From 3a576a65b4dc1e3d852baa51e39977145420f453 Mon Sep 17 00:00:00 2001 From: Abhishek Tiwari Date: Wed, 12 Feb 2025 18:44:23 +0000 Subject: [PATCH] showcase new input variable --- modules/v2/main.tf | 16 ++++++++++++++++ modules/v2/variables.tf | 4 ++++ 2 files changed, 20 insertions(+) diff --git a/modules/v2/main.tf b/modules/v2/main.tf index ede32e32..5297754a 100644 --- a/modules/v2/main.tf +++ b/modules/v2/main.tf @@ -57,6 +57,15 @@ locals { startup_probe = [] liveness_probe = [] }] + + service_account_project_role_mappings = flatten([ + for project_role in var.service_account_roles_in_projects : [ + for role in distinct(project_role.roles) : { + project_id = project_role.project_id + role = role + } + ] + ]) } resource "google_service_account" "sa" { @@ -77,6 +86,13 @@ resource "google_project_iam_member" "roles" { member = "serviceAccount:${local.service_account}" } +resource "google_project_iam_member" "project_roles" { + for_each = { for item in local.service_account_project_role_mappings : "${item.project_id}-${item.role}" => item } + project = each.value.project_id + role = each.value.role + member = "serviceAccount:${local.service_account}" +} + resource "google_cloud_run_v2_service" "main" { provider = google-beta diff --git a/modules/v2/variables.tf b/modules/v2/variables.tf index 059453df..38ad7a7b 100644 --- a/modules/v2/variables.tf +++ b/modules/v2/variables.tf @@ -124,6 +124,10 @@ variable "service_account_project_roles" { default = [] } +variable "service_account_roles_in_projects" { + type = list(object({ project_id = string, roles = list(string) })) +} + variable "members" { type = list(string) description = "Users/SAs to be given invoker access to the service. Grant invoker access by specifying the users or service accounts (SAs). Use allUsers for public access, allAuthenticatedUsers for access by logged-in Google users, or provide a list of specific users/SAs. See the complete list of available options: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service_iam#member\\/members-1"