-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlocals.tf
More file actions
56 lines (53 loc) · 1.47 KB
/
locals.tf
File metadata and controls
56 lines (53 loc) · 1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
locals {
databases = toset(distinct(flatten([
for role in var.roles : [role.databases_ro, role.databases_rw]
])))
databases_readers = flatten([
for role, role_ in var.roles : [
for database in role_.databases_ro : {
role = role
database = database
is_iam = contains(["CLOUD_IAM_USER", "CLOUD_IAM_GROUP", "CLOUD_IAM_SERVICE_ACCOUNT"], role_.type)
type = role_.type
}
]
])
databases_writers = flatten(concat([
for role, role_ in var.roles : [
for database in role_.databases_rw : {
role = role
database = database
is_iam = contains(["CLOUD_IAM_USER", "CLOUD_IAM_GROUP", "CLOUD_IAM_SERVICE_ACCOUNT"], role_.type)
type = role_.type
}
]
], [
for database in local.databases : [
for writer in var.legacy_writers : {
role = writer
database = database
is_iam = false
type = "BUILT_IN"
}
]
]))
roles_iam = { for role, role_ in var.roles : role => role_ if contains(["CLOUD_IAM_USER", "CLOUD_IAM_GROUP", "CLOUD_IAM_SERVICE_ACCOUNT"], role_.type) }
roles_built_in = { for role, role_ in var.roles : role => role_ if role_.type == "BUILT_IN" }
privileges_ro = [
"SELECT",
]
privileges_rw_tables = [
"DELETE",
"INSERT",
"REFERENCES",
"SELECT",
"TRIGGER",
"TRUNCATE",
"UPDATE",
]
privileges_rw_sequences = [
"SELECT",
"UPDATE",
"USAGE",
]
}