From 1a93dffdb8026090077c8b7ede7f67c312d11094 Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Fri, 13 Nov 2020 18:25:58 +0000 Subject: [PATCH] Add healthcare consent store related resource and iam (#4185) * add healthcare consent store * change to iam_policy * fix url * add beta provider to all healthcare consent erb * passed iam test * update text and remove unused file Signed-off-by: Modular Magician --- .changelog/4185.txt | 12 ++ .../r/healthcare_consent_store.html.markdown | 195 ++++++++++++++++++ ...healthcare_consent_store_iam.html.markdown | 140 +++++++++++++ website/google.erb | 8 + 4 files changed, 355 insertions(+) create mode 100644 .changelog/4185.txt create mode 100644 website/docs/r/healthcare_consent_store.html.markdown create mode 100644 website/docs/r/healthcare_consent_store_iam.html.markdown diff --git a/.changelog/4185.txt b/.changelog/4185.txt new file mode 100644 index 00000000000..dc5625ea6b5 --- /dev/null +++ b/.changelog/4185.txt @@ -0,0 +1,12 @@ +```release-note:new-resource +google_healthcare_consent_store_iam_binding +``` +```release-note:new-resource +google_healthcare_consent_store_iam_member +``` +```release-note:new-resource +google_healthcare_consent_store_iam_policy +``` +```release-note:new-resource +google_healthcare_consent_store +``` diff --git a/website/docs/r/healthcare_consent_store.html.markdown b/website/docs/r/healthcare_consent_store.html.markdown new file mode 100644 index 00000000000..b8968558ba3 --- /dev/null +++ b/website/docs/r/healthcare_consent_store.html.markdown @@ -0,0 +1,195 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Cloud Healthcare" +layout: "google" +page_title: "Google: google_healthcare_consent_store" +sidebar_current: "docs-google-healthcare-consent-store" +description: |- + The Consent Management API is a tool for tracking user consents and the documentation associated with the consents. +--- + +# google\_healthcare\_consent\_store + +The Consent Management API is a tool for tracking user consents and the documentation associated with the consents. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +To get more information about ConsentStore, see: + +* [API documentation](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.consentStores) +* How-to Guides + * [Creating a Consent store](https://cloud.google.com/healthcare/docs/how-tos/consent) + +
+ + Open in Cloud Shell + +
+## Example Usage - Healthcare Consent Store Basic + + +```hcl +resource "google_healthcare_dataset" "dataset" { + provider = google-beta + + location = "us-central1" + name = "my-dataset" +} + +resource "google_healthcare_consent_store" "my-consent" { + provider = google-beta + + dataset = google_healthcare_dataset.dataset.id + name = "my-consent-store" +} +``` +
+ + Open in Cloud Shell + +
+## Example Usage - Healthcare Consent Store Full + + +```hcl + +resource "google_healthcare_dataset" "dataset" { + provider = google-beta + + location = "us-central1" + name = "my-dataset" +} + +resource "google_healthcare_consent_store" "my-consent" { + provider = google-beta + + dataset = google_healthcare_dataset.dataset.id + name = "my-consent-store" + + enable_consent_create_on_update = true + default_consent_ttl = "90000s" + + labels = { + "label1" = "labelvalue1" + } +} +``` +
+ + Open in Cloud Shell + +
+## Example Usage - Healthcare Consent Store Iam + + +```hcl +resource "google_healthcare_dataset" "dataset" { + provider = google-beta + + location = "us-central1" + name = "my-dataset" +} + +resource "google_healthcare_consent_store" "my-consent" { + provider = google-beta + + dataset = google_healthcare_dataset.dataset.id + name = "my-consent-store" +} + +resource "google_service_account" "test-account" { + provider = google-beta + + account_id = "my-account" + display_name = "Test Service Account" +} + +resource "google_healthcare_consent_store_iam_member" "test-iam" { + provider = google-beta + + dataset = google_healthcare_dataset.dataset.id + consent_store_id = google_healthcare_consent_store.my-consent.name + role = "roles/editor" + member = "serviceAccount:${google_service_account.test-account.email}" +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `name` - + (Required) + The name of this ConsentStore, for example: + "consent1" + +* `dataset` - + (Required) + Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}' + + +- - - + + +* `default_consent_ttl` - + (Optional) + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + +* `enable_consent_create_on_update` - + (Optional) + If true, [consents.patch] [google.cloud.healthcare.v1beta1.consent.UpdateConsent] creates the consent if it does not already exist. + +* `labels` - + (Optional) + User-supplied key-value pairs used to organize Consent stores. + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must + conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}` + Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 + bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` + No more than 64 labels can be associated with a given store. + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `{{dataset}}/consentStores/{{name}}` + + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 4 minutes. +- `update` - Default is 4 minutes. +- `delete` - Default is 4 minutes. + +## Import + + +ConsentStore can be imported using any of these accepted formats: + +``` +$ terraform import google_healthcare_consent_store.default {{dataset}}/consentStores/{{name}} +$ terraform import google_healthcare_consent_store.default {{dataset}}/{{name}} +$ terraform import google_healthcare_consent_store.default {{name}} +``` diff --git a/website/docs/r/healthcare_consent_store_iam.html.markdown b/website/docs/r/healthcare_consent_store_iam.html.markdown new file mode 100644 index 00000000000..f28d356e8cf --- /dev/null +++ b/website/docs/r/healthcare_consent_store_iam.html.markdown @@ -0,0 +1,140 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Cloud Healthcare" +layout: "google" +page_title: "Google: google_healthcare_consent_store_iam" +sidebar_current: "docs-google-healthcare-consent-store-iam" +description: |- + Collection of resources to manage IAM policy for Cloud Healthcare ConsentStore +--- + +# IAM policy for Cloud Healthcare ConsentStore +Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case: + +* `google_healthcare_consent_store_iam_policy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached. +* `google_healthcare_consent_store_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved. +* `google_healthcare_consent_store_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved. + +~> **Note:** `google_healthcare_consent_store_iam_policy` **cannot** be used in conjunction with `google_healthcare_consent_store_iam_binding` and `google_healthcare_consent_store_iam_member` or they will fight over what your policy should be. + +~> **Note:** `google_healthcare_consent_store_iam_binding` resources **can be** used in conjunction with `google_healthcare_consent_store_iam_member` resources **only if** they do not grant privilege to the same role. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + + +## google\_healthcare\_consent\_store\_iam\_policy + +```hcl +data "google_iam_policy" "admin" { + binding { + role = "roles/viewer" + members = [ + "user:jane@example.com", + ] + } +} + +resource "google_healthcare_consent_store_iam_policy" "policy" { + dataset = google_healthcare_consent_store.my-consent.dataset + consent_store_id = google_healthcare_consent_store.my-consent.name + policy_data = data.google_iam_policy.admin.policy_data +} +``` + +## google\_healthcare\_consent\_store\_iam\_binding + +```hcl +resource "google_healthcare_consent_store_iam_binding" "binding" { + dataset = google_healthcare_consent_store.my-consent.dataset + consent_store_id = google_healthcare_consent_store.my-consent.name + role = "roles/viewer" + members = [ + "user:jane@example.com", + ] +} +``` + +## google\_healthcare\_consent\_store\_iam\_member + +```hcl +resource "google_healthcare_consent_store_iam_member" "member" { + dataset = google_healthcare_consent_store.my-consent.dataset + consent_store_id = google_healthcare_consent_store.my-consent.name + role = "roles/viewer" + member = "user:jane@example.com" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `consent_store_id` - (Required) Used to find the parent resource to bind the IAM policy to +* `dataset` - (Required) Identifies the dataset addressed by this request. Must be in the format +'projects/{project}/locations/{location}/datasets/{dataset}' + Used to find the parent resource to bind the IAM policy to + +* `member/members` - (Required) Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + +* `role` - (Required) The role that should be applied. Only one + `google_healthcare_consent_store_iam_binding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + +* `policy_data` - (Required only by `google_healthcare_consent_store_iam_policy`) The policy data generated by + a `google_iam_policy` data source. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `etag` - (Computed) The etag of the IAM policy. + +## Import + +For all import syntaxes, the "resource in question" can take any of the following forms: + +* {{dataset}}/consentStores/{{name}} +* {{name}} + +Any variables not passed in the import command will be taken from the provider configuration. + +Cloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member. + +IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. +``` +$ terraform import google_healthcare_consent_store_iam_member.editor "{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com" +``` + +IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. +``` +$ terraform import google_healthcare_consent_store_iam_binding.editor "{{dataset}}/consentStores/{{consent_store}} roles/viewer" +``` + +IAM policy imports use the identifier of the resource in question, e.g. +``` +$ terraform import google_healthcare_consent_store_iam_policy.editor {{dataset}}/consentStores/{{consent_store}} +``` + +-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. diff --git a/website/google.erb b/website/google.erb index df505028f1f..fec0035956e 100644 --- a/website/google.erb +++ b/website/google.erb @@ -748,6 +748,14 @@ Resources