Change type of iam_bindings variable to allow multiple conditional bindings (#1658)

* modules * fast * dns readme
2023-09-08 08:56:31 +02:00
parent 63bf9eccc8
commit ec3b705f53
32 changed files with 153 additions and 144 deletions
--- a/modules/dataproc/README.md
+++ b/modules/dataproc/README.md
--- a/modules/dataproc/iam.tf
+++ b/modules/dataproc/iam.tf
@@ -46,7 +46,7 @@ resource "google_dataproc_cluster_iam_binding" "bindings" {
  project  = var.project_id
  cluster  = google_dataproc_cluster.cluster.name
  region   = var.region
-  role     = each.key
+  role     = each.value.role
  members  = each.value.members
  dynamic "condition" {
    for_each = each.value.condition == null ? [] : [""]
--- a/modules/dataproc/variables.tf
+++ b/modules/dataproc/variables.tf
@@ -197,9 +197,10 @@ variable "iam" {
 }

 variable "iam_bindings" {
-  description = "Authoritative IAM bindings in {ROLE => {members = [], condition = {}}}."
+  description = "Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary."
  type = map(object({
    members = list(string)
+    role    = string
    condition = optional(object({
      expression  = string
      title       = string