-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathessential_contacts.tf
46 lines (42 loc) · 2.33 KB
/
essential_contacts.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
group_org_admins = local.required_groups["group_org_admins"]
group_billing_admins = local.required_groups["group_billing_admins"]
gcp_scc_admin = var.gcp_groups.scc_admin == null ? local.group_org_admins : var.gcp_groups.scc_admin
gcp_security_reviewer = var.gcp_groups.security_reviewer == null ? local.group_org_admins : var.gcp_groups.security_reviewer
gcp_network_viewer = var.gcp_groups.network_viewer == null ? local.group_org_admins : var.gcp_groups.network_viewer
# Notification categories details: https://cloud.google.com/resource-manager/docs/managing-notification-contacts#notification-categories
categories_map = {
"BILLING" = setunion([local.group_billing_admins, local.required_groups["billing_data_users"]])
"LEGAL" = setunion([local.group_org_admins, local.required_groups["audit_data_users"]])
"PRODUCT_UPDATES" = [local.group_org_admins]
"SECURITY" = setunion([local.gcp_scc_admin, local.gcp_security_reviewer])
"SUSPENSION" = [local.group_org_admins]
"TECHNICAL" = setunion([local.gcp_security_reviewer, local.gcp_network_viewer])
}
# Convert a map indexed by category to a map indexed by email
# this way is simpler to understand and maintain than the opposite
# google_essential_contacts_contact resource needs one email with a list of categories
contacts_list = transpose(local.categories_map)
}
resource "google_essential_contacts_contact" "essential_contacts" {
for_each = local.contacts_list
parent = local.parent
email = each.key
language_tag = var.essential_contacts_language
notification_category_subscriptions = each.value
}