Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Organization Source iam #10881

Merged
merged 41 commits into from
Aug 6, 2024
Merged
Show file tree
Hide file tree
Changes from 40 commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
ab2df03
securitycenterv2 changes
thokalavinod May 19, 2024
b0128f1
source file changes
thokalavinod Jun 4, 2024
11cc6cc
source file
thokalavinod Jun 5, 2024
45c9071
comments addressed
thokalavinod Jun 5, 2024
cf1accf
Comments addressed
thokalavinod Jun 5, 2024
f722a6b
errors fixed
thokalavinod Jun 6, 2024
3fb3140
errors fixed
thokalavinod Jun 11, 2024
542972b
services added
thokalavinod Jun 11, 2024
0882541
Merge branch 'main' into SourceIam
thokalavinod Jun 11, 2024
7541d62
addes iam binding file
thokalavinod Jun 11, 2024
737a1f6
Merge branch 'SourceIam' of https://github.com/thokalavinod/Security-…
thokalavinod Jun 11, 2024
7a2fb96
added iam binding file
thokalavinod Jun 11, 2024
6d29a43
added few test cases
thokalavinod Jun 12, 2024
a71658e
added few import files
thokalavinod Jun 12, 2024
7ec9e88
update the example and address test error
thokalavinod Jun 12, 2024
e0c7cd0
errors fixed
thokalavinod Jun 13, 2024
d7904b1
added few fileds in test cases
thokalavinod Jun 13, 2024
0ad6340
fixed errors
thokalavinod Jun 14, 2024
7c618c3
fixed the errors
thokalavinod Jun 18, 2024
f515c90
fixed error
thokalavinod Jun 18, 2024
ca260f4
fixed error
thokalavinod Jun 19, 2024
a0843e3
added few fileds
thokalavinod Jun 21, 2024
4f9980f
errors fixed
thokalavinod Jun 24, 2024
1b5588f
comments addressed
thokalavinod Jun 25, 2024
5d9a479
added updated files
thokalavinod Jun 28, 2024
e0ceef5
Merge branch 'main' into SourceIam
thokalavinod Jun 28, 2024
d2b7d3f
lint changes
thokalavinod Jul 1, 2024
be6ad5e
changes
thokalavinod Jul 1, 2024
de6f988
fixed yaml file
thokalavinod Jul 9, 2024
e5e97b9
test cases fixed
thokalavinod Jul 10, 2024
d185354
fixed the test errors
thokalavinod Jul 11, 2024
112959c
fixed the error
thokalavinod Jul 16, 2024
0e6b420
addressed the comments
thokalavinod Jul 22, 2024
2750899
fixed an error
thokalavinod Jul 22, 2024
546e9e1
changed import files
thokalavinod Jul 25, 2024
0f1d87c
error fixed
thokalavinod Jul 26, 2024
2bee7e3
modified code
thokalavinod Aug 2, 2024
2bbe0c1
fixed lint and import issues
thokalavinod Aug 5, 2024
7d9b58a
modified the string value
thokalavinod Aug 5, 2024
a841f7d
addressed the comments
thokalavinod Aug 5, 2024
65ebb9a
fixed comments
thokalavinod Aug 5, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 83 additions & 0 deletions mmv1/products/securitycenterv2/Organization_Source.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# Copyright 2023 Google Inc.
thokalavinod marked this conversation as resolved.
Show resolved Hide resolved
# Licensed under the Apache License, Version 2.0 (the "License");
thokalavinod marked this conversation as resolved.
Show resolved Hide resolved
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

--- !ruby/object:Api::Resource
name: 'Source'
thokalavinod marked this conversation as resolved.
Show resolved Hide resolved
base_url: organizations/{{organization}}/sources
self_link: '{{name}}'
update_verb: :PATCH
update_mask: true
description: |
A Cloud Security Command Center's (Cloud SCC) finding source. A finding
source is an entity or a mechanism that can produce a finding. A source is
like a container of findings that come from the same scanner, logger,
monitor, etc.
references: !ruby/object:Api::Resource::ReferenceLinks
guides:
'Official Documentation': 'https://cloud.google.com/security-command-center/docs'
api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v2/organizations.sources'
iam_policy: !ruby/object:Api::Resource::IamPolicy
method_name_separator: ':'
fetch_iam_policy_verb: :POST
parent_resource_attribute: 'source'
base_url: organizations/{{organization}}/sources/{{source}}
import_format:
['organizations/{{organization}}/sources/{{source}}', '{{source}}']
skip_delete: true
examples:
- !ruby/object:Provider::Terraform::Examples
name:
'scc_source_basic'
# resource can't be destroyed, so checkdestroy fails unnecessarily
skip_test: true
primary_resource_id: 'custom_source'
vars:
source_display_name: 'My Source'
test_env_vars:
org_id: :ORG_ID
custom_code: !ruby/object:Provider::Terraform::CustomCode
custom_import: templates/terraform/custom_import/scc_source_self_link_as_name_set_organization.go.erb
post_create: templates/terraform/post_create/set_computed_name.erb
parameters:
- !ruby/object:Api::Type::String
name: organization
required: true
immutable: true
url_param_only: true
description: |
The organization whose Cloud Security Command Center the Source
lives in.
properties:
- !ruby/object:Api::Type::String
name: name
output: true
description: |
The resource name of this source, in the format
`organizations/{{organization}}/sources/{{source}}`.
- !ruby/object:Api::Type::String
name: description
description: |
The description of the source (max of 1024 characters).
validation: !ruby/object:Provider::Terraform::Validation
function: 'validation.StringLenBetween(0, 1024)'
- !ruby/object:Api::Type::String
name: displayName
required: true
description: |
The source’s display name. A source’s display name must be unique
amongst its siblings, for example, two sources with the same parent
can't share the same display name. The display name must start and end
with a letter or digit, may contain letters, digits, spaces, hyphens,
and underscores, and can be no longer than 32 characters.
validation: !ruby/object:Provider::Terraform::Validation
regex: '[\p{L}\p{N}]({\p{L}\p{N}_- ]{0,30}[\p{L}\p{N}])?'
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resource "google_scc_v2_organization_source" "<%= ctx[:primary_resource_id] %>" {
display_name = "<%= ctx[:vars]['source_display_name'] %>"
organization = "<%= ctx[:test_env_vars]['org_id'] %>"
description = "My custom Cloud Security Command Center Finding Source"
}
Original file line number Diff line number Diff line change
Expand Up @@ -621,6 +621,11 @@ var ServicesListBeta = mapOf(
"displayName" to "Securitycenter",
"path" to "./google-beta/services/securitycenter"
),
"securitycenterv2" to mapOf(
"name" to "securitycenterv2",
"displayName" to "securitycenterv2",
"path" to "./google-beta/services/securitycenterv2"
),
"securitycentermanagement" to mapOf(
"name" to "securitycentermanagement",
"displayName" to "Securitycentermanagement",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -616,6 +616,11 @@ var ServicesListGa = mapOf(
"displayName" to "Securitycenter",
"path" to "./google/services/securitycenter"
),
"securitycenterv2" to mapOf(
"name" to "securitycenterv2",
"displayName" to "securitycenterv2",
"path" to "./google-beta/services/securitycenterv2"
),
"securitycentermanagement" to mapOf(
"name" to "securitycentermanagement",
"displayName" to "Securitycentermanagement",
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,217 @@
package securitycenterv2_test

import (
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-testing/helper/resource"
thokalavinod marked this conversation as resolved.
Show resolved Hide resolved
"github.com/hashicorp/terraform-plugin-testing/terraform"
"github.com/hashicorp/terraform-provider-google/google/acctest"
"github.com/hashicorp/terraform-provider-google/google/envvar"
)

func TestAccSecurityCenterV2OrganizationSourceIamBinding(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
"role": "roles/securitycenter.sourcesViewer",
"org_id": envvar.GetTestOrgFromEnv(t),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
Steps: []resource.TestStep{
{
Config: testAccSecurityCenterSourceIamBinding_basic(context),
},
{
ResourceName: "google_scc_v2_organization_source_iam_binding.foo",
ImportStateIdFunc: func(state *terraform.State) (string, error) {
id := state.RootModule().Resources["google_scc_v2_organization_source.custom_source"].Primary.Attributes["id"]
return fmt.Sprintf("%s %s",
id,
context["role"],
), nil
},
ImportState: true,
ImportStateVerify: true,
},
{
// Test Iam Binding update
Config: testAccSecurityCenterSourceIamBinding_update(context),
},
{
ResourceName: "google_scc_v2_organization_source_iam_binding.foo",
ImportStateIdFunc: func(state *terraform.State) (string, error) {
id := state.RootModule().Resources["google_scc_v2_organization_source.custom_source"].Primary.Attributes["id"]
return fmt.Sprintf("%s %s",
id,
context["role"],
), nil
},
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccSecurityCenterV2OrganizationSourceIamMember(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
"role": "roles/securitycenter.sourcesViewer",
"org_id": envvar.GetTestOrgFromEnv(t),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
Steps: []resource.TestStep{
{
Config: testAccSecurityCenterSourceIamMember_basic(context),
},
{
ResourceName: "google_scc_v2_organization_source_iam_member.foo",
ImportStateIdFunc: func(state *terraform.State) (string, error) {
id := state.RootModule().Resources["google_scc_v2_organization_source.custom_source"].Primary.Attributes["id"]
return fmt.Sprintf("%s %s user:[email protected]",
id,
context["role"],
), nil
},
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccSecurityCenterV2OrganizationSourceIamPolicy(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
"role": "roles/securitycenter.sourcesViewer",
"org_id": envvar.GetTestOrgFromEnv(t),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
Steps: []resource.TestStep{
{
Config: testAccSecurityCenterSourceIamPolicy_basic(context),
},
{
ResourceName: "google_scc_v2_organization_source_iam_policy.foo",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccSecurityCenterSourceIamPolicy_emptyBinding(context),
},
{
ResourceName: "google_scc_v2_organization_source_iam_policy.foo",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testAccSecurityCenterSourceIamMember_basic(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_scc_v2_organization_source" "custom_source" {
display_name = "tf-test-source%{random_suffix}"
organization = "%{org_id}"
description = "My custom Cloud Security Command Center Finding Source"
}

resource "google_scc_v2_organization_source_iam_member" "foo" {
source = google_scc_v2_organization_source.custom_source.id
organization = "%{org_id}"
role = "%{role}"
member = "user:[email protected]"
}
`, context)
}

func testAccSecurityCenterSourceIamPolicy_basic(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_scc_v2_organization_source" "custom_source" {
display_name = "tf-test-source%{random_suffix}"
organization = "%{org_id}"
description = "My custom Cloud Security Command Center Finding Source"
}

data "google_iam_policy" "foo" {
binding {
role = "%{role}"
members = ["user:[email protected]"]
}
}

resource "google_scc_v2_organization_source_iam_policy" "foo" {
source = google_scc_v2_organization_source.custom_source.id
organization = "%{org_id}"
policy_data = data.google_iam_policy.foo.policy_data
}
`, context)
}

func testAccSecurityCenterSourceIamPolicy_emptyBinding(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_scc_v2_organization_source" "custom_source" {
display_name = "tf-test-source%{random_suffix}"
organization = "%{org_id}"
description = "My custom Cloud Security Command Center Finding Source"
}

data "google_iam_policy" "foo" {
}

resource "google_scc_v2_organization_source_iam_policy" "foo" {
source = google_scc_v2_organization_source.custom_source.id
organization = "%{org_id}"
policy_data = data.google_iam_policy.foo.policy_data
}
`, context)
}

func testAccSecurityCenterSourceIamBinding_basic(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_scc_v2_organization_source" "custom_source" {
display_name = "tf-test-source%{random_suffix}"
organization = "%{org_id}"
description = "My custom Cloud Security Command Center Finding Source"
}

resource "google_scc_v2_organization_source_iam_binding" "foo" {
source = google_scc_v2_organization_source.custom_source.id
organization = "%{org_id}"
role = "%{role}"
members = ["user:[email protected]"]
}
`, context)
}

func testAccSecurityCenterSourceIamBinding_update(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_scc_v2_organization_source" "custom_source" {
display_name = "tf-test-source%{random_suffix}"
organization = "%{org_id}"
description = "My custom Cloud Security Command Center Finding Source"
}

resource "google_scc_v2_organization_source_iam_binding" "foo" {
source = google_scc_v2_organization_source.custom_source.id
organization = "%{org_id}"
role = "%{role}"
members = ["user:[email protected]", "user:[email protected]"]
}
`, context)
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package securitycenterv2_test

import (
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-provider-google/google/acctest"
"github.com/hashicorp/terraform-provider-google/google/envvar"
)

func TestAccSecurityCenterV2OrganizationSource_basic(t *testing.T) {
t.Parallel()

orgId := envvar.GetTestOrgFromEnv(t)
suffix := acctest.RandString(t, 10)

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
Steps: []resource.TestStep{
{
Config: testAccSecurityCenterSource_sccSourceBasicExample(orgId, suffix, "My description"),
},
{
ResourceName: "google_scc_v2_organization_source.custom_source",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccSecurityCenterSource_sccSourceBasicExample(orgId, suffix, ""),
},
{
ResourceName: "google_scc_v2_organization_source.custom_source",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testAccSecurityCenterSource_sccSourceBasicExample(orgId, suffix, description string) string {
return fmt.Sprintf(`
resource "google_scc_v2_organization_source" "custom_source" {
display_name = "TFSrc %s"
organization = "%s"
description = "%s"
}
`, suffix, orgId, description)
}