Validate on deleted IAM members

Signed-off-by: Modular Magician <[email protected]>
hashicorp · Nov 21, 2019 · a5384ec · a5384ec
1 parent 5be364d
commit a5384ec
Show file tree

Hide file tree

Showing 146 changed files with 9,699 additions and 10,062 deletions.
diff --git a/google/data_source_google_active_folder_test.go b/google/data_source_google_active_folder_test.go
@@ -90,5 +90,6 @@ data "google_active_folder" "my_folder" {
   parent       = google_folder.foobar.parent
   display_name = google_folder.foobar.display_name
 }
+
 `, parent, displayName)
 }
diff --git a/google/data_source_google_compute_router_test.go b/google/data_source_google_compute_router_test.go
@@ -31,21 +31,19 @@ func TestAccDataSourceComputeRouter(t *testing.T) {
 func testAccDataSourceComputeRouterConfig(name string) string {
 	return fmt.Sprintf(`
 resource "google_compute_network" "foobar" {
-  name                    = "%s"
-  auto_create_subnetworks = false
+    name    = "%s"
+    auto_create_subnetworks = false
 }
-
 resource "google_compute_router" "foobar" {
-  name    = "%s"
-  network = google_compute_network.foobar.name
-  bgp {
-    asn = 64514
-  }
+    name    = "%s"
+    network = "${google_compute_network.foobar.name}"
+    bgp {
+        asn = 64514
+    }
 }
-
 data "google_compute_router" "myrouter" {
-  name    = google_compute_router.foobar.name
-  network = google_compute_network.foobar.name
+    name    = "${google_compute_router.foobar.name}"
+	network	= "${google_compute_network.foobar.name}"
 }
 `, name, name)
 }
diff --git a/google/data_source_google_iam_policy.go b/google/data_source_google_iam_policy.go
@@ -2,11 +2,13 @@ package google
 
 import (
 	"encoding/json"
+	"regexp"
 	"sort"
 	"strconv"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"google.golang.org/api/cloudresourcemanager/v1"
 )
 
@@ -38,8 +40,11 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
 						"members": {
 							Type:     schema.TypeSet,
 							Required: true,
-							Elem:     &schema.Schema{Type: schema.TypeString},
-							Set:      schema.HashString,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM policies for deleted principals"),
+							},
+							Set: schema.HashString,
 						},
 					},
 				},

diff --git a/google/data_source_storage_object_signed_url_test.go b/google/data_source_storage_object_signed_url_test.go
@@ -28,8 +28,7 @@ const fakeCredentials = `{
   "token_uri": "https://accounts.google.com/o/oauth2/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/user%40gcp-project.iam.gserviceaccount.com"
-}
-`
+}`
 
 // The following values are derived from the output of the `gsutil signurl` command.
 // i.e.

diff --git a/google/resource_access_context_manager_service_perimeter_test.go b/google/resource_access_context_manager_service_perimeter_test.go
@@ -139,7 +139,7 @@ resource "google_access_context_manager_service_perimeter" "test-access" {
   perimeter_type = "PERIMETER_TYPE_REGULAR"
   status {
     restricted_services = ["bigquery.googleapis.com"]
-    access_levels       = [google_access_context_manager_access_level.test-access.name]
+    access_levels = ["${google_access_context_manager_access_level.test-access.name}"]
   }
 }
 `, org, policyTitle, levelTitleName, levelTitleName, perimeterTitleName, perimeterTitleName)

diff --git a/google/resource_app_engine_application_test.go b/google/resource_app_engine_application_test.go
@@ -53,12 +53,11 @@ resource "google_project" "acceptance" {
 }
 
 resource "google_app_engine_application" "acceptance" {
-  project        = google_project.acceptance.project_id
-  auth_domain    = "hashicorptest.com"
-  location_id    = "us-central"
-  serving_status = "SERVING"
-}
-`, pid, pid, org)
+  project         = "${google_project.acceptance.project_id}"
+  auth_domain     = "hashicorptest.com"
+  location_id     = "us-central"
+  serving_status  = "SERVING"
+}`, pid, pid, org)
 }
 
 func testAccAppEngineApplication_update(pid, org string) string {
@@ -70,10 +69,9 @@ resource "google_project" "acceptance" {
 }
 
 resource "google_app_engine_application" "acceptance" {
-  project        = google_project.acceptance.project_id
-  auth_domain    = "tf-test.club"
-  location_id    = "us-central"
-  serving_status = "USER_DISABLED"
-}
-`, pid, pid, org)
+  project         = "${google_project.acceptance.project_id}"
+  auth_domain     = "tf-test.club"
+  location_id     = "us-central"
+  serving_status  = "USER_DISABLED"
+}`, pid, pid, org)
 }
diff --git a/google/resource_app_engine_domain_mapping_test.go b/google/resource_app_engine_domain_mapping_test.go
@@ -44,23 +44,21 @@ func testAccAppEngineDomainMapping_basic(domainName string) string {
 	return fmt.Sprintf(`
 resource "google_app_engine_domain_mapping" "domain_mapping" {
   domain_name = "%s.gcp.tfacc.hashicorptest.com"
-
+  
   ssl_settings {
     ssl_management_type = "AUTOMATIC"
   }
-}
-`, domainName)
+}`, domainName)
 }
 
 func testAccAppEngineDomainMapping_update(domainName string) string {
 	return fmt.Sprintf(`
 resource "google_app_engine_domain_mapping" "domain_mapping" {
   domain_name = "%s.gcp.tfacc.hashicorptest.com"
-
+  
   ssl_settings {
-    certificate_id      = ""
+  	certificate_id = ""
     ssl_management_type = "MANUAL"
   }
-}
-`, domainName)
+}`, domainName)
 }
diff --git a/google/resource_big_query_dataset_test.go b/google/resource_big_query_dataset_test.go
@@ -180,56 +180,53 @@ func testAccAddTable(datasetID string, tableID string) resource.TestCheckFunc {
 func testAccBigQueryDataset(datasetID string) string {
 	return fmt.Sprintf(`
 resource "google_bigquery_dataset" "test" {
-  dataset_id                      = "%s"
-  friendly_name                   = "foo"
-  description                     = "This is a foo description"
-  location                        = "EU"
+  dataset_id                  = "%s"
+  friendly_name               = "foo"
+  description                 = "This is a foo description"
+  location                    = "EU"
   default_partition_expiration_ms = 3600000
-  default_table_expiration_ms     = 3600000
+  default_table_expiration_ms = 3600000
 
   labels = {
     env                         = "foo"
     default_table_expiration_ms = 3600000
   }
-}
-`, datasetID)
+}`, datasetID)
 }
 
 func testAccBigQueryDatasetUpdated(datasetID string) string {
 	return fmt.Sprintf(`
 resource "google_bigquery_dataset" "test" {
-  dataset_id                      = "%s"
-  friendly_name                   = "bar"
-  description                     = "This is a bar description"
-  location                        = "EU"
+  dataset_id                  = "%s"
+  friendly_name               = "bar"
+  description                 = "This is a bar description"
+  location                    = "EU"
   default_partition_expiration_ms = 7200000
-  default_table_expiration_ms     = 7200000
+  default_table_expiration_ms = 7200000
 
   labels = {
     env                         = "bar"
     default_table_expiration_ms = 7200000
   }
-}
-`, datasetID)
+}`, datasetID)
 }
 
 func testAccBigQueryDatasetDeleteContents(datasetID string) string {
 	return fmt.Sprintf(`
 resource "google_bigquery_dataset" "contents_test" {
-  dataset_id                      = "%s"
-  friendly_name                   = "foo"
-  description                     = "This is a foo description"
-  location                        = "EU"
+  dataset_id                  = "%s"
+  friendly_name               = "foo"
+  description                 = "This is a foo description"
+  location                    = "EU"
   default_partition_expiration_ms = 3600000
-  default_table_expiration_ms     = 3600000
-  delete_contents_on_destroy      = true
+  default_table_expiration_ms = 3600000
+  delete_contents_on_destroy = true
 
   labels = {
     env                         = "foo"
     default_table_expiration_ms = 3600000
   }
-}
-`, datasetID)
+}`, datasetID)
 }
 
 func testAccBigQueryRegionalDataset(datasetID string, location string) string {
@@ -245,8 +242,7 @@ resource "google_bigquery_dataset" "test" {
     env                         = "foo"
     default_table_expiration_ms = 3600000
   }
-}
-`, datasetID, location)
+}`, datasetID, location)
 }
 
 func testAccBigQueryDatasetWithOneAccess(datasetID string) string {
@@ -263,8 +259,7 @@ resource "google_bigquery_dataset" "access_test" {
     env                         = "foo"
     default_table_expiration_ms = 3600000
   }
-}
-`, datasetID)
+}`, datasetID)
 }
 
 func testAccBigQueryDatasetWithTwoAccess(datasetID string) string {
@@ -285,8 +280,7 @@ resource "google_bigquery_dataset" "access_test" {
     env                         = "foo"
     default_table_expiration_ms = 3600000
   }
-}
-`, datasetID)
+}`, datasetID)
 }
 
 func testAccBigQueryDatasetWithViewAccess(datasetID, otherDatasetID, otherTableID string) string {
@@ -299,14 +293,14 @@ resource "google_bigquery_dataset" "other_dataset" {
 
 resource "google_bigquery_table" "table_with_view" {
   table_id   = "%s"
-  dataset_id = google_bigquery_dataset.other_dataset.dataset_id
+  dataset_id = "${google_bigquery_dataset.other_dataset.dataset_id}"
 
   time_partitioning {
     type = "DAY"
   }
 
   view {
-    query          = "SELECT state FROM [lookerdata:cdc.project_tycho_reports]"
+    query = "SELECT state FROM [lookerdata:cdc.project_tycho_reports]"
     use_legacy_sql = true
   }
 }
@@ -320,18 +314,17 @@ resource "google_bigquery_dataset" "access_test" {
   }
   access {
     view {
-      project_id = google_bigquery_dataset.other_dataset.project
-      dataset_id = google_bigquery_dataset.other_dataset.dataset_id
-      table_id   = google_bigquery_table.table_with_view.table_id
+      project_id = "${google_bigquery_dataset.other_dataset.project}"
+      dataset_id = "${google_bigquery_dataset.other_dataset.dataset_id}"
+      table_id   = "${google_bigquery_table.table_with_view.table_id}"
     }
   }
 
   labels = {
     env                         = "foo"
     default_table_expiration_ms = 3600000
   }
-}
-`, otherDatasetID, otherTableID, datasetID)
+}`, otherDatasetID, otherTableID, datasetID)
 }
 
 func testAccBigQueryDataset_cmek(pid, datasetID, kmsKey string) string {
@@ -341,7 +334,7 @@ data "google_project" "project" {
 }
 
 resource "google_project_iam_member" "kms-project-binding" {
-  project = data.google_project.project.project_id
+  project = "${data.google_project.project.project_id}"
   role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member  = "serviceAccount:bq-${data.google_project.project.number}@bigquery-encryption.iam.gserviceaccount.com"
 }
@@ -357,7 +350,7 @@ resource "google_bigquery_dataset" "test" {
     kms_key_name = "%s"
   }
 
-  project = google_project_iam_member.kms-project-binding.project
+  project = "${google_project_iam_member.kms-project-binding.project}"
 }
 `, pid, datasetID, kmsKey)
 }