Closed tejeshnandyala closed 2 years ago
Yes you can provide a group in the form group:{email}
https://cloud.google.com/access-context-manager/docs/access-level-attributes
The documentation from google here says group is not allowed :)
also i see below error when i add groups
googleapi: Error 400: AccessLevel definition has a 'member' field starting with 'group:'. Groups are not supported.
@tejeshnandyala I assumed you were talking about this variable in the example https://github.com/terraform-google-modules/terraform-google-vpc-service-controls/blob/54ee9793b605f583bcaafc2823a36543ccff093f/examples/bq-exfil-demo/variables.tf#L32-L36 Which is actually used by the bastion host module https://github.com/terraform-google-modules/terraform-google-vpc-service-controls/blob/54ee9793b605f583bcaafc2823a36543ccff093f/examples/bq-exfil-demo/main.tf#L22-L28 and not with access level https://github.com/terraform-google-modules/terraform-google-vpc-service-controls/blob/54ee9793b605f583bcaafc2823a36543ccff093f/examples/bq-exfil-demo/org.tf#L43-L49 Did you run into an issue running this example?
In our access lvl module we do specify only user/sa email https://github.com/terraform-google-modules/terraform-google-vpc-service-controls/blob/54ee9793b605f583bcaafc2823a36543ccff093f/modules/access_level/variables.tf#L52
is group really supported based on below
variable "members" { description = "List of members in the standard GCP form: user:{email}, serviceAccount:{email}, group:{email}" type = list(string) default = [] }