2017-07-04 02:01:08 +00:00
|
|
|
package google
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
|
|
)
|
|
|
|
|
2018-04-12 22:45:28 +00:00
|
|
|
func projectIamBindingImportStep(resourceName, pid, role string) resource.TestStep {
|
|
|
|
return resource.TestStep{
|
|
|
|
ResourceName: resourceName,
|
|
|
|
ImportStateId: fmt.Sprintf("%s %s", pid, role),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
// Test that an IAM binding can be applied to a project
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccProjectIamBinding_basic(t *testing.T) {
|
2017-10-12 22:07:29 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2017-11-20 23:45:51 +00:00
|
|
|
org := getTestOrgFromEnv(t)
|
2017-07-04 02:01:08 +00:00
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
2018-04-12 22:45:28 +00:00
|
|
|
role := "roles/compute.instanceAdmin"
|
2017-07-04 02:01:08 +00:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new project
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccProject_create(pid, pname, org),
|
2017-07-04 02:01:08 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccProjectExistingPolicy(pid),
|
2017-07-04 02:01:08 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply an IAM binding
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingBasic(pid, pname, org, role),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
2018-04-12 22:45:28 +00:00
|
|
|
projectIamBindingImportStep("google_project_iam_binding.acceptance", pid, role),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2017-07-27 21:06:15 +00:00
|
|
|
// Test that multiple IAM bindings can be applied to a project, one at a time
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccProjectIamBinding_multiple(t *testing.T) {
|
2017-10-12 22:07:29 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2017-11-20 23:45:51 +00:00
|
|
|
org := getTestOrgFromEnv(t)
|
2017-07-04 02:01:08 +00:00
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
2018-04-12 22:45:28 +00:00
|
|
|
role := "roles/compute.instanceAdmin"
|
|
|
|
role2 := "roles/viewer"
|
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new project
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccProject_create(pid, pname, org),
|
2017-07-04 02:01:08 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccProjectExistingPolicy(pid),
|
2017-07-04 02:01:08 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply an IAM binding
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingBasic(pid, pname, org, role),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
|
|
|
// Apply another IAM binding
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingMultiple(pid, pname, org, role, role2),
|
2017-07-27 21:06:15 +00:00
|
|
|
},
|
2018-04-12 22:45:28 +00:00
|
|
|
projectIamBindingImportStep("google_project_iam_binding.acceptance", pid, role),
|
|
|
|
projectIamBindingImportStep("google_project_iam_binding.multiple", pid, role2),
|
2017-07-27 21:06:15 +00:00
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Test that multiple IAM bindings can be applied to a project all at once
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccProjectIamBinding_multipleAtOnce(t *testing.T) {
|
2017-10-12 22:07:29 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2017-11-20 23:45:51 +00:00
|
|
|
org := getTestOrgFromEnv(t)
|
2017-07-27 21:06:15 +00:00
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
2018-04-12 22:45:28 +00:00
|
|
|
role := "roles/compute.instanceAdmin"
|
|
|
|
role2 := "roles/viewer"
|
|
|
|
|
2017-07-27 21:06:15 +00:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new project
|
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccProject_create(pid, pname, org),
|
2017-07-27 21:06:15 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccProjectExistingPolicy(pid),
|
2017-07-27 21:06:15 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply an IAM binding
|
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingMultiple(pid, pname, org, role, role2),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
2018-04-12 22:45:28 +00:00
|
|
|
projectIamBindingImportStep("google_project_iam_binding.acceptance", pid, role),
|
|
|
|
projectIamBindingImportStep("google_project_iam_binding.multiple", pid, role2),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Test that an IAM binding can be updated once applied to a project
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccProjectIamBinding_update(t *testing.T) {
|
2017-10-12 22:07:29 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2017-11-20 23:45:51 +00:00
|
|
|
org := getTestOrgFromEnv(t)
|
2017-07-04 02:01:08 +00:00
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
2018-04-12 22:45:28 +00:00
|
|
|
role := "roles/compute.instanceAdmin"
|
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new project
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccProject_create(pid, pname, org),
|
2017-07-04 02:01:08 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccProjectExistingPolicy(pid),
|
2017-07-04 02:01:08 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply an IAM binding
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingBasic(pid, pname, org, role),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
2018-04-12 22:45:28 +00:00
|
|
|
projectIamBindingImportStep("google_project_iam_binding.acceptance", pid, role),
|
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
// Apply an updated IAM binding
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingUpdated(pid, pname, org, role),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
2018-04-12 22:45:28 +00:00
|
|
|
projectIamBindingImportStep("google_project_iam_binding.acceptance", pid, role),
|
|
|
|
|
2017-07-27 20:50:06 +00:00
|
|
|
// Drop the original member
|
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingDropMemberFromBasic(pid, pname, org, role),
|
2017-07-27 20:50:06 +00:00
|
|
|
},
|
2018-04-12 22:45:28 +00:00
|
|
|
projectIamBindingImportStep("google_project_iam_binding.acceptance", pid, role),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Test that an IAM binding can be removed from a project
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccProjectIamBinding_remove(t *testing.T) {
|
2017-10-12 22:07:29 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2017-11-20 23:45:51 +00:00
|
|
|
org := getTestOrgFromEnv(t)
|
2017-07-04 02:01:08 +00:00
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
2018-04-12 22:45:28 +00:00
|
|
|
role := "roles/compute.instanceAdmin"
|
|
|
|
role2 := "roles/viewer"
|
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// Create a new project
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccProject_create(pid, pname, org),
|
2017-07-04 02:01:08 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccProjectExistingPolicy(pid),
|
2017-07-04 02:01:08 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
// Apply multiple IAM bindings
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-04-12 22:45:28 +00:00
|
|
|
Config: testAccProjectAssociateBindingMultiple(pid, pname, org, role, role2),
|
2017-07-04 02:01:08 +00:00
|
|
|
},
|
2018-04-12 22:45:28 +00:00
|
|
|
projectIamBindingImportStep("google_project_iam_binding.acceptance", pid, role),
|
|
|
|
projectIamBindingImportStep("google_project_iam_binding.multiple", pid, role2),
|
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
// Remove the bindings
|
2017-07-27 20:39:23 +00:00
|
|
|
{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccProject_create(pid, pname, org),
|
2017-07-04 02:01:08 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2018-02-23 23:14:24 +00:00
|
|
|
testAccProjectExistingPolicy(pid),
|
2017-07-04 02:01:08 +00:00
|
|
|
),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2018-04-12 22:45:28 +00:00
|
|
|
func testAccProjectAssociateBindingBasic(pid, name, org, role string) string {
|
2017-07-04 02:01:08 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_project" "acceptance" {
|
2017-07-25 18:56:27 +00:00
|
|
|
project_id = "%s"
|
|
|
|
name = "%s"
|
|
|
|
org_id = "%s"
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2017-07-25 18:56:27 +00:00
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
resource "google_project_iam_binding" "acceptance" {
|
2017-07-25 19:00:03 +00:00
|
|
|
project = "${google_project.acceptance.project_id}"
|
2017-07-25 18:56:27 +00:00
|
|
|
members = ["user:admin@hashicorptest.com"]
|
2018-04-12 22:45:28 +00:00
|
|
|
role = "%s"
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2018-04-12 22:45:28 +00:00
|
|
|
`, pid, name, org, role)
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
|
|
|
|
2018-04-12 22:45:28 +00:00
|
|
|
func testAccProjectAssociateBindingMultiple(pid, name, org, role, role2 string) string {
|
2017-07-04 02:01:08 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_project" "acceptance" {
|
2017-07-25 18:56:27 +00:00
|
|
|
project_id = "%s"
|
|
|
|
name = "%s"
|
|
|
|
org_id = "%s"
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2017-07-25 18:56:27 +00:00
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
resource "google_project_iam_binding" "acceptance" {
|
2017-07-25 19:00:03 +00:00
|
|
|
project = "${google_project.acceptance.project_id}"
|
2017-07-25 18:56:27 +00:00
|
|
|
members = ["user:admin@hashicorptest.com"]
|
2018-04-12 22:45:28 +00:00
|
|
|
role = "%s"
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2017-07-25 18:56:27 +00:00
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
resource "google_project_iam_binding" "multiple" {
|
2017-07-25 19:00:03 +00:00
|
|
|
project = "${google_project.acceptance.project_id}"
|
2017-07-25 18:56:27 +00:00
|
|
|
members = ["user:paddy@hashicorp.com"]
|
2018-04-12 22:45:28 +00:00
|
|
|
role = "%s"
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2018-04-12 22:45:28 +00:00
|
|
|
`, pid, name, org, role, role2)
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
|
|
|
|
2018-04-12 22:45:28 +00:00
|
|
|
func testAccProjectAssociateBindingUpdated(pid, name, org, role string) string {
|
2017-07-04 02:01:08 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_project" "acceptance" {
|
2017-07-25 18:56:27 +00:00
|
|
|
project_id = "%s"
|
|
|
|
name = "%s"
|
|
|
|
org_id = "%s"
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2017-07-25 18:56:27 +00:00
|
|
|
|
2017-07-04 02:01:08 +00:00
|
|
|
resource "google_project_iam_binding" "acceptance" {
|
2017-07-25 19:00:03 +00:00
|
|
|
project = "${google_project.acceptance.project_id}"
|
2017-07-25 18:56:27 +00:00
|
|
|
members = ["user:admin@hashicorptest.com", "user:paddy@hashicorp.com"]
|
2018-04-12 22:45:28 +00:00
|
|
|
role = "%s"
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2018-04-12 22:45:28 +00:00
|
|
|
`, pid, name, org, role)
|
2017-07-04 02:01:08 +00:00
|
|
|
}
|
2017-07-27 20:50:06 +00:00
|
|
|
|
2018-04-12 22:45:28 +00:00
|
|
|
func testAccProjectAssociateBindingDropMemberFromBasic(pid, name, org, role string) string {
|
2017-07-27 20:50:06 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_project" "acceptance" {
|
|
|
|
project_id = "%s"
|
|
|
|
name = "%s"
|
|
|
|
org_id = "%s"
|
|
|
|
}
|
|
|
|
|
2018-04-12 22:45:28 +00:00
|
|
|
resource "google_project_iam_binding" "acceptance" {
|
2017-07-27 20:50:06 +00:00
|
|
|
project = "${google_project.acceptance.project_id}"
|
|
|
|
members = ["user:paddy@hashicorp.com"]
|
2018-04-12 22:45:28 +00:00
|
|
|
role = "%s"
|
2017-07-27 20:50:06 +00:00
|
|
|
}
|
2018-04-12 22:45:28 +00:00
|
|
|
`, pid, name, org, role)
|
2017-07-27 20:50:06 +00:00
|
|
|
}
|