
disable_on_destroy = true
disable_dependent_services = true
}
}
Reference in New Issue View Git Blame Copy Permalink