mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-03 01:01:06 +00:00
providers/google: Allow IAM policy removal from project
This commit is contained in:
parent
2d1a3c33aa
commit
f57670652d
@ -130,12 +130,27 @@ func resourceGoogleProjectUpdate(d *schema.ResourceData, meta interface{}) error
|
|||||||
if ok := d.HasChange("policy"); ok {
|
if ok := d.HasChange("policy"); ok {
|
||||||
// The policy string is just a marshaled cloudresourcemanager.Policy.
|
// The policy string is just a marshaled cloudresourcemanager.Policy.
|
||||||
// Unmarshal it to a struct that contains the old and new policies
|
// Unmarshal it to a struct that contains the old and new policies
|
||||||
oldPString, newPString := d.GetChange("policy")
|
oldP, newP := d.GetChange("policy")
|
||||||
|
oldPString := oldP.(string)
|
||||||
|
newPString := newP.(string)
|
||||||
|
|
||||||
|
// JSON Unmarshaling would fail
|
||||||
|
if oldPString == "" {
|
||||||
|
oldPString = "{}"
|
||||||
|
}
|
||||||
|
if newPString == "" {
|
||||||
|
newPString = "{}"
|
||||||
|
}
|
||||||
|
|
||||||
|
oldPStringf, _ := json.MarshalIndent(oldPString, " ", " ")
|
||||||
|
newPStringf, _ := json.MarshalIndent(newPString, " ", " ")
|
||||||
|
log.Printf("[DEBUG]: Old policy: %v\nNew policy: %v", string(oldPStringf), string(newPStringf))
|
||||||
|
|
||||||
var oldPolicy, newPolicy cloudresourcemanager.Policy
|
var oldPolicy, newPolicy cloudresourcemanager.Policy
|
||||||
if err = json.Unmarshal([]byte(newPString.(string)), &newPolicy); err != nil {
|
if err = json.Unmarshal([]byte(newPString), &newPolicy); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err = json.Unmarshal([]byte(oldPString.(string)), &oldPolicy); err != nil {
|
if err = json.Unmarshal([]byte(oldPString), &oldPolicy); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ import (
|
|||||||
"google.golang.org/api/cloudresourcemanager/v1"
|
"google.golang.org/api/cloudresourcemanager/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Binding []cloudresourcemanager.Binding
|
type Binding []*cloudresourcemanager.Binding
|
||||||
|
|
||||||
func (b Binding) Len() int {
|
func (b Binding) Len() int {
|
||||||
return len(b)
|
return len(b)
|
||||||
@ -22,13 +22,78 @@ func (b Binding) Less(i, j int) bool {
|
|||||||
return b[i].Role < b[j].Role
|
return b[i].Role < b[j].Role
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIamMapRolesToMembers(t *testing.T) {
|
func TestIamRolesToMembersBinding(t *testing.T) {
|
||||||
table := []struct {
|
table := []struct {
|
||||||
input []cloudresourcemanager.Binding
|
expect []*cloudresourcemanager.Binding
|
||||||
|
input map[string]map[string]bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
expect: []*cloudresourcemanager.Binding{
|
||||||
|
{
|
||||||
|
Role: "role-1",
|
||||||
|
Members: []string{
|
||||||
|
"member-1",
|
||||||
|
"member-2",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
input: map[string]map[string]bool{
|
||||||
|
"role-1": map[string]bool{
|
||||||
|
"member-1": true,
|
||||||
|
"member-2": true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
expect: []*cloudresourcemanager.Binding{
|
||||||
|
{
|
||||||
|
Role: "role-1",
|
||||||
|
Members: []string{
|
||||||
|
"member-1",
|
||||||
|
"member-2",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
input: map[string]map[string]bool{
|
||||||
|
"role-1": map[string]bool{
|
||||||
|
"member-1": true,
|
||||||
|
"member-2": true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
expect: []*cloudresourcemanager.Binding{
|
||||||
|
{
|
||||||
|
Role: "role-1",
|
||||||
|
Members: []string{},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
input: map[string]map[string]bool{
|
||||||
|
"role-1": map[string]bool{},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test := range table {
|
||||||
|
got := rolesToMembersBinding(test.input)
|
||||||
|
|
||||||
|
sort.Sort(Binding(got))
|
||||||
|
for i, _ := range got {
|
||||||
|
sort.Strings(got[i].Members)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !reflect.DeepEqual(derefBindings(got), derefBindings(test.expect)) {
|
||||||
|
t.Errorf("got %+v, expected %+v", derefBindings(got), derefBindings(test.expect))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
func TestIamRolesToMembersMap(t *testing.T) {
|
||||||
|
table := []struct {
|
||||||
|
input []*cloudresourcemanager.Binding
|
||||||
expect map[string]map[string]bool
|
expect map[string]map[string]bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
input: []cloudresourcemanager.Binding{
|
input: []*cloudresourcemanager.Binding{
|
||||||
{
|
{
|
||||||
Role: "role-1",
|
Role: "role-1",
|
||||||
Members: []string{
|
Members: []string{
|
||||||
@ -45,7 +110,7 @@ func TestIamMapRolesToMembers(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
input: []cloudresourcemanager.Binding{
|
input: []*cloudresourcemanager.Binding{
|
||||||
{
|
{
|
||||||
Role: "role-1",
|
Role: "role-1",
|
||||||
Members: []string{
|
Members: []string{
|
||||||
@ -64,7 +129,7 @@ func TestIamMapRolesToMembers(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
input: []cloudresourcemanager.Binding{
|
input: []*cloudresourcemanager.Binding{
|
||||||
{
|
{
|
||||||
Role: "role-1",
|
Role: "role-1",
|
||||||
},
|
},
|
||||||
@ -76,20 +141,29 @@ func TestIamMapRolesToMembers(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
for _, test := range table {
|
for _, test := range table {
|
||||||
got := mapRolesToMembers(test.input)
|
got := rolesToMembersMap(test.input)
|
||||||
if !reflect.DeepEqual(got, test.expect) {
|
if !reflect.DeepEqual(got, test.expect) {
|
||||||
t.Errorf("got %+v, expected %+v", got, test.expect)
|
t.Errorf("got %+v, expected %+v", got, test.expect)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func derefBindings(b []*cloudresourcemanager.Binding) []cloudresourcemanager.Binding {
|
||||||
|
db := make([]cloudresourcemanager.Binding, len(b))
|
||||||
|
|
||||||
|
for i, v := range b {
|
||||||
|
db[i] = *v
|
||||||
|
}
|
||||||
|
return db
|
||||||
|
}
|
||||||
|
|
||||||
func TestIamMergeBindings(t *testing.T) {
|
func TestIamMergeBindings(t *testing.T) {
|
||||||
table := []struct {
|
table := []struct {
|
||||||
input []cloudresourcemanager.Binding
|
input []*cloudresourcemanager.Binding
|
||||||
expect []cloudresourcemanager.Binding
|
expect []cloudresourcemanager.Binding
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
input: []cloudresourcemanager.Binding{
|
input: []*cloudresourcemanager.Binding{
|
||||||
{
|
{
|
||||||
Role: "role-1",
|
Role: "role-1",
|
||||||
Members: []string{
|
Members: []string{
|
||||||
@ -116,7 +190,7 @@ func TestIamMergeBindings(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
input: []cloudresourcemanager.Binding{
|
input: []*cloudresourcemanager.Binding{
|
||||||
{
|
{
|
||||||
Role: "role-1",
|
Role: "role-1",
|
||||||
Members: []string{
|
Members: []string{
|
||||||
@ -191,8 +265,8 @@ func TestIamMergeBindings(t *testing.T) {
|
|||||||
sort.Strings(got[i].Members)
|
sort.Strings(got[i].Members)
|
||||||
}
|
}
|
||||||
|
|
||||||
if !reflect.DeepEqual(got, test.expect) {
|
if !reflect.DeepEqual(derefBindings(got), test.expect) {
|
||||||
t.Errorf("\ngot %+v\nexpected %+v", got, test.expect)
|
t.Errorf("\ngot %+v\nexpected %+v", derefBindings(got), test.expect)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user