Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make binding optional for iam_policy data source #2359

Merged
merged 5 commits into from
Jan 10, 2020
Merged

Make binding optional for iam_policy data source #2359

merged 5 commits into from
Jan 10, 2020

Conversation

slevenick
Copy link
Contributor

@slevenick slevenick commented Sep 23, 2019
edited
Loading

This will allow a user to specify an IAM policy with no bindings. This can be useful if the user wants to ensure an IAM policy hasn't been manually created

fixes: hashicorp/terraform-provider-google#4500

Release Note for Downstream PRs (will be copied)

`iam`: Allow for empty bindings in `data_source_google_iam_policy` data source

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, abeb2a7.

Pull request statuses

No diff detected in terraform-google-conversion.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed.
depends: hashicorp/terraform-provider-google-beta#1173
depends: hashicorp/terraform-provider-google#4525

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 8e19c1f.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

danawillow
danawillow suggested changes Sep 24, 2019
View reviewed changes
Copy link
Contributor

@danawillow danawillow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not totally sure this change is necessary to solve the issue in question (vs just saying bindings = []). Can you confirm?

Also, can you add a comment in the schema about why this is optional, as well as a link in your PR description to the issue it fixes?

@slevenick
Copy link
Contributor Author

I'm not totally sure this change is necessary to solve the issue in question (vs just saying bindings = []). Can you confirm?

Also, can you add a comment in the schema about why this is optional, as well as a link in your PR description to the issue it fixes?

👍 Will do.

We can't specify bindings = [] in a config, and binding {} also fails,

Error: Unsupported argument

  on file.tf line 6, in data "google_iam_policy" "admin":
   6:     bindings = []

An argument named "bindings" is not expected here.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, ed82274.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@emilymye
Copy link
Contributor

LGTM, but out of curiousity, does (singular) binding = [] work? based on error message it could be plural/single issue, but I also don't know if this set-to-list syntax is valid in 0.12

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 69c403d.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@modular-magician modular-magician merged commit 3c02e6a into GoogleCloudPlatform:master Jan 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emilymye emilymye emilymye approved these changes

@danawillow danawillow danawillow approved these changes

Assignees
No one assigned
Labels
automerged cla: yes downstream-generated terraform-provider-google terraform-provider-google-beta
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

google_iam_policy should allow to use empty binding (without any members/roles) or not requiring binding field
5 participants
@slevenick @modular-magician @emilymye @danawillow @googlebot