use new variable names in organization module

2020-11-04 15:44:28 +01:00 · 2020-11-04 15:44:28 +01:00 · d2c84de8ff
parent 7c05b49714
commit d2c84de8ff
5 changed files with 20 additions and 20 deletions
--- a/modules/organization/README.md
+++ b/modules/organization/README.md
@ -13,7 +13,7 @@ This module allows managing several organization properties:
 module "org" {
  source      = "./modules/organization"
  org_id      = 1234567890
-  iam_members = { "roles/projectCreator" = ["group:cloud-admins@example.org"] }
+  iam = { "roles/projectCreator" = ["group:cloud-admins@example.org"] }
  policy_boolean = {
    "constraints/compute.disableGuestAttributesAccess" = true
    "constraints/compute.skipDefaultNetworkCreation" = true
@ -36,9 +36,9 @@ module "org" {
 |---|---|:---: |:---:|:---:|
 | org_id | Organization id in nnnnnn format. | <code title="">number</code> | ✓ |  |
 | *custom_roles* | Map of role name => list of permissions to create in this project. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
-| *iam_additive_bindings* | Map of roles lists used to set non authoritative bindings, keyed by members. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
+| *iam* | IAM bindings, in {ROLE => [MEMBERS]} format. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
+| *iam_additive* | Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *iam_audit_config* | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> |  | <code title="">{}</code> |
-| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | <code title="map&#40;bool&#41;">map(bool)</code> |  | <code title="">{}</code> |
 | *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | <code title="map&#40;object&#40;&#123;&#10;inherit_from_parent &#61; bool&#10;suggested_value     &#61; string&#10;status              &#61; bool&#10;values              &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |

--- a/modules/organization/main.tf
+++ b/modules/organization/main.tf
@ -16,7 +16,7 @@

 locals {
  iam_additive_pairs = flatten([
-    for member, roles in var.iam_additive_bindings : [
+    for member, roles in var.iam_additive : [
      for role in roles :
      { role = role, member = member }
    ]
@ -37,14 +37,14 @@ resource "google_organization_iam_custom_role" "roles" {
 }

 resource "google_organization_iam_binding" "authoritative" {
-  for_each = var.iam_members
+  for_each = var.iam
  org_id   = var.org_id
  role     = each.key
  members  = each.value
 }

 resource "google_organization_iam_member" "additive" {
-  for_each = length(var.iam_additive_bindings) > 0 ? local.iam_additive : {}
+  for_each = length(var.iam_additive) > 0 ? local.iam_additive : {}
  org_id   = var.org_id
  role     = each.value.role
  member   = each.value.member
--- a/modules/organization/variables.tf
+++ b/modules/organization/variables.tf
@ -20,14 +20,14 @@ variable "custom_roles" {
  default     = {}
 }

-variable "iam_members" {
-  description = "Map of member lists used to set authoritative bindings, keyed by role."
+variable "iam" {
+  description = "IAM bindings, in {ROLE => [MEMBERS]} format."
  type        = map(list(string))
  default     = {}
 }

-variable "iam_additive_bindings" {
-  description = "Map of roles lists used to set non authoritative bindings, keyed by members."
+variable "iam_additive" {
+  description = "Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format."
  type        = map(list(string))
  default     = {}
 }
--- a/tests/modules/organization/fixture/main.tf
+++ b/tests/modules/organization/fixture/main.tf
@ -15,12 +15,12 @@
 */

 module "test" {
-  source                = "../../../../modules/organization"
-  org_id                = 1234567890
-  custom_roles          = var.custom_roles
-  iam_members           = var.iam_members
-  iam_additive_bindings = var.iam_additive_bindings
-  iam_audit_config      = var.iam_audit_config
-  policy_boolean        = var.policy_boolean
-  policy_list           = var.policy_list
+  source           = "../../../../modules/organization"
+  org_id           = 1234567890
+  custom_roles     = var.custom_roles
+  iam              = var.iam
+  iam_additive     = var.iam_additive
+  iam_audit_config = var.iam_audit_config
+  policy_boolean   = var.policy_boolean
+  policy_list      = var.policy_list
 }
--- a/tests/modules/organization/fixture/variables.tf
+++ b/tests/modules/organization/fixture/variables.tf
@ -19,12 +19,12 @@ variable "custom_roles" {
  default = {}
 }

-variable "iam_members" {
+variable "iam" {
  type    = map(list(string))
  default = {}
 }

-variable "iam_additive_bindings" {
+variable "iam_additive" {
  type    = map(list(string))
  default = {}
 }