-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
60 lines (59 loc) · 2.97 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
variable "name" {
description = "(Required) Name of Cloud Tasks Queue the IAM is applied to"
type = string
}
variable "location" {
description = "(Required) The location used to find the parent resource to bind the IAM policy to"
type = string
}
variable "project" {
default = null
description = "The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used."
type = string
}
variable "members" {
default = [
]
description = "(Optional) Identities that will be granted the privilege in role."
type = set(string)
validation {
condition = alltrue([for m in var.members : can(regex("^allUsers$|^allAuthenticatedUsers$|^user:|^serviceAccount:|^group:|^domain:|^projectOwner:|^projectEditor:|^projectViewer:|^computed:", m))])
error_message = "The value must be set of strings where each entry is a valid principal type identified with `allUsers`, `allAuthenticatedUsers`, `user:{emailid}`, `serviceAccount:{emailid}`, `group:{emailid}`, `domain:{domain}`, `projectOwner:{projectid}`, `projectEditor:{projectid}`, `projectViewer:{projectid}`, `computed:{identifier}`"
}
}
variable "computed_members_map" {
default = {}
description = "(Optional) A map of members to replace in 'var.members' or in members of 'policy_bindings' to handle terraform computed values."
type = map(string)
validation {
condition = alltrue([for k, m in var.computed_members_map : can(regex("^allUsers$|^allAuthenticatedUsers$|^user:|^serviceAccount:|^group:|^domain:|^projectOwner:|^projectEditor:|^projectViewer:", m))])
error_message = "The value must be set of strings where each entry is a valid principal type identified with `allUsers`, `allAuthenticatedUsers`, `user:{emailid}`, `serviceAccount:{emailid}`, `group:{emailid}`, `domain:{domain}`, `projectOwner:{projectid}`, `projectEditor:{projectid}`, `projectViewer:{projectid}`"
}
}
variable "role" {
default = null
description = "(Optional) The IAM role to add the members to. Note that custom roles must be of the format '[projects|organizations]/{parent-name}/roles/{role-name}'."
type = string
}
variable "authoritative" {
default = true
description = "(Optional) Whether to exclusively set (authoritative mode) or add (non-authoritative/additive mode) members to the role."
type = bool
}
variable "policy_bindings" {
default = null
description = "(Optional) A list of IAM policy bindings."
type = any
}
variable "module_enabled" {
default = true
description = "(Optional) Whether to create resources within the module or not."
type = bool
}
variable "module_depends_on" {
default = [
]
description = "(Optional) A list of external resources the module depends_on."
type = any
}