Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Data source for IAM Testable Permissions #3460

Conversation

onetwopunch
Copy link
Contributor

@onetwopunch onetwopunch commented May 1, 2020

Release Note Template for Downstream PRs (will be copied)

Add google_iam_testable_permissions data source

Fixes: hashicorp/terraform-provider-google#6120
Fixes: hashicorp/terraform-provider-google#4812

Adds a new data source for IAM testable permissions.

data "google_iam_testable_permissions" "perms" {
	full_resource_name   = "//cloudresourcemanager.googleapis.com/projects/my-project"
        custom_support_level = "NOT_SUPPORTED"
        stages               = ["GA", "BETA"]
}

output "perms" {
	value = data.google_iam_testable_permissions.perms.permissions
}

Then the output will look like this:

$ terraform apply
data.google_iam_testable_permissions.perms: Refreshing state...

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

perms = [
  {
    "api_disabled" = false
    "custom_support_level" = "NOT_SUPPORTED"
    "name" = "appengine.runtimes.actAsAdmin"
    "stage" = "GA"
    "title" = ""
  },
  {
    "api_disabled" = false
    "custom_support_level" = "NOT_SUPPORTED"
    "name" = "cloudsql.sslCerts.createEphemeral"
    "stage" = "GA"
    "title" = ""
  },

@onetwopunch
Copy link
Contributor Author

CC @morgante @sleterrier

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 5 files changed, 309 insertions(+))
Terraform Beta: Diff ( 5 files changed, 309 insertions(+))

@morgante
Copy link

morgante commented May 1, 2020

@onetwopunch Thanks for working on this. FYI once it's released we should add support to the custom role module.

@onetwopunch onetwopunch changed the title 6120 data testable permissions Data source for IAM Testable Permissions May 1, 2020
@onetwopunch onetwopunch force-pushed the 6120-data-testable-permissions branch from bac25d1 to 3e7bbf0 Compare May 1, 2020 23:00
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 5 files changed, 309 insertions(+))
Terraform Beta: Diff ( 5 files changed, 309 insertions(+))

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 5 files changed, 308 insertions(+))
Terraform Beta: Diff ( 5 files changed, 308 insertions(+))

if _, ok := p["name"]; ok {
var csl bool
if custom_support_level == "SUPPORTED" {
csl = p["customRolesSupportLevel"] == nil || p["customRolesSupportLevel"] == "SUPPORTED"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If customRolesSupportLevel is nil what does that represent within the API?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems to be a API/Docs mismatch where the Docs say they response will be "SUPPORTED" but the actual API response just doesn't include customRolesSupportLevel if it's supported. I figured I'd add both here in case we decide to make the response line up with the docs. Is there any other pattern for that?

@modular-magician
Copy link
Collaborator

Hello! I am a robot who works on Magic Modules PRs.

I have detected that you are a community contributor, so your PR will be assigned to someone with a commit-bit on this repo for initial review.

Thanks for your contribution! A human will be with you soon.

@SirGitsalot, please review this PR or find an appropriate assignee.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 5 files changed, 297 insertions(+))
Terraform Beta: Diff ( 5 files changed, 297 insertions(+))

@onetwopunch onetwopunch requested a review from slevenick May 8, 2020 00:49
@slevenick slevenick removed the request for review from SirGitsalot May 8, 2020 15:20
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 5 files changed, 339 insertions(+))
Terraform Beta: Diff ( 5 files changed, 339 insertions(+))

body["pageSize"] = 500
permissions := make([]map[string]interface{}, 0)

custom_support_level := strings.ToUpper(d.Get("custom_support_level").(string))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as below comment

} else {
csl = p["customRolesSupportLevel"] == custom_support_level
}
if csl && p["stage"] != nil && stringInSlice(stages, p["stage"].(string)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of checking csl here, can we simplify the above and continue?

Like:
`if custom_support_level == p["customRolesSupportLevel"] || (p["customRolesSupportLevel"] == nil && custom_support_level == "SUPPORTED") {
continue
}
if stringInSlice....
....

} else {
csl = p["customRolesSupportLevel"] == custom_support_level
}
if csl && p["stage"] != nil && stringInSlice(stages, p["stage"].(string)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If stage comes back as nil what do we expect to do? Is that possible?

@slevenick slevenick self-requested a review May 14, 2020 19:56
@slevenick slevenick merged commit 453c9a9 into GoogleCloudPlatform:master May 14, 2020
nathkn pushed a commit to nathkn/magic-modules that referenced this pull request May 18, 2020
* Added new data source for iam_testable_permissions

* Added tests and docs

* Fixed linter errors

* Use sdk validation package and allow case-insensitive

* Changed stage to stages list and concat results
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add customrolessupportlevel filtered attribute to d/google_iam_role testable_permissions data source
5 participants