Add the possibility of prohibiting certain types of resources

[bkamin29]

An exemple with the GCP Provider :

About IAM management, 3 different types of resources can be used : google_project_iam_policy, google_project_iam_binding and google_project_iam_member.

The GCP IAM API manage users roles as a users list per roles.
In terraform, google_project_iam_member will append a new user in the list of the role, but google_project_iam_binding will totally replace this list by the one in parameter.

So, it's not possible to declare two times the resource google_project_iam_binding (or google_project_iam_binding and google_project_iam_member) to manage the same gcp role in the same Terraform stack.

Same case with the resources google_project_service and google_project_services

It could be interesting to check this part with terraform-validator.

[thazelart]

I agree and it could be one of the next update!

I've been thinking about it for a while but I don't know yet how to implement it correctly.