chore: iterate

examples/gcp-pubsub/README.md

@@ -43,8 +43,8 @@ The workload service account will automatically be assigned the necessary GCP Se
 | gcp\_service\_account\_workload | ../../humanitec-resource-defs/gcp-service-account/workload | n/a |
 | gps\_basic\_subscriber | ../../humanitec-resource-defs/gcp-pubsub-subscription/passthrough | n/a |
 | gpt\_basic\_publisher | ../../humanitec-resource-defs/gcp-pubsub-topic/passthrough | n/a |
-| iam\_role\_binding\_gcp\_pubsub\_subscription\_subscriber | ../../humanitec-resource-defs/gcp-iam-policy-binding/gcp-pubsub-subscription | n/a |
-| iam\_role\_binding\_gcp\_pubsub\_topic\_publisher | ../../humanitec-resource-defs/gcp-iam-policy-binding/gcp-pubsub-topic | n/a |
+| iam\_role\_binding\_gcp\_pubsub\_subscription\_subscriber | ../../humanitec-resource-defs/gcp-iam-policy-binding/basic | n/a |
+| iam\_role\_binding\_gcp\_pubsub\_topic\_publisher | ../../humanitec-resource-defs/gcp-iam-policy-binding/basic | n/a |
 | k8s\_service\_account | ../../humanitec-resource-defs/k8s/service-account | n/a |
 | pubsub\_subscription\_basic | ../../humanitec-resource-defs/gcp-pubsub-subscription/basic | n/a |
 | pubsub\_topic\_basic | ../../humanitec-resource-defs/gcp-pubsub-topic/basic | n/a |

examples/gcp-pubsub/pubsub_subscription.tf

@@ -21,13 +21,15 @@ resource "humanitec_resource_definition_criteria" "pubsub_subscription_basic" {
 # policy
 
 module "iam_role_binding_gcp_pubsub_subscription_subscriber" {
-  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/gcp-pubsub-subscription"
+  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/basic"
 
   prefix = var.prefix
+  name   = "gcp-pubsub-subscription-basic-subscriber"
 
-  gcp_pubsub_subscription_resource_class = "basic"
-  name                                   = "subscriber"
-  role                                   = "roles/pubsub.subscriber"
+  type        = "pubsub_subscription"
+  scope_key   = "subscription"
+  scope_value = "$${resources['gcp-pubsub-subscription.${local.gps_basic_class}'].outputs.name}"
+  role        = "roles/pubsub.subscriber"
 }
 
 resource "humanitec_resource_definition_criteria" "iam_role_binding_gcp_pubsub_subscription_subscriber" {

examples/gcp-pubsub/pubsub_topic.tf

@@ -21,13 +21,15 @@ resource "humanitec_resource_definition_criteria" "pubsub_topic_basic" {
 # policy
 
 module "iam_role_binding_gcp_pubsub_topic_publisher" {
-  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/gcp-pubsub-topic"
+  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/basic"
 
   prefix = var.prefix
+  name   = "gcp-pubsub-topic-basic-publisher"
 
-  gcp_pubsub_topic_resource_class = "basic"
-  name                            = "publisher"
-  role                            = "roles/pubsub.publisher"
+  type        = "pubsub_topic"
+  scope_key   = "topic"
+  scope_value = "$${resources['gcp-pubsub-topic.${local.gpt_basic_class}'].outputs.name}"
+  role        = "roles/pubsub.publisher"
 }
 
 resource "humanitec_resource_definition_criteria" "iam_role_binding_gcp_pubsub_topic_publisher" {

examples/gcs/README.md

@@ -39,8 +39,8 @@ The workload service account will automatically be assigned the necessary GCP Se
 | gcs\_basic | ../../humanitec-resource-defs/gcs/basic | n/a |
 | gcs\_basic\_admin | ../../humanitec-resource-defs/gcs/passthrough | n/a |
 | gcs\_basic\_read\_only | ../../humanitec-resource-defs/gcs/passthrough | n/a |
-| iam\_role\_binding\_gcs\_admin | ../../humanitec-resource-defs/gcp-iam-policy-binding/gcs | n/a |
-| iam\_role\_binding\_gcs\_read\_only | ../../humanitec-resource-defs/gcp-iam-policy-binding/gcs | n/a |
+| iam\_role\_binding\_gcs\_admin | ../../humanitec-resource-defs/gcp-iam-policy-binding/basic | n/a |
+| iam\_role\_binding\_gcs\_read\_only | ../../humanitec-resource-defs/gcp-iam-policy-binding/basic | n/a |
 | k8s\_service\_account | ../../humanitec-resource-defs/k8s/service-account | n/a |
 | workload | ../../humanitec-resource-defs/workload/service-account | n/a |
 

examples/gcs/main.tf

@@ -44,13 +44,15 @@ resource "humanitec_resource_definition_criteria" "gcs_basic" {
 ## Policy
 
 module "iam_role_binding_gcs_admin" {
-  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/gcs"
+  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/basic"
 
   prefix = var.prefix
+  name   = "gcp-iam-policy-binding-gcs-basic-admin"
 
-  gcs_resource_class = local.gcs_basic_class
-  name               = "admin"
-  role               = "roles/storage.admin"
+  type        = "storage_bucket"
+  scope_key   = "bucket"
+  scope_value = "$${resources['gcs.${local.gcs_basic_class}'].outputs.name}"
+  role        = "roles/storage.admin"
 }
 
 resource "humanitec_resource_definition_criteria" "iam_role_binding_gcs_admin" {
@@ -80,13 +82,15 @@ resource "humanitec_resource_definition_criteria" "gcs_basic_admin" {
 ## Policy
 
 module "iam_role_binding_gcs_read_only" {
-  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/gcs"
+  source = "../../humanitec-resource-defs/gcp-iam-policy-binding/basic"
 
   prefix = var.prefix
+  name   = "gcs-basic-read-only"
 
-  gcs_resource_class = local.gcs_basic_class
-  name               = "read-only"
-  role               = "roles/storage.objectViewer"
+  type        = "storage_bucket"
+  scope_key   = "bucket"
+  scope_value = "$${resources['gcs.${local.gcs_basic_class}'].outputs.name}"
+  role        = "roles/storage.objectViewer"
 }
 
 resource "humanitec_resource_definition_criteria" "iam_role_binding_gcs_read_only" {

humanitec-resource-defs/gcp-iam-policy-binding/gcp-pubsub-subscription/README.md → humanitec-resource-defs/gcp-iam-policy-binding/basic/README.md

@@ -22,10 +22,12 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| gcp\_pubsub\_subscription\_resource\_class | The class of the gcp-pubsub-subscription resource | `string` | n/a | yes |
 | name | Resource definition name | `string` | n/a | yes |
 | prefix | n/a | `string` | n/a | yes |
-| role | The role to bind to the gcp-pubsub-subscription resource | `string` | n/a | yes |
+| role | The role to bind to the scope, e.g. roles/storage.admin or roles/pubsub.publisher | `string` | n/a | yes |
+| scope\_key | Type the scope is applied to, e.g. bucket or topic | `string` | n/a | yes |
+| scope\_value | The name of the resource the scope is applied to, e.g. my-bucket or my-topic | `string` | n/a | yes |
+| type | The type of binding that should be created, e.g. storage\_bucket or pubsub\_topic | `string` | n/a | yes |
 
 ## Outputs
 

humanitec-resource-defs/gcp-iam-policy-binding/gcs/main.tf → humanitec-resource-defs/gcp-iam-policy-binding/basic/main.tf

@@ -1,7 +1,7 @@
 resource "humanitec_resource_definition" "main" {
   driver_type = "humanitec/template"
-  id          = "${var.prefix}gcp-iam-policy-binding-gcs-${var.name}"
-  name        = "${var.prefix}gcp-iam-policy-binding-gcs-${var.name}"
+  id          = "${var.prefix}gcp-iam-policy-binding-${var.name}"
+  name        = "${var.prefix}gcp-iam-policy-binding-${var.name}"
 
   type = "gcp-iam-policy-binding"
 
@@ -11,8 +11,8 @@ resource "humanitec_resource_definition" "main" {
         outputs = <<EOL
 binding: |
   {{ dict
-    "type" "storage_bucket"
-    "bucket" "$${resources['gcs.${var.gcs_resource_class}'].outputs.name}"
+    "type" "${var.type}"
+    "${var.scope_key}" "${var.scope_value}"
     "role" "${var.role}"
   | toJson }}
 EOL

humanitec-resource-defs/gcp-iam-policy-binding/basic/terraform.tfvars.example

@@ -0,0 +1,17 @@
+
+# Resource definition name
+name = ""
+
+prefix = ""
+
+# The role to bind to the scope, e.g. roles/storage.admin or roles/pubsub.publisher
+role = ""
+
+# Type the scope is applied to, e.g. bucket or topic
+scope_key = ""
+
+# The name of the resource the scope is applied to, e.g. my-bucket or my-topic
+scope_value = ""
+
+# The type of binding that should be created, e.g. storage_bucket or pubsub_topic
+type = ""

humanitec-resource-defs/gcp-iam-policy-binding/basic/variables.tf

@@ -0,0 +1,28 @@
+variable "prefix" {
+  type = string
+}
+
+variable "name" {
+  description = "Resource definition name"
+  type        = string
+}
+
+variable "type" {
+  description = "The type of binding that should be created, e.g. storage_bucket or pubsub_topic"
+  type        = string
+}
+
+variable "scope_key" {
+  description = "Type the scope is applied to, e.g. bucket or topic"
+  type        = string
+}
+
+variable "scope_value" {
+  description = "The name of the resource the scope is applied to, e.g. my-bucket or my-topic"
+  type        = string
+}
+
+variable "role" {
+  description = "The role to bind to the scope, e.g. roles/storage.admin or roles/pubsub.publisher"
+  type        = string
+}