bug: override iam role binding which has no condition
Closed this issue · 0 comments
lirlia commented
As-Is
when add user to iam role binding by terraform.
Terraform will perform the following actions:
# google_project_iam_member.bq_user will be created
+ resource "google_project_iam_member" "bq_user" {
+ etag = (known after apply)
+ id = (known after apply)
+ member = "user:xxx"
+ project = "xxx"
+ role = "roles/bigquery.dataEditor"
}
Plan: 1 to add, 0 to change, 0 to destroy.
After I add same role by prel
After I apply terraform, same create message showed and generate new binding
After I add same role by prel
ToBe
- if Iam Role binding exists with no condition or condition which controlled by not prel, prel must not change this.
- prel can only overwrite role binding setting if prel set in past.