public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-01 07:42:40 +00:00
Code Issues Projects Releases Wiki Activity

fixing documentation and making tests more specific

Browse Source
This commit is contained in:
Richard Hsu 2019-05-07 15:55:10 -04:00
parent 0e4bdb83c5
commit 2e84d558e2
2 changed files with 106 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

274
google/resource_compute_instance_iam_test.go
View File

@ -12,11 +12,8 @@ func TestAccComputeInstanceIamBinding(t *testing.T) {
t.Parallel()
project := getTestProjectFromEnv()
account := acctest.RandomWithPrefix("tf-test")
role := "roles/compute.osLogin"
region := getTestRegionFromEnv()
zone := getTestZoneFromEnv()
subnetwork := fmt.Sprintf("tf-test-net-%s", acctest.RandString(10))
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
@ -24,7 +21,7 @@ func TestAccComputeInstanceIamBinding(t *testing.T) {
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccComputeInstanceIamBinding_basic(project, account, region, zone, subnetwork, instanceName, role),
Config: testAccComputeInstanceIamBinding_basic(zone, instanceName, role),
},
{
ResourceName: "google_compute_instance_iam_binding.foo",
@ -34,7 +31,7 @@ func TestAccComputeInstanceIamBinding(t *testing.T) {
},
{
// Test Iam Binding update
Config: testAccComputeInstanceIamBinding_update(project, account, region, zone, subnetwork, instanceName, role),
Config: testAccComputeInstanceIamBinding_update(zone, instanceName, role),
},
{
ResourceName: "google_compute_instance_iam_binding.foo",
@ -50,23 +47,21 @@ func TestAccComputeInstanceIamMember(t *testing.T) {
t.Parallel()
project := getTestProjectFromEnv()
account := acctest.RandomWithPrefix("tf-test")
role := "roles/compute.osLogin"
region := getTestRegionFromEnv()
zone := getTestZoneFromEnv()
subnetwork := fmt.Sprintf("tf-test-net-%s", acctest.RandString(10))
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
// Test Iam Member creation (no update for member, no need to test)
Config: testAccComputeInstanceIamMember_basic(project, account, region, zone, subnetwork, instanceName, role),
Config: testAccComputeInstanceIamMember_basic(zone, instanceName, role),
},
{
ResourceName: "google_compute_instance_iam_member.foo",
ImportStateId: fmt.Sprintf("%s/%s/%s %s serviceAccount:%s@%s.iam.gserviceaccount.com", project, zone, instanceName, role, account, project),
ImportStateId: fmt.Sprintf("%s/%s/%s %s user:admin@hashicorptest.com", project, zone, instanceName, role),
ImportState: true,
ImportStateVerify: true,
},
@ -78,19 +73,16 @@ func TestAccComputeInstanceIamPolicy(t *testing.T) {
t.Parallel()
project := getTestProjectFromEnv()
account := acctest.RandomWithPrefix("tf-test")
role := "roles/compute.osLogin"
region := getTestRegionFromEnv()
zone := getTestZoneFromEnv()
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
subnetwork := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccComputeInstanceIamPolicy_basic(project, account, region, zone, subnetwork, instanceName, role),
Config: testAccComputeInstanceIamPolicy_basic(zone, instanceName, role),
},
// Test a few import formats
{
@ -115,192 +107,124 @@ func TestAccComputeInstanceIamPolicy(t *testing.T) {
})
}
func testAccComputeInstanceIamMember_basic(project, account, region, zone, subnetworkName, instanceName, roleId string) string {
func testAccComputeInstanceIamMember_basic(zone, instanceName, roleId string) string {
return fmt.Sprintf(`
resource "google_service_account" "test_account" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_compute_instance" "test_vm" {
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
network_interface {
network = "default"
}
}
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
resource "google_compute_instance_iam_member" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
role = "%s"
member = "user:admin@hashicorptest.com"
}
`, zone, instanceName, roleId)
}
resource "google_compute_instance_iam_member" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
role = "%s"
member = "serviceAccount:${google_service_account.test_account.email}"
}
`, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
}
func testAccComputeInstanceIamPolicy_basic(project, account, region, zone, subnetworkName, instanceName, roleId string) string {
func testAccComputeInstanceIamPolicy_basic(zone, instanceName, roleId string) string {
return fmt.Sprintf(`
resource "google_service_account" "test_account" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_compute_instance" "test_vm" {
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
network_interface {
network = "default"
}
}
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
}
}
data "google_iam_policy" "foo" {
binding {
role = "%s"
members = ["serviceAccount:${google_service_account.test_account.email}"]
}
}
resource "google_compute_instance_iam_policy" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
policy_data = "${data.google_iam_policy.foo.policy_data}"
}
`, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
}
func testAccComputeInstanceIamBinding_basic(project, account, region, zone, subnetworkName, instanceName, roleId string) string {
return fmt.Sprintf(`
resource "google_service_account" "test_account" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
data "google_iam_policy" "foo" {
binding {
role = "%s"
members = ["user:admin@hashicorptest.com"]
}
}
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
resource "google_compute_instance_iam_policy" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
policy_data = "${data.google_iam_policy.foo.policy_data}"
}
`, zone, instanceName, roleId)
}
resource "google_compute_instance_iam_binding" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
role = "%s"
members = ["serviceAccount:${google_service_account.test_account.email}"]
}
`, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
}
func testAccComputeInstanceIamBinding_update(project, account, region, zone, subnetworkName, instanceName, roleId string) string {
func testAccComputeInstanceIamBinding_basic(zone, instanceName, roleId string) string {
return fmt.Sprintf(`
resource "google_service_account" "test_account" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_compute_instance" "test_vm" {
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
resource "google_service_account" "test_account_2" {
account_id = "%s-2"
display_name = "Iam Testing Account"
}
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
network_interface {
network = "default"
}
}
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
resource "google_compute_instance_iam_binding" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
role = "%s"
members = ["user:admin@hashicorptest.com"]
}
`, zone, instanceName, roleId)
}
resource "google_compute_instance_iam_binding" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
role = "%s"
members = [
"serviceAccount:${google_service_account.test_account.email}",
"serviceAccount:${google_service_account.test_account_2.email}"
]
}
`, account, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
func testAccComputeInstanceIamBinding_update(zone, instanceName, roleId string) string {
return fmt.Sprintf(`
resource "google_compute_instance" "test_vm" {
zone = "%s"
name = "%s"
machine_type = "n1-standard-1"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
network_interface {
network = "default"
}
}
resource "google_compute_instance_iam_binding" "foo" {
project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}"
role = "%s"
members = ["user:admin@hashicorptest.com", "user:paddy@hashicorp.com"]
}
`, zone, instanceName, roleId)
}

17
website/docs/r/compute_instance_iam.html.markdown
View File

@ -8,9 +8,6 @@ description: |-
# IAM policy for GCE instance
~> **Warning:** These resources are in beta, and should be used with the terraform-provider-google-beta provider.
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
Three different resources help you manage your IAM policy for GCE instance. Each of these resources serves a different use case:
* `google_compute_instance_iam_policy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.
@ -26,7 +23,7 @@ Three different resources help you manage your IAM policy for GCE instance. Each
```hcl
data "google_iam_policy" "admin" {
binding {
role = "roles/editor"
role = "roles/compute.osLogin"
members = [
"user:jane@example.com",
@ -35,8 +32,8 @@ data "google_iam_policy" "admin" {
}
resource "google_compute_instance_iam_policy" "instance" {
instance_name = "your-instance-id"
policy_data = "${data.google_iam_policy.admin.policy_data}"
instance_name = "your-instance-name"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
```
@ -44,8 +41,8 @@ resource "google_compute_instance_iam_policy" "instance" {
```hcl
resource "google_compute_instance_iam_binding" "instance" {
instance_name = "your-instance-id"
role = "roles/compute.networkUser"
instance_name = "your-instance-name"
role = "roles/compute.osLoginr"
members = [
"user:jane@example.com",
@ -57,8 +54,8 @@ resource "google_compute_instance_iam_binding" "instance" {
```hcl
resource "google_compute_instance_iam_member" "instance" {
instance_name = "your-instance-id"
role = "roles/compute.networkUser"
instance_name = "your-instance-name"
role = "roles/compute.osLogin"
member = "user:jane@example.com"
}
```