From 5d5409b744185222d77b8c27bc03cca0d5a2e26b Mon Sep 17 00:00:00 2001 From: Nathan McKinley Date: Tue, 14 Aug 2018 11:58:31 -0700 Subject: [PATCH 1/2] Working IAM policy import. --- google/resource_google_project_iam_policy.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/google/resource_google_project_iam_policy.go b/google/resource_google_project_iam_policy.go index 1107cc53900..5e7700c4d71 100644 --- a/google/resource_google_project_iam_policy.go +++ b/google/resource_google_project_iam_policy.go @@ -18,7 +18,7 @@ func resourceGoogleProjectIamPolicy() *schema.Resource { Update: resourceGoogleProjectIamPolicyUpdate, Delete: resourceGoogleProjectIamPolicyDelete, Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, + State: resourceGoogleProjectIamPolicyImport, }, Schema: map[string]*schema.Schema{ @@ -264,6 +264,11 @@ func resourceGoogleProjectIamPolicyDelete(d *schema.ResourceData, meta interface return nil } +func resourceGoogleProjectIamPolicyImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + d.Set("project", d.Id()) + return []*schema.ResourceData{d}, nil +} + // Subtract all bindings in policy b from policy a, and return the result func subtractIamPolicy(a, b *cloudresourcemanager.Policy) *cloudresourcemanager.Policy { am := rolesToMembersMap(a.Bindings) From 6e73f41fee82b90ec8ce15ed4de9240d9d47be0c Mon Sep 17 00:00:00 2001 From: Nathan McKinley Date: Tue, 14 Aug 2018 13:24:39 -0700 Subject: [PATCH 2/2] Project IAM test. --- google/resource_google_project_iam_policy_test.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/google/resource_google_project_iam_policy_test.go b/google/resource_google_project_iam_policy_test.go index 40b28099f8d..a09460eda0a 100644 --- a/google/resource_google_project_iam_policy_test.go +++ b/google/resource_google_project_iam_policy_test.go @@ -245,6 +245,14 @@ func TestAccProjectIamPolicy_basic(t *testing.T) { testAccCheckGoogleProjectIamPolicyIsMerged("google_project_iam_policy.acceptance", "data.google_iam_policy.admin", pid), ), }, + resource.TestStep{ + ResourceName: "google_project_iam_policy.acceptance", + ImportState: true, + // Skipping the normal "ImportStateVerify" - Unfortunately, it's not + // really possible to make the imported policy match exactly, since + // the policy depends on the service account being used to create the + // project. + }, // Finally, remove the custom IAM policy from config and apply, then // confirm that the project is in its original state. resource.TestStep{