Granting permissions to all projects

How do you grant permissions to all projects under a org? Do we have to create a new role for each project?
I’m creating multiple projects under several orgs like this:

resource "boundary_scope" "customer_projects" {
  for_each    = var.customer_orgs
  name         = "AWS"
  description = "${each.value} AWS infrastructure"
  scope_id    = boundary_scope.customer_orgs[each.key].id

Now, how can I create roles for each of those projects? I just can’t figure this out, as I need to get the project id, but I don’t see any way to get it or reference it.

Hi @andrar, I am not sure that you can recursively list resources within a specific scope, but I will check on that. We are currently working on improvements that will allow you to grant permissions to all projects under an org (or even all scopes within Boundary).

You can’t recursively go through a list of items of a specific scope in Terraform today, that will require data sources which is something else we are working on.

@xingluw So in case there are 50 projects under an organization, we’d need to create 50 roles where each role grants permissions to a single project?

That is correct, however we are working on changes so that 1 role could cover all 50 projects at once.

1 Like