Granting permissions to all projects

andrar · June 30, 2023, 8:03am

How do you grant permissions to all projects under a org? Do we have to create a new role for each project?
I’m creating multiple projects under several orgs like this:

resource "boundary_scope" "customer_projects" {
  for_each    = var.customer_orgs
  name         = "AWS"
  description = "${each.value} AWS infrastructure"
  scope_id    = boundary_scope.customer_orgs[each.key].id
}

Now, how can I create roles for each of those projects? I just can’t figure this out, as I need to get the project id, but I don’t see any way to get it or reference it.

xingluw · June 30, 2023, 2:46pm

Hi @andrar, I am not sure that you can recursively list resources within a specific scope, but I will check on that. We are currently working on improvements that will allow you to grant permissions to all projects under an org (or even all scopes within Boundary).

xingluw · June 30, 2023, 6:12pm

You can’t recursively go through a list of items of a specific scope in Terraform today, that will require data sources which is something else we are working on.

andrar · July 2, 2023, 5:35pm

@xingluw So in case there are 50 projects under an organization, we’d need to create 50 roles where each role grants permissions to a single project?

xingluw · July 4, 2023, 3:44pm

That is correct, however we are working on changes so that 1 role could cover all 50 projects at once.