Support for iam_groups - Githubissues

terraform-google-modules / terraform-google-sql-db

Creates a Cloud SQL database instance

https://registry.terraform.io/modules/terraform-google-modules/sql-db/google

Apache License 2.0

263 stars 422 forks source link

Support for iam_groups #626

Open tylerbrandt opened 1 month ago

tylerbrandt commented 1 month ago

TL;DR

Does this module support IAM groups (https://cloud.google.com/sql/docs/postgres/add-manage-iam-users#add-iam-group-db), or can that be added? It looks like it infers whether an iam_users entry is a service account or not, but not whether it is a group or not.

Terraform Resources

No response

Detailed design

No response

Additional information

My org provides "wrapper" libs around the terraform modules, including this one, so it's not trivial to "add on" a separate call to resource "google_sql_user".

AliaksandrTsimokhau commented 1 month ago

We also require the capability to add groups. Although I am not currently aware of any scenarios when it's necessary to provide access for a service account, a straightforward solution could involve defining the type directly within the iam_users variable definition. locals: https://github.com/terraform-google-modules/terraform-google-sql-db/blob/a2b5b351577a5e1b0ca7c1069a24a1a6f4a056fd/modules/postgresql/main.tf#L30

iam_users = { for user in var.iam_users : user.id => { email = user.email, type. = user.type } }
resource: https://github.com/terraform-google-modules/terraform-google-sql-db/blob/a2b5b351577a5e1b0ca7c1069a24a1a6f4a056fd/modules/postgresql/main.tf#L315

type = each.value.type