rename iam variable in service account module

2020-11-05 09:22:13 +01:00 · 2020-11-05 09:22:13 +01:00 · cb54ff77a1
parent 44f1828c33
commit cb54ff77a1
6 changed files with 9 additions and 14 deletions
--- a/modules/iam-service-account/README.md
+++ b/modules/iam-service-account/README.md
@ -11,7 +11,7 @@ module "myproject-default-service-accounts" {
  name              = "vm-default"
  generate_key      = true
  # authoritative roles granted *on* the service accounts to other identities
-  iam_members       = {
+  iam       = {
    "roles/iam.serviceAccountUser" = ["user:foo@example.com"]
  }
  # non-authoritative roles granted *to* the service accounts on other resources
--- a/modules/iam-service-account/main.tf
+++ b/modules/iam-service-account/main.tf
@ -67,7 +67,7 @@ resource "google_service_account_key" "key" {
 }

 resource "google_service_account_iam_binding" "roles" {
-  for_each           = var.iam_members
+  for_each           = var.iam
  service_account_id = google_service_account.service_account.name
  role               = each.key
  members            = each.value
--- a/modules/iam-service-account/variables.tf
+++ b/modules/iam-service-account/variables.tf
@ -20,9 +20,9 @@ variable "generate_key" {
  default     = false
 }

-variable "iam_members" {
-  description = "Map of members which are granted authoritative roles on the service account, keyed by role."
-  type        = map(set(string))
+variable "iam" {
+  description = "IAM bindings on the service account in {ROLE => [MEMBERS]} format."
+  type        = map(list(string))
  default     = {}
 }

--- a/tests/modules/iam_service_account/fixture/main.tf
+++ b/tests/modules/iam_service_account/fixture/main.tf
@ -20,7 +20,7 @@ module "test" {
  name                   = "sa-one"
  prefix                 = var.prefix
  generate_key           = var.generate_key
-  iam_members            = var.iam_members
+  iam                    = var.iam
  iam_billing_roles      = var.iam_billing_roles
  iam_folder_roles       = var.iam_folder_roles
  iam_organization_roles = var.iam_organization_roles
--- a/tests/modules/iam_service_account/fixture/variables.tf
+++ b/tests/modules/iam_service_account/fixture/variables.tf
@ -19,7 +19,7 @@ variable "generate_key" {
  default = false
 }

-variable "iam_members" {
+variable "iam" {
  type    = map(list(string))
  default = {}
 }
--- a/tests/modules/iam_service_account/test_plan.py
+++ b/tests/modules/iam_service_account/test_plan.py
@ -36,13 +36,8 @@ def test_resources(plan_runner):

 def test_iam_roles(plan_runner):
  "Test iam roles with one member."
-  variables = dict(
-    iam_members=(
-      '{'
-      '"roles/iam.serviceAccountUser" = ["user:a@b.com"] '
-      '}')
-  )
-  _, resources = plan_runner(FIXTURES_DIR, **variables)
+  iam=('{"roles/iam.serviceAccountUser" = ["user:a@b.com"]}')
+  _, resources = plan_runner(FIXTURES_DIR, iam=iam)
  assert len(resources) == 2
  iam_resources = [r for r in resources
                   if r['type'] != 'google_service_account']