Nested for-loop to grant permission¶

Overview¶

locals {
  read_bucket_priviledges = [
    for _email in toset([
      "serviceAccount:${google_service_account.XX.email}",
      ]) : {
      bucket = "XXX"
      email  = _email
    }
  ]
}


resource "google_storage_bucket_iam_member" "access_bucket" {
  # This support the identifier can access bucket
  # such as in Python: CLIENT.get_bucket(<bucket_name>)
  for_each = { for entry in local.read_bucket_priviledges : "${entry.bucket}.${entry.email}" => entry }
  bucket   = each.value.bucket
  role     = "roles/storage.legacyBucketReader"
  member   = each.value.email
}

Reference¶

https://www.daveperrett.com/articles/2021/08/19/nested-for-each-with-terraform/#:~:text=Unfortunately%2C%20there%20is%20no%20way,resulting%20list%2Dof%2Dlists