From d2c84de8ff2547ba7e629e3adebfc8f045b62c7d Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 4 Nov 2020 15:44:28 +0100 Subject: [PATCH] use new variable names in organization module --- modules/organization/README.md | 6 +++--- modules/organization/main.tf | 6 +++--- modules/organization/variables.tf | 8 ++++---- tests/modules/organization/fixture/main.tf | 16 ++++++++-------- tests/modules/organization/fixture/variables.tf | 4 ++-- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/organization/README.md b/modules/organization/README.md index e0ea140f..0a090b12 100644 --- a/modules/organization/README.md +++ b/modules/organization/README.md @@ -13,7 +13,7 @@ This module allows managing several organization properties: module "org" { source = "./modules/organization" org_id = 1234567890 - iam_members = { "roles/projectCreator" = ["group:cloud-admins@example.org"] } + iam = { "roles/projectCreator" = ["group:cloud-admins@example.org"] } policy_boolean = { "constraints/compute.disableGuestAttributesAccess" = true "constraints/compute.skipDefaultNetworkCreation" = true @@ -36,9 +36,9 @@ module "org" { |---|---|:---: |:---:|:---:| | org_id | Organization id in nnnnnn format. | number | ✓ | | | *custom_roles* | Map of role name => list of permissions to create in this project. | map(list(string)) | | {} | -| *iam_additive_bindings* | Map of roles lists used to set non authoritative bindings, keyed by members. | map(list(string)) | | {} | +| *iam* | IAM bindings, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | +| *iam_additive* | Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | *iam_audit_config* | Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. | map(map(list(string))) | | {} | -| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | map(list(string)) | | {} | | *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool) | | {} | | *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({...})) | | {} | diff --git a/modules/organization/main.tf b/modules/organization/main.tf index f82caeda..6cf41017 100644 --- a/modules/organization/main.tf +++ b/modules/organization/main.tf @@ -16,7 +16,7 @@ locals { iam_additive_pairs = flatten([ - for member, roles in var.iam_additive_bindings : [ + for member, roles in var.iam_additive : [ for role in roles : { role = role, member = member } ] @@ -37,14 +37,14 @@ resource "google_organization_iam_custom_role" "roles" { } resource "google_organization_iam_binding" "authoritative" { - for_each = var.iam_members + for_each = var.iam org_id = var.org_id role = each.key members = each.value } resource "google_organization_iam_member" "additive" { - for_each = length(var.iam_additive_bindings) > 0 ? local.iam_additive : {} + for_each = length(var.iam_additive) > 0 ? local.iam_additive : {} org_id = var.org_id role = each.value.role member = each.value.member diff --git a/modules/organization/variables.tf b/modules/organization/variables.tf index b2cf18a1..293f0176 100644 --- a/modules/organization/variables.tf +++ b/modules/organization/variables.tf @@ -20,14 +20,14 @@ variable "custom_roles" { default = {} } -variable "iam_members" { - description = "Map of member lists used to set authoritative bindings, keyed by role." +variable "iam" { + description = "IAM bindings, in {ROLE => [MEMBERS]} format." type = map(list(string)) default = {} } -variable "iam_additive_bindings" { - description = "Map of roles lists used to set non authoritative bindings, keyed by members." +variable "iam_additive" { + description = "Non authoritative IAM bindings, in {ROLE => [MEMBERS]} format." type = map(list(string)) default = {} } diff --git a/tests/modules/organization/fixture/main.tf b/tests/modules/organization/fixture/main.tf index 718fe459..6c5d0bca 100644 --- a/tests/modules/organization/fixture/main.tf +++ b/tests/modules/organization/fixture/main.tf @@ -15,12 +15,12 @@ */ module "test" { - source = "../../../../modules/organization" - org_id = 1234567890 - custom_roles = var.custom_roles - iam_members = var.iam_members - iam_additive_bindings = var.iam_additive_bindings - iam_audit_config = var.iam_audit_config - policy_boolean = var.policy_boolean - policy_list = var.policy_list + source = "../../../../modules/organization" + org_id = 1234567890 + custom_roles = var.custom_roles + iam = var.iam + iam_additive = var.iam_additive + iam_audit_config = var.iam_audit_config + policy_boolean = var.policy_boolean + policy_list = var.policy_list } diff --git a/tests/modules/organization/fixture/variables.tf b/tests/modules/organization/fixture/variables.tf index a6b2123b..887c3345 100644 --- a/tests/modules/organization/fixture/variables.tf +++ b/tests/modules/organization/fixture/variables.tf @@ -19,12 +19,12 @@ variable "custom_roles" { default = {} } -variable "iam_members" { +variable "iam" { type = map(list(string)) default = {} } -variable "iam_additive_bindings" { +variable "iam_additive" { type = map(list(string)) default = {} }