From dc01db0426c5617213e9f0647f8f93b096505d13 Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lorenzo.caggioni@gmail.com>
Date: Fri, 11 Jun 2021 17:38:27 +0200
Subject: [PATCH] Update Readme and rename variable

---
 modules/project/README.md | 1 +
 modules/project/main.tf   | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/project/README.md b/modules/project/README.md
index 8000082e..099feb0d 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -177,6 +177,7 @@ module "project-host" {
 | *prefix* | Prefix used to generate project id and name. | <code title="">string</code> |  | <code title="">null</code> |
 | *project_create* | Create project. When set to false, uses a data source to reference existing project. | <code title="">bool</code> |  | <code title="">true</code> |
 | *service_config* | Configure service API activation. | <code title="object&#40;&#123;&#10;disable_on_destroy         &#61; bool&#10;disable_dependent_services &#61; bool&#10;&#125;&#41;">object({...})</code> |  | <code title="&#123;&#10;disable_on_destroy         &#61; true&#10;disable_dependent_services &#61; true&#10;&#125;">...</code> |
+| *service_encryption_key_ids* | Cloud KMS encryption key in {SERVICE => [KEY_URL]} format. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *service_perimeter_bridges* | Name of VPC-SC Bridge perimeters to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">null</code> |
 | *service_perimeter_standard* | Name of VPC-SC Standard perimeter to add project into. Specify the name in the form of 'accessPolicies/ACCESS_POLICY_NAME/servicePerimeters/PERIMETER_NAME'. | <code title="">string</code> |  | <code title="">null</code> |
 | *services* | Service APIs to enable. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
diff --git a/modules/project/main.tf b/modules/project/main.tf
index c13e7bd3..80b8b7c3 100644
--- a/modules/project/main.tf
+++ b/modules/project/main.tf
@@ -65,7 +65,7 @@ locals {
       if sink.iam && sink.type == type
     }
   }
-  service_encryption_key_ids_flatten = flatten([
+  service_encryption_key_ids = flatten([
     for service in keys(var.service_encryption_key_ids) : [
       for key in var.service_encryption_key_ids[service] : {
         service = service
@@ -367,7 +367,7 @@ resource "google_access_context_manager_service_perimeter_resource" "service-per
 
 resource "google_kms_crypto_key_iam_member" "crypto_key" {
   for_each = {
-    for service_key in local.service_encryption_key_ids_flatten : "${service_key.service}.${service_key.key}" => service_key
+    for service_key in local.service_encryption_key_ids : "${service_key.service}.${service_key.key}" => service_key
   }
   crypto_key_id = each.value.key
   role          = "roles/cloudkms.cryptoKeyEncrypter"