use a map for secret versions in secret-manager module

modules/secret-manager/README.md

@@ -63,13 +63,13 @@ module "secret-manager" {
     test-manual = ["europe-west1", "europe-west4"]
   }
   versions = {
-    test-auto = [
-      { enabled = false, data = "auto foo bar baz", name = "v1" },
-      { enabled = true, data = "auto foo bar spam", name = "v2" },
-    ],
-    test-manual = [
-      { enabled = true, data = "manual foo bar spam", name = "v1" }
-    ]
+    test-auto = {
+      v1 = { enabled = false, data = "auto foo bar baz" }
+      v2 = { enabled = true, data = "auto foo bar spam" }
+    },
+    test-manual = {
+      v1 = { enabled = true, data = "manual foo bar spam" }
+    }
   }
 }
 ```

modules/secret-manager/main.tf

@@ -21,16 +21,15 @@ locals {
     [for role in roles : { name = name, role = role }]
   ])
   iam_keypairs = {
-    for pair in local.iam_pairs :
-    "${pair.name}-${pair.role}" => pair
+    for pair in local.iam_pairs : "${pair.name}-${pair.role}" => pair
   }
   version_pairs = flatten([
-    for name, versions in var.versions :
-    [for version in versions : merge(version, { secret = name })]
+    for secret, versions in var.versions : [
+      for name, attrs in versions : merge(attrs, { name = name, secret = secret })
+    ]
   ])
   version_keypairs = {
-    for pair in local.version_pairs :
-    "${pair.secret}:${pair.name}" => pair
+    for pair in local.version_pairs : "${pair.secret}:${pair.name}" => pair
   }
 }
 

modules/secret-manager/variables.tf

@@ -44,11 +44,10 @@ variable "project_id" {
 }
 
 variable "versions" {
-  description = "Optional versions to manage for each secret. Version names are only used internally to track each version and must be unique for each secret/version pair."
-  type = map(list(object({
+  description = "Optional versions to manage for each secret. Version names are only used internally to track individual versions."
+  type = map(map(object({
     enabled = bool
     data    = string
-    name    = string
   })))
   default = {}
 }