mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-03 08:42:39 +00:00
providers/google: Add documentation for google_iam_policy resource
This commit is contained in:
parent
39109607a2
commit
92fe030b5e
|
@ -9,6 +9,25 @@ import (
|
||||||
"google.golang.org/api/cloudresourcemanager/v1"
|
"google.golang.org/api/cloudresourcemanager/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var iamBinding *schema.Schema = &schema.Schema{
|
||||||
|
Type: schema.TypeSet,
|
||||||
|
Required: true,
|
||||||
|
Elem: &schema.Resource{
|
||||||
|
Schema: map[string]*schema.Schema{
|
||||||
|
"role": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Required: true,
|
||||||
|
},
|
||||||
|
"members": {
|
||||||
|
Type: schema.TypeSet,
|
||||||
|
Required: true,
|
||||||
|
Elem: &schema.Schema{Type: schema.TypeString},
|
||||||
|
Set: schema.HashString,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
// dataSourceGoogleIamPolicy returns a *schema.Resource that allows a customer
|
// dataSourceGoogleIamPolicy returns a *schema.Resource that allows a customer
|
||||||
// to express a Google Cloud IAM policy in a data resource. This is an example
|
// to express a Google Cloud IAM policy in a data resource. This is an example
|
||||||
// of how the schema would be used in a config:
|
// of how the schema would be used in a config:
|
||||||
|
@ -25,25 +44,8 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
|
||||||
return &schema.Resource{
|
return &schema.Resource{
|
||||||
Read: dataSourceGoogleIamPolicyRead,
|
Read: dataSourceGoogleIamPolicyRead,
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
"binding": {
|
"binding": iamBinding,
|
||||||
Type: schema.TypeSet,
|
"policy_data": {
|
||||||
Required: true,
|
|
||||||
Elem: &schema.Resource{
|
|
||||||
Schema: map[string]*schema.Schema{
|
|
||||||
"role": {
|
|
||||||
Type: schema.TypeString,
|
|
||||||
Required: true,
|
|
||||||
},
|
|
||||||
"members": {
|
|
||||||
Type: schema.TypeSet,
|
|
||||||
Required: true,
|
|
||||||
Elem: &schema.Schema{Type: schema.TypeString},
|
|
||||||
Set: schema.HashString,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"policy": {
|
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
},
|
},
|
||||||
|
@ -81,7 +83,7 @@ func dataSourceGoogleIamPolicyRead(d *schema.ResourceData, meta interface{}) err
|
||||||
}
|
}
|
||||||
pstring := string(pjson)
|
pstring := string(pjson)
|
||||||
|
|
||||||
d.Set("policy", pstring)
|
d.Set("policy_data", pstring)
|
||||||
d.SetId(strconv.Itoa(hashcode.String(pstring)))
|
d.SetId(strconv.Itoa(hashcode.String(pstring)))
|
||||||
|
|
||||||
return nil
|
return nil
|
|
@ -31,31 +31,23 @@ func resourceGoogleProject() *schema.Resource {
|
||||||
Delete: resourceGoogleProjectDelete,
|
Delete: resourceGoogleProjectDelete,
|
||||||
|
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
"project": &schema.Schema{
|
"id": &schema.Schema{
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Required: true,
|
Required: true,
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
},
|
},
|
||||||
|
"policy_data": &schema.Schema{
|
||||||
"policy": &schema.Schema{
|
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
"name": &schema.Schema{
|
"name": &schema.Schema{
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
"number": &schema.Schema{
|
"number": &schema.Schema{
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
"id": &schema.Schema{
|
|
||||||
Type: schema.TypeString,
|
|
||||||
Computed: true,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -77,7 +69,7 @@ func resourceGoogleProjectCreate(d *schema.ResourceData, meta interface{}) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// Apply the IAM policy if it is set
|
// Apply the IAM policy if it is set
|
||||||
if pString, ok := d.GetOk("policy"); ok {
|
if pString, ok := d.GetOk("policy_data"); ok {
|
||||||
// The policy string is just a marshaled cloudresourcemanager.Policy.
|
// The policy string is just a marshaled cloudresourcemanager.Policy.
|
||||||
// Unmarshal it to a struct.
|
// Unmarshal it to a struct.
|
||||||
var policy cloudresourcemanager.Policy
|
var policy cloudresourcemanager.Policy
|
||||||
|
@ -116,6 +108,7 @@ func resourceGoogleProjectRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
d.SetId(project)
|
||||||
|
|
||||||
// Confirm the project exists.
|
// Confirm the project exists.
|
||||||
// TODO(evanbrown): Support project creation
|
// TODO(evanbrown): Support project creation
|
||||||
|
@ -141,10 +134,10 @@ func resourceGoogleProjectUpdate(d *schema.ResourceData, meta interface{}) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// Policy has changed
|
// Policy has changed
|
||||||
if ok := d.HasChange("policy"); ok {
|
if ok := d.HasChange("policy_data"); ok {
|
||||||
// The policy string is just a marshaled cloudresourcemanager.Policy.
|
// The policy string is just a marshaled cloudresourcemanager.Policy.
|
||||||
// Unmarshal it to a struct that contains the old and new policies
|
// Unmarshal it to a struct that contains the old and new policies
|
||||||
oldP, newP := d.GetChange("policy")
|
oldP, newP := d.GetChange("policy_data")
|
||||||
oldPString := oldP.(string)
|
oldPString := oldP.(string)
|
||||||
newPString := newP.(string)
|
newPString := newP.(string)
|
||||||
|
|
||||||
|
|
|
@ -133,9 +133,9 @@ func testAccCheckGoogleProjectIamPolicyIsMerged(projectRes, policyRes string, or
|
||||||
|
|
||||||
var projectP, policyP cloudresourcemanager.Policy
|
var projectP, policyP cloudresourcemanager.Policy
|
||||||
// The project should have a policy
|
// The project should have a policy
|
||||||
ps, ok := project.Primary.Attributes["policy"]
|
ps, ok := project.Primary.Attributes["policy_data"]
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("Project resource %q did not have a 'policy' attribute", project.Primary.ID)
|
return fmt.Errorf("Project resource %q did not have a 'policy_data' attribute. Attributes were %#v", project.Primary.Attributes["id"], project.Primary.Attributes)
|
||||||
}
|
}
|
||||||
if err := json.Unmarshal([]byte(ps), &projectP); err != nil {
|
if err := json.Unmarshal([]byte(ps), &projectP); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -146,9 +146,9 @@ func testAccCheckGoogleProjectIamPolicyIsMerged(projectRes, policyRes string, or
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("Not found: %s", policyRes)
|
return fmt.Errorf("Not found: %s", policyRes)
|
||||||
}
|
}
|
||||||
ps, ok = policy.Primary.Attributes["policy"]
|
ps, ok = policy.Primary.Attributes["policy_data"]
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("Policy resource %q did not have a 'policy' attribute", policy.Primary.ID)
|
return fmt.Errorf("Data policy resource %q did not have a 'policy_data' attribute. Attributes were %#v", policy.Primary.Attributes["id"], project.Primary.Attributes)
|
||||||
}
|
}
|
||||||
if err := json.Unmarshal([]byte(ps), &policyP); err != nil {
|
if err := json.Unmarshal([]byte(ps), &policyP); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -158,7 +158,6 @@ func testAccCheckGoogleProjectIamPolicyIsMerged(projectRes, policyRes string, or
|
||||||
if !reflect.DeepEqual(derefBindings(projectP.Bindings), derefBindings(policyP.Bindings)) {
|
if !reflect.DeepEqual(derefBindings(projectP.Bindings), derefBindings(policyP.Bindings)) {
|
||||||
return fmt.Errorf("Project and data source policies do not match: project policy is %+v, data resource policy is %+v", derefBindings(projectP.Bindings), derefBindings(policyP.Bindings))
|
return fmt.Errorf("Project and data source policies do not match: project policy is %+v, data resource policy is %+v", derefBindings(projectP.Bindings), derefBindings(policyP.Bindings))
|
||||||
}
|
}
|
||||||
return nil
|
|
||||||
|
|
||||||
// Merge the project policy in Terrafomr state with the policy the project had before the config was applied
|
// Merge the project policy in Terrafomr state with the policy the project had before the config was applied
|
||||||
expected := make([]*cloudresourcemanager.Binding, 0)
|
expected := make([]*cloudresourcemanager.Binding, 0)
|
||||||
|
@ -446,13 +445,13 @@ func (b Binding) Less(i, j int) bool {
|
||||||
|
|
||||||
var testAccGoogleProject_basic = `
|
var testAccGoogleProject_basic = `
|
||||||
resource "google_project" "acceptance" {
|
resource "google_project" "acceptance" {
|
||||||
project = "%v"
|
id = "%v"
|
||||||
}`
|
}`
|
||||||
|
|
||||||
var testAccGoogleProject_policy1 = `
|
var testAccGoogleProject_policy1 = `
|
||||||
resource "google_project" "acceptance" {
|
resource "google_project" "acceptance" {
|
||||||
project = "%v"
|
id = "%v"
|
||||||
policy = "${data.google_iam_policy.admin.policy}"
|
policy_data = "${data.google_iam_policy.admin.policy_data}"
|
||||||
}
|
}
|
||||||
|
|
||||||
data "google_iam_policy" "admin" {
|
data "google_iam_policy" "admin" {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user