diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf index 204b69d88e..02576e8e10 100644 --- a/modules/net-vpc/subnets.tf +++ b/modules/net-vpc/subnets.tf @@ -30,9 +30,9 @@ locals { subnet = k role = "roles/compute.networkUser" members = concat( - formatlist("group:%s", try(v.iam_groups, [])), - formatlist("user:%s", try(v.iam_users, [])), - formatlist("serviceAccount:%s", try(v.iam_service_accounts, [])) + formatlist("group:%s", lookup(v, "iam_groups", [])), + formatlist("user:%s", lookup(v, "iam_users", [])), + formatlist("serviceAccount:%s", lookup(v, "iam_service_accounts", [])) ) } ] @@ -73,7 +73,8 @@ locals { local._factory_descriptions, var.subnet_descriptions ) subnet_iam_members = concat( - local._factory_iam_members, local._subnet_iam_members + [for k in local._factory_iam_members : k if length(k.members) > 0], + local._subnet_iam_members ) subnet_flow_logs = merge( local._factory_flow_logs, local._subnet_flow_logs diff --git a/tests/modules/net_vpc/test_plan_subnets.py b/tests/modules/net_vpc/test_plan_subnets.py index 0ff9d99991..992d4a98b5 100644 --- a/tests/modules/net_vpc/test_plan_subnets.py +++ b/tests/modules/net_vpc/test_plan_subnets.py @@ -20,8 +20,7 @@ ' secondary_ip_range=null},' '{name = "c", region = "europe-west1", ip_cidr_range = "10.0.2.0/24",' ' secondary_ip_range={a="192.168.0.0/24", b="192.168.1.0/24"}},' - ']' -) + ']') _VAR_DATA_FOLDER = "data" @@ -29,9 +28,10 @@ def test_subnet_factory(plan_runner): "Test subnet factory." _, resources = plan_runner(data_folder=_VAR_DATA_FOLDER) - assert len(resources) == 5 - subnets = [r['values'] - for r in resources if r['type'] == 'google_compute_subnetwork'] + assert len(resources) == 3 + subnets = [ + r['values'] for r in resources if r['type'] == 'google_compute_subnetwork' + ] assert {s['name'] for s in subnets} == {'factory-subnet', 'factory-subnet2'} assert {len(s['secondary_ip_range']) for s in subnets} == {0, 1} @@ -40,8 +40,9 @@ def test_subnets_simple(plan_runner): "Test subnets variable." _, resources = plan_runner(subnets=_VAR_SUBNETS) assert len(resources) == 4 - subnets = [r['values'] - for r in resources if r['type'] == 'google_compute_subnetwork'] + subnets = [ + r['values'] for r in resources if r['type'] == 'google_compute_subnetwork' + ] assert {s['name'] for s in subnets} == {'a', 'b', 'c'} assert {len(s['secondary_ip_range']) for s in subnets} == {0, 0, 2} @@ -51,11 +52,9 @@ def test_subnet_log_configs(plan_runner): log_config = '{"europe-west1/a" = { flow_sampling = 0.1 }}' log_config_defaults = ( '{aggregation_interval = "INTERVAL_10_MIN", flow_sampling = 0.5, ' - 'metadata = "INCLUDE_ALL_METADATA"}' - ) + 'metadata = "INCLUDE_ALL_METADATA"}') subnet_flow_logs = '{"europe-west1/a"=true, "europe-west1/b"=true}' - _, resources = plan_runner(subnets=_VAR_SUBNETS, - log_configs=log_config, + _, resources = plan_runner(subnets=_VAR_SUBNETS, log_configs=log_config, log_config_defaults=log_config_defaults, subnet_flow_logs=subnet_flow_logs) assert len(resources) == 4 @@ -63,9 +62,10 @@ def test_subnet_log_configs(plan_runner): for r in resources: if r['type'] != 'google_compute_subnetwork': continue - flow_logs[r['values']['name']] = [{key: config[key] for key in config.keys() - & {'aggregation_interval', 'flow_sampling', 'metadata'}} - for config in r['values']['log_config']] + flow_logs[r['values']['name']] = [{ + key: config[key] for key in config.keys() & + {'aggregation_interval', 'flow_sampling', 'metadata'} + } for config in r['values']['log_config']] assert flow_logs == { # enable, override one default option 'a': [{