2018-11-30 03:09:41 +00:00
|
|
|
package google
|
|
|
|
|
2019-04-02 17:59:05 +00:00
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
|
|
"github.com/hashicorp/terraform/terraform"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Since each test here is acting on the same organization and only one AccessPolicy
|
|
|
|
// can exist, they need to be ran serially. See AccessPolicy for the test runner.
|
|
|
|
|
|
|
|
func testAccAccessContextManagerAccessLevel_basicTest(t *testing.T) {
|
|
|
|
org := getTestOrgFromEnv(t)
|
|
|
|
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
CheckDestroy: testAccCheckAccessContextManagerAccessLevelDestroy,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
{
|
|
|
|
Config: testAccAccessContextManagerAccessLevel_basic(org, "my policy", "level"),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_access_context_manager_access_level.test-access",
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Config: testAccAccessContextManagerAccessLevel_basicUpdated(org, "my new policy", "level"),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_access_context_manager_access_level.test-access",
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccAccessContextManagerAccessLevel_fullTest(t *testing.T) {
|
|
|
|
org := getTestOrgFromEnv(t)
|
|
|
|
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
CheckDestroy: testAccCheckAccessContextManagerAccessLevelDestroy,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
{
|
|
|
|
Config: testAccAccessContextManagerAccessLevel_full(org, "my policy", "level"),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_access_context_manager_access_level.test-access",
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccCheckAccessContextManagerAccessLevelDestroy(s *terraform.State) error {
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
|
|
if rs.Type != "google_access_context_manager_access_level" {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
config := testAccProvider.Meta().(*Config)
|
|
|
|
|
|
|
|
url, err := replaceVarsForTest(rs, "https://accesscontextmanager.googleapis.com/v1beta/{{name}}")
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = sendRequest(config, "GET", url, nil)
|
|
|
|
if err == nil {
|
|
|
|
return fmt.Errorf("AccessLevel still exists at %s", url)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccAccessContextManagerAccessLevel_basic(org, policyTitle, levelTitleName string) string {
|
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_access_context_manager_access_policy" "test-access" {
|
|
|
|
parent = "organizations/%s"
|
|
|
|
title = "%s"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_access_context_manager_access_level" "test-access" {
|
|
|
|
parent = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}"
|
|
|
|
name = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/accessLevels/%s"
|
|
|
|
title = "%s"
|
|
|
|
description = "hello"
|
|
|
|
basic {
|
|
|
|
combining_function = "AND"
|
|
|
|
conditions {
|
|
|
|
ip_subnetworks = ["192.0.4.0/24"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`, org, policyTitle, levelTitleName, levelTitleName)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccAccessContextManagerAccessLevel_basicUpdated(org, policyTitle, levelTitleName string) string {
|
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_access_context_manager_access_policy" "test-access" {
|
|
|
|
parent = "organizations/%s"
|
|
|
|
title = "%s"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_access_context_manager_access_level" "test-access" {
|
|
|
|
parent = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}"
|
|
|
|
name = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/accessLevels/%s"
|
|
|
|
title = "%s"
|
|
|
|
description = "hello"
|
|
|
|
basic {
|
|
|
|
combining_function = "OR"
|
|
|
|
conditions {
|
|
|
|
ip_subnetworks = ["192.0.2.0/24"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`, org, policyTitle, levelTitleName, levelTitleName)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccAccessContextManagerAccessLevel_full(org, policyTitle, levelTitleName string) string {
|
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_access_context_manager_access_policy" "test-access" {
|
|
|
|
parent = "organizations/%s"
|
|
|
|
title = "%s"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_access_context_manager_access_level" "test-access" {
|
|
|
|
parent = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}"
|
|
|
|
name = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/accessLevels/%s"
|
|
|
|
title = "%s"
|
|
|
|
description = "hello"
|
|
|
|
basic {
|
|
|
|
combining_function = "AND"
|
|
|
|
conditions {
|
|
|
|
ip_subnetworks = ["192.0.4.0/24"]
|
|
|
|
members = ["user:test@google.com", "user:test2@google.com"]
|
|
|
|
negate = false
|
|
|
|
device_policy {
|
|
|
|
require_screen_lock = false
|
|
|
|
os_constraints {
|
|
|
|
os_type = "DESKTOP_CHROME_OS"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`, org, policyTitle, levelTitleName, levelTitleName)
|
|
|
|
}
|