-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add IAM conditions support for generated IAM resources (#2633)
Merged PR #2633.
- Loading branch information
1 parent
a365cca
commit 36f1209
Showing
8 changed files
with
338 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Submodule terraform
updated
from 5caead to c29a9a
Submodule terraform-beta
updated
from a4df9d to 369724
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -120,6 +120,130 @@ func TestAcc<%= resource_name -%>IamPolicyGenerated(t *testing.T) { | |
}) | ||
} | ||
|
||
<% unless version == 'ga' || object.iam_policy.iam_conditions_request_type.nil? -%> | ||
func TestAcc<%= resource_name -%>IamBindingGenerated_withCondition(t *testing.T) { | ||
t.Parallel() | ||
|
||
<%= lines(compile('templates/terraform/iam/iam_context.go.erb')) -%> | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAcc<%= resource_name -%>IamBinding_withConditionGenerated(context), | ||
}, | ||
{ | ||
ResourceName: "<%= resource_ns_iam -%>_binding.foo", | ||
ImportStateId: fmt.Sprintf("<%= import_url -%> <%= object.iam_policy.allowed_iam_role -%> %s"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>, context["condition_title"]), | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAcc<%= resource_name -%>IamBindingGenerated_withAndWithoutCondition(t *testing.T) { | ||
t.Parallel() | ||
|
||
<%= lines(compile('templates/terraform/iam/iam_context.go.erb')) -%> | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAcc<%= resource_name -%>IamBinding_withAndWithoutConditionGenerated(context), | ||
}, | ||
{ | ||
ResourceName: "<%= resource_ns_iam -%>_binding.foo", | ||
ImportStateId: fmt.Sprintf("<%= import_url -%> <%= object.iam_policy.allowed_iam_role -%>"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>), | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
{ | ||
ResourceName: "<%= resource_ns_iam -%>_binding.foo2", | ||
ImportStateId: fmt.Sprintf("<%= import_url -%> <%= object.iam_policy.allowed_iam_role -%> %s"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>, context["condition_title"]), | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAcc<%= resource_name -%>IamMemberGenerated_withCondition(t *testing.T) { | ||
t.Parallel() | ||
|
||
<%= lines(compile('templates/terraform/iam/iam_context.go.erb')) -%> | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAcc<%= resource_name -%>IamMember_withConditionGenerated(context), | ||
}, | ||
{ | ||
ResourceName: "<%= resource_ns_iam -%>_member.foo", | ||
ImportStateId: fmt.Sprintf("<%= import_url -%> <%= object.iam_policy.allowed_iam_role -%> user:[email protected] %s"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>, context["condition_title"]), | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAcc<%= resource_name -%>IamMemberGenerated_withAndWithoutCondition(t *testing.T) { | ||
t.Parallel() | ||
|
||
<%= lines(compile('templates/terraform/iam/iam_context.go.erb')) -%> | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAcc<%= resource_name -%>IamMember_withAndWithoutConditionGenerated(context), | ||
}, | ||
{ | ||
ResourceName: "<%= resource_ns_iam -%>_member.foo", | ||
ImportStateId: fmt.Sprintf("<%= import_url -%> <%= object.iam_policy.allowed_iam_role -%> user:[email protected]"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>), | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
{ | ||
ResourceName: "<%= resource_ns_iam -%>_member.foo2", | ||
ImportStateId: fmt.Sprintf("<%= import_url -%> <%= object.iam_policy.allowed_iam_role -%> user:[email protected] %s"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>, context["condition_title"]), | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAcc<%= resource_name -%>IamPolicyGenerated_withCondition(t *testing.T) { | ||
t.Parallel() | ||
|
||
<%= lines(compile('templates/terraform/iam/iam_context.go.erb')) -%> | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAcc<%= resource_name -%>IamPolicy_withConditionGenerated(context), | ||
}, | ||
{ | ||
ResourceName: "<%= resource_ns_iam -%>_policy.foo", | ||
ImportStateId: fmt.Sprintf("<%= import_url -%>"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>), | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
<% end -%> | ||
|
||
func testAcc<%= resource_name -%>IamMember_basicGenerated(context map[string]interface{}) string { | ||
return Nprintf(` | ||
<%= example.config_test_body -%> | ||
|
@@ -173,3 +297,108 @@ resource "<%= resource_ns_iam -%>_binding" "foo" { | |
} | ||
`, context) | ||
} | ||
|
||
<% unless version == 'ga' || object.iam_policy.iam_conditions_request_type.nil? -%> | ||
func testAcc<%= resource_name -%>IamBinding_withConditionGenerated(context map[string]interface{}) string { | ||
return Nprintf(` | ||
<%= example.config_test_body -%> | ||
|
||
resource "<%= resource_ns_iam -%>_binding" "foo" { | ||
<%= lines(compile(object.iam_policy.example_config_body)) -%> | ||
role = "%{role}" | ||
members = ["user:[email protected]"] | ||
condition { | ||
title = "%{condition_title}" | ||
description = "Expiring at midnight of 2019-12-31" | ||
expression = "%{condition_expr}" | ||
} | ||
} | ||
`, context) | ||
} | ||
|
||
func testAcc<%= resource_name -%>IamBinding_withAndWithoutConditionGenerated(context map[string]interface{}) string { | ||
return Nprintf(` | ||
<%= example.config_test_body -%> | ||
|
||
resource "<%= resource_ns_iam -%>_binding" "foo" { | ||
<%= lines(compile(object.iam_policy.example_config_body)) -%> | ||
role = "%{role}" | ||
members = ["user:[email protected]"] | ||
} | ||
|
||
resource "<%= resource_ns_iam -%>_binding" "foo2" { | ||
<%= lines(compile(object.iam_policy.example_config_body)) -%> | ||
role = "%{role}" | ||
members = ["user:[email protected]"] | ||
condition { | ||
title = "%{condition_title}" | ||
description = "Expiring at midnight of 2019-12-31" | ||
expression = "%{condition_expr}" | ||
} | ||
} | ||
`, context) | ||
} | ||
|
||
func testAcc<%= resource_name -%>IamMember_withConditionGenerated(context map[string]interface{}) string { | ||
return Nprintf(` | ||
<%= example.config_test_body -%> | ||
|
||
resource "<%= resource_ns_iam -%>_member" "foo" { | ||
<%= lines(compile(object.iam_policy.example_config_body)) -%> | ||
role = "%{role}" | ||
member = "user:[email protected]" | ||
condition { | ||
title = "%{condition_title}" | ||
description = "Expiring at midnight of 2019-12-31" | ||
expression = "%{condition_expr}" | ||
} | ||
} | ||
`, context) | ||
} | ||
|
||
func testAcc<%= resource_name -%>IamMember_withAndWithoutConditionGenerated(context map[string]interface{}) string { | ||
return Nprintf(` | ||
<%= example.config_test_body -%> | ||
|
||
resource "<%= resource_ns_iam -%>_member" "foo" { | ||
<%= lines(compile(object.iam_policy.example_config_body)) -%> | ||
role = "%{role}" | ||
member = "user:[email protected]" | ||
} | ||
|
||
resource "<%= resource_ns_iam -%>_member" "foo2" { | ||
<%= lines(compile(object.iam_policy.example_config_body)) -%> | ||
role = "%{role}" | ||
member = "user:[email protected]" | ||
condition { | ||
title = "%{condition_title}" | ||
description = "Expiring at midnight of 2019-12-31" | ||
expression = "%{condition_expr}" | ||
} | ||
} | ||
`, context) | ||
} | ||
|
||
func testAcc<%= resource_name -%>IamPolicy_withConditionGenerated(context map[string]interface{}) string { | ||
return Nprintf(` | ||
<%= example.config_test_body -%> | ||
|
||
data "google_iam_policy" "foo" { | ||
binding { | ||
role = "%{role}" | ||
members = ["user:[email protected]"] | ||
condition { | ||
title = "%{condition_title}" | ||
description = "Expiring at midnight of 2019-12-31" | ||
expression = "%{condition_expr}" | ||
} | ||
} | ||
} | ||
|
||
resource "<%= resource_ns_iam -%>_policy" "foo" { | ||
<%= lines(compile(object.iam_policy.example_config_body)) -%> | ||
policy_data = "${data.google_iam_policy.foo.policy_data}" | ||
} | ||
`, context) | ||
} | ||
<% end -%> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.