diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 4d2ae30d3..3c69da482 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -12,7 +12,7 @@ module "bucket" {
project_id = "myproject"
prefix = "test"
name = "my-bucket"
- iam_members = {
+ iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
}
@@ -26,7 +26,7 @@ module "bucket" {
project_id = "myproject"
prefix = "test"
name = "my-bucket"
- iam_members = {
+ iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
encryption_keys = local.kms_key.self_link
@@ -41,7 +41,7 @@ module "bucket" {
project_id = "myproject"
prefix = "test"
name = "my-bucket"
- iam_members = {
+ iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
@@ -72,7 +72,7 @@ module "bucket" {
| *logging_config* | Bucket logging configuration. | object({...}) | | null |
| *prefix* | Prefix used to generate the bucket name. | string | | null |
| *retention_policy* | Bucket retention policy. | object({...}) | | null |
-| *storage_class* | Bucket storage class. | string | | MULTI_REGIONAL |
+| *storage_class* | Bucket storage class. | string | | ... |
| *uniform_bucket_level_access* | Allow using object ACLs (false) or not (true, this is the recommended behavior) , defaults to true (which is the recommended practice, but not the behavior of storage API). | bool | | true |
| *versioning* | Enable versioning, defaults to false. | bool | | false |
diff --git a/modules/gcs/main.tf b/modules/gcs/main.tf
index d9f866aed..b983b0a6a 100644
--- a/modules/gcs/main.tf
+++ b/modules/gcs/main.tf
@@ -64,7 +64,7 @@ resource "google_storage_bucket" "bucket" {
}
resource "google_storage_bucket_iam_binding" "bindings" {
- for_each = var.iam_members
+ for_each = var.iam
bucket = google_storage_bucket.bucket.name
role = each.key
members = each.value
diff --git a/modules/gcs/variables.tf b/modules/gcs/variables.tf
index 7c8d800fb..dac13b043 100644
--- a/modules/gcs/variables.tf
+++ b/modules/gcs/variables.tf
@@ -26,9 +26,9 @@ variable "force_destroy" {
default = false
}
-variable "iam_members" {
- description = "IAM members keyed by bucket name and role."
- type = map(set(string))
+variable "iam" {
+ description = "IAM bindings in {ROLE => [MEMBERS]} format."
+ type = map(list(string))
default = {}
}
diff --git a/tests/modules/gcs/fixture/main.tf b/tests/modules/gcs/fixture/main.tf
index a8b892b05..711196cbf 100644
--- a/tests/modules/gcs/fixture/main.tf
+++ b/tests/modules/gcs/fixture/main.tf
@@ -19,7 +19,7 @@ module "test" {
project_id = "my-project"
uniform_bucket_level_access = var.uniform_bucket_level_access
force_destroy = var.force_destroy
- iam_members = var.iam_members
+ iam = var.iam
labels = var.labels
logging_config = var.logging_config
name = "bucket-a"
diff --git a/tests/modules/gcs/fixture/variables.tf b/tests/modules/gcs/fixture/variables.tf
index dfc9a83a4..c989a2866 100644
--- a/tests/modules/gcs/fixture/variables.tf
+++ b/tests/modules/gcs/fixture/variables.tf
@@ -24,8 +24,8 @@ variable "force_destroy" {
default = true
}
-variable "iam_members" {
- type = map(set(string))
+variable "iam" {
+ type = map(list(string))
default = {}
}
diff --git a/tests/modules/gcs/test_plan.py b/tests/modules/gcs/test_plan.py
index 8516b5440..4749b901b 100644
--- a/tests/modules/gcs/test_plan.py
+++ b/tests/modules/gcs/test_plan.py
@@ -55,7 +55,6 @@ def test_config_values(plan_runner):
def test_iam(plan_runner):
"Test bucket resources with iam roles and members."
- iam_members = '{ "roles/storage.admin" = ["user:a@b.com"] }'
- _, resources = plan_runner(
- FIXTURES_DIR, iam_members=iam_members)
+ iam = '{ "roles/storage.admin" = ["user:a@b.com"] }'
+ _, resources = plan_runner(FIXTURES_DIR, iam=iam)
assert len(resources) == 2