rename iam variables in gcs module

2020-11-04 16:57:06 +01:00 · 2020-11-04 16:57:06 +01:00 · 9d0db19c5e
parent bf23199724
commit 9d0db19c5e
6 changed files with 13 additions and 14 deletions
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@ -12,7 +12,7 @@ module "bucket" {
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
-  iam_members = {
+  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }
 }
@ -26,7 +26,7 @@ module "bucket" {
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
-  iam_members = {
+  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }
  encryption_keys = local.kms_key.self_link
@ -41,7 +41,7 @@ module "bucket" {
  project_id = "myproject"
  prefix     = "test"
  name       = "my-bucket"
-  iam_members = {
+  iam = {
    "roles/storage.admin" = ["group:storage@example.com"]
  }

@ -72,7 +72,7 @@ module "bucket" {
 | *logging_config* | Bucket logging configuration. | <code title="object&#40;&#123;&#10;log_bucket        &#61; string&#10;log_object_prefix &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
 | *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> |  | <code title="">null</code> |
 | *retention_policy* | Bucket retention policy. | <code title="object&#40;&#123;&#10;retention_period &#61; number&#10;is_locked        &#61; bool&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
-| *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="">MULTI_REGIONAL</code> |
+| *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="MULTI_REGIONAL&#10;validation &#123;&#10;condition     &#61; contains&#40;&#91;&#34;STANDARD&#34;, &#34;MULTI_REGIONAL&#34;, &#34;REGIONAL&#34;, &#34;NEARLINE&#34;, &#34;COLDLINE&#34;, &#34;ARCHIVE&#34;&#93;, var.storage_class&#41;&#10;error_message &#61; &#34;Storage class must be one of STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.&#34;&#10;&#125;">...</code> |
 | *uniform_bucket_level_access* | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | <code title="">bool</code> |  | <code title="">true</code> |
 | *versioning* | Enable versioning, defaults to false. | <code title="">bool</code> |  | <code title="">false</code> |

--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@ -64,7 +64,7 @@ resource "google_storage_bucket" "bucket" {
 }

 resource "google_storage_bucket_iam_binding" "bindings" {
-  for_each = var.iam_members
+  for_each = var.iam
  bucket   = google_storage_bucket.bucket.name
  role     = each.key
  members  = each.value
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@ -26,9 +26,9 @@ variable "force_destroy" {
  default     = false
 }

-variable "iam_members" {
-  description = "IAM members keyed by bucket name and role."
-  type        = map(set(string))
+variable "iam" {
+  description = "IAM bindings in {ROLE => [MEMBERS]} format."
+  type        = map(list(string))
  default     = {}
 }

--- a/tests/modules/gcs/fixture/main.tf
+++ b/tests/modules/gcs/fixture/main.tf
@ -19,7 +19,7 @@ module "test" {
  project_id                  = "my-project"
  uniform_bucket_level_access = var.uniform_bucket_level_access
  force_destroy               = var.force_destroy
-  iam_members                 = var.iam_members
+  iam                         = var.iam
  labels                      = var.labels
  logging_config              = var.logging_config
  name                        = "bucket-a"
--- a/tests/modules/gcs/fixture/variables.tf
+++ b/tests/modules/gcs/fixture/variables.tf
@ -24,8 +24,8 @@ variable "force_destroy" {
  default = true
 }

-variable "iam_members" {
-  type    = map(set(string))
+variable "iam" {
+  type    = map(list(string))
  default = {}
 }

--- a/tests/modules/gcs/test_plan.py
+++ b/tests/modules/gcs/test_plan.py
@ -55,7 +55,6 @@ def test_config_values(plan_runner):

 def test_iam(plan_runner):
  "Test bucket resources with iam roles and members."
-  iam_members = '{ "roles/storage.admin" = ["user:a@b.com"] }'
-  _, resources = plan_runner(
-      FIXTURES_DIR, iam_members=iam_members)
+  iam = '{ "roles/storage.admin" = ["user:a@b.com"] }'
+  _, resources = plan_runner(FIXTURES_DIR, iam=iam)
  assert len(resources) == 2