Add cloud identity group #3696
Add cloud identity group #3696
Conversation
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 13 files changed, 129 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122165" |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 13 files changed, 60 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122166" |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 52 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122167" |
| @@ -1,7 +1,11 @@ | |||
| // `name` is autogenerated from the api so needs to be set post-create | |||
| name, ok := res["name"] | |||
| if !ok { | |||
| return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.") | |||
| name, ok = res["response"].(map[string]interface{})["name"] | |||
There was a problem hiding this comment.
If an api response doesn't have "name" or "response" for whatever reason, wouldn't this be a nil ptr?
| - !ruby/object:Api::Type::NestedObject | ||
| name: 'groupKey' | ||
| required: true | ||
| input: true |
There was a problem hiding this comment.
Should id and namespace also be marked input: true?
| }) | ||
| } | ||
|
|
||
| func testAccCloudIdentityGroup_basic(context map[string]interface{}) string { |
There was a problem hiding this comment.
This is the same as testAccCloudIdentityGroup_cloudIdentityGroupsBasicExample, right? want to just use that?
There was a problem hiding this comment.
Ah, yes! I thought the random suffixes would be different between the two, but just tried it and it worked. Thanks!
| @@ -17,5 +17,7 @@ | |||
| "<%= var_name -%>": getTestProjectFromEnv(), | |||
| <% elsif var_type == :FIRESTORE_PROJECT_NAME -%> | |||
| "<%= var_name -%>": getTestFirestoreProjectFromEnv(t), | |||
| <% elsif var_type == :CUST_ID -%> | |||
There was a problem hiding this comment.
I think you also need to add something to provider/terraform/examples.rb to get the cust_id to appear in the docs example
products/cloudidentity/api.yaml
Outdated
|
|
||
| If specified, the EntityKey represents an external-identity-mapped group. | ||
| The namespace must correspond to an identity source created in Admin Console | ||
| and must be in the form of `identitysources/{identity_source_id}. |
There was a problem hiding this comment.
| and must be in the form of `identitysources/{identity_source_id}. | |
| and must be in the form of `identitysources/{identity_source_id}`. |
| @@ -190,6 +190,7 @@ var <%= product[:definitions].name -%>DefaultBasePath = "<%= product[:definition | |||
| var defaultClientScopes = []string{ | |||
| "https://www.googleapis.com/auth/compute", | |||
| "https://www.googleapis.com/auth/cloud-platform", | |||
| "https://www.googleapis.com/auth/cloud-identity", | |||
There was a problem hiding this comment.
It's probably worth adding a note to the changelog about this (we did last time: #2473)
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 52 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122393" |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 52 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122393" |
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
Co-authored-by: Dana Hoffman <[email protected]>
Co-authored-by: Dana Hoffman <[email protected]>
megan07
force-pushed
the
megan_cloudidentity
branch
from
8f26ad5 to
fbe00bc
Compare
|
CLAs look good, thanks! ℹ️ Googlers: Go here for more info. |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 92 insertions(+), 10 deletions(-)) |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 92 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122399" |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 92 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122407" |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 92 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122411" |
products/cloudidentity/api.yaml
Outdated
| resource: 'Group' | ||
| imports: 'name' | ||
| description: | | ||
| The name of the Group to create this membership. |
There was a problem hiding this comment.
| The name of the Group to create this membership. | |
| The name of the Group to create this membership in. |
| The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}. | ||
| - !ruby/object:Api::Type::NestedObject | ||
| name: 'memberKey' | ||
| input: true |
There was a problem hiding this comment.
Same thing here wrt input: true on id/namespace
| and must be in the form of `identitysources/{identity_source_id}. | ||
| - !ruby/object:Api::Type::NestedObject | ||
| name: 'preferredMemberKey' | ||
| input: true |
products/cloudidentity/api.yaml
Outdated
| name: 'roles' | ||
| description: | | ||
| The MembershipRoles that apply to the Membership. | ||
| If unspecified, defaults to a single MembershipRole with name MEMBER. |
There was a problem hiding this comment.
Is this true? It's not marked as computed. Or is it just not returned from the API?
There was a problem hiding this comment.
After double-checking, this appears to not be true? I tried not including it and got an error, so I'm just going to mark this as required.
products/cloudidentity/api.yaml
Outdated
| name: 'type' | ||
| output: true | ||
| description: | | ||
| # The type of the membership. |
There was a problem hiding this comment.
| # The type of the membership. | |
| The type of the membership. |
|
|
||
| resource "google_cloud_identity_group_membership" "<%= ctx[:primary_resource_id] %>" { | ||
| provider = google-beta | ||
| group = google_cloud_identity_group.group.name |
There was a problem hiding this comment.
Can this be .id instead of .name? https://github.com/terraform-providers/terraform-provider-google/wiki/Developer-Best-Practices#self-links-names-and-ids
products/cloudidentity/api.yaml
Outdated
|
|
||
| If specified, the EntityKey represents an external-identity-mapped group. | ||
| The namespace must correspond to an identity source created in Admin Console | ||
| and must be in the form of `identitysources/{identity_source_id}. |
There was a problem hiding this comment.
| and must be in the form of `identitysources/{identity_source_id}. | |
| and must be in the form of `identitysources/{identity_source_id}`. |
| post_create: templates/terraform/post_create/set_computed_name.erb | ||
| GroupMembership: !ruby/object:Overrides::Terraform::ResourceOverride | ||
| import_format: ["{{name}}"] | ||
| examples: |
There was a problem hiding this comment.
Even though it's really similar, I think people would probably appreciate an example showing how to add a user in addition to the existing one for adding a child group.
There was a problem hiding this comment.
I agree, I started with that, but the user has to exist, and I can't create that with terraform, I don't believe. Do you want me to put an example in that is skip_test: true and hard-code an example email?
There was a problem hiding this comment.
Does the user have to be in the org in question? If not I think we have a bunch of tests that use various emails belonging to people (like Paddy)
There was a problem hiding this comment.
Yea, it has to end with the org_domain.
There was a problem hiding this comment.
I put the example in with skip_test, I tested it first with a user I created in our org, and it worked, so I'm confident it will work.
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 92 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122425" |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 92 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122432" |
| test_env_vars: | ||
| org_domain: :ORG_DOMAIN | ||
| cust_id: :CUST_ID | ||
| admin_user: :ADMIN_USER |
There was a problem hiding this comment.
do they have to be an admin?
There was a problem hiding this comment.
i don't believe so. i did this to separate that it has to be a user in admin console rather than a user in a project. maybe IDENTITY_USER might be more descriptive? i was trying to think on it last night, that's the best i could come up with.
| parent = "customers/<%= ctx[:test_env_vars]['cust_id'] %>" | ||
|
|
||
| group_key { | ||
| id = "<%= ctx[:vars]['id_group'] %>-child@<%= ctx[:test_env_vars]['org_domain'] %>" |
There was a problem hiding this comment.
watch out for tabs vs spaces
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 12 files changed, 92 insertions(+), 10 deletions(-)) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=122650" |
Fixes hashicorp/terraform-provider-google#3479
I've commented out a few un-implemented things (per email thread), but will update/include them as I hear back from the rest of the team.
Release Note Template for Downstream PRs (will be copied)