-
Notifications
You must be signed in to change notification settings - Fork 0
/
iam.tf
39 lines (35 loc) · 1.3 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# ┏┳┓╻┏━╸
# ┃┃┃┃┃╺┓
# ╹ ╹╹┗━┛
locals {
viewer_role = var.restricted_viewer_role ? "roles/viewer" : "roles/compute.viewer"
project_roles = var.restricted_roles ? [] : [
"${var.project_id}=>${local.viewer_role}",
]
}
# ╺┳┓┏━┓╺┳╸┏━┓┏━╸┏━┓╻ ╺┳┓ ┏━┓╻ ╻┏━┓┏━┓┏━┓┏━┓╺┳╸
# ┃┃┣━┫ ┃ ┣━┫┣╸ ┃ ┃┃ ┃┃ ┗━┓┃ ┃┣━┛┣━┛┃ ┃┣┳┛ ┃
# ╺┻┛╹ ╹ ╹ ╹ ╹╹ ┗━┛┗━╸╺┻┛ ┗━┛┗━┛╹ ╹ ┗━┛╹┗╸ ╹
module "project-iam-bindings" {
count = var.add_onprem_support_group ? 1 : 0
source = "terraform-google-modules/iam/google//modules/projects_iam"
projects = [var.project_id]
mode = "additive"
bindings = {
"roles/compute.instanceAdmin.v1" = [
"group:datafold-onprem-support@datafold.com"
]
"roles/viewer" = [
"group:datafold-onprem-support@datafold.com"
]
"roles/iap.tunnelResourceAccessor" = [
"group:datafold-onprem-support@datafold.com"
]
"roles/container.admin" = [
"group:datafold-onprem-support@datafold.com"
]
"roles/container.clusterAdmin" = [
"group:datafold-onprem-support@datafold.com"
]
}
}