feat: add support for predefined roles as a basis for custom roles

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud

https://registry.terraform.io/modules/terraform-google-modules/iam/google

Apache License 2.0

189 stars 171 forks source link

feat: add support for predefined roles as a basis for custom roles #118

Closed zefdelgadillo closed 3 years ago

zefdelgadillo commented 3 years ago

Adds support for creation of custom roles based on permissions within predefined roles.

zefdelgadillo commented 3 years ago

/gcbrun

zefdelgadillo commented 3 years ago

@morgante @kunalkg11 @bharathkkb - Should we consider automatically excluding permissions that are unsupported for custom roles? If this is merged, it's less clear which unsupported permissions might be in custom role scope given the input is predefined roles.

morgante commented 3 years ago

@zefdelgadillo Yes we should automatically filter out permissions that can't be used: https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_testable_permissions

zefdelgadillo commented 3 years ago

@zefdelgadillo Yes we should automatically filter out permissions that can't be used: https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_testable_permissions

Thanks. This now excludes unsupported permissions by default using the linked data source.