From 9eb42217beae09f53480a71c3ce6b7dee246a13c Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 12 Nov 2019 16:11:55 -0500 Subject: [PATCH 1/2] Replace IAM module with IAM member resources The IAM module does not support dynamic members in additive mode. --- modules/project_cleanup/main.tf | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/modules/project_cleanup/main.tf b/modules/project_cleanup/main.tf index a02cc32..aced7b7 100644 --- a/modules/project_cleanup/main.tf +++ b/modules/project_cleanup/main.tf @@ -24,21 +24,16 @@ resource "google_service_account" "project_cleaner_function" { display_name = "Project Cleaner Function" } -module "sa-organization-roles" { - source = "terraform-google-modules/iam/google//modules/organizations_iam" - version = "4.0.0" - organizations = [var.organization_id] - mode = "additive" +resource "google_organization_iam_member" "main" { + for_each = toset(["projectDeleter", "folderViewer", "lienModifier"]) - bindings = { - "roles/resourcemanager.projectDeleter" = ["serviceAccount:${google_service_account.project_cleaner_function.email}"] - "roles/resourcemanager.folderViewer" = ["serviceAccount:${google_service_account.project_cleaner_function.email}"] - "roles/resourcemanager.lienModifier" = ["serviceAccount:${google_service_account.project_cleaner_function.email}"] - } + member = "serviceAccount:${google_service_account.project_cleaner_function.email}" + org_id = var.organization_id + role = "roles/resourcemanager.${each.value}" } module "scheduled_project_cleaner" { - source = "../../" + source = "../.." project_id = var.project_id job_name = "project-cleaner" job_schedule = var.job_schedule From 8c6d9a587629c5910f59f6aab84e18bffe7b4810 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 12 Nov 2019 16:12:53 -0500 Subject: [PATCH 2/2] Add entry for 1.1.1 to CHANGELOG --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50a7dac..359c0ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning][semver-site]. ## [Unreleased] +## [1.1.1] - 2019-11-12 + +### Fixed + +- The IAM module was replaced with IAM member resources to support dynamic members in additive mode. [#22] + ## [1.1.0] - 2019-11-11 ### Changed @@ -53,7 +59,8 @@ and this project adheres to [Semantic Versioning][semver-site]. - Initial release -[Unreleased]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.1.0...HEAD +[Unreleased]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.1.1...HEAD +[1.1.1]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.1.0...v1.1.1 [1.1.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.0.0...v1.1.0 [1.0.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v0.4.1...v1.0.0 [0.4.1]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v0.4.0...v0.4.1 @@ -62,6 +69,7 @@ and this project adheres to [Semantic Versioning][semver-site]. [0.2.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v0.1.0...v0.2.0 [0.1.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/releases/tag/v0.1.0 +[#22]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/22 [#21]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/21 [#20]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/20 [#13]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/13