update service directory module to 0.13

modules/service-directory/README.md

@@ -15,14 +15,11 @@ module "service-directory" {
   project_id  = "my-project"
   location    = "europe-west1"
   name        = "sd-1"
-  iam_members = {
+  iam = {
     "roles/servicedirectory.editor" = [
       "serviceAccount:namespace-editor@example.com"
     ]
   }
-  iam_roles = [
-    "roles/servicedirectory.editor"
-  ]
 }
 ```
 
@@ -40,16 +37,13 @@ module "service-directory" {
       metadata  = null
     }
   }
-  service_iam_members = {
+  service_iam = {
     one = {
       "roles/servicedirectory.editor" = [
         "serviceAccount:service-editor.example.com"
       ]
     }
   }
-  service_iam_roles = {
-    one = ["roles/servicedirectory.editor"]
-  }
   endpoint_config = {
     "one/first"  = { address = "127.0.0.1", port = 80, metadata = {} }
     "one/second" = { address = "127.0.0.2", port = 80, metadata = {} }
@@ -67,14 +61,11 @@ module "service-directory" {
   project_id  = "my-project"
   location    = "europe-west1"
   name       = "apps"
-  iam_members = {
+  iam = {
     "roles/servicedirectory.editor" = [
       "serviceAccount:namespace-editor@example.com"
     ]
   }
-  iam_roles = [
-    "roles/servicedirectory.editor"
-  ]
   services = {
     app1 = { endpoints = ["one"], metadata = null }
   }
@@ -104,11 +95,9 @@ module "dns-sd" {
 | name | Namespace name. | <code title="">string</code> | ✓ |  |
 | project_id | Project used for resources. | <code title="">string</code> | ✓ |  |
 | *endpoint_config* | Map of endpoint attributes, keys are in service/endpoint format. | <code title="map&#40;object&#40;&#123;&#10;address  &#61; string&#10;port     &#61; number&#10;metadata &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
-| *iam_members* | IAM members for each namespace role. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
-| *iam_roles* | IAM roles for the namespace. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *iam* | IAM bindings for namespace, in {ROLE => [MEMBERS]} format. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *labels* | Labels. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
-| *service_iam_members* | IAM members for each service and role. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> |  | <code title="">{}</code> |
-| *service_iam_roles* | IAM roles for each service. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
+| *service_iam* | IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format. | <code title="map&#40;map&#40;list&#40;string&#41;&#41;&#41;">map(map(list(string)))</code> |  | <code title="">{}</code> |
 | *services* | Service configuration, using service names as keys. | <code title="map&#40;object&#40;&#123;&#10;endpoints &#61; list&#40;string&#41;&#10;metadata  &#61; map&#40;string&#41;&#10;&#125;&#41;&#41;">map(object({...}))</code> |  | <code title="">{}</code> |
 
 ## Outputs

modules/service-directory/main.tf

@@ -23,17 +23,14 @@ locals {
   endpoints = {
     for ep in local.endpoint_list : "${ep.service}/${ep.endpoint}" => ep
   }
-  iam_pairs = var.service_iam_roles == null ? [] : flatten([
-    for name, roles in var.service_iam_roles :
-    [for role in roles : { name = name, role = role }]
+  iam_pairs = var.service_iam == null ? [] : flatten([
+    for name, bindings in var.service_iam :
+    [for role in keys(bindings) : { name = name, role = role }]
   ])
   iam_keypairs = {
     for pair in local.iam_pairs :
     "${pair.name}-${pair.role}" => pair
   }
-  iam_members = (
-    var.service_iam_members == null ? {} : var.service_iam_members
-  )
 }
 
 resource "google_service_directory_namespace" "default" {
@@ -46,10 +43,10 @@ resource "google_service_directory_namespace" "default" {
 
 resource "google_service_directory_namespace_iam_binding" "default" {
   provider = google-beta
-  for_each = toset(var.iam_roles)
+  for_each = var.iam
   name     = google_service_directory_namespace.default.name
-  role     = each.value
-  members  = lookup(var.iam_members, each.value, [])
+  role     = each.key
+  members  = each.value
 }
 
 resource "google_service_directory_service" "default" {
@@ -66,7 +63,7 @@ resource "google_service_directory_service_iam_binding" "default" {
   name     = google_service_directory_service.default[each.value.name].name
   role     = each.value.role
   members = lookup(
-    lookup(local.iam_members, each.value.name, {}), each.value.role, []
+    lookup(var.service_iam, each.value.name, {}), each.value.role, []
   )
 }
 

modules/service-directory/variables.tf

@@ -25,18 +25,12 @@ variable "endpoint_config" {
   default = {}
 }
 
-variable "iam_members" {
-  description = "IAM members for each namespace role."
+variable "iam" {
+  description = "IAM bindings for namespace, in {ROLE => [MEMBERS]} format."
   type        = map(list(string))
   default     = {}
 }
 
-variable "iam_roles" {
-  description = "IAM roles for the namespace."
-  type        = list(string)
-  default     = []
-}
-
 variable "labels" {
   description = "Labels."
   type        = map(string)
@@ -58,18 +52,12 @@ variable "project_id" {
   type        = string
 }
 
-variable "service_iam_members" {
-  description = "IAM members for each service and role."
+variable "service_iam" {
+  description = "IAM bindings for services, in {SERVICE => {ROLE => [MEMBERS]}} format."
   type        = map(map(list(string)))
   default     = {}
 }
 
-variable "service_iam_roles" {
-  description = "IAM roles for each service."
-  type        = map(list(string))
-  default     = {}
-}
-
 variable "services" {
   description = "Service configuration, using service names as keys."
   type = map(object({