Merge branch '6-fix-iam-binding' into 'master'

Fix issue with iam variable Closes #6 See merge request !7

Merge branch '6-fix-iam-binding' into 'master'
44f02915 · Ryan Kowalewski · 2ea7380e · af29e331 · 44f02915 · 44f02915
Commit 44f02915 authored 1 year ago by Ryan Kowalewski
--- a/CHANGELOG
+++ b/CHANGELOG
 # Changelog
+
 All notable changes to this project will be documented in this file.

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

-## [3.1.0] - 2022-05-14
+## [3.1.1] - 2023-08-10
+
+## Fixed
+
+- Secret accessor IAM binding variable type.
+
+## [3.1.0] - 2023-08-09

 ### Added


--- a/README.md
+++ b/README.md
@@ -59,9 +59,9 @@ module "secret" {
  project          = local.project
  region           = "europe-west1"
  secret_id        = "test-secret"
-  secret_accessors = [
-    "serviceAccount:${google_service_account.secret_accessor.email}"
-  ]
+  secret_accessors = {
+    arbitrary_key_name = "serviceAccount:${google_service_account.secret_accessor.email}"
+  }
 }
 ```


--- a/main.tf
+++ b/main.tf
@@ -26,7 +26,7 @@ moved {
 }

 resource "google_secret_manager_secret_iam_member" "secret_accessors" {
-  for_each = toset(var.secret_accessors)
+  for_each = var.secret_accessors

  role      = "roles/secretmanager.secretAccessor"
  secret_id = google_secret_manager_secret.secret.id

--- a/variables.tf
+++ b/variables.tf
@@ -21,7 +21,11 @@ variable "secret_data" {
 }

 variable "secret_accessors" {
-  description = "A list of members to grant the secretmanager.secretAccessor role to."
-  type        = list(string)
-  default     = []
+  description = <<EOI
+A map of members to grant the secretmanager.secretAccessor role to.
+
+This must be in the format {<arbitrary_key_name> = <member email>}
+EOI
+  type        = map(string)
+  default     = {}
 }