rename iam variables in gcs module
This commit is contained in:
parent
bf23199724
commit
9d0db19c5e
|
@ -12,7 +12,7 @@ module "bucket" {
|
|||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
iam_members = {
|
||||
iam = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
}
|
||||
|
@ -26,7 +26,7 @@ module "bucket" {
|
|||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
iam_members = {
|
||||
iam = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
encryption_keys = local.kms_key.self_link
|
||||
|
@ -41,7 +41,7 @@ module "bucket" {
|
|||
project_id = "myproject"
|
||||
prefix = "test"
|
||||
name = "my-bucket"
|
||||
iam_members = {
|
||||
iam = {
|
||||
"roles/storage.admin" = ["group:storage@example.com"]
|
||||
}
|
||||
|
||||
|
@ -72,7 +72,7 @@ module "bucket" {
|
|||
| *logging_config* | Bucket logging configuration. | <code title="object({ log_bucket = string log_object_prefix = string })">object({...})</code> | | <code title="">null</code> |
|
||||
| *prefix* | Prefix used to generate the bucket name. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *retention_policy* | Bucket retention policy. | <code title="object({ retention_period = number is_locked = bool })">object({...})</code> | | <code title="">null</code> |
|
||||
| *storage_class* | Bucket storage class. | <code title="">string</code> | | <code title="">MULTI_REGIONAL</code> |
|
||||
| *storage_class* | Bucket storage class. | <code title="">string</code> | | <code title="MULTI_REGIONAL validation { condition = contains(["STANDARD", "MULTI_REGIONAL", "REGIONAL", "NEARLINE", "COLDLINE", "ARCHIVE"], var.storage_class) error_message = "Storage class must be one of STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE." }">...</code> |
|
||||
| *uniform_bucket_level_access* | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | <code title="">bool</code> | | <code title="">true</code> |
|
||||
| *versioning* | Enable versioning, defaults to false. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ resource "google_storage_bucket" "bucket" {
|
|||
}
|
||||
|
||||
resource "google_storage_bucket_iam_binding" "bindings" {
|
||||
for_each = var.iam_members
|
||||
for_each = var.iam
|
||||
bucket = google_storage_bucket.bucket.name
|
||||
role = each.key
|
||||
members = each.value
|
||||
|
|
|
@ -26,9 +26,9 @@ variable "force_destroy" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
description = "IAM members keyed by bucket name and role."
|
||||
type = map(set(string))
|
||||
variable "iam" {
|
||||
description = "IAM bindings in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ module "test" {
|
|||
project_id = "my-project"
|
||||
uniform_bucket_level_access = var.uniform_bucket_level_access
|
||||
force_destroy = var.force_destroy
|
||||
iam_members = var.iam_members
|
||||
iam = var.iam
|
||||
labels = var.labels
|
||||
logging_config = var.logging_config
|
||||
name = "bucket-a"
|
||||
|
|
|
@ -24,8 +24,8 @@ variable "force_destroy" {
|
|||
default = true
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
type = map(set(string))
|
||||
variable "iam" {
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
|
|
|
@ -55,7 +55,6 @@ def test_config_values(plan_runner):
|
|||
|
||||
def test_iam(plan_runner):
|
||||
"Test bucket resources with iam roles and members."
|
||||
iam_members = '{ "roles/storage.admin" = ["user:a@b.com"] }'
|
||||
_, resources = plan_runner(
|
||||
FIXTURES_DIR, iam_members=iam_members)
|
||||
iam = '{ "roles/storage.admin" = ["user:a@b.com"] }'
|
||||
_, resources = plan_runner(FIXTURES_DIR, iam=iam)
|
||||
assert len(resources) == 2
|
||||
|
|
Loading…
Reference in New Issue