From 3db026ca076c34e112178ab9c5e5a6a7fb251e8b Mon Sep 17 00:00:00 2001 From: yu-xin-li Date: Thu, 7 Nov 2024 16:22:13 -0800 Subject: [PATCH] Fixes https://github.com/hashicorp/terraform-provider-google/issues/19540 (#12253) --- .../accesscontextmanager/ServicePerimeter.yaml | 16 ++++++++++------ .../ServicePerimeterDryRunEgressPolicy.yaml | 8 +++++--- .../ServicePerimeterDryRunIngressPolicy.yaml | 8 +++++--- .../ServicePerimeterEgressPolicy.yaml | 8 +++++--- .../ServicePerimeterIngressPolicy.yaml | 8 +++++--- .../accesscontextmanager/ServicePerimeters.yaml | 8 +++++--- 6 files changed, 35 insertions(+), 21 deletions(-) diff --git a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml index b179efdbf905..8ca2e4ae5f81 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml @@ -261,9 +261,11 @@ properties: - name: 'identities' type: Array description: | - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. is_set: true item_type: type: String @@ -398,9 +400,11 @@ properties: - name: 'identities' type: Array description: | - A list of identities that are allowed access through this `EgressPolicy`. - Should be in the format of email address. The email address should - represent individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. is_set: true item_type: type: String diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.yaml index fbd5951f1a23..2def63b66f4f 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.yaml @@ -112,9 +112,11 @@ properties: - name: 'identities' type: Array description: | - A list of identities that are allowed access through this `EgressPolicy`. - Should be in the format of email address. The email address should - represent individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. item_type: type: String - name: 'sources' diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.yaml index a88b19d8fb52..d012a7986984 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.yaml @@ -114,9 +114,11 @@ properties: - name: 'identities' type: Array description: | - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. item_type: type: String - name: 'sources' diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml index bcd05a39ec54..aa134684c045 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml @@ -109,9 +109,11 @@ properties: - name: 'identities' type: Array description: | - A list of identities that are allowed access through this `EgressPolicy`. - Should be in the format of email address. The email address should - represent individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. item_type: type: String - name: 'sources' diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml index 6fd8a3df51ff..4512d903033a 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml @@ -111,9 +111,11 @@ properties: - name: 'identities' type: Array description: | - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. item_type: type: String - name: 'sources' diff --git a/mmv1/products/accesscontextmanager/ServicePerimeters.yaml b/mmv1/products/accesscontextmanager/ServicePerimeters.yaml index f7a4d16b79b7..0d0c4e97a441 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeters.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeters.yaml @@ -662,9 +662,11 @@ properties: - name: 'identities' type: Array description: | - A list of identities that are allowed access through this `EgressPolicy`. - Should be in the format of email address. The email address should - represent individual user or service account only. + Identities can be an individual user, service account, Google group, + or third-party identity. For third-party identity, only single identities + are supported and other identity types are not supported.The v1 identities + that have the prefix user, group and serviceAccount in + https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. is_set: true item_type: type: String