2019-05-02 16:03:57 +00:00
|
|
|
package google
|
|
|
|
|
|
|
|
import (
|
2019-05-07 21:02:26 +00:00
|
|
|
"fmt"
|
|
|
|
"testing"
|
2019-05-02 16:03:57 +00:00
|
|
|
|
2019-05-07 21:02:26 +00:00
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
2019-05-02 16:03:57 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestAccComputeInstanceIamBinding(t *testing.T) {
|
2019-05-07 21:02:26 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
project := getTestProjectFromEnv()
|
|
|
|
role := "roles/compute.osLogin"
|
|
|
|
zone := getTestZoneFromEnv()
|
|
|
|
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
|
|
|
|
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
{
|
|
|
|
Config: testAccComputeInstanceIamBinding_basic(zone, instanceName, role),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_compute_instance_iam_binding.foo",
|
|
|
|
ImportStateId: fmt.Sprintf("%s/%s/%s %s", project, zone, instanceName, role),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
// Test Iam Binding update
|
|
|
|
Config: testAccComputeInstanceIamBinding_update(zone, instanceName, role),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_compute_instance_iam_binding.foo",
|
|
|
|
ImportStateId: fmt.Sprintf("%s/%s/%s %s", project, zone, instanceName, role),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestAccComputeInstanceIamMember(t *testing.T) {
|
2019-05-07 21:02:26 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
project := getTestProjectFromEnv()
|
|
|
|
role := "roles/compute.osLogin"
|
|
|
|
zone := getTestZoneFromEnv()
|
|
|
|
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
|
|
|
|
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
{
|
|
|
|
// Test Iam Member creation (no update for member, no need to test)
|
|
|
|
Config: testAccComputeInstanceIamMember_basic(zone, instanceName, role),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_compute_instance_iam_member.foo",
|
|
|
|
ImportStateId: fmt.Sprintf("%s/%s/%s %s user:admin@hashicorptest.com", project, zone, instanceName, role),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestAccComputeInstanceIamPolicy(t *testing.T) {
|
2019-05-07 21:02:26 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
project := getTestProjectFromEnv()
|
|
|
|
role := "roles/compute.osLogin"
|
|
|
|
zone := getTestZoneFromEnv()
|
|
|
|
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
|
|
|
|
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
{
|
|
|
|
Config: testAccComputeInstanceIamPolicy_basic(zone, instanceName, role),
|
|
|
|
},
|
|
|
|
// Test a few import formats
|
|
|
|
{
|
|
|
|
ResourceName: "google_compute_instance_iam_policy.foo",
|
|
|
|
ImportStateId: fmt.Sprintf("projects/%s/zones/%s/instances/%s", project, zone, instanceName),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_compute_instance_iam_policy.foo",
|
|
|
|
ImportStateId: fmt.Sprintf("%s/%s/%s", project, zone, instanceName),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
ResourceName: "google_compute_instance_iam_policy.foo",
|
|
|
|
ImportStateId: fmt.Sprintf("%s/%s", zone, instanceName),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
func testAccComputeInstanceIamMember_basic(zone, instanceName, roleId string) string {
|
2019-05-07 21:02:26 +00:00
|
|
|
return fmt.Sprintf(`
|
2019-05-07 19:55:10 +00:00
|
|
|
resource "google_compute_instance" "test_vm" {
|
|
|
|
zone = "%s"
|
|
|
|
name = "%s"
|
|
|
|
machine_type = "n1-standard-1"
|
|
|
|
|
|
|
|
boot_disk {
|
|
|
|
initialize_params {
|
|
|
|
image = "debian-cloud/debian-9"
|
|
|
|
}
|
|
|
|
}
|
2019-05-02 16:03:57 +00:00
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
network_interface {
|
|
|
|
network = "default"
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
}
|
2019-05-07 19:55:10 +00:00
|
|
|
|
|
|
|
resource "google_compute_instance_iam_member" "foo" {
|
|
|
|
project = "${google_compute_instance.test_vm.project}"
|
|
|
|
zone = "${google_compute_instance.test_vm.zone}"
|
|
|
|
instance_name = "${google_compute_instance.test_vm.name}"
|
|
|
|
role = "%s"
|
|
|
|
member = "user:admin@hashicorptest.com"
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
`, zone, instanceName, roleId)
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
func testAccComputeInstanceIamPolicy_basic(zone, instanceName, roleId string) string {
|
2019-05-07 21:02:26 +00:00
|
|
|
return fmt.Sprintf(`
|
2019-05-07 19:55:10 +00:00
|
|
|
resource "google_compute_instance" "test_vm" {
|
|
|
|
zone = "%s"
|
|
|
|
name = "%s"
|
|
|
|
machine_type = "n1-standard-1"
|
|
|
|
|
|
|
|
boot_disk {
|
|
|
|
initialize_params {
|
|
|
|
image = "debian-cloud/debian-9"
|
|
|
|
}
|
|
|
|
}
|
2019-05-02 16:03:57 +00:00
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
network_interface {
|
|
|
|
network = "default"
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
}
|
2019-05-07 19:55:10 +00:00
|
|
|
|
|
|
|
data "google_iam_policy" "foo" {
|
|
|
|
binding {
|
|
|
|
role = "%s"
|
|
|
|
members = ["user:admin@hashicorptest.com"]
|
|
|
|
}
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
resource "google_compute_instance_iam_policy" "foo" {
|
|
|
|
project = "${google_compute_instance.test_vm.project}"
|
|
|
|
zone = "${google_compute_instance.test_vm.zone}"
|
|
|
|
instance_name = "${google_compute_instance.test_vm.name}"
|
|
|
|
policy_data = "${data.google_iam_policy.foo.policy_data}"
|
2019-05-06 18:53:58 +00:00
|
|
|
}
|
2019-05-02 16:03:57 +00:00
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
`, zone, instanceName, roleId)
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
func testAccComputeInstanceIamBinding_basic(zone, instanceName, roleId string) string {
|
2019-05-07 21:02:26 +00:00
|
|
|
return fmt.Sprintf(`
|
2019-05-07 19:55:10 +00:00
|
|
|
resource "google_compute_instance" "test_vm" {
|
|
|
|
zone = "%s"
|
|
|
|
name = "%s"
|
|
|
|
machine_type = "n1-standard-1"
|
|
|
|
|
|
|
|
boot_disk {
|
|
|
|
initialize_params {
|
|
|
|
image = "debian-cloud/debian-9"
|
|
|
|
}
|
|
|
|
}
|
2019-05-06 18:53:58 +00:00
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
network_interface {
|
|
|
|
network = "default"
|
2019-05-06 18:53:58 +00:00
|
|
|
}
|
|
|
|
}
|
2019-05-07 19:55:10 +00:00
|
|
|
|
|
|
|
resource "google_compute_instance_iam_binding" "foo" {
|
|
|
|
project = "${google_compute_instance.test_vm.project}"
|
|
|
|
zone = "${google_compute_instance.test_vm.zone}"
|
|
|
|
instance_name = "${google_compute_instance.test_vm.name}"
|
|
|
|
role = "%s"
|
|
|
|
members = ["user:admin@hashicorptest.com"]
|
2019-05-06 18:53:58 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
`, zone, instanceName, roleId)
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
func testAccComputeInstanceIamBinding_update(zone, instanceName, roleId string) string {
|
2019-05-07 21:02:26 +00:00
|
|
|
return fmt.Sprintf(`
|
2019-05-07 19:55:10 +00:00
|
|
|
resource "google_compute_instance" "test_vm" {
|
|
|
|
zone = "%s"
|
|
|
|
name = "%s"
|
|
|
|
machine_type = "n1-standard-1"
|
|
|
|
|
|
|
|
boot_disk {
|
|
|
|
initialize_params {
|
|
|
|
image = "debian-cloud/debian-9"
|
|
|
|
}
|
|
|
|
}
|
2019-05-06 18:53:58 +00:00
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
network_interface {
|
|
|
|
network = "default"
|
2019-05-06 18:53:58 +00:00
|
|
|
}
|
|
|
|
}
|
2019-05-07 19:55:10 +00:00
|
|
|
|
|
|
|
resource "google_compute_instance_iam_binding" "foo" {
|
|
|
|
project = "${google_compute_instance.test_vm.project}"
|
|
|
|
zone = "${google_compute_instance.test_vm.zone}"
|
|
|
|
instance_name = "${google_compute_instance.test_vm.name}"
|
|
|
|
role = "%s"
|
|
|
|
members = ["user:admin@hashicorptest.com", "user:paddy@hashicorp.com"]
|
2019-05-06 18:53:58 +00:00
|
|
|
}
|
|
|
|
|
2019-05-07 19:55:10 +00:00
|
|
|
`, zone, instanceName, roleId)
|
2019-05-02 16:03:57 +00:00
|
|
|
}
|