From 2b67ebb5d4534f93186d4bcb63493b6d404b6a2a Mon Sep 17 00:00:00 2001
From: Gary Verhaegen <gary.verhaegen@digitalasset.com>
Date: Fri, 9 Jul 2021 13:41:46 +0200
Subject: [PATCH] tf: refactor appr var (#10232)

Two changes at the Terraform level, both with no impact on the actual
GCP state:

- There is no reason to make this value a `variable`: variables in
  Terraforma are meant to be supplied at the CLI. `local` is the right
  abstraction here (i.e. set in the file directly).
- Using an unordered `for_each` set rather than a list so we don't have
  positional identity, meaning when adding someone at the top we don't
  need to destroy and recreate everyone else.

CHANGELOG_BEGIN
CHANGELOG_END
---
 infra/data_bucket.tf | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/infra/data_bucket.tf b/infra/data_bucket.tf
index 3f5a8442fd4c..fef3f0ab59a8 100644
--- a/infra/data_bucket.tf
+++ b/infra/data_bucket.tf
@@ -46,10 +46,8 @@ resource "google_storage_bucket_iam_member" "data_read" {
 }
 
 // allow read access for appr team, as requested by Moritz
-variable "appr" {
-  description = "Application Runtime team members"
-
-  default = [
+locals {
+  appr_team = [
     "user:akshay.shirahatti@digitalasset.com",
     "user:andreas.herrmann@digitalasset.com",
     "user:gary.verhaegen@digitalasset.com",
@@ -61,8 +59,8 @@ variable "appr" {
 }
 
 resource "google_storage_bucket_iam_member" "appr" {
-  count  = length(var.appr)
-  bucket = google_storage_bucket.data.name
-  role   = "roles/storage.objectViewer"
-  member = var.appr[count.index]
+  for_each = toset(local.appr_team)
+  bucket   = google_storage_bucket.data.name
+  role     = "roles/storage.objectViewer"
+  member   = each.key
 }