terraform-google-bootstrap icon indicating copy to clipboard operation
terraform-google-bootstrap copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Seed project will have the creator as owner

Open umairidris opened this issue 5 years ago • 4 comments
trafficstars

When creating a GCP project the creating user is granted owner access to the project. Given this module will likely be called by a human, a human will have owner access to the seed project.

Thus, we should consider adding an iam_binding to transfer roles/owner to a central group.

umairidris avatar Jun 12 '20 22:06 umairidris

Yeah historically this module actually did this, but it introduced some flakiness at the time which would cause project creation to fail. I would be happy to accept a PR that sets this to something like the org_admins group if you are able to get it working consistently

rjerrems avatar Jun 14 '20 07:06 rjerrems

Do you have some insights into the type of flakiness? I have used project_iam_binding for this, as long as the user is in the new owners group they should continue to have access but I don't know if there are some issues with this approach.

umairidris avatar Jun 15 '20 21:06 umairidris

Yeah its been quite a while since I last did this, so its possible that its a non-issue now. Given its a small change perhaps we try adding it and running through the test suite a few times?

rjerrems avatar Jun 15 '20 22:06 rjerrems

iam_binding should work.

morgante avatar Jul 22 '20 14:07 morgante