base_roles Include All - Githubissues

terraform-google-modules / terraform-google-iam

Manages multiple IAM roles for resources on Google Cloud

https://registry.terraform.io/modules/terraform-google-modules/iam/google

Apache License 2.0

189 stars 171 forks source link

base_roles Include All #151

Closed SpyderDave closed 2 years ago

SpyderDave commented 2 years ago

TL;DR

It would be nice to be able to use this module in a manner which would allow simply combining multiple roles (base_roles) into a single custom role without the need to specify individual permissions from the base_roles.

Maybe this is possible?

Terraform Resources

No response

Detailed design

No response

Additional information

No response

morgante commented 2 years ago

This is already possible today. You can leave the permissions list empty if you don't want to add any permissions. Example:

module "custom-roles" {
  source = "terraform-google-modules/iam/google//modules/custom_role_iam"

  base_roles           = ["roles/compute.viewer", "roles/bigquery.viewer"]
  permissions          = []
}

SpyderDave commented 2 years ago

Actually, if you leave the permissions empty as you indicated, it produces an error "attribute supports 1 item minimum"