From 2065ef49cc22984510a3b7ab4b9b592835243a05 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sat, 2 May 2020 09:34:53 +0200
Subject: [PATCH] use a map for secret versions in secret-manager module

---
 modules/secret-manager/README.md    | 14 +++++++-------
 modules/secret-manager/main.tf      | 11 +++++------
 modules/secret-manager/variables.tf |  5 ++---
 3 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/modules/secret-manager/README.md b/modules/secret-manager/README.md
index a16ae246f..413fedbad 100644
--- a/modules/secret-manager/README.md
+++ b/modules/secret-manager/README.md
@@ -63,13 +63,13 @@ module "secret-manager" {
     test-manual = ["europe-west1", "europe-west4"]
   }
   versions = {
-    test-auto = [
-      { enabled = false, data = "auto foo bar baz", name = "v1" },
-      { enabled = true, data = "auto foo bar spam", name = "v2" },
-    ],
-    test-manual = [
-      { enabled = true, data = "manual foo bar spam", name = "v1" }
-    ]
+    test-auto = {
+      v1 = { enabled = false, data = "auto foo bar baz" }
+      v2 = { enabled = true, data = "auto foo bar spam" }
+    },
+    test-manual = {
+      v1 = { enabled = true, data = "manual foo bar spam" }
+    }
   }
 }
 ```
diff --git a/modules/secret-manager/main.tf b/modules/secret-manager/main.tf
index 964bf12fd..ee16eb5e4 100644
--- a/modules/secret-manager/main.tf
+++ b/modules/secret-manager/main.tf
@@ -21,16 +21,15 @@ locals {
     [for role in roles : { name = name, role = role }]
   ])
   iam_keypairs = {
-    for pair in local.iam_pairs :
-    "${pair.name}-${pair.role}" => pair
+    for pair in local.iam_pairs : "${pair.name}-${pair.role}" => pair
   }
   version_pairs = flatten([
-    for name, versions in var.versions :
-    [for version in versions : merge(version, { secret = name })]
+    for secret, versions in var.versions : [
+      for name, attrs in versions : merge(attrs, { name = name, secret = secret })
+    ]
   ])
   version_keypairs = {
-    for pair in local.version_pairs :
-    "${pair.secret}:${pair.name}" => pair
+    for pair in local.version_pairs : "${pair.secret}:${pair.name}" => pair
   }
 }
 
diff --git a/modules/secret-manager/variables.tf b/modules/secret-manager/variables.tf
index e7fad2ce1..b097018a5 100644
--- a/modules/secret-manager/variables.tf
+++ b/modules/secret-manager/variables.tf
@@ -44,11 +44,10 @@ variable "project_id" {
 }
 
 variable "versions" {
-  description = "Optional versions to manage for each secret. Version names are only used internally to track each version and must be unique for each secret/version pair."
-  type = map(list(object({
+  description = "Optional versions to manage for each secret. Version names are only used internally to track individual versions."
+  type = map(map(object({
     enabled = bool
     data    = string
-    name    = string
   })))
   default = {}
 }