Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changing IAM audit config to be authoritative #2438

Merged
merged 2 commits into from
Oct 7, 2019

Conversation

slevenick
Copy link
Contributor

@slevenick slevenick commented Oct 7, 2019

Release Note Template for Downstream PRs (will be copied)

`iam_audit_config`: Overwrites existing audit config on create. Previous implementation merged config with existing audit config on create.

@modular-magician
Copy link
Collaborator

3.0.0 diff report as of da96a66

TPG Diff
TPGB Diff
Mapper Diff

@slevenick slevenick requested a review from rileykarson October 7, 2019 18:05
Copy link
Member

@rileykarson rileykarson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM- I think we can remove mergeAuditConfigs too.


ac := getResourceIamAuditConfig(d)
modifyF := func(ep *cloudresourcemanager.Policy) error {
ep.AuditConfigs = mergeAuditConfigs(append(ep.AuditConfigs, ac))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is mergeAuditConfigs still in use anywhere? As far as I can tell, the last user is it testing itself.

@rileykarson
Copy link
Member

rileykarson commented Oct 7, 2019

Hmm, actually I'm not sure what's going on with the diff in tpg. Definitely unrelated, at least.

@modular-magician
Copy link
Collaborator

3.0.0 diff report as of 62b0ea0

TPG Diff
TPGB Diff
Mapper Diff

@slevenick slevenick merged commit 7ab1103 into GoogleCloudPlatform:3.0.0 Oct 7, 2019
rileykarson pushed a commit that referenced this pull request Oct 15, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
rileykarson pushed a commit that referenced this pull request Oct 24, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
rileykarson pushed a commit that referenced this pull request Nov 6, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
slevenick added a commit that referenced this pull request Nov 6, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
slevenick added a commit that referenced this pull request Nov 7, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
rileykarson pushed a commit that referenced this pull request Nov 11, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
slevenick added a commit that referenced this pull request Nov 12, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
rileykarson pushed a commit that referenced this pull request Nov 13, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
rileykarson added a commit that referenced this pull request Nov 13, 2019
* cloudbuild build trigger's trigger template should be required in 3.0.0. (#2352)

* cloudbuild build trigger's trigger template should be required in 3.0.0.

* Make backend_service.backends.group required. (#2373)

* Remove Removed fields (#2391)

* deprecated-->removed event notification config (#2390)

* deprecated-->removed event notification config

* remove singular config from tests/docs

* pluralize

* Update third_party/terraform/tests/resource_cloudiot_registry_test.go

Co-Authored-By: Riley Karson <[email protected]>

* Delete google_project_services in 3.0.0. (#2403)

* Changing IAM audit config to be authoritative (#2438)

* Changing IAM audit config to be authoritative

* Remove unused code + test

* Removing deprecated fields (#2436)

* Add validation for scratch disks in Instance Template (#2282)

* Add validation for scratch disks

* Remove source from scratch disk

* Use hardcoded image

* Add reverse logic

* Change default id format from {{name}} to self_link_uri (#2461)

* Change default id format from {{name}} to self_link_uri

* Updates to generated id formats (#2460)

* Update ID fields for various MM-generated resources

* gofmt -s -w extra file

* Add userinfo.email to default scopes (#2473)

* Set GKE Stackdriver defaults to GKE Stackdriver Monitoring (#2471)

* only allow instance templates with 375gb scratch disks (#2495)

* Update cloudfunction id for 3.0.0 release (#2501)

* handle cloudfunctions deprecating nodejs6 (#2499)

* Handwritten id updates for several compute resources (#2502)

* Composer environment and compute attached disk id updates

* Add compute instance

* Add instance_from_group and instance_group

* IGM id

* Instance template tests passing

* Add new id format to other calls of parseImportId in IGM

* Small refactor to memoize var

* Refactor, remove parseImportId in IGM

* handle legacy network deprecation (#2508)

* Fix gofmt diff in Cloud Functions (#2542)

* More handwritten ids (#2527)

* Fix cloudfunction formatting, migrate RIGM id

* Update security policy resource id

* Update target pool id format

* Add new id for container cluster

* Node pool id updates

* PR feedback, using parseImportId for container resources

* Formatting

* fix container cluster (#2550)

* Datasource id updates (#2544)

* Update datasources

* formatting

* Even more handwritten ids (#2540)

* Dataproc cluster, job, google project

* Update sql ssl cert, database instance ids

* Project id comparison include projects/

* remove kubernetes_dashboard from google_container_cluster (#2551)

* Add back encoder that always sends autoCreateSubnetworks (#2558)

* Allow defining empty taint, remove old DSF (#2537)

* Remove encoder, can be done as send_empty_value on autoCreateSubnetworks (#2559)

* deprecate 0.11 syntax in docs (datasources) (#2573)

* deprecate 0.11 syntax in docs (resources) (#2574)

* deprecate 0.11 syntax in docs (magic modules examples) (#2579)

* remove long name behavior for pubsub subscriptions, clean up cu… (#2561)

* remove long name behavior for pubsub subscriptions, clean up custom expanders

* fix build

* fix tests

* Fix merge conflict in rigm test

* Remove unused regexes from rigm (#2602)

* Fix missing paren + bad var in resourcepolicy datasource 3.0.0 (#2600)

* Test fixes based on integration tests, id formats + other easy fixes (#2605)

* Test fixes based on integration tests, id formats + other easy fixes

* Compute network id test update

* Fix region disk test id

* Update subnetwork to remove enable_flow_logs and depend on log_config instead (#2597)

* Test updates to not depend on id format. Also test fixes (#2609)

* Test updates to not depend on id format. Also test fixes

* Typo

* location -> region in node pool test

* Cluster test fixes (#2611)

* Fix container cluster tests, and signed url key, instance group

* Fix invalid accessor

* Update hand-written resources with `AtLeastOneOf` and `ExactlyOneOf` attributes (#2608)

* Rigm/igm field removals for 3.0.0 (#2595)

* Remove deprecated IGM fields for 3.0

* fix imports (#2619)

* Remove automatic subnetwork creation in GKE (#2615)

* Remove automatic subnetwork creation in GKE

* Update docs, add Computed

* More integration test fixes (#2617)

* Fix bigtable for real, scratch disk size, target pool checks

* Proxy test fixes

* CloudIOT registry set removed field to nil. Add specific id format for access context manager

* (r)igm imports for customdiff (#2623)

* (r)igm imports for customdiff

* Fix schema issues

* Fix IGM custom diff and reuse method between resources (#2624)

* Forwardingrule ip address (#2620)

add the validation function

* Remove unused sort import from rigm (#2625)

* add composer test fixes, backend bucket signed url key (#2631)

* Stop users from specifying bigquery-json in 3.0.0 (#2626)

* Send null logConfig if subnetwork is L7ILB (#2635)

* Send null logConfig if subnetwork is L7ILB

* Move subnet ilb check to only if logConfig unspecified

* deprecate 0.11 syntax in tests (datasources) (#2593)

* Make master_authorized_networks_config.cidr_blocks Optional in… (#2642)

* Make master_authorized_networks_config.cidr_blocks Optional in GKE

* Add note

* update magic module-generated resources with at_least_one_of (#2639)

* add exactly_one_of to magic modules

update comment

* Update Data Fusion Instance to conform with 3.0.0 id updates (#2649)

* Fix IAM doc id_format to new post 3.0.0 style

* Add note on id format changes (#2656)

* Add upgrade guide for subnetwork log_config (#2653)

* Add upgrade guide for subnetwork log_config

* Add examples for subnet logConfig update

* Wording on upgrade guide

* Add note on audit log config (#2658)

* Add misc entries to the upgrade guide (#2657)

* Add misc entries to the upgrade guide

* Remove extra space

* add info on scratch disk size and remove duplicate kms_key_self… (#2659)

* Add upgrade guide notes. (#2663)

* Add upgrade guide for forwarding rule validation (#2666)

* Convert old import formats (using non-/) to use /. (#2638)

* Convert old import formats (using non-/) to use /.

* Upgrade proofreading (#2668)

* Add upgrade note for IoT registry event_notification_configs (#2390) (#2651)

Merged PR #2651.

* sort upgrade guide; change wording in a few places

* Password is not actually required. (#2670)

* Add improved for_each non-module variant to project service upg… (#2671)

* Update bigtable import & tests to 3.0 (#2673)

* update upgrade guide (#2665)

* update formatting for upgrade doc (#2674)

* Add rigm to upgrade guide (#2667)

Update docs to be accurate for 3.0

* proofreading changes (#2676)

* Add back lost newlines
rileykarson pushed a commit that referenced this pull request Nov 13, 2019
* Changing IAM audit config to be authoritative

* Remove unused code + test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants