From d47478a466f8de28bdf2493d16044f8b13a7e770 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Wed, 4 Nov 2020 16:22:00 +0100
Subject: [PATCH] rename iam members variable in project module

---
 modules/project/README.md                  | 4 ++--
 modules/project/main.tf                    | 2 +-
 modules/project/variables.tf               | 6 +++---
 tests/modules/project/fixture/main.tf      | 2 +-
 tests/modules/project/fixture/variables.tf | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/project/README.md b/modules/project/README.md
index fcf7e189..61b62286 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -87,8 +87,8 @@ module "project" {
 | *auto_create_network* | Whether to create the default network for the project | <code title="">bool</code> |  | <code title="">false</code> |
 | *billing_account* | Billing account id. | <code title="">string</code> |  | <code title="">null</code> |
 | *custom_roles* | Map of role name => list of permissions to create in this project. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
-| *iam_additive* | Map of roles lists used to set non authoritative bindings, keyed by members | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
-| *iam_members* | Map of member lists used to set authoritative bindings, keyed by role. | <code title="map&#40;set&#40;string&#41;&#41;">map(set(string))</code> |  | <code title="">{}</code> |
+| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | <code title="map&#40;set&#40;string&#41;&#41;">map(set(string))</code> |  | <code title="">{}</code> |
+| *iam_additive* | IAM additive bindings in {ROLE => [MEMBERS]} format. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *labels* | Resource labels. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *lien_reason* | If non-empty, creates a project lien with this description. | <code title="">string</code> |  | <code title=""></code> |
 | *oslogin* | Enable OS Login. | <code title="">bool</code> |  | <code title="">false</code> |
diff --git a/modules/project/main.tf b/modules/project/main.tf
index eb899d70..f7cf5ddc 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -91,7 +91,7 @@ resource "google_project_service" "project_services" {
 # - additive (non-authoritative) roles might fail due to dynamic values
 
 resource "google_project_iam_binding" "authoritative" {
-  for_each = var.iam_members
+  for_each = var.iam
   project  = local.project.project_id
   role     = each.key
   members  = each.value
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index 26f36385..760a9183 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -32,14 +32,14 @@ variable "custom_roles" {
   default     = {}
 }
 
-variable "iam_members" {
-  description = "Map of member lists used to set authoritative bindings, keyed by role."
+variable "iam" {
+  description = "IAM bindings in {ROLE => [MEMBERS]} format."
   type        = map(set(string))
   default     = {}
 }
 
 variable "iam_additive" {
-  description = "Map of roles lists used to set non authoritative bindings, keyed by members"
+  description = "IAM additive bindings in {ROLE => [MEMBERS]} format."
   type        = map(list(string))
   default     = {}
 }
diff --git a/tests/modules/project/fixture/main.tf b/tests/modules/project/fixture/main.tf
index ea5dff0c..e7a9fd0e 100644
--- a/tests/modules/project/fixture/main.tf
+++ b/tests/modules/project/fixture/main.tf
@@ -20,7 +20,7 @@ module "test" {
   billing_account       = "12345-12345-12345"
   auto_create_network   = var.auto_create_network
   custom_roles          = var.custom_roles
-  iam_members           = var.iam_members
+  iam                   = var.iam
   iam_additive          = var.iam_additive
   labels                = var.labels
   lien_reason           = var.lien_reason
diff --git a/tests/modules/project/fixture/variables.tf b/tests/modules/project/fixture/variables.tf
index e8c8df00..1a60f856 100644
--- a/tests/modules/project/fixture/variables.tf
+++ b/tests/modules/project/fixture/variables.tf
@@ -24,7 +24,7 @@ variable "custom_roles" {
   default = {}
 }
 
-variable "iam_members" {
+variable "iam" {
   type    = map(list(string))
   default = {}
 }