Skip to content

feat!: Swap count for for_each on subnet IAM resources #1009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat!: Swap count for for_each on subnet IAM resources #1009

wants to merge 3 commits into from

Conversation

thatcoleyouknow
Copy link

As an engineer that works for an organization that adds new subnets on a regular basis, we find ourselves constantly having to review very lengthy Terraform plans that are full of google_compute_subnetwork_iam_member recreations. This is partly due to Terraform lists being unordered but this can now be solved for by replacing the count argument with for_each in each of those resources. This would be a one-time breaking change, but it would also make it the last time consumers have to deal subnet IAM grants getting recreated due to changes in the list of subnets passed to this module.

If you all have any questions, concerns, or suggestions, I'd be happy to talk through those. I am also an enterprise customer so I can open a feature request with our TAM to try and help prioritize this, if that would help you all.

Thank you!

@thatcoleyouknow
First stab at fixing subnet IAM permissions that change every time a …
a3f2ef2 
…new subnet is added or removed in the host project
@thatcoleyouknow thatcoleyouknow marked this pull request as ready for review October 11, 2025 17:57
@thatcoleyouknow thatcoleyouknow requested a review from a team as a code owner October 11, 2025 17:57
@thatcoleyouknow thatcoleyouknow changed the title fix: Swap count for for_each on subnet IAM resources fix!: Swap count for for_each on subnet IAM resources Oct 11, 2025
@thatcoleyouknow thatcoleyouknow marked this pull request as draft October 11, 2025 18:04
@thatcoleyouknow thatcoleyouknow changed the title fix!: Swap count for for_each on subnet IAM resources feat!: Swap count for for_each on subnet IAM resources Oct 11, 2025
@thatcoleyouknow thatcoleyouknow marked this pull request as ready for review October 12, 2025 15:03
@thatcoleyouknow
Copy link
Author

FWIW this has been tested internally. If any issues arise once someone kicks off the checks, feel free to @ me.

@thatcoleyouknow thatcoleyouknow marked this pull request as draft October 12, 2025 23:43
@thatcoleyouknow thatcoleyouknow marked this pull request as ready for review October 12, 2025 23:51
@thatcoleyouknow
Copy link
Author

Could someone tell me what failed in the terraform-google-project-factory-int-trigger check? I don't have permissions to view that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thatcoleyouknow