rename iam variable in net vpc module

modules/net-vpc/README.md

@@ -86,7 +86,7 @@ module "vpc-host" {
     local.service_project_1.project_id,
     local.service_project_2.project_id
   ]
-  iam_members = {
+  iam = {
     "europe-west1/subnet-1" = {
       "roles/compute.networkUser" = [
         local.service_project_1.cloudsvc_sa,
@@ -110,13 +110,13 @@ module "vpc-host" {
 | *auto_create_subnetworks* | Set to true to create an auto mode subnet, defaults to custom mode. | <code title="">bool</code> |  | <code title="">false</code> |
 | *delete_default_routes_on_create* | Set to true to delete the default routes at creation time. | <code title="">bool</code> |  | <code title="">false</code> |
 | *description* | An optional description of this resource (triggers recreation on change). | <code title="">string</code> |  | <code title="">Terraform-managed.</code> |
-| *iam_members* | List of IAM members keyed by subnet 'region/name' and role. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> |  | <code title="">{}</code> |
+| *iam* | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> |  | <code title="">{}</code> |
 | *log_config_defaults* | Default configuration for flow logs when enabled. | <code title="object&#40;&#123;&#10;aggregation_interval &#61; string&#10;flow_sampling        &#61; number&#10;metadata             &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;aggregation_interval &#61; &#34;INTERVAL_5_SEC&#34;&#10;flow_sampling        &#61; 0.5&#10;metadata             &#61; &#34;INCLUDE_ALL_METADATA&#34;&#10;&#125;">...</code> |
 | *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | <code title="map&#40;map&#40;string&#41;&#41;">map(map(string))</code> |  | <code title="">{}</code> |
 | *peering_config* | VPC peering configuration. | <code title="object&#40;&#123;&#10;peer_vpc_self_link &#61; string&#10;export_routes      &#61; bool&#10;import_routes      &#61; bool&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
 | *peering_create_remote_end* | Skip creation of peering on the remote end when using peering_config | <code title="">bool</code> |  | <code title="">true</code> |
 | *routes* | Network routes, keyed by name. | <code title="map&#40;object&#40;&#123;&#10;dest_range    &#61; string&#10;priority      &#61; number&#10;tags          &#61; list&#40;string&#41;&#10;next_hop_type &#61; string &#35; gateway, instance, ip, vpn_tunnel, ilb&#10;next_hop      &#61; string&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
-| *routing_mode* | The network routing mode (default 'GLOBAL') | <code title="">string</code> |  | <code title="">GLOBAL</code> |
+| *routing_mode* | The network routing mode (default 'GLOBAL') | <code title="">string</code> |  | <code title="GLOBAL&#10;validation &#123;&#10;condition     &#61; var.routing_mode &#61;&#61; &#34;GLOBAL&#34; &#124;&#124; var.routing_mode &#61;&#61; &#34;REGIONAL&#34;&#10;error_message &#61; &#34;Routing type must be GLOBAL or REGIONAL.&#34;&#10;&#125;">...</code> |
 | *shared_vpc_host* | Enable shared VPC for this project. | <code title="">bool</code> |  | <code title="">false</code> |
 | *shared_vpc_service_projects* | Shared VPC service projects to register with this host | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
 | *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |

modules/net-vpc/main.tf

@@ -15,7 +15,7 @@
  */
 
 locals {
-  iam_members = var.iam_members == null ? {} : var.iam_members
+  iam_members = var.iam == null ? {} : var.iam
   subnet_iam_members = flatten([
     for subnet, roles in local.iam_members : [
       for role, members in roles : {

modules/net-vpc/variables.tf

@@ -32,8 +32,8 @@ variable "description" {
   default     = "Terraform-managed."
 }
 
-variable "iam_members" {
-  description = "List of IAM members keyed by subnet 'region/name' and role."
+variable "iam" {
+  description = "Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format."
   type        = map(map(list(string)))
   default     = {}
 }

networking/shared-vpc-gke/main.tf

@@ -107,7 +107,7 @@ module "vpc-shared" {
       }
     }
   ]
-  iam_members = {
+  iam = {
     "${var.region}/gce" = {
       "roles/compute.networkUser" = concat(var.owners_gce, [
         "serviceAccount:${module.project-svc-gce.service_accounts.cloud_services}",

tests/modules/net_vpc/fixture/main.tf

@@ -18,7 +18,7 @@ module "test" {
   source                      = "../../../../modules/net-vpc"
   project_id                  = var.project_id
   name                        = var.name
-  iam_members                 = var.iam_members
+  iam                         = var.iam
   log_configs                 = var.log_configs
   log_config_defaults         = var.log_config_defaults
   peering_config              = var.peering_config

tests/modules/net_vpc/fixture/variables.tf

@@ -29,7 +29,7 @@ variable "auto_create_subnetworks" {
   default = false
 }
 
-variable "iam_members" {
+variable "iam" {
   type    = map(map(set(string)))
   default = null
 }