Skip to content

nick-10/terraform-google-folders

 
 

Repository files navigation

terraform-google-folders

This module helps create several folders under the same parent, enforcing consistent permissions, and with a common naming convention.

The resources/services/activations/deletions that this module will create/trigger are:

  • Create folders with the provided names
  • Assign the defined permissions to the provided list of users or groups.

Compatibility

This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is 2.0.2.

Usage

Basic usage of this module is as follows:

module "folders" {
  source  = "terraform-google-modules/folders/google"
  version = "~> 3.0"

  parent  = "folders/65552901371"

  names = [
    "dev",
    "staging",
    "production",
  ]

  set_roles = true

  per_folder_admins = {
    dev = "group:[email protected]"
    staging = "group:[email protected]"
    production = "group:[email protected]"
  }

  all_folder_admins = [
    "group:[email protected]",
  ]
}

Functional examples are included in the examples directory.

Inputs

Name Description Type Default Required
all_folder_admins List of IAM-style members that will get the extended permissions across all the folders. list(string) [] no
folder_admin_roles List of roles that will be applied to per folder owners on their respective folder. list(string)
[
"roles/owner",
"roles/resourcemanager.folderViewer",
"roles/resourcemanager.projectCreator",
"roles/compute.networkAdmin"
]
no
names Folder names. list(string) [] no
parent The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id string n/a yes
per_folder_admins IAM-style members per folder who will get extended permissions. map(string) {} no
prefix Optional prefix to enforce uniqueness of folder names. string "" no
set_roles Enable setting roles via the folder admin variables. bool false no

Outputs

Name Description
folder Folder resource (for single use).
folders Folder resources as list.
folders_map Folder resources by name.
id Folder id (for single use).
ids Folder ids.
ids_list List of folder ids.
name Folder name (for single use).
names Folder names.
names_list List of folder names.

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

Service Account

A service account with the following roles must be used to provision the resources of this module:

  • Folder Creator: roles/resourcemanager.folderCreator

The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.

APIs

A project with the following APIs enabled must be used to host the resources of this module:

  • Cloud Resource Manager API: cloudresourcemanager.googleapis.com

The Project Factory module can be used to provision a project with the necessary APIs enabled.

Contributing

Refer to the contribution guidelines for information on contributing to this module.

About

This module helps create several folders under the same parent

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 60.2%
  • Makefile 16.4%
  • Python 12.2%
  • Ruby 11.2%