rename iam variables in folder module

2020-11-04 16:49:19 +01:00 · 2020-11-04 16:49:19 +01:00 · 02d867ff3d
parent d47478a466
commit 02d867ff3d
3 changed files with 6 additions and 6 deletions
--- a/modules/folder/README.md
+++ b/modules/folder/README.md
@ -11,7 +11,7 @@ module "folder" {
  source = "./modules/folder"
  parent = "organizations/1234567890"
  name  = "Folder name"
-  iam_members = {
+  iam = {
    "roles/owner" = ["group:users@example.com"]
  }
 }
@ -46,7 +46,7 @@ module "folder" {
 |---|---|:---: |:---:|:---:|
 | name | Folder name. | <code title="">string</code> | ✓ |  |
 | parent | Parent in folders/folder_id or organizations/org_id format. | <code title="string&#10;validation &#123;&#10;condition     &#61; can&#40;regex&#40;&#34;&#40;organizations&#124;folders&#41;&#47;&#91;0-9&#93;&#43;&#34;, var.parent&#41;&#41;&#10;error_message &#61; &#34;Parent must be of the form folders&#47;folder_id or organizations&#47;organization_id.&#34;&#10;&#125;">string</code> | ✓ |  |
-| *iam_members* | List of IAM members keyed by role. | <code title="map&#40;set&#40;string&#41;&#41;">map(set(string))</code> |  | <code title="">null</code> |
+| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map&#40;set&#40;string&#41;&#41;">map(set(string))</code> |  | <code title="">null</code> |
 | *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 | *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map&#40;object&#40;&#123;&#10;inherit_from_parent &#61; bool&#10;suggested_value     &#61; string&#10;status              &#61; bool&#10;values              &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |

--- a/modules/folder/main.tf
+++ b/modules/folder/main.tf
@ -21,7 +21,7 @@ resource "google_folder" "folder" {
 }

 resource "google_folder_iam_binding" "authoritative" {
-  for_each = var.iam_members
+  for_each = var.iam
  folder   = google_folder.folder.name
  role     = each.key
  members  = each.value
--- a/modules/folder/variables.tf
+++ b/modules/folder/variables.tf
@ -14,10 +14,10 @@
 * limitations under the License.
 */

-variable "iam_members" {
-  description = "List of IAM members keyed by role."
+variable "iam" {
+  description = "IAM bindings in {ROLE => [MEMBERS]} format."
  type        = map(set(string))
-  default     = null
+  default     = {}
 }

 variable "name" {