diff --git a/modules/project/README.md b/modules/project/README.md
index fcf7e189..61b62286 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -87,8 +87,8 @@ module "project" {
| *auto_create_network* | Whether to create the default network for the project | bool
| | false
|
| *billing_account* | Billing account id. | string
| | null
|
| *custom_roles* | Map of role name => list of permissions to create in this project. | map(list(string))
| | {}
|
-| *iam_additive* | Map of roles lists used to set non authoritative bindings, keyed by members | map(list(string))
| | {}
|
-| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | map(set(string))
| | {}
|
+| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | map(set(string))
| | {}
|
+| *iam_additive* | IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
| *labels* | Resource labels. | map(string)
| | {}
|
| *lien_reason* | If non-empty, creates a project lien with this description. | string
| |
|
| *oslogin* | Enable OS Login. | bool
| | false
|
diff --git a/modules/project/main.tf b/modules/project/main.tf
index eb899d70..f7cf5ddc 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -91,7 +91,7 @@ resource "google_project_service" "project_services" {
# - additive (non-authoritative) roles might fail due to dynamic values
resource "google_project_iam_binding" "authoritative" {
- for_each = var.iam_members
+ for_each = var.iam
project = local.project.project_id
role = each.key
members = each.value
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index 26f36385..760a9183 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -32,14 +32,14 @@ variable "custom_roles" {
default = {}
}
-variable "iam_members" {
- description = "Map of member lists used to set authoritative bindings, keyed by role."
+variable "iam" {
+ description = "IAM bindings in {ROLE => [MEMBERS]} format."
type = map(set(string))
default = {}
}
variable "iam_additive" {
- description = "Map of roles lists used to set non authoritative bindings, keyed by members"
+ description = "IAM additive bindings in {ROLE => [MEMBERS]} format."
type = map(list(string))
default = {}
}
diff --git a/tests/modules/project/fixture/main.tf b/tests/modules/project/fixture/main.tf
index ea5dff0c..e7a9fd0e 100644
--- a/tests/modules/project/fixture/main.tf
+++ b/tests/modules/project/fixture/main.tf
@@ -20,7 +20,7 @@ module "test" {
billing_account = "12345-12345-12345"
auto_create_network = var.auto_create_network
custom_roles = var.custom_roles
- iam_members = var.iam_members
+ iam = var.iam
iam_additive = var.iam_additive
labels = var.labels
lien_reason = var.lien_reason
diff --git a/tests/modules/project/fixture/variables.tf b/tests/modules/project/fixture/variables.tf
index e8c8df00..1a60f856 100644
--- a/tests/modules/project/fixture/variables.tf
+++ b/tests/modules/project/fixture/variables.tf
@@ -24,7 +24,7 @@ variable "custom_roles" {
default = {}
}
-variable "iam_members" {
+variable "iam" {
type = map(list(string))
default = {}
}