2018-02-13 20:49:51 +00:00
|
|
|
package google
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
|
|
"google.golang.org/api/cloudresourcemanager/v1"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Test that an IAM binding can be applied to a folder
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccFolderIamMember_basic(t *testing.T) {
|
2018-02-13 20:49:51 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
org := getTestOrgFromEnv(t)
|
|
|
|
fname := "terraform-" + acctest.RandString(10)
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new folder
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderIamBasic(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccFolderExistingPolicy(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply an IAM binding
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderAssociateMemberBasic(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleFolderIamBindingExists("google_folder_iam_member.acceptance", &cloudresourcemanager.Binding{
|
|
|
|
Role: "roles/compute.instanceAdmin",
|
|
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
|
|
}, org, fname),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Test that multiple IAM bindings can be applied to a folder
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccFolderIamMember_multiple(t *testing.T) {
|
2018-02-13 20:49:51 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
org := getTestOrgFromEnv(t)
|
|
|
|
fname := "terraform-" + acctest.RandString(10)
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new folder
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderIamBasic(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccFolderExistingPolicy(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply an IAM binding
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderAssociateMemberBasic(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleFolderIamBindingExists("google_folder_iam_member.acceptance", &cloudresourcemanager.Binding{
|
|
|
|
Role: "roles/compute.instanceAdmin",
|
|
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
|
|
}, org, fname),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply another IAM binding
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderAssociateMemberMultiple(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleFolderIamBindingExists("google_folder_iam_member.multiple", &cloudresourcemanager.Binding{
|
|
|
|
Role: "roles/compute.instanceAdmin",
|
|
|
|
Members: []string{"user:admin@hashicorptest.com", "user:paddy@hashicorp.com"},
|
|
|
|
}, org, fname),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Test that an IAM binding can be removed from a folder
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccFolderIamMember_remove(t *testing.T) {
|
2018-02-13 20:49:51 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
org := getTestOrgFromEnv(t)
|
|
|
|
fname := "terraform-" + acctest.RandString(10)
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new folder
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderIamBasic(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccFolderExistingPolicy(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply multiple IAM bindings
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderAssociateMemberMultiple(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleFolderIamBindingExists("google_folder_iam_member.acceptance", &cloudresourcemanager.Binding{
|
|
|
|
Role: "roles/compute.instanceAdmin",
|
|
|
|
Members: []string{"user:admin@hashicorptest.com", "user:paddy@hashicorp.com"},
|
|
|
|
}, org, fname),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
// Remove the bindings
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccFolderIamBasic(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccFolderExistingPolicy(org, fname),
|
2018-02-13 20:49:51 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2018-02-23 23:14:24 +00:00
|
|
|
func testAccFolderAssociateMemberBasic(org, fname string) string {
|
2018-02-13 20:49:51 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_folder" "acceptance" {
|
|
|
|
parent = "organizations/%s"
|
|
|
|
display_name = "%s"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_folder_iam_member" "acceptance" {
|
|
|
|
folder = "${google_folder.acceptance.name}"
|
|
|
|
member = "user:admin@hashicorptest.com"
|
|
|
|
role = "roles/compute.instanceAdmin"
|
|
|
|
}
|
|
|
|
`, org, fname)
|
|
|
|
}
|
|
|
|
|
2018-02-23 23:14:24 +00:00
|
|
|
func testAccFolderAssociateMemberMultiple(org, fname string) string {
|
2018-02-13 20:49:51 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_folder" "acceptance" {
|
|
|
|
parent = "organizations/%s"
|
|
|
|
display_name = "%s"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_folder_iam_member" "acceptance" {
|
|
|
|
folder = "${google_folder.acceptance.name}"
|
|
|
|
member = "user:admin@hashicorptest.com"
|
|
|
|
role = "roles/compute.instanceAdmin"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_folder_iam_member" "multiple" {
|
|
|
|
folder = "${google_folder.acceptance.name}"
|
|
|
|
member = "user:paddy@hashicorp.com"
|
|
|
|
role = "roles/compute.instanceAdmin"
|
|
|
|
}
|
|
|
|
`, org, fname)
|
|
|
|
}
|