Remove explicit dependency on the custom roles

GoogleCloudPlatform · Nov 14, 2023 · c833637 · c833637
1 parent 1e6a680
commit c833637
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/modules/organization/README.md b/modules/organization/README.md
@@ -355,7 +355,7 @@ module "org" {
 
 ## Custom Roles
 
-Custom roles can be defined via the `custom_roles` variable, and referenced via the `custom_role_id` output:
+Custom roles can be defined via the `custom_roles` variable, and referenced via the `custom_role_id` output (this also provides explicit dependency on the custom role):
 
 ```hcl
 module "org" {

diff --git a/modules/organization/iam.tf b/modules/organization/iam.tf
@@ -42,11 +42,11 @@ resource "google_organization_iam_custom_role" "roles" {
 }
 
 resource "google_organization_iam_binding" "authoritative" {
-  for_each   = local.iam
-  org_id     = local.organization_id_numeric
-  role       = each.key
-  members    = each.value
-  depends_on = [google_organization_iam_custom_role.roles]
+  for_each = local.iam
+  org_id   = local.organization_id_numeric
+  role     = each.key
+  members  = each.value
+  # ensuring that custom role exists is left to the caller, by leveraging custom_role_id output
 }
 
 resource "google_organization_iam_binding" "bindings" {
@@ -62,7 +62,7 @@ resource "google_organization_iam_binding" "bindings" {
       description = each.value.condition.description
     }
   }
-  depends_on = [google_organization_iam_custom_role.roles]
+  # ensuring that custom role exists is left to the caller, by leveraging custom_role_id output
 }
 
 resource "google_organization_iam_member" "bindings" {
@@ -78,5 +78,5 @@ resource "google_organization_iam_member" "bindings" {
       description = each.value.condition.description
     }
   }
-  depends_on = [google_organization_iam_custom_role.roles]
+  # ensuring that custom role exists is left to the caller, by leveraging custom_role_id output
 }