terraform-provider-google/google/resource_dataproc_job_iam_test.go

package google

import (
	"fmt"
	"testing"

	"github.com/hashicorp/terraform/helper/acctest"
	"github.com/hashicorp/terraform/helper/resource"
)

func TestAccDataprocJobIamBinding(t *testing.T) {
	t.Parallel()

	cluster := "tf-dataproc-iam-cluster" + acctest.RandString(10)
	job := "tf-dataproc-iam-job-" + acctest.RandString(10)
	account := "tf-dataproc-iam-" + acctest.RandString(10)
	role := "roles/editor"

	importId := fmt.Sprintf("projects/%s/regions/%s/jobs/%s %s",
		getTestProjectFromEnv(), "us-central1", job, role)

	resource.Test(t, resource.TestCase{
		PreCheck:  func() { testAccPreCheck(t) },
		Providers: testAccProviders,
		Steps: []resource.TestStep{
			{
				// Test IAM Binding creation
				Config: testAccDataprocJobIamBinding_basic(cluster, job, account, role),
			},
			{
				ResourceName:      "google_dataproc_job_iam_binding.binding",
				ImportStateId:     importId,
				ImportState:       true,
				ImportStateVerify: true,
			},
			{
				// Test IAM Binding update
				Config: testAccDataprocJobIamBinding_update(cluster, job, account, role),
			},
			{
				ResourceName:      "google_dataproc_job_iam_binding.binding",
				ImportStateId:     importId,
				ImportState:       true,
				ImportStateVerify: true,
			},
		},
	})
}

func TestAccDataprocJobIamMember(t *testing.T) {
	t.Parallel()

	cluster := "tf-dataproc-iam-cluster" + acctest.RandString(10)
	job := "tf-dataproc-iam-jobid-" + acctest.RandString(10)
	account := "tf-dataproc-iam-" + acctest.RandString(10)
	role := "roles/editor"

	importId := fmt.Sprintf("projects/%s/regions/%s/jobs/%s %s serviceAccount:%s",
		getTestProjectFromEnv(),
		"us-central1",
		job,
		role,
		serviceAccountCanonicalEmail(account))

	resource.Test(t, resource.TestCase{
		PreCheck:  func() { testAccPreCheck(t) },
		Providers: testAccProviders,
		Steps: []resource.TestStep{
			{
				// Test IAM Binding creation
				Config: testAccDataprocJobIamMember(cluster, job, account, role),
			},
			{
				ResourceName:      "google_dataproc_job_iam_member.member",
				ImportStateId:     importId,
				ImportState:       true,
				ImportStateVerify: true,
			},
		},
	})
}

func TestAccDataprocJobIamPolicy(t *testing.T) {
	t.Parallel()

	cluster := "tf-dataproc-iam-cluster" + acctest.RandString(10)
	job := "tf-dataproc-iam-jobid-" + acctest.RandString(10)
	account := "tf-dataproc-iam-" + acctest.RandString(10)
	role := "roles/editor"

	importId := fmt.Sprintf("projects/%s/regions/%s/jobs/%s",
		getTestProjectFromEnv(), "us-central1", job)

	resource.Test(t, resource.TestCase{
		PreCheck:  func() { testAccPreCheck(t) },
		Providers: testAccProviders,
		Steps: []resource.TestStep{
			{
				// Test IAM Binding creation
				Config: testAccDataprocJobIamPolicy(cluster, job, account, role),
			},
			{
				ResourceName:      "google_dataproc_job_iam_policy.policy",
				ImportStateId:     importId,
				ImportState:       true,
				ImportStateVerify: true,
			},
		},
	})
}

var testDataprocIamJobConfig = testDataprocIamSingleNodeCluster + `
resource "google_dataproc_job" "pyspark" {
	region       = "${google_dataproc_cluster.cluster.region}"

	placement {
		cluster_name = "${google_dataproc_cluster.cluster.name}"
	}

	reference {
		job_id = "%s"
	}

	force_delete = true

	pyspark_config {
		main_python_file_uri = "gs://dataproc-examples-2f10d78d114f6aaec76462e3c310f31f/src/pyspark/hello-world/hello-world.py"
		properties = {
			"spark.logConf" = "true"
		}
		logging_config {
			driver_log_levels = {
				"root" = "INFO"
			}
		}
	}
}
`

func testAccDataprocJobIamBinding_basic(cluster, job, account, role string) string {
	return fmt.Sprintf(testDataprocIamJobConfig+`
resource "google_service_account" "test-account1" {
  account_id   = "%s-1"
  display_name = "Dataproc IAM Testing Account"
}

resource "google_service_account" "test-account2" {
  account_id   = "%s-2"
  display_name = "Iam Testing Account"
}

resource "google_dataproc_job_iam_binding" "binding" {
  job_id      = "${google_dataproc_job.pyspark.reference.0.job_id}"
  region 	   = "us-central1"
  role         = "%s"
  members      = [
    "serviceAccount:${google_service_account.test-account1.email}",
  ]
}

`, cluster, job, account, account, role)
}

func testAccDataprocJobIamBinding_update(cluster, job, account, role string) string {
	return fmt.Sprintf(testDataprocIamJobConfig+`
resource "google_service_account" "test-account1" {
  account_id   = "%s-1"
  display_name = "Dataproc IAM Testing Account"
}

resource "google_service_account" "test-account2" {
  account_id   = "%s-2"
  display_name = "Iam Testing Account"
}

resource "google_dataproc_job_iam_binding" "binding" {
  job_id      = "${google_dataproc_job.pyspark.reference.0.job_id}"
  region 	   = "us-central1"
  role         = "%s"
  members      = [
    "serviceAccount:${google_service_account.test-account1.email}",
    "serviceAccount:${google_service_account.test-account2.email}",
  ]
}
`, cluster, job, account, account, role)
}

func testAccDataprocJobIamMember(cluster, job, account, role string) string {
	return fmt.Sprintf(testDataprocIamJobConfig+`
resource "google_service_account" "test-account" {
  account_id   = "%s"
  display_name = "Dataproc IAM Testing Account"
}

resource "google_dataproc_job_iam_member" "member" {
  job_id      = "${google_dataproc_job.pyspark.reference.0.job_id}"
  role         = "%s"
  member       = "serviceAccount:${google_service_account.test-account.email}"
}
`, cluster, job, account, role)
}

func testAccDataprocJobIamPolicy(cluster, job, account, role string) string {
	return fmt.Sprintf(testDataprocIamJobConfig+`
resource "google_service_account" "test-account" {
  account_id   = "%s"
  display_name = "Dataproc IAM Testing Account"
}

data "google_iam_policy" "policy" {
	binding {
		role    = "%s"
		members = ["serviceAccount:${google_service_account.test-account.email}"]
	}
}

resource "google_dataproc_job_iam_policy" "policy" {
  job_id      = "${google_dataproc_job.pyspark.reference.0.job_id}"
  region 	   = "us-central1"
  policy_data  = "${data.google_iam_policy.policy.policy_data}"
}
`, cluster, job, account, role)
}