Skip to content

Commit

Permalink
feat: updated variables for iam
Browse files Browse the repository at this point in the history
  • Loading branch information
@prabhu34
prabhu34 committed Feb 3, 2023
1 parent 393b404 commit 381b07c
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
8 changes: 4 additions & 4 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,20 +127,20 @@ resource "google_cloudfunctions2_function" "function" {

// IAM for invoking HTTP functions (roles/cloudfunctions.invoker)
resource "google_cloudfunctions2_function_iam_member" "invokers" {
count = contains(keys(var.members), "invokers") ? length(var.members["invokers"]) : 0
for_each = toset(contains(keys(var.members), "invokers") ? var.members["invokers"] : [])
location = google_cloudfunctions2_function.function.location
project = google_cloudfunctions2_function.function.project
cloud_function = google_cloudfunctions2_function.function.name
role = "roles/cloudfunctions.invoker"
member = var.members["invokers"][count.index]
member = each.value
}

// Read and write access to all functions-related resources (roles/cloudfunctions.developer)
resource "google_cloudfunctions2_function_iam_member" "developers" {
count = contains(keys(var.members), "developers") ? length(var.members["developers"]) : 0
for_each = toset(contains(keys(var.members), "developers") ? var.members["developers"] : [])
location = google_cloudfunctions2_function.function.location
project = google_cloudfunctions2_function.function.project
cloud_function = google_cloudfunctions2_function.function.name
role = "roles/cloudfunctions.developer"
member = var.members["developers"][count.index]
member = each.value
}
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,4 +160,10 @@ variable "members" {
type = map(list(string))
description = "Cloud Function Invoker and Developer roles for Users/SAs. Key names must be developers and/or invokers"
default = {}
validation {
condition = alltrue([
for key in keys(var.members) : contains(["invokers", "developers"], key)
])
error_message = "The supported keys are invokers and developers."
}
}

0 comments on commit 381b07c

Please sign in to comment.