On GCP, it’s usefull to define IAM bindings like this:
locals {
iam_bindings = [
{
member = "user:jane@example.com"
roles = [
"roles/cloudfunctions.developer",
"roles/container.developer"
]
},
{
member = "group:admins@example.com"
roles = [
"roles/datacatalog.admin",
"roles/dataflow.admin"
]
},
{
member = "serviceAccount:my-app@appspot.gserviceaccount.com",
roles = [
"roles/cloudfunctions.invoker"
]
}
]
}
The problem is that the GCP resources expect those values in the following format:
resource "google_folder_iam_binding" "folder" {
folder = "folders/1234567"
role = "roles/editor"
members = [
"user:jane@example.com",
]
}
I’m looking for a way to transform that initial data structure into something I can easily loop over to feed the above GCP resource. Something like this:
transformed_iam_bindings = [
{
role = "roles/cloudfunctions.developer",
members = "user:jane@example.com"
},
{
role = "roles/container.developer"
members = "user:jane@example.com"
},
{
role = "roles/datacatalog.admin"
members = "group:admins@example.com"
},
{
role = "roles/dataflow.admin"
members = "group:admins@example.com"
},
{
role = "roles/cloudfunctions.invoker"
members = "serviceAccount:my-app@appspot.gserviceaccount.com",
}
]
Thanks in advance!