diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index d541d176..a000a474 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -86,7 +86,7 @@ module "vpc-host" {
local.service_project_1.project_id,
local.service_project_2.project_id
]
- iam_members = {
+ iam = {
"europe-west1/subnet-1" = {
"roles/compute.networkUser" = [
local.service_project_1.cloudsvc_sa,
@@ -110,13 +110,13 @@ module "vpc-host" {
| *auto_create_subnetworks* | Set to true to create an auto mode subnet, defaults to custom mode. | bool
| | false
|
| *delete_default_routes_on_create* | Set to true to delete the default routes at creation time. | bool
| | false
|
| *description* | An optional description of this resource (triggers recreation on change). | string
| | Terraform-managed.
|
-| *iam_members* | List of IAM members keyed by subnet 'region/name' and role. | map(map(list(string)))
| | {}
|
+| *iam* | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string)))
| | {}
|
| *log_config_defaults* | Default configuration for flow logs when enabled. | object({...})
| | ...
|
| *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | map(map(string))
| | {}
|
| *peering_config* | VPC peering configuration. | object({...})
| | null
|
| *peering_create_remote_end* | Skip creation of peering on the remote end when using peering_config | bool
| | true
|
| *routes* | Network routes, keyed by name. | map(object({...}))
| | {}
|
-| *routing_mode* | The network routing mode (default 'GLOBAL') | string
| | GLOBAL
|
+| *routing_mode* | The network routing mode (default 'GLOBAL') | string
| | ...
|
| *shared_vpc_host* | Enable shared VPC for this project. | bool
| | false
|
| *shared_vpc_service_projects* | Shared VPC service projects to register with this host | list(string)
| | []
|
| *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | map(string)
| | {}
|
diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf
index bad4f870..14800ef5 100644
--- a/modules/net-vpc/main.tf
+++ b/modules/net-vpc/main.tf
@@ -15,7 +15,7 @@
*/
locals {
- iam_members = var.iam_members == null ? {} : var.iam_members
+ iam_members = var.iam == null ? {} : var.iam
subnet_iam_members = flatten([
for subnet, roles in local.iam_members : [
for role, members in roles : {
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 6c3ab855..485da879 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -32,8 +32,8 @@ variable "description" {
default = "Terraform-managed."
}
-variable "iam_members" {
- description = "List of IAM members keyed by subnet 'region/name' and role."
+variable "iam" {
+ description = "Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format."
type = map(map(list(string)))
default = {}
}
diff --git a/networking/shared-vpc-gke/main.tf b/networking/shared-vpc-gke/main.tf
index 05e34bc4..bee0d814 100644
--- a/networking/shared-vpc-gke/main.tf
+++ b/networking/shared-vpc-gke/main.tf
@@ -107,7 +107,7 @@ module "vpc-shared" {
}
}
]
- iam_members = {
+ iam = {
"${var.region}/gce" = {
"roles/compute.networkUser" = concat(var.owners_gce, [
"serviceAccount:${module.project-svc-gce.service_accounts.cloud_services}",
diff --git a/tests/modules/net_vpc/fixture/main.tf b/tests/modules/net_vpc/fixture/main.tf
index 5ab2c4f8..03b74124 100644
--- a/tests/modules/net_vpc/fixture/main.tf
+++ b/tests/modules/net_vpc/fixture/main.tf
@@ -18,7 +18,7 @@ module "test" {
source = "../../../../modules/net-vpc"
project_id = var.project_id
name = var.name
- iam_members = var.iam_members
+ iam = var.iam
log_configs = var.log_configs
log_config_defaults = var.log_config_defaults
peering_config = var.peering_config
diff --git a/tests/modules/net_vpc/fixture/variables.tf b/tests/modules/net_vpc/fixture/variables.tf
index 7388ad66..0a19ef07 100644
--- a/tests/modules/net_vpc/fixture/variables.tf
+++ b/tests/modules/net_vpc/fixture/variables.tf
@@ -29,7 +29,7 @@ variable "auto_create_subnetworks" {
default = false
}
-variable "iam_members" {
+variable "iam" {
type = map(map(set(string)))
default = null
}