Skip to content

Commit

Permalink
Validate on deleted IAM members
Browse files Browse the repository at this point in the history 
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
@slevenick @modular-magician
slevenick authored and modular-magician committed Nov 21, 2019
1 parent bac54ae commit 1fdf9d8
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 5 deletions.
9 changes: 7 additions & 2 deletions google/data_source_google_iam_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@ package google

import (
"encoding/json"
"regexp"
"sort"
"strconv"

"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"google.golang.org/api/cloudresourcemanager/v1"
)

Expand Down Expand Up @@ -38,8 +40,11 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
"members": {
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM policies for deleted principals"),
},
Set: schema.HashString,
},
},
},
Expand Down
3 changes: 3 additions & 0 deletions google/resource_iam_binding.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,11 @@ import (
"errors"
"fmt"
"log"
"regexp"
"strings"

"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"google.golang.org/api/cloudresourcemanager/v1"
)

Expand All @@ -22,6 +24,7 @@ var iamBindingSchema = map[string]*schema.Schema{
Elem: &schema.Schema{
Type: schema.TypeString,
DiffSuppressFunc: caseDiffSuppress,
ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM bindings for deleted principals"),
},
Set: func(v interface{}) int {
return schema.HashString(strings.ToLower(v.(string)))
Expand Down
3 changes: 3 additions & 0 deletions google/resource_iam_member.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,11 @@ import (
"errors"
"fmt"
"log"
"regexp"
"strings"

"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"google.golang.org/api/cloudresourcemanager/v1"
)

Expand All @@ -21,6 +23,7 @@ var IamMemberBaseSchema = map[string]*schema.Schema{
Required: true,
ForceNew: true,
DiffSuppressFunc: caseDiffSuppress,
ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM members for deleted principals"),
},
"etag": {
Type: schema.TypeString,
Expand Down
5 changes: 2 additions & 3 deletions website/docs/r/bigtable_gc_policy.html.markdown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ resource "google_bigtable_gc_policy" "policy" {
```

Multiple conditions is also supported. `UNION` when any of its sub-policies apply (OR). `INTERSECTION` when all its sub-policies apply (AND)

```hcl
resource "google_bigtable_gc_policy" "policy" {
instance_name = google_bigtable_instance.instance.name
Expand All @@ -71,11 +70,11 @@ resource "google_bigtable_gc_policy" "policy" {

The following arguments are supported:

* `table` - (Required) The name of the table.
* `name` - (Required) The name of the table.

* `instance_name` - (Required) The name of the Bigtable instance.

* `column_family` - (Required) The name of the column family.
* `family` - (Required) The name of the column family.

* `project` - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Expand Down

0 comments on commit 1fdf9d8

Please sign in to comment.