Merge pull request #5 from mineiros-io/sameh-service-account

feat: adding iam to the module

iam.tf

@@ -0,0 +1,24 @@
+locals {
+  iam_map = var.policy_bindings == null ? { for iam in var.iam : iam.role => iam } : tomap({})
+
+  policy_bindings = var.policy_bindings != null ? {
+    iam_policy = {
+      policy_bindings = var.policy_bindings
+    }
+  } : tomap({})
+}
+
+module "iam" {
+  source = "github.com/mineiros-io/terraform-google-service-account-iam.git?ref=v0.0.1"
+
+  for_each = var.policy_bindings != null ? local.policy_bindings : local.iam_map
+
+  module_enabled    = var.module_enabled
+  module_depends_on = var.module_depends_on
+
+  service_account_id = google_service_account.service_account[0].name
+  role               = try(each.value.role, null)
+  members            = try(each.value.members, null)
+  authoritative      = try(each.value.authoritative, true)
+  policy_bindings    = try(each.value.policy_bindings, null)
+}

outputs.tf

@@ -8,6 +8,12 @@ output "precomputed_email" {
 
 }
 
+# remap iam to reduce one level of access (iam[]. instead of iam[].iam.)
+output "iam" {
+  description = "The iam resource objects that define the access to the secret"
+  value       = { for key, iam in module.iam : key => iam.iam }
+}
+
 # ------------------------------------------------------------------------------
 # OUTPUT ALL RESOURCES AS FULL OBJECTS
 # ------------------------------------------------------------------------------

variables.tf

@@ -53,6 +53,20 @@ variable "organization_access" {
   default     = {}
 }
 
+## IAM
+
+variable "iam" {
+  description = "(Optional) A list of IAM access."
+  type        = any
+  default     = []
+}
+
+variable "policy_bindings" {
+  description = "(Optional) A list of IAM policy bindings."
+  type        = any
+  default     = null
+}
+
 # ------------------------------------------------------------------------------
 # MODULE CONFIGURATION PARAMETERS
 # These variables are used to configure the module.