Skip to content
This repository was archived by the owner on Aug 21, 2025. It is now read-only.

Commit c6c0c80

Browse files
committed
No need to set grant org managers space manager privileges also
1 parent 6a63e23 commit c6c0c80

1 file changed

Lines changed: 4 additions & 6 deletions

File tree

main.tf

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ locals {
66
])
77
technology_allowlist = flatten([for t in var.program_technologies : local.allowlist_map[t]])
88
worker_egress_allowlist = setunion([var.ci_server_url], local.technology_allowlist, var.worker_egress_allowlist)
9+
cg_space_users = setunion(var.cf_org_managers, var.developer_emails)
910
}
1011

1112
# the `depends_on` lines for each resource or module is needed to properly sequence initial creation
@@ -20,8 +21,7 @@ module "manager_space" {
2021
cf_org_name = var.cf_org_name
2122
cf_space_name = "${var.cf_space_prefix}-manager"
2223
allow_ssh = var.allow_ssh
23-
deployers = var.cf_org_managers
24-
developers = var.developer_emails
24+
developers = local.cg_space_users
2525
auditors = var.auditor_emails
2626
}
2727

@@ -32,8 +32,7 @@ module "worker_space" {
3232
cf_org_name = var.cf_org_name
3333
cf_space_name = "${var.cf_space_prefix}-workers"
3434
allow_ssh = true # manager must be able to cf ssh into workers
35-
deployers = var.cf_org_managers
36-
developers = var.developer_emails
35+
developers = local.cg_space_users
3736
auditors = var.auditor_emails
3837
security_group_names = ["trusted_local_networks_egress"]
3938
}
@@ -145,8 +144,7 @@ module "egress_space" {
145144
cf_org_name = var.cf_org_name
146145
cf_space_name = "${var.cf_space_prefix}-egress"
147146
allow_ssh = var.allow_ssh
148-
deployers = var.cf_org_managers
149-
developers = var.developer_emails
147+
developers = local.cg_space_users
150148
auditors = var.auditor_emails
151149
security_group_names = ["public_networks_egress"]
152150
}

0 commit comments

Comments
 (0)