-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Data source for IAM Testable Permissions #3460
Data source for IAM Testable Permissions #3460
Conversation
@onetwopunch Thanks for working on this. FYI once it's released we should add support to the custom role module. |
bac25d1
to
3e7bbf0
Compare
third_party/terraform/data_sources/data_source_google_iam_testable_permissions.go
Outdated
Show resolved
Hide resolved
third_party/terraform/data_sources/data_source_google_iam_testable_permissions.go
Outdated
Show resolved
Hide resolved
if _, ok := p["name"]; ok { | ||
var csl bool | ||
if custom_support_level == "SUPPORTED" { | ||
csl = p["customRolesSupportLevel"] == nil || p["customRolesSupportLevel"] == "SUPPORTED" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If customRolesSupportLevel
is nil what does that represent within the API?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be a API/Docs mismatch where the Docs say they response will be "SUPPORTED" but the actual API response just doesn't include customRolesSupportLevel
if it's supported. I figured I'd add both here in case we decide to make the response line up with the docs. Is there any other pattern for that?
third_party/terraform/data_sources/data_source_google_iam_testable_permissions.go
Outdated
Show resolved
Hide resolved
Hello! I am a robot who works on Magic Modules PRs. I have detected that you are a community contributor, so your PR will be assigned to someone with a commit-bit on this repo for initial review. Thanks for your contribution! A human will be with you soon. @SirGitsalot, please review this PR or find an appropriate assignee. |
third_party/terraform/data_sources/data_source_google_iam_testable_permissions.go
Show resolved
Hide resolved
body["pageSize"] = 500 | ||
permissions := make([]map[string]interface{}, 0) | ||
|
||
custom_support_level := strings.ToUpper(d.Get("custom_support_level").(string)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as below comment
} else { | ||
csl = p["customRolesSupportLevel"] == custom_support_level | ||
} | ||
if csl && p["stage"] != nil && stringInSlice(stages, p["stage"].(string)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of checking csl
here, can we simplify the above and continue
?
Like:
`if custom_support_level == p["customRolesSupportLevel"] || (p["customRolesSupportLevel"] == nil && custom_support_level == "SUPPORTED") {
continue
}
if stringInSlice....
....
} else { | ||
csl = p["customRolesSupportLevel"] == custom_support_level | ||
} | ||
if csl && p["stage"] != nil && stringInSlice(stages, p["stage"].(string)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If stage comes back as nil what do we expect to do? Is that possible?
* Added new data source for iam_testable_permissions * Added tests and docs * Fixed linter errors * Use sdk validation package and allow case-insensitive * Changed stage to stages list and concat results
Release Note Template for Downstream PRs (will be copied)
Fixes: hashicorp/terraform-provider-google#6120
Fixes: hashicorp/terraform-provider-google#4812
Adds a new data source for IAM testable permissions.
Then the output will look like this: