Fix IAM additive (#200)

* Fix wrong iam_addictive variable input (#197)

iam_additive variable from Project module expect { "roles" = list(string) } input

Co-authored-by: Emre Turan <emre@unl.global>

* fix project example

Co-authored-by: Emre Turan <turan.emre@gmail.com>
Co-authored-by: Emre Turan <emre@unl.global>

foundations/environments/main.tf

@@ -24,8 +24,8 @@ module "tf-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive = {
-    for name in var.iam_terraform_owners : (name) => ["roles/owner"]
+  iam_additive    = {
+    "roles/owner" = var.iam_terraform_owners
   }
   services = var.project_services
 }
@@ -158,8 +158,8 @@ module "sharedsvc-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive = {
-    for name in var.iam_shared_owners : (name) => ["roles/owner"]
+  iam_additive    = {
+    "roles/owner" = var.iam_shared_owners
   }
   services = var.project_services
 }

modules/project/README.md

@@ -36,23 +36,12 @@ module "project" {
   name            = "project-example"
 
   iam_additive = {
-    "group:usergroup_watermlon_experimentation@lemonadeinc.io" = [
-	    "roles/viewer",
-	    "roles/storage.objectAdmin"
-    ],
-    "group:usergroup_gcp_admin@lemonadeinc.io" = [
-	    "roles/owner",
-    ],
-    "group:usergroup_gcp_privilege_access@lemonadeinc.io" = [
-	    "roles/editor"
-    ],
-    "group:engineering@lemonadeinc.io" = [
-	    "roles/pubsub.subscriber",
-	    "roles/storage.objectViewer"
-    ],
+    "roles/viewer"               = ["group:one@example.org", "group:two@xample.org"],
+    "roles/storage.objectAdmin"  = ["group:two@example.org"],
+    "roles/owner"                = ["group:three@example.org"],
   }
 }
-# tftest:modules=1:resources=7
+# tftest:modules=1:resources=5
 ```
 
 ### Organization policies