-
Notifications
You must be signed in to change notification settings - Fork 910
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1683 from GoogleCloudPlatform/jccb/fix-subnet-iam…
…-bindings Fix subnet iam_bindings to use arbitrary keys
- Loading branch information
Showing
4 changed files
with
31 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -118,8 +118,9 @@ module "vpc" { | |
] | ||
} | ||
iam_bindings = { | ||
"roles/compute.networkUser" = { | ||
subnet-1-iam = { | ||
members = ["group:[email protected]"] | ||
role = "roles/compute.networkUser" | ||
condition = { | ||
expression = "resource.matchTag('123456789012/env', 'prod')" | ||
title = "test_condition" | ||
|
@@ -132,7 +133,7 @@ module "vpc" { | |
region = "europe-west1" | ||
ip_cidr_range = "10.0.1.0/24" | ||
iam_bindings_additive = { | ||
subnet-2-am1 = { | ||
subnet-2-iam = { | ||
member = "user:[email protected]" | ||
role = "roles/compute.networkUser" | ||
subnet = "europe-west1/subnet-2" | ||
|
@@ -553,10 +554,10 @@ module "vpc" { | |
| [routing_mode](variables.tf#L147) | The network routing mode (default 'GLOBAL'). | <code>string</code> | | <code>"GLOBAL"</code> | | ||
| [shared_vpc_host](variables.tf#L157) | Enable shared VPC for this project. | <code>bool</code> | | <code>false</code> | | ||
| [shared_vpc_service_projects](variables.tf#L163) | Shared VPC service projects to register with this host. | <code>list(string)</code> | | <code>[]</code> | | ||
| [subnets](variables.tf#L169) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") })) secondary_ip_ranges = optional(map(string)) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> | | ||
| [subnets_proxy_only](variables.tf#L215) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = optional(bool, true) global = optional(bool, false) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> | | ||
| [subnets_psc](variables.tf#L248) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> | | ||
| [vpc_create](variables.tf#L279) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> | | ||
| [subnets](variables.tf#L169) | Subnet configuration. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) enable_private_access = optional(bool, true) flow_logs_config = optional(object({ aggregation_interval = optional(string) filter_expression = optional(string) flow_sampling = optional(number) metadata = optional(string) metadata_fields = optional(list(string)) })) ipv6 = optional(object({ access_type = optional(string, "INTERNAL") })) secondary_ip_ranges = optional(map(string)) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> | | ||
| [subnets_proxy_only](variables.tf#L216) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) active = optional(bool, true) global = optional(bool, false) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> | | ||
| [subnets_psc](variables.tf#L250) | List of subnets for Private Service Connect service producers. | <code title="list(object({ name = string ip_cidr_range = string region = string description = optional(string) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ role = string members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">list(object({…}))</code> | | <code>[]</code> | | ||
| [vpc_create](variables.tf#L282) | Create VPC. When set to false, uses a data source to reference existing VPC. | <code>bool</code> | | <code>true</code> | | ||
|
||
## Outputs | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -80,7 +80,7 @@ values: | |
region: europe-west1 | ||
role: roles/compute.networkUser | ||
subnetwork: subnet-1 | ||
module.vpc.google_compute_subnetwork_iam_binding.bindings["europe-west1/subnet-1.roles/compute.networkUser.test_condition"]: | ||
module.vpc.google_compute_subnetwork_iam_binding.bindings["subnet-1-iam"]: | ||
condition: | ||
- description: null | ||
expression: resource.matchTag('123456789012/env', 'prod') | ||
|
@@ -91,7 +91,7 @@ values: | |
region: europe-west1 | ||
role: roles/compute.networkUser | ||
subnetwork: subnet-1 | ||
module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-am1"]: | ||
module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]: | ||
condition: [] | ||
member: user:[email protected] | ||
project: my-project | ||
|