fix(fleet_app_operator_permissions): optional groups and users (#2044)

apeabody · web-flow · commit a5a67e56fd34 · 2024-08-20T10:40:01.000-07:00
diff --git a/examples/simple_fleet_app_operator_permissions/main.tf b/examples/simple_fleet_app_operator_permissions/main.tf
@@ -40,7 +40,6 @@ module "permissions" {
   fleet_project_id = var.fleet_project_id
   scope_id         = google_gke_hub_scope.scope.scope_id
   users            = ["${local.app_operator_id}@${var.fleet_project_id}.iam.gserviceaccount.com"]
-  groups           = []
   role             = local.app_operator_role
 
   depends_on = [
diff --git a/modules/fleet-app-operator-permissions/README.md b/modules/fleet-app-operator-permissions/README.md
@@ -29,10 +29,10 @@ To deploy this config, run:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | fleet\_project\_id | The project to which the Fleet belongs. | `string` | n/a | yes |
-| groups | The list of app operator group principals, e.g., `people@google.com`, `principalSet://iam.googleapis.com/locations/global/workforcePools/my-pool/group/people`. | `list(string)` | n/a | yes |
+| groups | The list of app operator group principals, e.g., `people@google.com`, `principalSet://iam.googleapis.com/locations/global/workforcePools/my-pool/group/people`. | `list(string)` | `[]` | no |
 | role | The principals role for the Fleet Scope (`VIEW`/`EDIT`/`ADMIN`). | `string` | n/a | yes |
 | scope\_id | The scope for which IAM and RBAC role bindings are created. | `string` | n/a | yes |
-| users | The list of app operator user principals, e.g., `person@google.com`, `principal://iam.googleapis.com/locations/global/workforcePools/my-pool/subject/person`, `serviceAccount:my-service-account@my-project.iam.gserviceaccount.com`. | `list(string)` | n/a | yes |
+| users | The list of app operator user principals, e.g., `person@google.com`, `principal://iam.googleapis.com/locations/global/workforcePools/my-pool/subject/person`, `serviceAccount:my-service-account@my-project.iam.gserviceaccount.com`. | `list(string)` | `[]` | no |
 
 ## Outputs
 
diff --git a/modules/fleet-app-operator-permissions/variables.tf b/modules/fleet-app-operator-permissions/variables.tf
@@ -27,11 +27,13 @@ variable "scope_id" {
 variable "users" {
   description = "The list of app operator user principals, e.g., `person@google.com`, `principal://iam.googleapis.com/locations/global/workforcePools/my-pool/subject/person`, `serviceAccount:my-service-account@my-project.iam.gserviceaccount.com`."
   type        = list(string)
+  default     = []
 }
 
 variable "groups" {
   description = "The list of app operator group principals, e.g., `people@google.com`, `principalSet://iam.googleapis.com/locations/global/workforcePools/my-pool/group/people`."
   type        = list(string)
+  default     = []
 }
 
 variable "role" {

Original file line number	Diff line number	Diff line change
`@@ -27,11 +27,13 @@ variable "scope_id" {`
`27`	`27`	`variable "users" {`
`28`	`28`	description = "The list of app operator user principals, e.g., `[email protected]`, `principal://iam.googleapis.com/locations/global/workforcePools/my-pool/subject/person`, `serviceAccount:[email protected]`."
`29`	`29`	`type = list(string)`
	`30`	`+ default = []`
`30`	`31`	`}`
`31`	`32`
`32`	`33`	`variable "groups" {`
`33`	`34`	description = "The list of app operator group principals, e.g., `[email protected]`, `principalSet://iam.googleapis.com/locations/global/workforcePools/my-pool/group/people`."
`34`	`35`	`type = list(string)`
	`36`	`+ default = []`
`35`	`37`	`}`
`36`	`38`
`37`	`39`	`variable "role" {`