diff --git a/google/iam_binary_authorization_attestor.go b/google/iam_binary_authorization_attestor.go index 1f3192784d5..57bd7b0ff5e 100644 --- a/google/iam_binary_authorization_attestor.go +++ b/google/iam_binary_authorization_attestor.go @@ -51,6 +51,9 @@ func BinaryAuthorizationAttestorIamUpdaterProducer(d *schema.ResourceData, confi return nil, err } values["project"] = project + if v, ok := d.GetOk("attestor"); ok { + values["attestor"] = v.(string) + } // We may have gotten either a long or short name, so attempt to parse long name if possible m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/attestors/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("attestor").(string)) diff --git a/google/iam_cloud_functions_cloud_function.go b/google/iam_cloud_functions_cloud_function.go index df16af3c911..478356ad5d4 100644 --- a/google/iam_cloud_functions_cloud_function.go +++ b/google/iam_cloud_functions_cloud_function.go @@ -58,12 +58,14 @@ func CloudFunctionsCloudFunctionIamUpdaterProducer(d *schema.ResourceData, confi return nil, err } values["project"] = project - region, err := getRegion(d, config) if err != nil { return nil, err } values["region"] = region + if v, ok := d.GetOk("cloud_function"); ok { + values["cloud_function"] = v.(string) + } // We may have gotten either a long or short name, so attempt to parse long name if possible m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/locations/(?P[^/]+)/functions/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("cloud_function").(string)) @@ -100,7 +102,6 @@ func CloudFunctionsCloudFunctionIdParseFunc(d *schema.ResourceData, config *Conf return err } values["project"] = project - region, err := getRegion(d, config) if err != nil { return err diff --git a/google/iam_iap_app_engine_version.go b/google/iam_iap_app_engine_version.go new file mode 100644 index 00000000000..f542c95ad84 --- /dev/null +++ b/google/iam_iap_app_engine_version.go @@ -0,0 +1,198 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- +package google + +import ( + "fmt" + + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "google.golang.org/api/cloudresourcemanager/v1" +) + +var IapAppEngineVersionIamSchema = map[string]*schema.Schema{ + "project": { + Type: schema.TypeString, + Computed: true, + Optional: true, + ForceNew: true, + }, + "app_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "service": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "version_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + DiffSuppressFunc: compareSelfLinkOrResourceName, + }, +} + +type IapAppEngineVersionIamUpdater struct { + project string + appId string + service string + versionId string + d *schema.ResourceData + Config *Config +} + +func IapAppEngineVersionIamUpdaterProducer(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) { + values := make(map[string]string) + + project, err := getProject(d, config) + if err != nil { + return nil, err + } + values["project"] = project + if v, ok := d.GetOk("app_id"); ok { + values["appId"] = v.(string) + } + + if v, ok := d.GetOk("service"); ok { + values["service"] = v.(string) + } + + if v, ok := d.GetOk("version_id"); ok { + values["versionId"] = v.(string) + } + + // We may have gotten either a long or short name, so attempt to parse long name if possible + m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/iap_web/appengine-(?P[^/]+)/services/(?P[^/]+)/versions/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("version_id").(string)) + if err != nil { + return nil, err + } + + for k, v := range m { + values[k] = v + } + + u := &IapAppEngineVersionIamUpdater{ + project: values["project"], + appId: values["appId"], + service: values["service"], + versionId: values["versionId"], + d: d, + Config: config, + } + + d.Set("project", u.project) + d.Set("app_id", u.appId) + d.Set("service", u.service) + d.Set("version_id", u.GetResourceId()) + + d.SetId(u.GetResourceId()) + + return u, nil +} + +func IapAppEngineVersionIdParseFunc(d *schema.ResourceData, config *Config) error { + values := make(map[string]string) + + project, err := getProject(d, config) + if err != nil { + return err + } + values["project"] = project + + m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/iap_web/appengine-(?P[^/]+)/services/(?P[^/]+)/versions/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Id()) + if err != nil { + return err + } + + for k, v := range m { + values[k] = v + } + + u := &IapAppEngineVersionIamUpdater{ + project: values["project"], + appId: values["appId"], + service: values["service"], + versionId: values["versionId"], + d: d, + Config: config, + } + d.Set("version_id", u.GetResourceId()) + d.SetId(u.GetResourceId()) + return nil +} + +func (u *IapAppEngineVersionIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) { + url := u.qualifyAppEngineVersionUrl("getIamPolicy") + + project, err := getProject(u.d, u.Config) + if err != nil { + return nil, err + } + + policy, err := sendRequest(u.Config, "POST", project, url, nil) + if err != nil { + return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err) + } + + out := &cloudresourcemanager.Policy{} + err = Convert(policy, out) + if err != nil { + return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err) + } + + return out, nil +} + +func (u *IapAppEngineVersionIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error { + json, err := ConvertToMap(policy) + if err != nil { + return err + } + + obj := make(map[string]interface{}) + obj["policy"] = json + + url := u.qualifyAppEngineVersionUrl("setIamPolicy") + + project, err := getProject(u.d, u.Config) + if err != nil { + return err + } + + _, err = sendRequestWithTimeout(u.Config, "POST", project, url, obj, u.d.Timeout(schema.TimeoutCreate)) + if err != nil { + return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err) + } + + return nil +} + +func (u *IapAppEngineVersionIamUpdater) qualifyAppEngineVersionUrl(methodIdentifier string) string { + return fmt.Sprintf("https://iap.googleapis.com/v1/%s:%s", fmt.Sprintf("projects/%s/iap_web/appengine-%s/services/%s/versions/%s", u.project, u.appId, u.service, u.versionId), methodIdentifier) +} + +func (u *IapAppEngineVersionIamUpdater) GetResourceId() string { + return fmt.Sprintf("projects/%s/iap_web/appengine-%s/services/%s/versions/%s", u.project, u.appId, u.service, u.versionId) +} + +func (u *IapAppEngineVersionIamUpdater) GetMutexKey() string { + return fmt.Sprintf("iam-iap-appengineversion-%s", u.GetResourceId()) +} + +func (u *IapAppEngineVersionIamUpdater) DescribeResource() string { + return fmt.Sprintf("iap appengineversion %q", u.GetResourceId()) +} diff --git a/google/iam_iap_app_engine_version_generated_test.go b/google/iam_iap_app_engine_version_generated_test.go new file mode 100644 index 00000000000..426efd9c342 --- /dev/null +++ b/google/iam_iap_app_engine_version_generated_test.go @@ -0,0 +1,384 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" +) + +func TestAccIapAppEngineVersionIamBindingGenerated(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + "role": "roles/iap.httpsResourceAccessor", + "project_id": fmt.Sprintf("tf-test%s", acctest.RandString(10)), + "org_id": getTestOrgFromEnv(t), + "billing_account": getTestBillingAccountFromEnv(t), + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccIapAppEngineVersionIamBinding_basicGenerated(context), + }, + { + ResourceName: "google_iap_app_engine_version_iam_binding.foo", + ImportStateId: fmt.Sprintf("projects/%s/iap_web/appengine-%s/services/%s/versions/%s roles/iap.httpsResourceAccessor", context["project_id"], context["project_id"], "default", "v2"), + ImportState: true, + ImportStateVerify: true, + }, + { + // Test Iam Binding update + Config: testAccIapAppEngineVersionIamBinding_updateGenerated(context), + }, + { + ResourceName: "google_iap_app_engine_version_iam_binding.foo", + ImportStateId: fmt.Sprintf("projects/%s/iap_web/appengine-%s/services/%s/versions/%s roles/iap.httpsResourceAccessor", context["project_id"], context["project_id"], "default", "v2"), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccIapAppEngineVersionIamMemberGenerated(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + "role": "roles/iap.httpsResourceAccessor", + "project_id": fmt.Sprintf("tf-test%s", acctest.RandString(10)), + "org_id": getTestOrgFromEnv(t), + "billing_account": getTestBillingAccountFromEnv(t), + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + // Test Iam Member creation (no update for member, no need to test) + Config: testAccIapAppEngineVersionIamMember_basicGenerated(context), + }, + { + ResourceName: "google_iap_app_engine_version_iam_member.foo", + ImportStateId: fmt.Sprintf("projects/%s/iap_web/appengine-%s/services/%s/versions/%s roles/iap.httpsResourceAccessor user:admin@hashicorptest.com", context["project_id"], context["project_id"], "default", "v2"), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccIapAppEngineVersionIamPolicyGenerated(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + "role": "roles/iap.httpsResourceAccessor", + "project_id": fmt.Sprintf("tf-test%s", acctest.RandString(10)), + "org_id": getTestOrgFromEnv(t), + "billing_account": getTestBillingAccountFromEnv(t), + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccIapAppEngineVersionIamPolicy_basicGenerated(context), + }, + { + ResourceName: "google_iap_app_engine_version_iam_policy.foo", + ImportStateId: fmt.Sprintf("projects/%s/iap_web/appengine-%s/services/%s/versions/%s", context["project_id"], context["project_id"], "default", "v2"), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccIapAppEngineVersionIamMember_basicGenerated(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "my_project" { + name = "%{project_id}" + project_id = "%{project_id}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "project_service" { + project = "${google_project.my_project.project_id}" + service = "iap.googleapis.com" +} + +resource "google_project_service" "cloudbuild_service" { + project = "${google_project_service.project_service.project}" + service = "cloudbuild.googleapis.com" +} + +resource "google_app_engine_application" "app" { + project = "${google_project_service.cloudbuild_service.project}" + location_id = "us-central" +} + +resource "google_storage_bucket" "bucket" { + project = "${google_project.my_project.project_id}" + name = "appengine-static-content-%{random_suffix}" +} + +resource "google_storage_bucket_object" "object" { + name = "hello-world.zip" + bucket = "${google_storage_bucket.bucket.name}" + source = "./test-fixtures/appengine/hello-world.zip" +} + +resource "google_app_engine_standard_app_version" "version" { + project = "${google_app_engine_application.app.project}" + version_id = "v2" + service = "default" + runtime = "nodejs10" + noop_on_destroy = true + entrypoint { + shell = "node ./app.js" + } + deployment { + zip { + source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" + } + } + env_variables = { + port = "8080" + } +} + +resource "google_iap_app_engine_version_iam_member" "foo" { + project = "${google_app_engine_standard_app_version.version.project}" + app_id = "${google_app_engine_standard_app_version.version.project}" + service = "${google_app_engine_standard_app_version.version.service}" + version_id = "${google_app_engine_standard_app_version.version.version_id}" + role = "%{role}" + member = "user:admin@hashicorptest.com" +} +`, context) +} + +func testAccIapAppEngineVersionIamPolicy_basicGenerated(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "my_project" { + name = "%{project_id}" + project_id = "%{project_id}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "project_service" { + project = "${google_project.my_project.project_id}" + service = "iap.googleapis.com" +} + +resource "google_project_service" "cloudbuild_service" { + project = "${google_project_service.project_service.project}" + service = "cloudbuild.googleapis.com" +} + +resource "google_app_engine_application" "app" { + project = "${google_project_service.cloudbuild_service.project}" + location_id = "us-central" +} + +resource "google_storage_bucket" "bucket" { + project = "${google_project.my_project.project_id}" + name = "appengine-static-content-%{random_suffix}" +} + +resource "google_storage_bucket_object" "object" { + name = "hello-world.zip" + bucket = "${google_storage_bucket.bucket.name}" + source = "./test-fixtures/appengine/hello-world.zip" +} + +resource "google_app_engine_standard_app_version" "version" { + project = "${google_app_engine_application.app.project}" + version_id = "v2" + service = "default" + runtime = "nodejs10" + noop_on_destroy = true + entrypoint { + shell = "node ./app.js" + } + deployment { + zip { + source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" + } + } + env_variables = { + port = "8080" + } +} + +data "google_iam_policy" "foo" { + binding { + role = "%{role}" + members = ["user:admin@hashicorptest.com"] + } +} + +resource "google_iap_app_engine_version_iam_policy" "foo" { + project = "${google_app_engine_standard_app_version.version.project}" + app_id = "${google_app_engine_standard_app_version.version.project}" + service = "${google_app_engine_standard_app_version.version.service}" + version_id = "${google_app_engine_standard_app_version.version.version_id}" + policy_data = "${data.google_iam_policy.foo.policy_data}" +} +`, context) +} + +func testAccIapAppEngineVersionIamBinding_basicGenerated(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "my_project" { + name = "%{project_id}" + project_id = "%{project_id}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "project_service" { + project = "${google_project.my_project.project_id}" + service = "iap.googleapis.com" +} + +resource "google_project_service" "cloudbuild_service" { + project = "${google_project_service.project_service.project}" + service = "cloudbuild.googleapis.com" +} + +resource "google_app_engine_application" "app" { + project = "${google_project_service.cloudbuild_service.project}" + location_id = "us-central" +} + +resource "google_storage_bucket" "bucket" { + project = "${google_project.my_project.project_id}" + name = "appengine-static-content-%{random_suffix}" +} + +resource "google_storage_bucket_object" "object" { + name = "hello-world.zip" + bucket = "${google_storage_bucket.bucket.name}" + source = "./test-fixtures/appengine/hello-world.zip" +} + +resource "google_app_engine_standard_app_version" "version" { + project = "${google_app_engine_application.app.project}" + version_id = "v2" + service = "default" + runtime = "nodejs10" + noop_on_destroy = true + entrypoint { + shell = "node ./app.js" + } + deployment { + zip { + source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" + } + } + env_variables = { + port = "8080" + } +} + +resource "google_iap_app_engine_version_iam_binding" "foo" { + project = "${google_app_engine_standard_app_version.version.project}" + app_id = "${google_app_engine_standard_app_version.version.project}" + service = "${google_app_engine_standard_app_version.version.service}" + version_id = "${google_app_engine_standard_app_version.version.version_id}" + role = "%{role}" + members = ["user:admin@hashicorptest.com"] +} +`, context) +} + +func testAccIapAppEngineVersionIamBinding_updateGenerated(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "my_project" { + name = "%{project_id}" + project_id = "%{project_id}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "project_service" { + project = "${google_project.my_project.project_id}" + service = "iap.googleapis.com" +} + +resource "google_project_service" "cloudbuild_service" { + project = "${google_project_service.project_service.project}" + service = "cloudbuild.googleapis.com" +} + +resource "google_app_engine_application" "app" { + project = "${google_project_service.cloudbuild_service.project}" + location_id = "us-central" +} + +resource "google_storage_bucket" "bucket" { + project = "${google_project.my_project.project_id}" + name = "appengine-static-content-%{random_suffix}" +} + +resource "google_storage_bucket_object" "object" { + name = "hello-world.zip" + bucket = "${google_storage_bucket.bucket.name}" + source = "./test-fixtures/appengine/hello-world.zip" +} + +resource "google_app_engine_standard_app_version" "version" { + project = "${google_app_engine_application.app.project}" + version_id = "v2" + service = "default" + runtime = "nodejs10" + noop_on_destroy = true + entrypoint { + shell = "node ./app.js" + } + deployment { + zip { + source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" + } + } + env_variables = { + port = "8080" + } +} + +resource "google_iap_app_engine_version_iam_binding" "foo" { + project = "${google_app_engine_standard_app_version.version.project}" + app_id = "${google_app_engine_standard_app_version.version.project}" + service = "${google_app_engine_standard_app_version.version.service}" + version_id = "${google_app_engine_standard_app_version.version.version_id}" + role = "%{role}" + members = ["user:admin@hashicorptest.com", "user:paddy@hashicorp.com"] +} +`, context) +} diff --git a/google/iam_iap_web_backend_service.go b/google/iam_iap_web_backend_service.go index 521caab095e..7199337c915 100644 --- a/google/iam_iap_web_backend_service.go +++ b/google/iam_iap_web_backend_service.go @@ -51,6 +51,9 @@ func IapWebBackendServiceIamUpdaterProducer(d *schema.ResourceData, config *Conf return nil, err } values["project"] = project + if v, ok := d.GetOk("web_backend_service"); ok { + values["web_backend_service"] = v.(string) + } // We may have gotten either a long or short name, so attempt to parse long name if possible m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/iap_web/compute/services/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("web_backend_service").(string)) diff --git a/google/iam_iap_web_type_app_engine.go b/google/iam_iap_web_type_app_engine.go index a981676db7f..648c819fd7a 100644 --- a/google/iam_iap_web_type_app_engine.go +++ b/google/iam_iap_web_type_app_engine.go @@ -65,6 +65,9 @@ func IapWebTypeAppEngineIamUpdaterProducer(d *schema.ResourceData, config *Confi return nil, err } values["project"] = project + if v, ok := d.GetOk("app_id"); ok { + values["appId"] = v.(string) + } // We may have gotten either a long or short name, so attempt to parse long name if possible m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/iap_web/appengine-(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("app_id").(string)) diff --git a/google/iam_pubsub_topic.go b/google/iam_pubsub_topic.go index 9ba89293a4c..81a4328f767 100644 --- a/google/iam_pubsub_topic.go +++ b/google/iam_pubsub_topic.go @@ -51,6 +51,9 @@ func PubsubTopicIamUpdaterProducer(d *schema.ResourceData, config *Config) (Reso return nil, err } values["project"] = project + if v, ok := d.GetOk("topic"); ok { + values["topic"] = v.(string) + } // We may have gotten either a long or short name, so attempt to parse long name if possible m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/topics/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("topic").(string)) diff --git a/google/iam_runtime_config_config.go b/google/iam_runtime_config_config.go index 3502b3130b5..ff39e683f54 100644 --- a/google/iam_runtime_config_config.go +++ b/google/iam_runtime_config_config.go @@ -51,6 +51,9 @@ func RuntimeConfigConfigIamUpdaterProducer(d *schema.ResourceData, config *Confi return nil, err } values["project"] = project + if v, ok := d.GetOk("config"); ok { + values["config"] = v.(string) + } // We may have gotten either a long or short name, so attempt to parse long name if possible m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/configs/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("config").(string)) diff --git a/google/iam_source_repo_repository.go b/google/iam_source_repo_repository.go index 03b8e5e8126..d6d0dc4cfe0 100644 --- a/google/iam_source_repo_repository.go +++ b/google/iam_source_repo_repository.go @@ -51,6 +51,9 @@ func SourceRepoRepositoryIamUpdaterProducer(d *schema.ResourceData, config *Conf return nil, err } values["project"] = project + if v, ok := d.GetOk("repository"); ok { + values["repository"] = v.(string) + } // We may have gotten either a long or short name, so attempt to parse long name if possible m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/repos/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("repository").(string)) diff --git a/google/provider.go b/google/provider.go index 7a9ee41c342..799cd693740 100644 --- a/google/provider.go +++ b/google/provider.go @@ -438,8 +438,8 @@ func Provider() terraform.ResourceProvider { } // Generated resources: 80 -// Generated IAM resources: 27 -// Total generated resources: 107 +// Generated IAM resources: 30 +// Total generated resources: 110 func ResourceMap() map[string]*schema.Resource { resourceMap, _ := ResourceMapWithErrors() return resourceMap @@ -522,6 +522,9 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) { "google_iap_web_type_app_engine_iam_binding": ResourceIamBinding(IapWebTypeAppEngineIamSchema, IapWebTypeAppEngineIamUpdaterProducer, IapWebTypeAppEngineIdParseFunc), "google_iap_web_type_app_engine_iam_member": ResourceIamMember(IapWebTypeAppEngineIamSchema, IapWebTypeAppEngineIamUpdaterProducer, IapWebTypeAppEngineIdParseFunc), "google_iap_web_type_app_engine_iam_policy": ResourceIamPolicy(IapWebTypeAppEngineIamSchema, IapWebTypeAppEngineIamUpdaterProducer, IapWebTypeAppEngineIdParseFunc), + "google_iap_app_engine_version_iam_binding": ResourceIamBinding(IapAppEngineVersionIamSchema, IapAppEngineVersionIamUpdaterProducer, IapAppEngineVersionIdParseFunc), + "google_iap_app_engine_version_iam_member": ResourceIamMember(IapAppEngineVersionIamSchema, IapAppEngineVersionIamUpdaterProducer, IapAppEngineVersionIdParseFunc), + "google_iap_app_engine_version_iam_policy": ResourceIamPolicy(IapAppEngineVersionIamSchema, IapAppEngineVersionIamUpdaterProducer, IapAppEngineVersionIdParseFunc), "google_iap_web_backend_service_iam_binding": ResourceIamBinding(IapWebBackendServiceIamSchema, IapWebBackendServiceIamUpdaterProducer, IapWebBackendServiceIdParseFunc), "google_iap_web_backend_service_iam_member": ResourceIamMember(IapWebBackendServiceIamSchema, IapWebBackendServiceIamUpdaterProducer, IapWebBackendServiceIdParseFunc), "google_iap_web_backend_service_iam_policy": ResourceIamPolicy(IapWebBackendServiceIamSchema, IapWebBackendServiceIamUpdaterProducer, IapWebBackendServiceIdParseFunc), diff --git a/website/docs/r/iap_app_engine_version_iam.html.markdown b/website/docs/r/iap_app_engine_version_iam.html.markdown new file mode 100644 index 00000000000..3505acab2df --- /dev/null +++ b/website/docs/r/iap_app_engine_version_iam.html.markdown @@ -0,0 +1,135 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +layout: "google" +page_title: "Google: google_iap_app_engine_version_iam" +sidebar_current: "docs-google-iap-app-engine-version-iam" +description: |- + Collection of resources to manage IAM policy for IapAppEngineVersion +--- + +# IAM policy for IapAppEngineVersion +Three different resources help you manage your IAM policy for Iap AppEngineVersion. Each of these resources serves a different use case: + +* `google_iap_app_engine_version_iam_policy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached. +* `google_iap_app_engine_version_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved. +* `google_iap_app_engine_version_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved. + +~> **Note:** `google_iap_app_engine_version_iam_policy` **cannot** be used in conjunction with `google_iap_app_engine_version_iam_binding` and `google_iap_app_engine_version_iam_member` or they will fight over what your policy should be. + +~> **Note:** `google_iap_app_engine_version_iam_binding` resources **can be** used in conjunction with `google_iap_app_engine_version_iam_member` resources **only if** they do not grant privilege to the same role. + + + +## google\_iap\_app\_engine\_version\_iam\_policy + +```hcl +data "google_iam_policy" "admin" { + binding { + role = "roles/iap.httpsResourceAccessor" + members = [ + "user:jane@example.com", + ] + } +} + +resource "google_iap_app_engine_version_iam_policy" "editor" { + project = "${google_app_engine_standard_app_version.version.project}" + app_id = "${google_app_engine_standard_app_version.version.project}" + service = "${google_app_engine_standard_app_version.version.service}" + version_id = "${google_app_engine_standard_app_version.version.version_id}" + policy_data = "${data.google_iam_policy.admin.policy_data}" +} +``` + +## google\_iap\_app\_engine\_version\_iam\_binding + +```hcl +resource "google_iap_app_engine_version_iam_binding" "editor" { + project = "${google_app_engine_standard_app_version.version.project}" + app_id = "${google_app_engine_standard_app_version.version.project}" + service = "${google_app_engine_standard_app_version.version.service}" + version_id = "${google_app_engine_standard_app_version.version.version_id}" + role = "roles/iap.httpsResourceAccessor" + members = [ + "user:jane@example.com", + ] +} +``` + +## google\_iap\_app\_engine\_version\_iam\_member + +```hcl +resource "google_iap_app_engine_version_iam_member" "editor" { + project = "${google_app_engine_standard_app_version.version.project}" + app_id = "${google_app_engine_standard_app_version.version.project}" + service = "${google_app_engine_standard_app_version.version.service}" + version_id = "${google_app_engine_standard_app_version.version.version_id}" + role = "roles/iap.httpsResourceAccessor" + member = "user:jane@example.com" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `app_id` - (Required) Id of the App Engine application. Used to find the parent resource to bind the IAM policy to +* `service` - (Required) Service id of the App Engine application Used to find the parent resource to bind the IAM policy to +* `version_id` - (Required) Version id of the App Engine application Used to find the parent resource to bind the IAM policy to + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + +* `member/members` - (Required) Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + +* `role` - (Required) The role that should be applied. Only one + `google_iap_app_engine_version_iam_binding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + +* `policy_data` - (Required only by `google_iap_app_engine_version_iam_policy`) The policy data generated by + a `google_iam_policy` data source. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `etag` - (Computed) The etag of the IAM policy. + +## Import + +Iap appengineversion IAM resources can be imported using the project, resource identifiers, role and member. + +``` +$ terraform import google_iap_app_engine_version_iam_policy.editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} + +$ terraform import google_iap_app_engine_version_iam_binding.editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor" + +$ terraform import google_iap_app_engine_version_iam_member.editor "projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor jane@example.com" +``` + +-> If you're importing a resource with beta features, make sure to include `-provider=google-beta` +as an argument so that Terraform uses the correct provider to import your resource. + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/provider_reference.html#user_project_override). diff --git a/website/google.erb b/website/google.erb index 17f1041dd8f..ea20ffb5d07 100644 --- a/website/google.erb +++ b/website/google.erb @@ -829,6 +829,15 @@ > Google IAP Resources