mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-03 01:01:06 +00:00
147 lines
4.6 KiB
Go
147 lines
4.6 KiB
Go
|
package google
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/hashicorp/terraform/helper/acctest"
|
||
|
"github.com/hashicorp/terraform/helper/resource"
|
||
|
"google.golang.org/api/cloudresourcemanager/v1"
|
||
|
)
|
||
|
|
||
|
// Test that an IAM binding can be applied to a project
|
||
|
func TestAccGoogleProjectIamMember_basic(t *testing.T) {
|
||
|
pid := "terraform-" + acctest.RandString(10)
|
||
|
resource.Test(t, resource.TestCase{
|
||
|
PreCheck: func() { testAccPreCheck(t) },
|
||
|
Providers: testAccProviders,
|
||
|
Steps: []resource.TestStep{
|
||
|
// Create a new project
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProject_create(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccGoogleProjectExistingPolicy(pid),
|
||
|
),
|
||
|
},
|
||
|
// Apply an IAM binding
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProjectAssociateMemberBasic(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_member.acceptance", &cloudresourcemanager.Binding{
|
||
|
Role: "roles/compute.instanceAdmin",
|
||
|
Members: []string{"user:admin@hashicorptest.com"},
|
||
|
}, pid),
|
||
|
),
|
||
|
},
|
||
|
},
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// Test that multiple IAM bindings can be applied to a project
|
||
|
func TestAccGoogleProjectIamMember_multiple(t *testing.T) {
|
||
|
pid := "terraform-" + acctest.RandString(10)
|
||
|
resource.Test(t, resource.TestCase{
|
||
|
PreCheck: func() { testAccPreCheck(t) },
|
||
|
Providers: testAccProviders,
|
||
|
Steps: []resource.TestStep{
|
||
|
// Create a new project
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProject_create(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccGoogleProjectExistingPolicy(pid),
|
||
|
),
|
||
|
},
|
||
|
// Apply an IAM binding
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProjectAssociateMemberBasic(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_member.acceptance", &cloudresourcemanager.Binding{
|
||
|
Role: "roles/compute.instanceAdmin",
|
||
|
Members: []string{"user:admin@hashicorptest.com"},
|
||
|
}, pid),
|
||
|
),
|
||
|
},
|
||
|
// Apply another IAM binding
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProjectAssociateMemberMultiple(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_member.multiple", &cloudresourcemanager.Binding{
|
||
|
Role: "roles/compute.instanceAdmin",
|
||
|
Members: []string{"user:admin@hashicorptest.com", "user:paddy@hashicorp.com"},
|
||
|
}, pid),
|
||
|
),
|
||
|
},
|
||
|
},
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// Test that an IAM binding can be removed from a project
|
||
|
func TestAccGoogleProjectIamMember_remove(t *testing.T) {
|
||
|
pid := "terraform-" + acctest.RandString(10)
|
||
|
resource.Test(t, resource.TestCase{
|
||
|
PreCheck: func() { testAccPreCheck(t) },
|
||
|
Providers: testAccProviders,
|
||
|
Steps: []resource.TestStep{
|
||
|
// Create a new project
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProject_create(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccGoogleProjectExistingPolicy(pid),
|
||
|
),
|
||
|
},
|
||
|
// Apply multiple IAM bindings
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProjectAssociateMemberMultiple(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_member.acceptance", &cloudresourcemanager.Binding{
|
||
|
Role: "roles/compute.instanceAdmin",
|
||
|
Members: []string{"user:admin@hashicorptest.com", "user:paddy@hashicorp.com"},
|
||
|
}, pid),
|
||
|
),
|
||
|
},
|
||
|
// Remove the bindings
|
||
|
resource.TestStep{
|
||
|
Config: testAccGoogleProject_create(pid, pname, org),
|
||
|
Check: resource.ComposeTestCheckFunc(
|
||
|
testAccGoogleProjectExistingPolicy(pid),
|
||
|
),
|
||
|
},
|
||
|
},
|
||
|
})
|
||
|
}
|
||
|
|
||
|
func testAccGoogleProjectAssociateMemberBasic(pid, name, org string) string {
|
||
|
return fmt.Sprintf(`
|
||
|
resource "google_project" "acceptance" {
|
||
|
project_id = "%s"
|
||
|
name = "%s"
|
||
|
org_id = "%s"
|
||
|
}
|
||
|
resource "google_project_iam_member" "acceptance" {
|
||
|
project = "${google_project.acceptance.id}"
|
||
|
member = "user:admin@hashicorptest.com"
|
||
|
role = "roles/compute.instanceAdmin"
|
||
|
}
|
||
|
`, pid, name, org)
|
||
|
}
|
||
|
|
||
|
func testAccGoogleProjectAssociateMemberMultiple(pid, name, org string) string {
|
||
|
return fmt.Sprintf(`
|
||
|
resource "google_project" "acceptance" {
|
||
|
project_id = "%s"
|
||
|
name = "%s"
|
||
|
org_id = "%s"
|
||
|
}
|
||
|
resource "google_project_iam_member" "acceptance" {
|
||
|
project = "${google_project.acceptance.id}"
|
||
|
member = "user:admin@hashicorptest.com"
|
||
|
role = "roles/compute.instanceAdmin"
|
||
|
}
|
||
|
resource "google_project_iam_member" "multiple" {
|
||
|
project = "${google_project.acceptance.id}"
|
||
|
member = "user:paddy@hashicorp.com"
|
||
|
role = "roles/compute.instanceAdmin"
|
||
|
}
|
||
|
`, pid, name, org)
|
||
|
}
|