public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-10-03 01:01:06 +00:00
Code Issues Projects Releases Wiki Activity

fixing documentation and making tests more specific

Browse Source
This commit is contained in:
Richard Hsu 2019-05-07 15:55:10 -04:00
parent 0e4bdb83c5
commit 2e84d558e2
2 changed files with 106 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
google/resource_compute_instance_iam_test.go
View File

@ -12,11 +12,8 @@ func TestAccComputeInstanceIamBinding(t *testing.T) {
t.Parallel() t.Parallel()
project := getTestProjectFromEnv() project := getTestProjectFromEnv()
account := acctest.RandomWithPrefix("tf-test")
role := "roles/compute.osLogin" role := "roles/compute.osLogin"
region := getTestRegionFromEnv()
zone := getTestZoneFromEnv() zone := getTestZoneFromEnv()
subnetwork := fmt.Sprintf("tf-test-net-%s", acctest.RandString(10))
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10)) instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
@ -24,7 +21,7 @@ func TestAccComputeInstanceIamBinding(t *testing.T) {
Providers: testAccProviders, Providers: testAccProviders,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
Config: testAccComputeInstanceIamBinding_basic(project, account, region, zone, subnetwork, instanceName, role), Config: testAccComputeInstanceIamBinding_basic(zone, instanceName, role),
}, },
{ {
ResourceName: "google_compute_instance_iam_binding.foo", ResourceName: "google_compute_instance_iam_binding.foo",
@ -34,7 +31,7 @@ func TestAccComputeInstanceIamBinding(t *testing.T) {
}, },
{ {
// Test Iam Binding update // Test Iam Binding update
Config: testAccComputeInstanceIamBinding_update(project, account, region, zone, subnetwork, instanceName, role), Config: testAccComputeInstanceIamBinding_update(zone, instanceName, role),
}, },
{ {
ResourceName: "google_compute_instance_iam_binding.foo", ResourceName: "google_compute_instance_iam_binding.foo",
@ -50,23 +47,21 @@ func TestAccComputeInstanceIamMember(t *testing.T) {
t.Parallel() t.Parallel()
project := getTestProjectFromEnv() project := getTestProjectFromEnv()
account := acctest.RandomWithPrefix("tf-test")
role := "roles/compute.osLogin" role := "roles/compute.osLogin"
region := getTestRegionFromEnv()
zone := getTestZoneFromEnv() zone := getTestZoneFromEnv()
subnetwork := fmt.Sprintf("tf-test-net-%s", acctest.RandString(10))
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10)) instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders, Providers: testAccProviders,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
// Test Iam Member creation (no update for member, no need to test) // Test Iam Member creation (no update for member, no need to test)
Config: testAccComputeInstanceIamMember_basic(project, account, region, zone, subnetwork, instanceName, role), Config: testAccComputeInstanceIamMember_basic(zone, instanceName, role),
}, },
{ {
ResourceName: "google_compute_instance_iam_member.foo", ResourceName: "google_compute_instance_iam_member.foo",
ImportStateId: fmt.Sprintf("%s/%s/%s %s serviceAccount:%s@%s.iam.gserviceaccount.com", project, zone, instanceName, role, account, project), ImportStateId: fmt.Sprintf("%s/%s/%s %s user:admin@hashicorptest.com", project, zone, instanceName, role),
ImportState: true, ImportState: true,
ImportStateVerify: true, ImportStateVerify: true,
}, },
@ -78,19 +73,16 @@ func TestAccComputeInstanceIamPolicy(t *testing.T) {
t.Parallel() t.Parallel()
project := getTestProjectFromEnv() project := getTestProjectFromEnv()
account := acctest.RandomWithPrefix("tf-test")
role := "roles/compute.osLogin" role := "roles/compute.osLogin"
region := getTestRegionFromEnv()
zone := getTestZoneFromEnv() zone := getTestZoneFromEnv()
instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10)) instanceName := fmt.Sprintf("tf-test-instance-%s", acctest.RandString(10))
subnetwork := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders, Providers: testAccProviders,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
Config: testAccComputeInstanceIamPolicy_basic(project, account, region, zone, subnetwork, instanceName, role), Config: testAccComputeInstanceIamPolicy_basic(zone, instanceName, role),
}, },
// Test a few import formats // Test a few import formats
{ {
@ -115,192 +107,124 @@ func TestAccComputeInstanceIamPolicy(t *testing.T) {
}) })
} }
func testAccComputeInstanceIamMember_basic(project, account, region, zone, subnetworkName, instanceName, roleId string) string { func testAccComputeInstanceIamMember_basic(zone, instanceName, roleId string) string {
return fmt.Sprintf(` return fmt.Sprintf(`
resource "google_service_account" "test_account" { resource "google_compute_instance" "test_vm" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s" zone = "%s"
name = "%s" name = "%s"
machine_type = "n1-standard-1" machine_type = "n1-standard-1"
boot_disk { boot_disk {
initialize_params { initialize_params {
image = "debian-cloud/debian-9" image = "debian-cloud/debian-9"
} }
} }
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
}
}
resource "google_compute_instance_iam_member" "foo" { network_interface {
network = "default"
}
}
resource "google_compute_instance_iam_member" "foo" {
project = "${google_compute_instance.test_vm.project}" project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}" zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}" instance_name = "${google_compute_instance.test_vm.name}"
role = "%s" role = "%s"
member = "serviceAccount:${google_service_account.test_account.email}" member = "user:admin@hashicorptest.com"
} }
`, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
`, zone, instanceName, roleId)
} }
func testAccComputeInstanceIamPolicy_basic(project, account, region, zone, subnetworkName, instanceName, roleId string) string { func testAccComputeInstanceIamPolicy_basic(zone, instanceName, roleId string) string {
return fmt.Sprintf(` return fmt.Sprintf(`
resource "google_service_account" "test_account" { resource "google_compute_instance" "test_vm" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s" zone = "%s"
name = "%s" name = "%s"
machine_type = "n1-standard-1" machine_type = "n1-standard-1"
boot_disk { boot_disk {
initialize_params { initialize_params {
image = "debian-cloud/debian-9" image = "debian-cloud/debian-9"
} }
} }
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
}
}
data "google_iam_policy" "foo" { network_interface {
network = "default"
}
}
data "google_iam_policy" "foo" {
binding { binding {
role = "%s" role = "%s"
members = ["serviceAccount:${google_service_account.test_account.email}"] members = ["user:admin@hashicorptest.com"]
}
} }
}
resource "google_compute_instance_iam_policy" "foo" { resource "google_compute_instance_iam_policy" "foo" {
project = "${google_compute_instance.test_vm.project}" project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}" zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}" instance_name = "${google_compute_instance.test_vm.name}"
policy_data = "${data.google_iam_policy.foo.policy_data}" policy_data = "${data.google_iam_policy.foo.policy_data}"
} }
`, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
`, zone, instanceName, roleId)
} }
func testAccComputeInstanceIamBinding_basic(project, account, region, zone, subnetworkName, instanceName, roleId string) string { func testAccComputeInstanceIamBinding_basic(zone, instanceName, roleId string) string {
return fmt.Sprintf(` return fmt.Sprintf(`
resource "google_service_account" "test_account" { resource "google_compute_instance" "test_vm" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s" zone = "%s"
name = "%s" name = "%s"
machine_type = "n1-standard-1" machine_type = "n1-standard-1"
boot_disk { boot_disk {
initialize_params { initialize_params {
image = "debian-cloud/debian-9" image = "debian-cloud/debian-9"
} }
} }
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
}
}
resource "google_compute_instance_iam_binding" "foo" { network_interface {
network = "default"
}
}
resource "google_compute_instance_iam_binding" "foo" {
project = "${google_compute_instance.test_vm.project}" project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}" zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}" instance_name = "${google_compute_instance.test_vm.name}"
role = "%s" role = "%s"
members = ["serviceAccount:${google_service_account.test_account.email}"] members = ["user:admin@hashicorptest.com"]
} }
`, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
`, zone, instanceName, roleId)
} }
func testAccComputeInstanceIamBinding_update(project, account, region, zone, subnetworkName, instanceName, roleId string) string { func testAccComputeInstanceIamBinding_update(zone, instanceName, roleId string) string {
return fmt.Sprintf(` return fmt.Sprintf(`
resource "google_service_account" "test_account" { resource "google_compute_instance" "test_vm" {
account_id = "%s"
display_name = "Iam Testing Account"
}
resource "google_service_account" "test_account_2" {
account_id = "%s-2"
display_name = "Iam Testing Account"
}
resource "google_compute_network" "network" {
name = "%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnetwork" {
name = "%s"
region = "%s"
ip_cidr_range = "10.1.0.0/16"
network = "${google_compute_network.network.name}"
}
resource "google_compute_instance" "test_vm" {
project = "%s"
zone = "%s" zone = "%s"
name = "%s" name = "%s"
machine_type = "n1-standard-1" machine_type = "n1-standard-1"
boot_disk { boot_disk {
initialize_params { initialize_params {
image = "debian-cloud/debian-9" image = "debian-cloud/debian-9"
} }
} }
network_interface {
subnetwork ="${google_compute_subnetwork.subnetwork.self_link}"
}
}
resource "google_compute_instance_iam_binding" "foo" { network_interface {
network = "default"
}
}
resource "google_compute_instance_iam_binding" "foo" {
project = "${google_compute_instance.test_vm.project}" project = "${google_compute_instance.test_vm.project}"
zone = "${google_compute_instance.test_vm.zone}" zone = "${google_compute_instance.test_vm.zone}"
instance_name = "${google_compute_instance.test_vm.name}" instance_name = "${google_compute_instance.test_vm.name}"
role = "%s" role = "%s"
members = [ members = ["user:admin@hashicorptest.com", "user:paddy@hashicorp.com"]
"serviceAccount:${google_service_account.test_account.email}", }
"serviceAccount:${google_service_account.test_account_2.email}"
] `, zone, instanceName, roleId)
}
`, account, account, subnetworkName, subnetworkName, region, project, zone, instanceName, roleId)
} }

15
website/docs/r/compute_instance_iam.html.markdown
View File

@ -8,9 +8,6 @@ description: |-
# IAM policy for GCE instance # IAM policy for GCE instance
~> **Warning:** These resources are in beta, and should be used with the terraform-provider-google-beta provider.
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
Three different resources help you manage your IAM policy for GCE instance. Each of these resources serves a different use case: Three different resources help you manage your IAM policy for GCE instance. Each of these resources serves a different use case:
* `google_compute_instance_iam_policy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached. * `google_compute_instance_iam_policy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.
@ -26,7 +23,7 @@ Three different resources help you manage your IAM policy for GCE instance. Each
```hcl ```hcl
data "google_iam_policy" "admin" { data "google_iam_policy" "admin" {
binding { binding {
role = "roles/editor" role = "roles/compute.osLogin"
members = [ members = [
"user:jane@example.com", "user:jane@example.com",
@ -35,7 +32,7 @@ data "google_iam_policy" "admin" {
} }
resource "google_compute_instance_iam_policy" "instance" { resource "google_compute_instance_iam_policy" "instance" {
instance_name = "your-instance-id" instance_name = "your-instance-name"
policy_data = "${data.google_iam_policy.admin.policy_data}" policy_data = "${data.google_iam_policy.admin.policy_data}"
} }
``` ```
@ -44,8 +41,8 @@ resource "google_compute_instance_iam_policy" "instance" {
```hcl ```hcl
resource "google_compute_instance_iam_binding" "instance" { resource "google_compute_instance_iam_binding" "instance" {
instance_name = "your-instance-id" instance_name = "your-instance-name"
role = "roles/compute.networkUser" role = "roles/compute.osLoginr"
members = [ members = [
"user:jane@example.com", "user:jane@example.com",
@ -57,8 +54,8 @@ resource "google_compute_instance_iam_binding" "instance" {
```hcl ```hcl
resource "google_compute_instance_iam_member" "instance" { resource "google_compute_instance_iam_member" "instance" {
instance_name = "your-instance-id" instance_name = "your-instance-name"
role = "roles/compute.networkUser" role = "roles/compute.osLogin"
member = "user:jane@example.com" member = "user:jane@example.com"
} }
``` ```