rename iam variable in service account module
This commit is contained in:
parent
44f1828c33
commit
cb54ff77a1
|
@ -11,7 +11,7 @@ module "myproject-default-service-accounts" {
|
|||
name = "vm-default"
|
||||
generate_key = true
|
||||
# authoritative roles granted *on* the service accounts to other identities
|
||||
iam_members = {
|
||||
iam = {
|
||||
"roles/iam.serviceAccountUser" = ["user:foo@example.com"]
|
||||
}
|
||||
# non-authoritative roles granted *to* the service accounts on other resources
|
||||
|
|
|
@ -67,7 +67,7 @@ resource "google_service_account_key" "key" {
|
|||
}
|
||||
|
||||
resource "google_service_account_iam_binding" "roles" {
|
||||
for_each = var.iam_members
|
||||
for_each = var.iam
|
||||
service_account_id = google_service_account.service_account.name
|
||||
role = each.key
|
||||
members = each.value
|
||||
|
|
|
@ -20,9 +20,9 @@ variable "generate_key" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
description = "Map of members which are granted authoritative roles on the service account, keyed by role."
|
||||
type = map(set(string))
|
||||
variable "iam" {
|
||||
description = "IAM bindings on the service account in {ROLE => [MEMBERS]} format."
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ module "test" {
|
|||
name = "sa-one"
|
||||
prefix = var.prefix
|
||||
generate_key = var.generate_key
|
||||
iam_members = var.iam_members
|
||||
iam = var.iam
|
||||
iam_billing_roles = var.iam_billing_roles
|
||||
iam_folder_roles = var.iam_folder_roles
|
||||
iam_organization_roles = var.iam_organization_roles
|
||||
|
|
|
@ -19,7 +19,7 @@ variable "generate_key" {
|
|||
default = false
|
||||
}
|
||||
|
||||
variable "iam_members" {
|
||||
variable "iam" {
|
||||
type = map(list(string))
|
||||
default = {}
|
||||
}
|
||||
|
|
|
@ -36,13 +36,8 @@ def test_resources(plan_runner):
|
|||
|
||||
def test_iam_roles(plan_runner):
|
||||
"Test iam roles with one member."
|
||||
variables = dict(
|
||||
iam_members=(
|
||||
'{'
|
||||
'"roles/iam.serviceAccountUser" = ["user:a@b.com"] '
|
||||
'}')
|
||||
)
|
||||
_, resources = plan_runner(FIXTURES_DIR, **variables)
|
||||
iam=('{"roles/iam.serviceAccountUser" = ["user:a@b.com"]}')
|
||||
_, resources = plan_runner(FIXTURES_DIR, iam=iam)
|
||||
assert len(resources) == 2
|
||||
iam_resources = [r for r in resources
|
||||
if r['type'] != 'google_service_account']
|
||||
|
|
Loading…
Reference in New Issue