-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
updates post create rather than using customize diff
- Loading branch information
Showing
6 changed files
with
180 additions
and
92 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
126 changes: 126 additions & 0 deletions
126
templates/terraform/constants/bigquery_dataset_access.go.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
var bigqueryAccessRoleToPrimitiveMap = map[string]string { | ||
"roles/bigquery.dataOwner": "OWNER", | ||
"roles/bigquery.dataEditor": "WRITER", | ||
"roles/bigquery.dataViewer": "READER", | ||
} | ||
|
||
var bigqueryAccessIamMemberToTypeMap = map[string]string{ | ||
"serviceAccount": "user_by_email", | ||
"user": "user_by_email", | ||
"group": "group_by_email", | ||
"domain": "domain", | ||
"specialGroup": "special_group", | ||
"allUsers": "iam_member", | ||
"projectOwners": "special_group", | ||
"projectReaders": "special_group", | ||
"projectWriters": "special_group", | ||
"allAuthenticatedUsers": "special_group", | ||
} | ||
|
||
func resourceBigQueryDatasetAccessRoleDiffSuppress(k, old, new string, d *schema.ResourceData) bool { | ||
if primitiveRole, ok := bigqueryAccessRoleToPrimitiveMap[new]; ok { | ||
return primitiveRole == old | ||
} | ||
return false | ||
} | ||
|
||
func resourceBigQueryDatasetAccessIamMemberDiffSuppress(k, old, new string, d *schema.ResourceData) bool { | ||
if primitiveRole, ok := bigqueryAccessRoleToPrimitiveMap[new]; ok { | ||
return primitiveRole == old | ||
} | ||
|
||
if d.Get("api_updated_member") == true { | ||
expectedIamMember := d.Get("iam_member").(string) | ||
parts := strings.SplitAfter(expectedIamMember, ":") | ||
|
||
strippedIamMember := parts[0] | ||
if len(parts) > 1 { | ||
strippedIamMember = parts[1] | ||
} | ||
|
||
if memberInState := d.Get("user_by_email").(string); memberInState != "" { | ||
return memberInState == strippedIamMember | ||
} | ||
|
||
if memberInState := d.Get("group_by_email").(string); memberInState != "" { | ||
return memberInState == strippedIamMember | ||
} | ||
|
||
if memberInState := d.Get("domain").(string); memberInState != "" { | ||
return memberInState == strippedIamMember | ||
} | ||
|
||
if memberInState := d.Get("special_group").(string); memberInState != "" { | ||
return memberInState == strippedIamMember | ||
} | ||
} | ||
|
||
return false | ||
} | ||
|
||
// this function will go through a response's access list and see if the iam_member has been reassigned to a different member_type | ||
// if it has, it will return the member type, and the member | ||
func resourceBigQueryDatasetAccessReassignIamMemberInNestedObjectList(d *schema.ResourceData, meta interface{}, items []interface{}) (member_type string, member interface{}, err error) { | ||
expectedRole, err := expandNestedBigQueryDatasetAccessRole(d.Get("role"), d, meta.(*Config)) | ||
if err != nil { | ||
return "", nil, err | ||
} | ||
expectedFlattenedRole := flattenNestedBigQueryDatasetAccessRole(expectedRole, d, meta.(*Config)) | ||
|
||
expectedIamMember, err := expandNestedBigQueryDatasetAccessIamMember(d.Get("iam_member"), d, meta.(*Config)) | ||
if err != nil { | ||
return "", nil, err | ||
} | ||
expectedFlattenedIamMember := flattenNestedBigQueryDatasetAccessIamMember(expectedIamMember, d, meta.(*Config)) | ||
|
||
parts := strings.SplitAfter(expectedFlattenedIamMember.(string), ":") | ||
|
||
expectedStrippedIamMember := parts[0] | ||
if len(parts) > 1 { | ||
expectedStrippedIamMember = parts[1] | ||
} | ||
|
||
// Search list for this resource. | ||
for _, itemRaw := range items { | ||
if itemRaw == nil { | ||
continue | ||
} | ||
item := itemRaw.(map[string]interface{}) | ||
|
||
itemRole := flattenNestedBigQueryDatasetAccessRole(item["role"], d, meta.(*Config)) | ||
// isEmptyValue check so that if one is nil and the other is "", that's considered a match | ||
if !(isEmptyValue(reflect.ValueOf(itemRole)) && isEmptyValue(reflect.ValueOf(expectedFlattenedRole))) && !reflect.DeepEqual(itemRole, expectedFlattenedRole) { | ||
log.Printf("[DEBUG] Skipping item with role= %#v, looking for %#v)", itemRole, expectedFlattenedRole) | ||
continue | ||
} | ||
|
||
itemUserByEmail := flattenNestedBigQueryDatasetAccessUserByEmail(item["userByEmail"], d, meta.(*Config)) | ||
if reflect.DeepEqual(itemUserByEmail, expectedStrippedIamMember) { | ||
log.Printf("[DEBUG] Iam Member changed to userByEmail= %#v)", itemUserByEmail) | ||
return "user_by_email", itemUserByEmail, nil | ||
} | ||
itemGroupByEmail := flattenNestedBigQueryDatasetAccessGroupByEmail(item["groupByEmail"], d, meta.(*Config)) | ||
if reflect.DeepEqual(itemGroupByEmail, expectedStrippedIamMember) { | ||
log.Printf("[DEBUG] Iam Member changed to groupByEmail= %#v)", itemGroupByEmail) | ||
return "group_by_email", itemGroupByEmail, nil | ||
} | ||
itemDomain := flattenNestedBigQueryDatasetAccessDomain(item["domain"], d, meta.(*Config)) | ||
if reflect.DeepEqual(itemDomain, expectedStrippedIamMember) { | ||
log.Printf("[DEBUG] Iam Member changed to domain= %#v)", itemDomain) | ||
return "domain", itemDomain, nil | ||
} | ||
itemSpecialGroup := flattenNestedBigQueryDatasetAccessSpecialGroup(item["specialGroup"], d, meta.(*Config)) | ||
if reflect.DeepEqual(itemSpecialGroup, expectedStrippedIamMember) { | ||
log.Printf("[DEBUG] Iam Member changed to specialGroup= %#v)", itemSpecialGroup) | ||
return "special_group", itemSpecialGroup, nil | ||
} | ||
itemIamMember := flattenNestedBigQueryDatasetAccessIamMember(item["iamMember"], d, meta.(*Config)) | ||
if reflect.DeepEqual(itemIamMember, expectedFlattenedIamMember) { | ||
log.Printf("[DEBUG] Iam Member stayed as iamMember= %#v)", itemIamMember) | ||
return "", nil, nil | ||
} | ||
continue | ||
} | ||
log.Printf("[DEBUG] Did not find item for resource %q)", d.Id()) | ||
return "", nil, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
templates/terraform/post_create/bigquery_dataset_access.go.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<%# The license inside this block applies to this file. | ||
# Copyright 2020 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
-%> | ||
|
||
// by default, we are not updating the member | ||
d.Set("api_updated_member", false) | ||
|
||
// iam_member is a generalized attribute, if the API can map it to a different member type on the backend, it will return | ||
// the correct member_type in the response. If it cannot be mapped to a different member type, it will stay in iam_member. | ||
if d.Get("iam_member") != nil { | ||
member_type, member, err := resourceBigQueryDatasetAccessReassignIamMemberInNestedObjectList(d, meta, res["access"].([]interface{})) | ||
if err != nil { | ||
fmt.Println(err) | ||
} | ||
|
||
// if the member type changed, we set that member_type in state (it's already in the response) and we clear iam_member | ||
// and we set "api_updated_member" to true to acknowledge that we are making this change | ||
if member_type != "" { | ||
d.Set(member_type, member.(string)) | ||
d.Set("iam_member", "") | ||
d.Set("api_updated_member", true) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters