mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-06 10:41:07 +00:00
4b77dca918
This reverts commit 8ab9d96d25
and revives
the original commit that adds t.Parallel to all acceptance tests. It
turns out test failures were unrelated to this change (rather, they were
related to quota issues).
314 lines
9.8 KiB
Go
314 lines
9.8 KiB
Go
package google
|
|
|
|
import (
|
|
"fmt"
|
|
"sort"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
"google.golang.org/api/cloudresourcemanager/v1"
|
|
)
|
|
|
|
// Test that an IAM binding can be applied to a project
|
|
func TestAccGoogleProjectIamBinding_basic(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
// Create a new project
|
|
{
|
|
Config: testAccGoogleProject_create(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccGoogleProjectExistingPolicy(pid),
|
|
),
|
|
},
|
|
// Apply an IAM binding
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingBasic(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.acceptance", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
// Test that multiple IAM bindings can be applied to a project, one at a time
|
|
func TestAccGoogleProjectIamBinding_multiple(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
// Create a new project
|
|
{
|
|
Config: testAccGoogleProject_create(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccGoogleProjectExistingPolicy(pid),
|
|
),
|
|
},
|
|
// Apply an IAM binding
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingBasic(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.acceptance", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
// Apply another IAM binding
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingMultiple(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.multiple", &cloudresourcemanager.Binding{
|
|
Role: "roles/viewer",
|
|
Members: []string{"user:paddy@hashicorp.com"},
|
|
}, pid),
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.multiple", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
// Test that multiple IAM bindings can be applied to a project all at once
|
|
func TestAccGoogleProjectIamBinding_multipleAtOnce(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
// Create a new project
|
|
{
|
|
Config: testAccGoogleProject_create(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccGoogleProjectExistingPolicy(pid),
|
|
),
|
|
},
|
|
// Apply an IAM binding
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingMultiple(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.acceptance", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
}, pid),
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.multiple", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
// Test that an IAM binding can be updated once applied to a project
|
|
func TestAccGoogleProjectIamBinding_update(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
// Create a new project
|
|
{
|
|
Config: testAccGoogleProject_create(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccGoogleProjectExistingPolicy(pid),
|
|
),
|
|
},
|
|
// Apply an IAM binding
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingBasic(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.acceptance", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
// Apply an updated IAM binding
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingUpdated(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.updated", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com", "user:paddy@hashicorp.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
// Drop the original member
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingDropMemberFromBasic(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.dropped", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:paddy@hashicorp.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
// Test that an IAM binding can be removed from a project
|
|
func TestAccGoogleProjectIamBinding_remove(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
pid := "terraform-" + acctest.RandString(10)
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
Steps: []resource.TestStep{
|
|
// Create a new project
|
|
{
|
|
Config: testAccGoogleProject_create(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccGoogleProjectExistingPolicy(pid),
|
|
),
|
|
},
|
|
// Apply multiple IAM bindings
|
|
{
|
|
Config: testAccGoogleProjectAssociateBindingMultiple(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.multiple", &cloudresourcemanager.Binding{
|
|
Role: "roles/viewer",
|
|
Members: []string{"user:paddy@hashicorp.com"},
|
|
}, pid),
|
|
testAccCheckGoogleProjectIamBindingExists("google_project_iam_binding.acceptance", &cloudresourcemanager.Binding{
|
|
Role: "roles/compute.instanceAdmin",
|
|
Members: []string{"user:admin@hashicorptest.com"},
|
|
}, pid),
|
|
),
|
|
},
|
|
// Remove the bindings
|
|
{
|
|
Config: testAccGoogleProject_create(pid, pname, org),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccGoogleProjectExistingPolicy(pid),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testAccCheckGoogleProjectIamBindingExists(key string, expected *cloudresourcemanager.Binding, pid string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
config := testAccProvider.Meta().(*Config)
|
|
projectPolicy, err := getProjectIamPolicy(pid, config)
|
|
if err != nil {
|
|
return fmt.Errorf("Failed to retrieve IAM policy for project %q: %s", pid, err)
|
|
}
|
|
|
|
var result *cloudresourcemanager.Binding
|
|
for _, binding := range projectPolicy.Bindings {
|
|
if binding.Role == expected.Role {
|
|
result = binding
|
|
break
|
|
}
|
|
}
|
|
if result == nil {
|
|
return fmt.Errorf("IAM policy for project %q had no role %q", pid, expected.Role)
|
|
}
|
|
if len(result.Members) != len(expected.Members) {
|
|
return fmt.Errorf("Got %v as members for role %q of project %q, expected %v", result.Members, expected.Role, pid, expected.Members)
|
|
}
|
|
sort.Strings(result.Members)
|
|
sort.Strings(expected.Members)
|
|
for pos, exp := range expected.Members {
|
|
if result.Members[pos] != exp {
|
|
return fmt.Errorf("Expected members for role %q of project %q to be %v, got %v", expected.Role, pid, expected.Members, result.Members)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func testAccGoogleProjectAssociateBindingBasic(pid, name, org string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_project" "acceptance" {
|
|
project_id = "%s"
|
|
name = "%s"
|
|
org_id = "%s"
|
|
}
|
|
|
|
resource "google_project_iam_binding" "acceptance" {
|
|
project = "${google_project.acceptance.project_id}"
|
|
members = ["user:admin@hashicorptest.com"]
|
|
role = "roles/compute.instanceAdmin"
|
|
}
|
|
`, pid, name, org)
|
|
}
|
|
|
|
func testAccGoogleProjectAssociateBindingMultiple(pid, name, org string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_project" "acceptance" {
|
|
project_id = "%s"
|
|
name = "%s"
|
|
org_id = "%s"
|
|
}
|
|
|
|
resource "google_project_iam_binding" "acceptance" {
|
|
project = "${google_project.acceptance.project_id}"
|
|
members = ["user:admin@hashicorptest.com"]
|
|
role = "roles/compute.instanceAdmin"
|
|
}
|
|
|
|
resource "google_project_iam_binding" "multiple" {
|
|
project = "${google_project.acceptance.project_id}"
|
|
members = ["user:paddy@hashicorp.com"]
|
|
role = "roles/viewer"
|
|
}
|
|
`, pid, name, org)
|
|
}
|
|
|
|
func testAccGoogleProjectAssociateBindingUpdated(pid, name, org string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_project" "acceptance" {
|
|
project_id = "%s"
|
|
name = "%s"
|
|
org_id = "%s"
|
|
}
|
|
|
|
resource "google_project_iam_binding" "acceptance" {
|
|
project = "${google_project.acceptance.project_id}"
|
|
members = ["user:admin@hashicorptest.com", "user:paddy@hashicorp.com"]
|
|
role = "roles/compute.instanceAdmin"
|
|
}
|
|
`, pid, name, org)
|
|
}
|
|
|
|
func testAccGoogleProjectAssociateBindingDropMemberFromBasic(pid, name, org string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_project" "acceptance" {
|
|
project_id = "%s"
|
|
name = "%s"
|
|
org_id = "%s"
|
|
}
|
|
|
|
resource "google_project_iam_binding" "dropped" {
|
|
project = "${google_project.acceptance.project_id}"
|
|
members = ["user:paddy@hashicorp.com"]
|
|
role = "roles/compute.instanceAdmin"
|
|
}
|
|
`, pid, name, org)
|
|
}
|