From 0e1fb9bf9ec7653eeda8ae489a17115b3fd3af88 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Wed, 4 Nov 2020 16:49:29 +0100
Subject: [PATCH] rename iam variables in folder unit module

---
 modules/folders-unit/locals.tf    |  7 +------
 modules/folders-unit/main.tf      |  8 ++++----
 modules/folders-unit/variables.tf | 18 ++++++------------
 3 files changed, 11 insertions(+), 22 deletions(-)

diff --git a/modules/folders-unit/locals.tf b/modules/folders-unit/locals.tf
index 1ad80700b..96edad4aa 100644
--- a/modules/folders-unit/locals.tf
+++ b/modules/folders-unit/locals.tf
@@ -16,12 +16,7 @@
 
 locals {
   folder_roles = concat(var.iam_enviroment_roles, local.sa_xpn_folder_roles)
-  iam_members  = var.iam_members == null ? {} : var.iam_members
-  iam_roles    = var.iam_roles == null ? [] : var.iam_roles
-  unit_iam_bindings = {
-    for role in local.iam_roles :
-    role => lookup(local.iam_members, role, [])
-  }
+  iam          = var.iam == null ? {} : var.iam
   folder_iam_service_account_bindings = {
     for pair in setproduct(keys(var.environments), local.folder_roles) :
     "${pair.0}-${pair.1}" => { environment = pair.0, role = pair.1 }
diff --git a/modules/folders-unit/main.tf b/modules/folders-unit/main.tf
index 3034d20ff..25e030719 100644
--- a/modules/folders-unit/main.tf
+++ b/modules/folders-unit/main.tf
@@ -34,7 +34,7 @@ resource "google_folder" "environment" {
 }
 
 resource "google_folder_iam_binding" "unit" {
-  for_each = local.unit_iam_bindings
+  for_each = var.iam
   folder   = google_folder.unit.name
   role     = each.key
   members  = each.value
@@ -92,9 +92,9 @@ resource "google_storage_bucket" "tfstate" {
     var.prefix == null ? "" : "${var.prefix}-",
     "${var.short_name}-${each.key}-tf"
   ])
-  location           = var.gcs_defaults.location
-  storage_class      = var.gcs_defaults.storage_class
-  force_destroy      = false
+  location                    = var.gcs_defaults.location
+  storage_class               = var.gcs_defaults.storage_class
+  force_destroy               = false
   uniform_bucket_level_access = true
   versioning {
     enabled = true
diff --git a/modules/folders-unit/variables.tf b/modules/folders-unit/variables.tf
index f7a8df3fa..d8782edcc 100644
--- a/modules/folders-unit/variables.tf
+++ b/modules/folders-unit/variables.tf
@@ -42,6 +42,12 @@ variable "gcs_defaults" {
   }
 }
 
+variable "iam" {
+  description = "IAM bindings for the top-level folder in {ROLE => [MEMBERS]} format."
+  type        = map(list(string))
+  default     = {}
+}
+
 variable "iam_billing_config" {
   description = "Grant billing user role to service accounts, defaults to granting on the billing account."
   type = object({
@@ -65,18 +71,6 @@ variable "iam_enviroment_roles" {
   ]
 }
 
-variable "iam_members" {
-  description = "IAM members for roles applied on the unit folder."
-  type        = map(list(string))
-  default     = null
-}
-
-variable "iam_roles" {
-  description = "IAM roles applied on the unit folder."
-  type        = list(string)
-  default     = null
-}
-
 variable "iam_xpn_config" {
   description = "Grant Shared VPC creation roles to service accounts, defaults to granting at folder level."
   type = object({