-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ba5390f
commit 3e7bbf0
Showing
2 changed files
with
147 additions
and
0 deletions.
There are no files selected for viewing
104 changes: 104 additions & 0 deletions
104
third_party/terraform/tests/data_source_google_iam_testable_permissions_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
package google | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
"strconv" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/helper/resource" | ||
"github.com/hashicorp/terraform-plugin-sdk/terraform" | ||
) | ||
|
||
func TestAccDataSourceGoogleIamTestablePermissions_basic(t *testing.T) { | ||
t.Parallel() | ||
|
||
project := getTestProjectFromEnv() | ||
vcrTest(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: fmt.Sprintf(` | ||
data "google_iam_testable_permissions" "perms" { | ||
full_resource_name = "//cloudresourcemanager.googleapis.com/projects/%s" | ||
} | ||
`, project), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckGoogleIamTestablePermissionsMeta( | ||
project, | ||
"data.google_iam_testable_permissions.perms", | ||
"GA", | ||
"", | ||
), | ||
), | ||
}, | ||
{ | ||
Config: fmt.Sprintf(` | ||
data "google_iam_testable_permissions" "perms" { | ||
full_resource_name = "//cloudresourcemanager.googleapis.com/projects/%s" | ||
custom_support_level = "NOT_SUPPORTED" | ||
stage = "BETA" | ||
} | ||
`, project), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckGoogleIamTestablePermissionsMeta( | ||
project, | ||
"data.google_iam_testable_permissions.perms", | ||
"BETA", | ||
"NOT_SUPPORTED", | ||
), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccCheckGoogleIamTestablePermissionsMeta(project string, n string, expectedStage string, expectedSupportLevel string) resource.TestCheckFunc { | ||
return func(s *terraform.State) error { | ||
rs, ok := s.RootModule().Resources[n] | ||
if !ok { | ||
return fmt.Errorf("Can't find perms data source: %s", n) | ||
} | ||
expectedId := fmt.Sprintf("//cloudresourcemanager.googleapis.com/projects/%s", project) | ||
if rs.Primary.ID != expectedId { | ||
return errors.New("perms data source ID not set.") | ||
} | ||
attrs := rs.Primary.Attributes | ||
count, ok := attrs["permissions.#"] | ||
if !ok { | ||
return errors.New("can't find 'permsissions' attribute") | ||
} | ||
permCount, err := strconv.Atoi(count) | ||
if err != nil { | ||
return err | ||
} | ||
if permCount < 2 { | ||
return errors.New("count should be greater than 2") | ||
} | ||
foundStage := false | ||
foundSupport := false | ||
|
||
for i := 0; i < permCount; i++ { | ||
stageKey := "permissions." + strconv.Itoa(i) + ".stage" | ||
supportKey := "permissions." + strconv.Itoa(i) + ".custom_support_level" | ||
if attrs[stageKey] == expectedStage { | ||
foundStage = true | ||
} | ||
if attrs[supportKey] == expectedSupportLevel { | ||
foundSupport = true | ||
} | ||
if foundSupport && foundStage { | ||
return nil | ||
} | ||
} | ||
|
||
if foundSupport { | ||
return errors.New(fmt.Sprintf("Could not find stage %s in output", expectedStage)) | ||
} | ||
if foundStage { | ||
return errors.New(fmt.Sprintf("Could not find custom_support_level %s in output", expectedSupportLevel)) | ||
} | ||
return errors.New("Unable to find customeSupportLevel or stage") | ||
} | ||
} |
43 changes: 43 additions & 0 deletions
43
...arty/terraform/website/docs/d/datasource_iam_testable_permissions.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
subcategory: "Cloud Platform" | ||
layout: "google" | ||
page_title: "Google: google_projects" | ||
sidebar_current: "docs-google-datasource-iam-testable-permissions" | ||
description: |- | ||
Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI. | ||
--- | ||
|
||
# google\_iam\_testable\_permissions | ||
|
||
Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI. | ||
|
||
## Example Usage - searching for projects about to be deleted in an org | ||
|
||
```hcl | ||
data "google_iam_testable_permissions" "perms" { | ||
full_resource_name = "//cloudresourcemanager.googleapis.com/projects/my-project" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `full_resource_name` - (Required) See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail. | ||
* `stage` - (Optional) The release stage of the permission in the output. Can be one of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `"GA"`. | ||
* `custom_support_level` - (Optional) The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"` | ||
|
||
## Attributes Reference | ||
|
||
The following attributes are exported: | ||
|
||
* `permissions` - A list of permissions matching the provided input. Structure is defined below. | ||
|
||
The `permissions` block supports: | ||
|
||
* `name` - Name of the permission. | ||
* `title` - Human readable title of the permission. | ||
* `stage` - Release stage of the permission. | ||
* `custom_support_level` - The the support level of this permission for custom roles. | ||
* `api_disabled` - Whether the corresponding API has been enabled for the resource. | ||
|