From 9d0db19c5ecf11d6497630b58b086fff5c6e4ee0 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Wed, 4 Nov 2020 16:57:06 +0100
Subject: [PATCH] rename iam variables in gcs module

---
 modules/gcs/README.md                  | 8 ++++----
 modules/gcs/main.tf                    | 2 +-
 modules/gcs/variables.tf               | 6 +++---
 tests/modules/gcs/fixture/main.tf      | 2 +-
 tests/modules/gcs/fixture/variables.tf | 4 ++--
 tests/modules/gcs/test_plan.py         | 5 ++---
 6 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 4d2ae30d..3c69da48 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -12,7 +12,7 @@ module "bucket" {
   project_id = "myproject"
   prefix     = "test"
   name       = "my-bucket"
-  iam_members = {
+  iam = {
     "roles/storage.admin" = ["group:storage@example.com"]
   }
 }
@@ -26,7 +26,7 @@ module "bucket" {
   project_id = "myproject"
   prefix     = "test"
   name       = "my-bucket"
-  iam_members = {
+  iam = {
     "roles/storage.admin" = ["group:storage@example.com"]
   }
   encryption_keys = local.kms_key.self_link
@@ -41,7 +41,7 @@ module "bucket" {
   project_id = "myproject"
   prefix     = "test"
   name       = "my-bucket"
-  iam_members = {
+  iam = {
     "roles/storage.admin" = ["group:storage@example.com"]
   }
 
@@ -72,7 +72,7 @@ module "bucket" {
 | *logging_config* | Bucket logging configuration. | <code title="object&#40;&#123;&#10;log_bucket        &#61; string&#10;log_object_prefix &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
 | *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> |  | <code title="">null</code> |
 | *retention_policy* | Bucket retention policy. | <code title="object&#40;&#123;&#10;retention_period &#61; number&#10;is_locked        &#61; bool&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
-| *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="">MULTI_REGIONAL</code> |
+| *storage_class* | Bucket storage class. | <code title="">string</code> |  | <code title="MULTI_REGIONAL&#10;validation &#123;&#10;condition     &#61; contains&#40;&#91;&#34;STANDARD&#34;, &#34;MULTI_REGIONAL&#34;, &#34;REGIONAL&#34;, &#34;NEARLINE&#34;, &#34;COLDLINE&#34;, &#34;ARCHIVE&#34;&#93;, var.storage_class&#41;&#10;error_message &#61; &#34;Storage class must be one of STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.&#34;&#10;&#125;">...</code> |
 | *uniform_bucket_level_access* | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | <code title="">bool</code> |  | <code title="">true</code> |
 | *versioning* | Enable versioning, defaults to false. | <code title="">bool</code> |  | <code title="">false</code> |
 
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index d9f866ae..b983b0a6 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -64,7 +64,7 @@ resource "google_storage_bucket" "bucket" {
 }
 
 resource "google_storage_bucket_iam_binding" "bindings" {
-  for_each = var.iam_members
+  for_each = var.iam
   bucket   = google_storage_bucket.bucket.name
   role     = each.key
   members  = each.value
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index 7c8d800f..dac13b04 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -26,9 +26,9 @@ variable "force_destroy" {
   default     = false
 }
 
-variable "iam_members" {
-  description = "IAM members keyed by bucket name and role."
-  type        = map(set(string))
+variable "iam" {
+  description = "IAM bindings in {ROLE => [MEMBERS]} format."
+  type        = map(list(string))
   default     = {}
 }
 
diff --git a/tests/modules/gcs/fixture/main.tf b/tests/modules/gcs/fixture/main.tf
index a8b892b0..711196cb 100644
--- a/tests/modules/gcs/fixture/main.tf
+++ b/tests/modules/gcs/fixture/main.tf
@@ -19,7 +19,7 @@ module "test" {
   project_id                  = "my-project"
   uniform_bucket_level_access = var.uniform_bucket_level_access
   force_destroy               = var.force_destroy
-  iam_members                 = var.iam_members
+  iam                         = var.iam
   labels                      = var.labels
   logging_config              = var.logging_config
   name                        = "bucket-a"
diff --git a/tests/modules/gcs/fixture/variables.tf b/tests/modules/gcs/fixture/variables.tf
index dfc9a83a..c989a286 100644
--- a/tests/modules/gcs/fixture/variables.tf
+++ b/tests/modules/gcs/fixture/variables.tf
@@ -24,8 +24,8 @@ variable "force_destroy" {
   default = true
 }
 
-variable "iam_members" {
-  type    = map(set(string))
+variable "iam" {
+  type    = map(list(string))
   default = {}
 }
 
diff --git a/tests/modules/gcs/test_plan.py b/tests/modules/gcs/test_plan.py
index 8516b544..4749b901 100644
--- a/tests/modules/gcs/test_plan.py
+++ b/tests/modules/gcs/test_plan.py
@@ -55,7 +55,6 @@ def test_config_values(plan_runner):
 
 def test_iam(plan_runner):
   "Test bucket resources with iam roles and members."
-  iam_members = '{ "roles/storage.admin" = ["user:a@b.com"] }'
-  _, resources = plan_runner(
-      FIXTURES_DIR, iam_members=iam_members)
+  iam = '{ "roles/storage.admin" = ["user:a@b.com"] }'
+  _, resources = plan_runner(FIXTURES_DIR, iam=iam)
   assert len(resources) == 2