Autogenerate IAM resources for IAP Tunnel Instance (GoogleCloudPlatfo…

…rm#2988) Merged PR GoogleCloudPlatform#2988.
nathkn · May 18, 2020 · 2e9e376 · 2e9e376
1 parent 670040e
commit 2e9e376
Show file tree

Hide file tree

Showing 9 changed files with 40 additions and 554 deletions.
diff --git a/build/terraform b/build/terraform
diff --git a/build/terraform-beta b/build/terraform-beta
diff --git a/products/iap/api.yaml b/products/iap/api.yaml
@@ -121,3 +121,17 @@ objects:
         name: 'name'
         description: Name or self link of a backend service.
         required: true
+  # This resource is only used to generate IAM resources. They do not correspond to real
+  # GCP resources, and should not be used to generate anything other than IAM suppport.
+  - !ruby/object:Api::Resource
+    name: 'TunnelInstance'
+    base_url: 'projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}'
+    self_link: 'projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}'
+    exclude_resource: true
+    description: |
+      Only used to generate IAM resources
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        description: Name of the instance.
+        required: true
diff --git a/products/iap/terraform.yaml b/products/iap/terraform.yaml
@@ -129,6 +129,27 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           backend_service_name: "backend-service"
           http_health_check_name: "health-check"
         primary_resource_name: "fmt.Sprintf(\"backend-service%s\", context[\"random_suffix\"])"
+  TunnelInstance: !ruby/object:Overrides::Terraform::ResourceOverride
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      exclude: false
+      method_name_separator: ':'
+      parent_resource_type: 'google_compute_instance'
+      parent_resource_attribute: 'instance'
+      fetch_iam_policy_verb: :POST
+      allowed_iam_role: 'roles/iap.tunnelResourceAccessor'
+      iam_conditions_request_type: :REQUEST_BODY
+    id_format: "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}"
+    import_format: [
+      "projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}",
+      "projects/{{project}}/zones/{{zone}}/instances/{{name}}"
+    ]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "instance_basic"
+        primary_resource_id: "tunnelvm"
+        vars:
+          instance_name: "tf-test-tunnel"
+        primary_resource_name: "fmt.Sprintf(\"tf-test-tunnel%s\", context[\"random_suffix\"])"
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.

diff --git a/third_party/terraform/tests/resource_iap_tunnel_instance_iam_test.go.erb b/third_party/terraform/tests/resource_iap_tunnel_instance_iam_test.go.erb