rename iam variables in gcs module
This commit is contained in:
parent
bf23199724
commit
9d0db19c5e
|
@ -12,7 +12,7 @@ module "bucket" {
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
prefix = "test"
|
prefix = "test"
|
||||||
name = "my-bucket"
|
name = "my-bucket"
|
||||||
iam_members = {
|
iam = {
|
||||||
"roles/storage.admin" = ["group:storage@example.com"]
|
"roles/storage.admin" = ["group:storage@example.com"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -26,7 +26,7 @@ module "bucket" {
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
prefix = "test"
|
prefix = "test"
|
||||||
name = "my-bucket"
|
name = "my-bucket"
|
||||||
iam_members = {
|
iam = {
|
||||||
"roles/storage.admin" = ["group:storage@example.com"]
|
"roles/storage.admin" = ["group:storage@example.com"]
|
||||||
}
|
}
|
||||||
encryption_keys = local.kms_key.self_link
|
encryption_keys = local.kms_key.self_link
|
||||||
|
@ -41,7 +41,7 @@ module "bucket" {
|
||||||
project_id = "myproject"
|
project_id = "myproject"
|
||||||
prefix = "test"
|
prefix = "test"
|
||||||
name = "my-bucket"
|
name = "my-bucket"
|
||||||
iam_members = {
|
iam = {
|
||||||
"roles/storage.admin" = ["group:storage@example.com"]
|
"roles/storage.admin" = ["group:storage@example.com"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ module "bucket" {
|
||||||
| *logging_config* | Bucket logging configuration. | <code title="object({ log_bucket = string log_object_prefix = string })">object({...})</code> | | <code title="">null</code> |
|
| *logging_config* | Bucket logging configuration. | <code title="object({ log_bucket = string log_object_prefix = string })">object({...})</code> | | <code title="">null</code> |
|
||||||
| *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> | | <code title="">null</code> |
|
| *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> | | <code title="">null</code> |
|
||||||
| *retention_policy* | Bucket retention policy. | <code title="object({ retention_period = number is_locked = bool })">object({...})</code> | | <code title="">null</code> |
|
| *retention_policy* | Bucket retention policy. | <code title="object({ retention_period = number is_locked = bool })">object({...})</code> | | <code title="">null</code> |
|
||||||
| *storage_class* | Bucket storage class. | <code title="">string</code> | | <code title="">MULTI_REGIONAL</code> |
|
| *storage_class* | Bucket storage class. | <code title="">string</code> | | <code title="MULTI_REGIONAL validation { condition = contains(["STANDARD", "MULTI_REGIONAL", "REGIONAL", "NEARLINE", "COLDLINE", "ARCHIVE"], var.storage_class) error_message = "Storage class must be one of STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE." }">...</code> |
|
||||||
| *uniform_bucket_level_access* | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | <code title="">bool</code> | | <code title="">true</code> |
|
| *uniform_bucket_level_access* | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | <code title="">bool</code> | | <code title="">true</code> |
|
||||||
| *versioning* | Enable versioning, defaults to false. | <code title="">bool</code> | | <code title="">false</code> |
|
| *versioning* | Enable versioning, defaults to false. | <code title="">bool</code> | | <code title="">false</code> |
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,7 @@ resource "google_storage_bucket" "bucket" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_storage_bucket_iam_binding" "bindings" {
|
resource "google_storage_bucket_iam_binding" "bindings" {
|
||||||
for_each = var.iam_members
|
for_each = var.iam
|
||||||
bucket = google_storage_bucket.bucket.name
|
bucket = google_storage_bucket.bucket.name
|
||||||
role = each.key
|
role = each.key
|
||||||
members = each.value
|
members = each.value
|
||||||
|
|
|
@ -26,9 +26,9 @@ variable "force_destroy" {
|
||||||
default = false
|
default = false
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "iam_members" {
|
variable "iam" {
|
||||||
description = "IAM members keyed by bucket name and role."
|
description = "IAM bindings in {ROLE => [MEMBERS]} format."
|
||||||
type = map(set(string))
|
type = map(list(string))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@ module "test" {
|
||||||
project_id = "my-project"
|
project_id = "my-project"
|
||||||
uniform_bucket_level_access = var.uniform_bucket_level_access
|
uniform_bucket_level_access = var.uniform_bucket_level_access
|
||||||
force_destroy = var.force_destroy
|
force_destroy = var.force_destroy
|
||||||
iam_members = var.iam_members
|
iam = var.iam
|
||||||
labels = var.labels
|
labels = var.labels
|
||||||
logging_config = var.logging_config
|
logging_config = var.logging_config
|
||||||
name = "bucket-a"
|
name = "bucket-a"
|
||||||
|
|
|
@ -24,8 +24,8 @@ variable "force_destroy" {
|
||||||
default = true
|
default = true
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "iam_members" {
|
variable "iam" {
|
||||||
type = map(set(string))
|
type = map(list(string))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -55,7 +55,6 @@ def test_config_values(plan_runner):
|
||||||
|
|
||||||
def test_iam(plan_runner):
|
def test_iam(plan_runner):
|
||||||
"Test bucket resources with iam roles and members."
|
"Test bucket resources with iam roles and members."
|
||||||
iam_members = '{ "roles/storage.admin" = ["user:a@b.com"] }'
|
iam = '{ "roles/storage.admin" = ["user:a@b.com"] }'
|
||||||
_, resources = plan_runner(
|
_, resources = plan_runner(FIXTURES_DIR, iam=iam)
|
||||||
FIXTURES_DIR, iam_members=iam_members)
|
|
||||||
assert len(resources) == 2
|
assert len(resources) == 2
|
||||||
|
|
Loading…
Reference in New Issue