Google Folders and Project Groups Management
This document explains the Terraform code responsible for managing Google folders and project groups within your organization.
Overview
The code consists of two main parts: 1. Retrieving the Google folders related to a specific project. 2. Creating project groups for various roles (developers, devops, admins) within those folders.
Google Folders
The google_folders data block is responsible for retrieving the folders related to the project identified by module.folders.id["Altus"].
A local variable child_folders is used to store these folders.
Group Combinations
The locals block creates combinations of folders and groups (developers, devops, admins) and specific members for each group.
locals {
child_folders = [for folder in data.google_folders.my_prj_folders.folders : folder]
groups = ["developers", "devops", "admins"]
folder_group_combinations = flatten([...])
members = {...}
}
Project Groups Module
The project_groups module is responsible for creating the Google groups for each folder and group type combination. The source for this module is the Terraform Google Modules group.
module "project_groups" {
for_each = {...}
source = "terraform-google-modules/group/google"
version = "0.4.0"
id = "${each.value.display_name}-${each.value.group_type}@${data.google_organization.org.domain}"
display_name = "${each.value.display_name}-${each.value.group_type}"
description = "Group for ${each.value.display_name} ${each.value.group_type}"
domain = data.google_organization.org.domain
managers = []
members = local.members["${each.value.display_name}-${each.value.group_type}"]
owners = []
}
Usage
Apply this code to manage folders and group permissions within your Google Cloud Platform organization.
Info
From this point on the document is autogenerated, don't modify it directly
Code
Fetching data about Google Cloud folders that are children
of the parent folder identified by module.folders.id["BussinesUnits"] using the Google provider in Terraform.
local values:
child_foldersextracts all child folders from theprj_foldersdata object,groupsis a list of user groups,folder_group_combinationscreates a combination of each folder with each group and sets their display name and group type, andmembersis a map that initializes empty lists for each project-group combination.
locals {
child_folders = [for folder in data.google_folders.my_prj_folders.folders : folder]
groups = ["developers", "devops", "admins"]
folder_group_combinations = flatten([
for folder in local.child_folders : [
for group in local.groups : {
display_name = lower(folder.display_name),
group_type = group
}
]
])
members = {
projecta-developers = []
projecta-devops = []
projecta-admins = []
projectb-developers = []
projectb-devops = []
projectb-admins = []
projectc-developers = []
projectc-devops = []
projectc-admins = []
}
}
This block of Terraform code creates a Google Group for each combination of folder and group type,
with the group's ID, display name, and description being generated based on the owner, display name, and group type,
and assigns members from the previously defined members map.
module "project_groups" {
for_each = { for combination in local.folder_group_combinations : "${combination.display_name}-${combination.group_type}" => combination }
source = "terraform-google-modules/group/google"
version = "0.4.0"
id = "${each.value.display_name}-${each.value.group_type}@${data.google_organization.org.domain}"
display_name = "${each.value.display_name}-${each.value.group_type}"
description = "Group for ${each.value.display_name} ${each.value.group_type}"
domain = data.google_organization.org.domain
managers = []
members = local.members["${split("${var.owner}-", each.value.display_name)[1]}-${each.value.group_type}"]
owners = []
}