Added name field to both custom project and org roles #3370
Conversation
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
|
@googlebot I signed it! |
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
|
Hello! I am a robot who works on Magic Modules PRs. I have detected that you are a community contributor, so your PR will be assigned to someone with a commit-bit on this repo for initial review. Thanks for your contribution! A human will be with you soon. @c2thorn, please review this PR or find an appropriate assignee. |
There was a problem hiding this comment.
Hi @upodroid, thanks for your submission! A few things to address here:
In your issue, it looked like you ran into a problem referencing role_id instead of id. id is an inherit attribute that most resources have, so it usually isn't called out specifically in docs. But it certainly won't hurt to add.
Your submission adds name, which is a valid attribute since it is returned from the API, but doesn't really seem to solve the original issue you had since id already exists. I added a comment in the name description to try to make it more clear that they are the same.
| @@ -122,6 +122,7 @@ func resourceGoogleOrganizationIamCustomRoleRead(d *schema.ResourceData, meta in | |||
| d.Set("role_id", parsedRoleName.Name) | |||
| d.Set("org_id", parsedRoleName.OrgId) | |||
| d.Set("title", role.Title) | |||
| d.Set("name", role.Name) | |||
There was a problem hiding this comment.
name won't appear in state until the field is established as part of the schema. It will need to be set to Computed: true as well.
There was a problem hiding this comment.
Do I set this in the schema definition on resourceGoogleProjectIamCustomRole function?
There was a problem hiding this comment.
Yep, within the schema map. Just needs to be set to a string and computed.
| @@ -60,6 +60,8 @@ exported: | |||
|
|
|||
| * `deleted` - (Optional) The current deleted state of the role. | |||
|
|
|||
| * `name` - The name of the role which can be used with iam role bindings in the format `organizations/{{org_id}}/roles/{{role_id}}` | |||
There was a problem hiding this comment.
Let's separate out the definition and make the recommendation a bit more generic. Something like:
| * `name` - The name of the role which can be used with iam role bindings in the format `organizations/{{org_id}}/roles/{{role_id}}` | |
| * `name` - The name of the role in the format `organizations/{{org_id}}/roles/{{role_id}}`. Like `id`, this field can be used as a reference in other resources such as IAM role bindings. |
| @@ -28,7 +28,8 @@ Four different resources help you manage your IAM policy for a project. Each of | |||
| from anyone without organization-level access to the project. Proceed with caution. | |||
| It's not recommended to use `google_project_iam_policy` with your provider project | |||
| to avoid locking yourself out, and it should generally only be used with projects | |||
| fully managed by Terraform. | |||
| fully managed by Terraform. If you do use this resource, **import** the policy before | |||
There was a problem hiding this comment.
| fully managed by Terraform. If you do use this resource, **import** the policy before | |
| fully managed by Terraform. If you do use this resource, it is recommended to **import** the policy before |
| @@ -49,7 +49,7 @@ The following arguments are supported: | |||
|
|
|||
| * `stage` - (Optional) The current launch stage of the role. | |||
| Defaults to `GA`. | |||
| List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/organizations.roles#Role.RoleLaunchStage). | |||
| List of possible stages is [here](https://cloud.google.com/iam/reference/rest/v1/projects.roles#Role.RoleLaunchStage). | |||
There was a problem hiding this comment.
Looks like only the "organizations" version of the link works, this version doesn't point to role launch stages
| @@ -60,6 +60,8 @@ exported: | |||
|
|
|||
| * `deleted` - (Optional) The current deleted state of the role. | |||
|
|
|||
| * `name` - The name of the role which can be used with iam role bindings in the format `projects/{{project}}/roles/{{role_id}}` | |||
There was a problem hiding this comment.
See the suggestion for google_organization_iam_custom_role
| @@ -126,6 +126,7 @@ func resourceGoogleProjectIamCustomRoleRead(d *schema.ResourceData, meta interfa | |||
|
|
|||
| d.Set("role_id", GetResourceNameFromSelfLink(role.Name)) | |||
| d.Set("title", role.Title) | |||
| d.Set("name", role.Name) | |||
|
I fixed all the issues in the comments. I also added the id field to make it clear for new terraform users. I knew the about the id field because I heard that it will be replacing selflinks in the future. |
third_party/terraform/resources/resource_google_organization_iam_custom_role.go
Outdated
Show resolved
Hide resolved
third_party/terraform/resources/resource_google_project_iam_custom_role.go
Outdated
Show resolved
Hide resolved
…am_custom_role.go Co-Authored-By: Cameron Thornton <[email protected]>
…stom_role.go Co-Authored-By: Cameron Thornton <[email protected]>
|
Oopsie, copy and paste |
…tform#3370) * added name field to both custom project and org roles * patched the schema to include computed values * Update third_party/terraform/resources/resource_google_organization_iam_custom_role.go Co-Authored-By: Cameron Thornton <[email protected]> * Update third_party/terraform/resources/resource_google_project_iam_custom_role.go Co-Authored-By: Cameron Thornton <[email protected]> Co-authored-by: Cameron Thornton <[email protected]>
I updated the custom roles to export the name attribute so it can be used with iam role bindings.
I also updated the project_iam_policy article to include a note about importing the policy first before applying the change.
Fixes: hashicorp/terraform-provider-google#6089
https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles#resource:-role
Release Note Template for Downstream PRs (will be copied)