From ccac12c3c73df420f8de60397f888d97d4c39868 Mon Sep 17 00:00:00 2001 From: Ryan Oaks Date: Thu, 16 Jun 2022 12:12:19 -0400 Subject: [PATCH] Fix folder_iam logic to use the correct updater (#764) * Fix folder_iam logic to use the correct updater * Attempt to use new folder for tests * Revert "Attempt to use new folder for tests" This reverts commit 2a919c680d018d861a2fba9a4ec289ee7ef60ff3. * Fix compare functions in tests to only consider expected iam members --- converters/google/resources/folder_iam.go | 2 +- test/cli_test.go | 1 + test/read_test.go | 1 + .../templates/example_folder_iam_member.json | 17 ++++ .../templates/example_folder_iam_member.tf | 34 +++++++ .../example_folder_iam_member.tfplan.json | 92 +++++++++++++++++++ 6 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 testdata/templates/example_folder_iam_member.json create mode 100644 testdata/templates/example_folder_iam_member.tf create mode 100644 testdata/templates/example_folder_iam_member.tfplan.json diff --git a/converters/google/resources/folder_iam.go b/converters/google/resources/folder_iam.go index 2ad85a68e..8284d6fda 100644 --- a/converters/google/resources/folder_iam.go +++ b/converters/google/resources/folder_iam.go @@ -90,7 +90,7 @@ func newFolderIamAsset( func FetchFolderIamPolicy(d TerraformResourceData, config *Config) (Asset, error) { return fetchIamPolicy( - NewProjectIamUpdater, + NewFolderIamUpdater, d, config, "//cloudresourcemanager.googleapis.com/{{folder}}", diff --git a/test/cli_test.go b/test/cli_test.go index d4aebf39a..5596192d4 100644 --- a/test/cli_test.go +++ b/test/cli_test.go @@ -58,6 +58,7 @@ func TestCLI(t *testing.T) { {name: "sql"}, {name: "example_compute_forwarding_rule"}, {name: "example_compute_instance"}, + {name: "example_folder_iam_member", compareConvertOutput: compareMergedIamMemberOutput}, {name: "example_project_create", constraints: []constraint{alwaysViolate, {name: "project_match_target", wantViolation: false, wantOutputRegex: ""}}}, {name: "example_project_update", constraints: []constraint{alwaysViolate, {name: "project_match_target", wantViolation: true, wantOutputRegex: "Constraint GCPAlwaysViolatesConstraintV1.always_violates_project_match_target on resource"}}}, {name: "example_project_iam_binding", compareConvertOutput: compareMergedIamBindingOutput}, diff --git a/test/read_test.go b/test/read_test.go index 38f35f2fe..b5dc7268a 100644 --- a/test/read_test.go +++ b/test/read_test.go @@ -20,6 +20,7 @@ func TestReadPlannedAssetsCoverage(t *testing.T) { }{ // read-only, the following tests are not in cli_test or // have unique parameters that separate them + {name: "example_folder_iam_member"}, {name: "example_project_create"}, {name: "example_project_update"}, {name: "example_project_iam_binding"}, diff --git a/testdata/templates/example_folder_iam_member.json b/testdata/templates/example_folder_iam_member.json new file mode 100644 index 000000000..1b51e5414 --- /dev/null +++ b/testdata/templates/example_folder_iam_member.json @@ -0,0 +1,17 @@ +[ + { + "name": "//cloudresourcemanager.googleapis.com/folders/{{.FolderID}}", + "asset_type": "cloudresourcemanager.googleapis.com/Folder", + "ancestry_path": "{{.Ancestry}}", + "iam_policy": { + "bindings": [ + { + "role": "roles/editor", + "members": [ + "user:jane@example.com" + ] + } + ] + } + } +] diff --git a/testdata/templates/example_folder_iam_member.tf b/testdata/templates/example_folder_iam_member.tf new file mode 100644 index 000000000..62713639f --- /dev/null +++ b/testdata/templates/example_folder_iam_member.tf @@ -0,0 +1,34 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "~> {{.Provider.version}}" + } + } +} + +provider "google" { + {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}} +} + +resource "google_folder_iam_member" "editor" { + folder = "folders/{{.FolderID}}" + role = "roles/editor" + member = "user:jane@example.com" +} diff --git a/testdata/templates/example_folder_iam_member.tfplan.json b/testdata/templates/example_folder_iam_member.tfplan.json new file mode 100644 index 000000000..c183a678a --- /dev/null +++ b/testdata/templates/example_folder_iam_member.tfplan.json @@ -0,0 +1,92 @@ +{ + "format_version": "1.0", + "terraform_version": "1.1.9", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "google_folder_iam_member.editor", + "mode": "managed", + "type": "google_folder_iam_member", + "name": "editor", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "condition": [], + "folder": "folders/{{.FolderID}}", + "member": "user:jane@example.com", + "role": "roles/editor" + }, + "sensitive_values": { + "condition": [] + } + } + ] + } + }, + "resource_changes": [ + { + "address": "google_folder_iam_member.editor", + "mode": "managed", + "type": "google_folder_iam_member", + "name": "editor", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "condition": [], + "folder": "folders/{{.FolderID}}", + "member": "user:jane@example.com", + "role": "roles/editor" + }, + "after_unknown": { + "condition": [], + "etag": true, + "id": true + }, + "before_sensitive": false, + "after_sensitive": { + "condition": [] + } + } + } + ], + "configuration": { + "provider_config": { + "google": { + "name": "google", + "expressions": { + "project": { + "constant_value": "{{.Provider.project}}" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "google_folder_iam_member.editor", + "mode": "managed", + "type": "google_folder_iam_member", + "name": "editor", + "provider_config_key": "google", + "expressions": { + "folder": { + "constant_value": "folders/{{.FolderID}}" + }, + "member": { + "constant_value": "user:jane@example.com" + }, + "role": { + "constant_value": "roles/editor" + } + }, + "schema_version": 0 + } + ] + } + } +}