-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add cloud identity to mm * make labels key value pair * add cloud identity group * fix white spacing, add description to update test * make tests beta-only * make customer id var beta-only * Update products/cloudidentity/api.yaml Co-authored-by: Dana Hoffman <[email protected]> * Update products/cloudidentity/terraform.yaml Co-authored-by: Dana Hoffman <[email protected]> * update code review comments * move unless ga to top of file for test * move unless ga back * add group membership back in * remove last comma * update per review comments * add group membership test for user * update admin -> identity, tabs -> spaces Co-authored-by: Dana Hoffman <[email protected]>
- Loading branch information
1 parent
224ce38
commit f78a0a9
Showing
12 changed files
with
602 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,321 @@ | ||
# Copyright 2020 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- !ruby/object:Api::Product | ||
name: CloudIdentity | ||
display_name: Cloud Identity | ||
versions: | ||
- !ruby/object:Api::Product::Version | ||
name: beta | ||
base_url: https://cloudidentity.googleapis.com/v1beta1/ | ||
scopes: | ||
- https://www.googleapis.com/auth/cloud-identity | ||
apis_required: | ||
- !ruby/object:Api::Product::ApiReference | ||
name: Cloud Identity API | ||
url: https://console.cloud.google.com/apis/api/cloudidentity.googleapis.com/overview | ||
objects: | ||
- !ruby/object:Api::Resource | ||
name: 'Group' | ||
base_url: groups | ||
update_url: '{{name}}' | ||
self_link: '{{name}}' | ||
update_verb: :PATCH | ||
update_mask: true | ||
description: | | ||
A Cloud Identity resource representing a Group. | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'name' | ||
output: true | ||
description: | | ||
Resource name of the Group in the format: groups/{group_id}, where group_id | ||
is the unique ID assigned to the Group. | ||
- !ruby/object:Api::Type::NestedObject | ||
name: 'groupKey' | ||
required: true | ||
input: true | ||
description: | | ||
EntityKey of the Group. | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'id' | ||
required: true | ||
input: true | ||
description: | | ||
The ID of the entity. | ||
For Google-managed entities, the id must be the email address of an existing | ||
group or user. | ||
For external-identity-mapped entities, the id must be a string conforming | ||
to the Identity Source's requirements. | ||
Must be unique within a namespace. | ||
- !ruby/object:Api::Type::String | ||
name: 'namespace' | ||
input: true | ||
description: | | ||
The namespace in which the entity exists. | ||
If not specified, the EntityKey represents a Google-managed entity | ||
such as a Google user or a Google Group. | ||
If specified, the EntityKey represents an external-identity-mapped group. | ||
The namespace must correspond to an identity source created in Admin Console | ||
and must be in the form of `identitysources/{identity_source_id}`. | ||
- !ruby/object:Api::Type::String | ||
name: 'parent' | ||
required: true | ||
input: true | ||
description: | | ||
The resource name of the entity under which this Group resides in the | ||
Cloud Identity resource hierarchy. | ||
Must be of the form identitysources/{identity_source_id} for external-identity-mapped | ||
groups or customers/{customer_id} for Google Groups. | ||
- !ruby/object:Api::Type::String | ||
name: 'displayName' | ||
description: | | ||
The display name of the Group. | ||
- !ruby/object:Api::Type::String | ||
name: 'description' | ||
description: | | ||
An extended description to help users determine the purpose of a Group. | ||
Must not be longer than 4,096 characters. | ||
- !ruby/object:Api::Type::String | ||
name: 'createTime' | ||
output: true | ||
description: | | ||
The time when the Group was created. | ||
- !ruby/object:Api::Type::String | ||
name: 'updateTime' | ||
output: true | ||
description: | | ||
The time when the Group was last updated. | ||
- !ruby/object:Api::Type::KeyValuePairs | ||
name: 'labels' | ||
required: true | ||
input: true | ||
description: | | ||
The labels that apply to the Group. | ||
Must not contain more than one entry. Must contain the entry | ||
'cloudidentity.googleapis.com/groups.discussion_forum': '' if the Group is a Google Group or | ||
'system/groups/external': '' if the Group is an external-identity-mapped group. | ||
# TODO (mbang): The full API doesn't seem to be implemented yet | ||
# - !ruby/object:Api::Type::Array | ||
# name: 'additionalGroupKeys' | ||
# input: true | ||
# description: | | ||
# Additional entity key aliases for a Group. | ||
# item_type: !ruby/object:Api::Type::NestedObject | ||
# properties: | ||
# - !ruby/object:Api::Type::String | ||
# name: 'id' | ||
# required: true | ||
# description: | | ||
# The ID of the entity. | ||
|
||
# For Google-managed entities, the id must be the email address of an existing | ||
# group or user. | ||
|
||
# For external-identity-mapped entities, the id must be a string conforming | ||
# to the Identity Source's requirements. | ||
|
||
# Must be unique within a namespace. | ||
# - !ruby/object:Api::Type::String | ||
# name: 'namespace' | ||
# description: | | ||
# The namespace in which the entity exists. | ||
|
||
# If not specified, the EntityKey represents a Google-managed entity | ||
# such as a Google user or a Google Group. | ||
|
||
# If specified, the EntityKey represents an external-identity-mapped group. | ||
# The namespace must correspond to an identity source created in Admin Console | ||
# and must be in the form of `identitysources/{identity_source_id}. | ||
# - !ruby/object:Api::Type::NestedObject | ||
# name: 'dynamicGroupMetadata' | ||
# input: true | ||
# description: | | ||
# Dynamic group metadata like queries and status. | ||
# properties: | ||
# - !ruby/object:Api::Type::Array | ||
# name: 'queries' | ||
# required: true | ||
# description: | | ||
# Memberships will be the union of all queries. Only one entry with USER resource is currently supported. | ||
# item_type: !ruby/object:Api::Type::NestedObject | ||
# properties: | ||
# - !ruby/object:Api::Type::Enum | ||
# name: 'resourceType' | ||
# description: | | ||
# Resources supported for dynamic groups. | ||
# default_value: :USER | ||
# values: | ||
# - :USER | ||
# - !ruby/object:Api::Type::String | ||
# name: 'query' | ||
# description: | | ||
# Query that determines the memberships of the dynamic group. | ||
|
||
# Examples: All users with at least one organizations.department of engineering. | ||
|
||
# user.organizations.exists(org, org.department=='engineering') | ||
|
||
# All users with at least one location that has area of foo and building_id of bar. | ||
|
||
# user.locations.exists(loc, loc.area=='foo' && loc.building_id=='bar') | ||
# - !ruby/object:Api::Type::NestedObject | ||
# name: 'DynamicGroupStatus' | ||
# output: true | ||
# description: | | ||
# Status of the dynamic group. | ||
# properties: | ||
# - !ruby/object:Api::Type::String | ||
# name: 'status' | ||
# description: | | ||
# Status of the dynamic group. | ||
# - !ruby/object:Api::Type::String | ||
# name: 'statusTime' | ||
# description: | | ||
# The latest time at which the dynamic group is guaranteed to be in the given status. | ||
# For example, if status is: UP_TO_DATE - The latest time at which this dynamic group | ||
# was confirmed to be up to date. UPDATING_MEMBERSHIPS - The time at which dynamic group was created. | ||
|
||
# A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". | ||
- !ruby/object:Api::Resource | ||
name: 'GroupMembership' | ||
base_url: '{{group}}/memberships' | ||
self_link: '{{name}}' | ||
description: | | ||
A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member". | ||
parameters: | ||
- !ruby/object:Api::Type::ResourceRef | ||
name: 'group' | ||
resource: 'Group' | ||
imports: 'name' | ||
description: | | ||
The name of the Group to create this membership in. | ||
required: true | ||
input: true | ||
url_param_only: true | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'name' | ||
output: true | ||
description: | | ||
The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}. | ||
- !ruby/object:Api::Type::NestedObject | ||
name: 'memberKey' | ||
input: true | ||
description: | | ||
EntityKey of the member. | ||
exactly_one_of: | ||
- member_key | ||
- preferred_member_key | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'id' | ||
required: true | ||
input: true | ||
description: | | ||
The ID of the entity. | ||
For Google-managed entities, the id must be the email address of an existing | ||
group or user. | ||
For external-identity-mapped entities, the id must be a string conforming | ||
to the Identity Source's requirements. | ||
Must be unique within a namespace. | ||
- !ruby/object:Api::Type::String | ||
name: 'namespace' | ||
input: true | ||
description: | | ||
The namespace in which the entity exists. | ||
If not specified, the EntityKey represents a Google-managed entity | ||
such as a Google user or a Google Group. | ||
If specified, the EntityKey represents an external-identity-mapped group. | ||
The namespace must correspond to an identity source created in Admin Console | ||
and must be in the form of `identitysources/{identity_source_id}`. | ||
- !ruby/object:Api::Type::NestedObject | ||
name: 'preferredMemberKey' | ||
input: true | ||
description: | | ||
EntityKey of the member. | ||
exactly_one_of: | ||
- member_key | ||
- preferred_member_key | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'id' | ||
required: true | ||
input: true | ||
description: | | ||
The ID of the entity. | ||
For Google-managed entities, the id must be the email address of an existing | ||
group or user. | ||
For external-identity-mapped entities, the id must be a string conforming | ||
to the Identity Source's requirements. | ||
Must be unique within a namespace. | ||
- !ruby/object:Api::Type::String | ||
name: 'namespace' | ||
input: true | ||
description: | | ||
The namespace in which the entity exists. | ||
If not specified, the EntityKey represents a Google-managed entity | ||
such as a Google user or a Google Group. | ||
If specified, the EntityKey represents an external-identity-mapped group. | ||
The namespace must correspond to an identity source created in Admin Console | ||
and must be in the form of `identitysources/{identity_source_id}`. | ||
- !ruby/object:Api::Type::String | ||
name: 'createTime' | ||
output: true | ||
description: | | ||
The time when the Membership was created. | ||
- !ruby/object:Api::Type::String | ||
name: 'updateTime' | ||
output: true | ||
description: | | ||
The time when the Membership was last updated. | ||
- !ruby/object:Api::Type::Array | ||
name: 'roles' | ||
required: true | ||
description: | | ||
The MembershipRoles that apply to the Membership. | ||
Must not contain duplicate MembershipRoles with the same name. | ||
item_type: !ruby/object:Api::Type::NestedObject | ||
properties: | ||
- !ruby/object:Api::Type::Enum | ||
name: 'name' | ||
required: true | ||
description: | | ||
The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. | ||
values: | ||
- :OWNER | ||
- :MANAGER | ||
- :MEMBER | ||
- !ruby/object:Api::Type::String | ||
name: 'type' | ||
output: true | ||
description: | | ||
The type of the membership. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
# Copyright 2020 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- !ruby/object:Provider::Terraform::Config | ||
overrides: !ruby/object:Overrides::ResourceOverrides | ||
Group: !ruby/object:Overrides::Terraform::ResourceOverride | ||
import_format: ["{{name}}"] | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: "cloud_identity_groups_basic" | ||
primary_resource_id: "cloud_identity_group_basic" | ||
min_version: beta | ||
vars: | ||
id_group: "my-identity-group" | ||
test_env_vars: | ||
org_domain: :ORG_DOMAIN | ||
cust_id: :CUST_ID | ||
### The full API doesn't seem to be implemented yet | ||
# - !ruby/object:Provider::Terraform::Examples | ||
# name: "cloud_identity_groups_full" | ||
# primary_resource_id: "cloud_identity_group_full" | ||
# min_version: beta | ||
# vars: | ||
# id_group: "my-identity-group" | ||
# test_env_vars: | ||
# org_domain: :ORG_DOMAIN | ||
# cust_id: :CUST_ID | ||
custom_code: !ruby/object:Provider::Terraform::CustomCode | ||
post_create: templates/terraform/post_create/set_computed_name.erb | ||
GroupMembership: !ruby/object:Overrides::Terraform::ResourceOverride | ||
import_format: ["{{name}}"] | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: "cloud_identity_group_membership" | ||
primary_resource_id: "cloud_identity_group_membership_basic" | ||
min_version: beta | ||
vars: | ||
id_group: "my-identity-group" | ||
test_env_vars: | ||
org_domain: :ORG_DOMAIN | ||
cust_id: :CUST_ID | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: "cloud_identity_group_membership_user" | ||
primary_resource_id: "cloud_identity_group_membership_basic" | ||
min_version: beta | ||
vars: | ||
id_group: "my-identity-group" | ||
test_env_vars: | ||
org_domain: :ORG_DOMAIN | ||
cust_id: :CUST_ID | ||
identity_user: :IDENTITY_USER | ||
properties: | ||
memberKey: !ruby/object:Overrides::Terraform::PropertyOverride | ||
default_from_api: true | ||
preferredMemberKey: !ruby/object:Overrides::Terraform::PropertyOverride | ||
default_from_api: true | ||
custom_code: !ruby/object:Provider::Terraform::CustomCode | ||
post_create: templates/terraform/post_create/set_computed_name.erb | ||
|
||
# This is for copying files over | ||
files: !ruby/object:Provider::Config::Files | ||
# These files have templating (ERB) code that will be run. | ||
# This is usually to add licensing info, autogeneration notices, etc. | ||
compile: | ||
<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%> |
Oops, something went wrong.