Skip to content

Commit c1770d3

Browse files
adela-bytebaseadela-bytebase
committed
fix
1 parent 31a130d commit c1770d3

File tree

2 files changed

+90
-0
lines changed

2 files changed

+90
-0
lines changed

tutorials/7-1-workspace-iam.tf

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
resource "bytebase_iam_policy" "workspace_iam" {
2+
depends_on = [
3+
bytebase_user.workspace_admin,
4+
bytebase_user.tf_service_account,
5+
bytebase_user.workspace_dba1,
6+
bytebase_user.workspace_dba2,
7+
bytebase_group.qa
8+
]
9+
10+
parent = "workspaces/-"
11+
12+
iam_policy {
13+
14+
binding {
15+
role = "roles/workspaceAdmin"
16+
members = [
17+
format("user:%s", bytebase_user.workspace_admin.email),
18+
format("user:%s", bytebase_user.tf_service_account.email),
19+
]
20+
}
21+
22+
binding {
23+
role = "roles/workspaceDBA"
24+
members = [
25+
format("user:%s", bytebase_user.workspace_dba1.email),
26+
format("user:%s", bytebase_user.workspace_dba2.email)
27+
]
28+
}
29+
30+
binding {
31+
role = "roles/workspaceMember"
32+
members = [
33+
format("user:%s", bytebase_user.dev1.email),
34+
format("user:%s", bytebase_user.dev2.email),
35+
format("user:%s", bytebase_user.dev3.email),
36+
format("user:%s", bytebase_user.qa1.email),
37+
format("user:%s", bytebase_user.qa2.email)
38+
]
39+
}
40+
41+
binding {
42+
role = "roles/projectViewer"
43+
members = [
44+
format("group:%s", bytebase_group.qa.email),
45+
]
46+
}
47+
}
48+
}

tutorials/7-2-project-iam.tf

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
resource "bytebase_iam_policy" "project_iam" {
2+
depends_on = [
3+
bytebase_group.developers,
4+
bytebase_user.workspace_dba1,
5+
bytebase_user.workspace_dba2
6+
]
7+
8+
parent = bytebase_project.project-two.name
9+
10+
iam_policy {
11+
12+
binding {
13+
role = "roles/projectOwner"
14+
members = [
15+
format("user:%s", bytebase_user.workspace_dba1.email),
16+
format("user:%s", bytebase_user.workspace_dba2.email)
17+
]
18+
}
19+
20+
binding {
21+
role = "roles/projectDeveloper"
22+
members = [
23+
"allUsers",
24+
format("group:%s", bytebase_group.developers.email)
25+
]
26+
}
27+
28+
binding {
29+
role = "roles/sqlEditorUser"
30+
members = [
31+
format("group:%s", bytebase_group.developers.email)
32+
]
33+
condition {
34+
database = "instances/prod-sample-instance/databases/hr_prod"
35+
schema = "public"
36+
tables = ["employee","salary"]
37+
expire_timestamp = "2027-07-10T16:17:49Z"
38+
}
39+
}
40+
41+
}
42+
}

0 commit comments

Comments
 (0)