Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

generate compute instance and subnetwork iam #2647

Merged
merged 4 commits into from
Nov 12, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build/terraform
2 changes: 1 addition & 1 deletion build/terraform-beta
17 changes: 16 additions & 1 deletion products/compute/terraform.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -857,7 +857,18 @@ overrides: !ruby/object:Overrides::ResourceOverrides
insert_minutes: 6
update_minutes: 6
delete_minutes: 6
exclude: true
iam_policy: !ruby/object:Api::Resource::IamPolicy
allowed_iam_role: 'roles/compute.osLogin'
parent_resource_attribute: 'instance_name'
iam_conditions_request_type: :QUERY_PARAM
exclude_resource: true
examples:
- !ruby/object:Provider::Terraform::Examples
name: "instance_basic"
primary_resource_id: "default"
vars:
instance_name: "my-instance"
primary_resource_name: "fmt.Sprintf(\"my-instance%s\", context[\"random_suffix\"])"
InstanceGroup: !ruby/object:Overrides::Terraform::ResourceOverride
exclude: true
InstanceGroupManager: !ruby/object:Overrides::Terraform::ResourceOverride
Expand Down Expand Up @@ -1663,6 +1674,9 @@ overrides: !ruby/object:Overrides::ResourceOverrides
update_minutes: 6
delete_minutes: 6
id_format: "{{region}}/{{name}}"
iam_policy: !ruby/object:Api::Resource::IamPolicy
allowed_iam_role: 'roles/compute.networkUser'
parent_resource_attribute: 'subnetwork'
properties:
id: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
Expand Down Expand Up @@ -1713,6 +1727,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
vars:
subnetwork_name: "test-subnetwork"
network_name: "test-network"
primary_resource_name: "fmt.Sprintf(\"test-subnetwork%s\", context[\"random_suffix\"])"
- !ruby/object:Provider::Terraform::Examples
name: "subnetwork_logging_config"
primary_resource_id: "subnet-with-logging"
Expand Down
2 changes: 1 addition & 1 deletion products/iap/terraform.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
exclude: false
method_name_separator: ':'
parent_resource_type: 'google_app_engine_standard_app_version'
parent_resource_attribute: 'version'
parent_resource_attribute: 'version_id'
fetch_iam_policy_verb: :POST
allowed_iam_role: 'roles/iap.httpsResourceAccessor'
example_config_body: 'templates/terraform/iam/example_config_body/app_engine_version.tf.erb'
Expand Down
15 changes: 15 additions & 0 deletions templates/terraform/examples/instance_basic.tf.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
resource "google_compute_instance" "<%= ctx[:primary_resource_id] %>" {
name = "<%= ctx[:vars]['instance_name'] %>"
zone = "<%= ctx[:vars]['zone_name'] %>"
machine_type = "n1-standard-1"

boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}

network_interface {
network = "default"
}
}
13 changes: 7 additions & 6 deletions templates/terraform/iam_policy.go.erb
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ import (
<% resource_name = product_ns + object.name -%>
<%
resource_uri = object.self_link_url
resource_params = extract_identifiers(resource_uri.gsub('{{name}}', "{{#{object.name.underscore}}}"))
parent_resource_name = object.iam_policy.parent_resource_attribute || object.name.underscore
resource_params = extract_identifiers(resource_uri.gsub('{{name}}', "{{#{parent_resource_name}}}"))
-%>

var <%= resource_name -%>IamSchema = map[string]*schema.Schema{
Expand Down Expand Up @@ -88,7 +89,7 @@ func <%= resource_name -%>IamUpdaterProducer(d *schema.ResourceData, config *Con
<% end # resource_params.each -%>

// We may have gotten either a long or short name, so attempt to parse long name if possible
m, err := getImportIdQualifiers([]string{"<%= import_id_formats(object).map{|s| format2regex s}.map{|s| s.gsub('<name>', "<#{object.name.underscore}>")}.join('","') -%>"}, d, config, d.Get("<%= resource_params.last.underscore -%>").(string))
m, err := getImportIdQualifiers([]string{"<%= import_id_formats(object).map{|s| format2regex s}.map{|s| s.gsub('<name>', "<#{object.name.underscore}>")}.join('","') -%>"}, d, config, d.Get("<%= parent_resource_name -%>").(string))
if err != nil {
return nil, err
}
Expand All @@ -112,7 +113,7 @@ func <%= resource_name -%>IamUpdaterProducer(d *schema.ResourceData, config *Con
d.Set("project", u.project)
<% else -%>
<%# Set the last parameter as the long name (unless it is project) -%>
d.Set("<%= resource_params.last.underscore -%>", u.GetResourceId())
d.Set("<%= parent_resource_name -%>", u.GetResourceId())
<% end -%>
<% else -%>
d.Set("<%= param.underscore -%>", u.<%= param.camelize(:lower) -%>)
Expand Down Expand Up @@ -157,7 +158,7 @@ func <%= resource_name -%>IdParseFunc(d *schema.ResourceData, config *Config) er
d.Set("project", u.project)
<% else -%>
<%# Set resource long name in state, this has all the information that we need to identify it -%>
d.Set("<%= resource_params.last.underscore -%>", u.GetResourceId())
d.Set("<%= parent_resource_name -%>", u.GetResourceId())
<% end -%>
d.SetId(u.GetResourceId())
return nil
Expand All @@ -177,7 +178,7 @@ func (u *<%= resource_name -%>IamUpdater) GetResourceIamPolicy() (*cloudresource
<% if object.iam_policy.iam_conditions_request_type == :QUERY_PARAM -%>
url, err = addQueryParams(url, map[string]string{"optionsRequestedPolicyVersion": fmt.Sprintf("%d", iamPolicyVersion)})
if err != nil {
return err
return nil, err
}
<% elsif object.iam_policy.iam_conditions_request_type == :REQUEST_BODY -%>
obj = map[string]interface{}{
Expand Down Expand Up @@ -236,7 +237,7 @@ func (u *<%= resource_name -%>IamUpdater) qualify<%= object.name -%>Url(methodId
}

func (u *<%= resource_name -%>IamUpdater) GetResourceId() string {
return fmt.Sprintf("<%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}").gsub(/({{)(\w+)(}})/, '%s') -%>", <%= string_qualifiers -%>)
return fmt.Sprintf("<%= import_url -%>", <%= string_qualifiers -%>)
}

func (u *<%= resource_name -%>IamUpdater) GetMutexKey() string {
Expand Down
27 changes: 23 additions & 4 deletions templates/terraform/resource_iam.html.markdown.erb
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,11 @@ The following arguments are supported:

<% url_properties.each do |param| -%>
<% if param.name == "name" -%>
* `<%= object.name.underscore -%>` - (Required) Used to find the parent resource to bind the IAM policy to
* `<%= object.iam_policy.parent_resource_attribute || object.name.underscore -%>` - (Required) Used to find the parent resource to bind the IAM policy to
<% elsif ["region", "zone"].include?(param.name.underscore) -%>
* `<%= param.name.underscore -%>` - (Optional) <%= param.description -%> Used to find the parent resource to bind the IAM policy to. If not specified,
the value will be parsed from the identifier of the parent resource. If no <%= param.name.underscore -%> is provided in the parent identifier and no
<%= param.name.underscore -%> is specified, it is taken from the provider configuration.
<% else -%>
* `<%= param.name.underscore -%>` - (Required) <%= param.description -%> Used to find the parent resource to bind the IAM policy to
<% end -%>
Expand Down Expand Up @@ -243,14 +247,29 @@ exported:

## Import

<%= product_ns -%> <%= object.name.downcase -%> IAM resources can be imported using the project, resource identifiers, role and member.
For all import syntaxes, the "resource in question" can take any of the following forms:

<% import_id_formats(object).each do |id_format| -%>
* <%= id_format %>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we don't support partial import ID formats with resource-type qualifiers anymore, right? i.e. regions/reg/instances/X vs projects/proj/regions/reg/instances/X?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We support whatever the parent resource supports, so if we wanted to we could add more into the default formats (or the resource-specific lists), but we don't right now.

<% end -%>

Any variables not passed in the import command will be taken from the provider configuration.

<%= product_ns -%> <%= object.name.downcase -%> IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
```
$ terraform import <% if object.min_version.name == 'beta' %>-provider=google-beta <% end -%><%= resource_ns_iam -%>_member.editor "<%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}") -%> <%= object.iam_policy.allowed_iam_role -%> [email protected]"
```
$ terraform import <%= resource_ns_iam -%>_policy.editor <%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}") %>

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
```
$ terraform import <%= resource_ns_iam -%>_binding.editor "<%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}") -%> <%= object.iam_policy.allowed_iam_role -%>"
```

$ terraform import <%= resource_ns_iam -%>_member.editor "<%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}") -%> <%= object.iam_policy.allowed_iam_role -%> [email protected]"
IAM policy imports use the identifier of the resource in question, e.g.
```
$ terraform import <% if object.min_version.name == 'beta' %>-provider=google-beta <% end -%><%= resource_ns_iam -%>_policy.editor <%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}") %>
```

-> If you're importing a resource with beta features, make sure to include `-provider=google-beta`
Expand Down
147 changes: 0 additions & 147 deletions third_party/terraform/resources/iam_compute_instance.go

This file was deleted.

Loading