Add support for access_context_manager_access_level (#149)

/cc @rileykarson
hashicorp · Nov 30, 2018 · c949f93 · c949f93
1 parent 94faaee
commit c949f93
Show file tree

Hide file tree

Showing 5 changed files with 1,083 additions and 3 deletions.
diff --git a/google-beta/provider_accesscontextmanager_gen.go b/google-beta/provider_accesscontextmanager_gen.go
@@ -18,4 +18,5 @@ import "github.com/hashicorp/terraform/helper/schema"
 
 var GeneratedAccessContextManagerResourcesMap = map[string]*schema.Resource{
 	"google_access_context_manager_access_policy": resourceAccessContextManagerAccessPolicy(),
+	"google_access_context_manager_access_level":  resourceAccessContextManagerAccessLevel(),
 }
diff --git a/google-beta/resource_access_context_manager_access_level_test.go b/google-beta/resource_access_context_manager_access_level_test.go
@@ -0,0 +1,154 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// Access Context Manager tests need to run serially
+func TestAccAccessContextManagerAccessLevel_basic(t *testing.T) {
+	org := getTestOrgFromEnv(t)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAccessContextManagerAccessLevelDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAccessContextManagerAccessLevel_basic(org, "my policy", "level"),
+			},
+			{
+				ResourceName:      "google_access_context_manager_access_level.test-access",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAccessContextManagerAccessLevel_basicUpdated(org, "my new policy", "level"),
+			},
+			{
+				ResourceName:      "google_access_context_manager_access_level.test-access",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAccessContextManagerAccessLevel_full(t *testing.T) {
+	org := getTestOrgFromEnv(t)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAccessContextManagerAccessLevelDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAccessContextManagerAccessLevel_full(org, "my policy", "level"),
+			},
+			{
+				ResourceName:      "google_access_context_manager_access_level.test-access",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccCheckAccessContextManagerAccessLevelDestroy(s *terraform.State) error {
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_access_context_manager_access_level" {
+			continue
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		url, err := replaceVarsForTest(rs, "https://accesscontextmanager.googleapis.com/v1beta/{{name}}")
+		if err != nil {
+			return err
+		}
+
+		_, err = sendRequest(config, "GET", url, nil)
+		if err == nil {
+			return fmt.Errorf("AccessLevel still exists at %s", url)
+		}
+	}
+
+	return nil
+}
+
+func testAccAccessContextManagerAccessLevel_basic(org, policyTitle, levelTitleName string) string {
+	return fmt.Sprintf(`
+resource "google_access_context_manager_access_policy" "test-access" {
+  parent = "organizations/%s"
+  title  = "%s"
+}
+
+resource "google_access_context_manager_access_level" "test-access" {
+  parent      = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}"
+  name        = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/accessLevels/%s"
+  title       = "%s"
+  description = "hello"
+  basic {
+    combining_function = "AND"
+    conditions {
+      ip_subnetworks = ["192.0.4.0/24"]
+    }
+  }
+}
+`, org, policyTitle, levelTitleName, levelTitleName)
+}
+
+func testAccAccessContextManagerAccessLevel_basicUpdated(org, policyTitle, levelTitleName string) string {
+	return fmt.Sprintf(`
+resource "google_access_context_manager_access_policy" "test-access" {
+  parent = "organizations/%s"
+  title  = "%s"
+}
+
+resource "google_access_context_manager_access_level" "test-access" {
+  parent      = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}"
+  name        = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/accessLevels/%s"
+  title       = "%s"
+  description = "hello"
+  basic {
+    combining_function = "OR"
+    conditions {
+      ip_subnetworks = ["192.0.2.0/24"]
+    }
+  }
+}
+`, org, policyTitle, levelTitleName, levelTitleName)
+}
+
+func testAccAccessContextManagerAccessLevel_full(org, policyTitle, levelTitleName string) string {
+	return fmt.Sprintf(`
+resource "google_access_context_manager_access_policy" "test-access" {
+  parent = "organizations/%s"
+  title  = "%s"
+}
+
+resource "google_access_context_manager_access_level" "test-access" {
+  parent      = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}"
+  name        = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/accessLevels/%s"
+  title       = "%s"
+  description = "hello"
+  basic {
+    combining_function = "AND"
+    conditions {
+      ip_subnetworks = ["192.0.4.0/24"]
+      members = ["user:[email protected]", "user:[email protected]"]
+      negate = false
+      device_policy {
+        require_screen_lock = false
+        os_constraints {
+          os_type = "IOS"
+        }
+      }
+    }
+  }
+}
+`, org, policyTitle, levelTitleName, levelTitleName)
+}
diff --git a/google-beta/resource_access_context_manager_access_policy_test.go b/google-beta/resource_access_context_manager_access_policy_test.go
@@ -8,10 +8,8 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 )
 
-// We can only have a single test as long as we are using a single organization
+// Access Context Manager tests need to run serially
 func TestAccAccessContextManagerAccessPolicy_basic(t *testing.T) {
-	t.Parallel()
-
 	org := getTestOrgFromEnv(t)
 
 	resource.Test(t, resource.TestCase{