terraform-google-folders
This module helps create several folders under the same parent, enforcing consistent permissions, and with a common naming convention.
The resources/services/activations/deletions that this module will create/trigger are:
- Create folders with the provided names
- Assign the defined permissions to the provided list of users or groups.
Compatibility
This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is 2.0.2.
Usage
Basic usage of this module is as follows:
module "folders" {
source = "terraform-google-modules/folders/google"
version = "~> 3.0"
parent = "folders/65552901371"
names = [
"dev",
"staging",
"production",
]
set_roles = true
per_folder_admins = {
dev = "group:[email protected]"
staging = "group:[email protected]"
production = "group:[email protected]"
}
all_folder_admins = [
"group:[email protected]",
]
}
Functional examples are included in the examples directory.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| all_folder_admins | List of IAM-style members that will get the extended permissions across all the folders. | list(string) |
[] |
no |
| folder_admin_roles | List of roles that will be applied to per folder owners on their respective folder. | list(string) |
[ |
no |
| names | Folder names. | list(string) |
[] |
no |
| parent | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id | string |
n/a | yes |
| per_folder_admins | IAM-style members per folder who will get extended permissions. | map(string) |
{} |
no |
| prefix | Optional prefix to enforce uniqueness of folder names. | string |
"" |
no |
| set_roles | Enable setting roles via the folder admin variables. | bool |
false |
no |
Outputs
| Name | Description |
|---|---|
| folder | Folder resource (for single use). |
| folders | Folder resources as list. |
| folders_map | Folder resources by name. |
| id | Folder id (for single use). |
| ids | Folder ids. |
| ids_list | List of folder ids. |
| name | Folder name (for single use). |
| names | Folder names. |
| names_list | List of folder names. |
Requirements
These sections describe requirements for using this module.
Software
The following dependencies must be available:
- Terraform v0.13
- Terraform Provider for GCP plugin v2.0
Service Account
A service account with the following roles must be used to provision the resources of this module:
- Folder Creator:
roles/resourcemanager.folderCreator
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
APIs
A project with the following APIs enabled must be used to host the resources of this module:
- Cloud Resource Manager API:
cloudresourcemanager.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Contributing
Refer to the contribution guidelines for information on contributing to this module.