Merge pull request #22 from terraform-google-modules/aaron-lane-dynamic-iam-members

Replace IAM module with IAM member resources

Author: Aaron Lane

CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning][semver-site].
 
 ## [Unreleased]
 
+## [1.1.1] - 2019-11-12
+
+### Fixed
+
+- The IAM module was replaced with IAM member resources to support dynamic members in additive mode. [#22]
+
 ## [1.1.0] - 2019-11-11
 
 ### Changed
@@ -53,7 +59,8 @@ and this project adheres to [Semantic Versioning][semver-site].
 
 - Initial release
 
-[Unreleased]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.1.0...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.1.1...HEAD
+[1.1.1]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.1.0...v1.1.1
 [1.1.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v1.0.0...v1.1.0
 [1.0.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v0.4.1...v1.0.0
 [0.4.1]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v0.4.0...v0.4.1
@@ -62,6 +69,7 @@ and this project adheres to [Semantic Versioning][semver-site].
 [0.2.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/releases/tag/v0.1.0
 
+[#22]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/22
 [#21]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/21
 [#20]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/20
 [#13]: https://github.com/terraform-google-modules/terraform-google-scheduled-function/pull/13

modules/project_cleanup/main.tf

@@ -24,21 +24,16 @@ resource "google_service_account" "project_cleaner_function" {
   display_name = "Project Cleaner Function"
 }
 
-module "sa-organization-roles" {
-  source        = "terraform-google-modules/iam/google//modules/organizations_iam"
-  version       = "4.0.0"
-  organizations = [var.organization_id]
-  mode          = "additive"
+resource "google_organization_iam_member" "main" {
+  for_each = toset(["projectDeleter", "folderViewer", "lienModifier"])
 
-  bindings = {
-    "roles/resourcemanager.projectDeleter" = ["serviceAccount:${google_service_account.project_cleaner_function.email}"]
-    "roles/resourcemanager.folderViewer"   = ["serviceAccount:${google_service_account.project_cleaner_function.email}"]
-    "roles/resourcemanager.lienModifier"   = ["serviceAccount:${google_service_account.project_cleaner_function.email}"]
-  }
+  member = "serviceAccount:${google_service_account.project_cleaner_function.email}"
+  org_id = var.organization_id
+  role   = "roles/resourcemanager.${each.value}"
 }
 
 module "scheduled_project_cleaner" {
-  source                         = "../../"
+  source                         = "../.."
   project_id                     = var.project_id
   job_name                       = "project-cleaner"
   job_schedule                   = var.job_schedule