Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform generate iam #2006

Merged
merged 18 commits into from
Jul 10, 2019
Merged

Terraform generate iam #2006

merged 18 commits into from
Jul 10, 2019

Conversation

slevenick
Copy link
Contributor

@slevenick slevenick commented Jul 2, 2019
edited
Loading

fixes: hashicorp/terraform-provider-google#2889
Add support for generating IAM resources to MM. This PR converts pubsub_topic_iam_* and adds new resources for source_repo_repository_iam_*

Release Note for Downstream PRs (will be copied)

google_sourcerepo_repository_iam_* Add support for source repo repository IAM resources

@slevenick slevenick force-pushed the terraform-generate-iam branch 2 times, most recently from 1cda4ee to dd409a0 Compare July 2, 2019 22:32
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
This PR seems not to have generated downstream PRs before, as of dd409a0.

Pull request statuses

No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed.
depends: hashicorp/terraform-provider-google-beta#914
depends: GoogleCloudPlatform/terraform-google-conversion#122
depends: hashicorp/terraform-provider-google#3961

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 4aafdf2.

Pull request statuses

terraform-provider-google-beta already has an open PR.
terraform-google-conversion already has an open PR.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 9b538a9.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@slevenick slevenick force-pushed the terraform-generate-iam branch from 9b538a9 to 7a0b0b9 Compare July 2, 2019 22:59
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 7a0b0b9.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@drebes
Copy link
Member

drebes commented Jul 3, 2019

This is great! I was working on something similar last week but didn't get half as far as this. Looking forward to have this in to start contributing some new IAM resources.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 64b9d9c.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@slevenick slevenick requested a review from rileykarson July 3, 2019 21:29
rileykarson
rileykarson reviewed Jul 8, 2019
View reviewed changes
Copy link
Member

@rileykarson rileykarson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good so far! I made a first pass, most of my comments are just nitpicks or have to do with primary_resource_name. I focused mostly on the generated tests (🔥 🔥) so far, I'm waiting for the rename to hit the downstreams to dig more into the resource files when I can easily compare this to handwritten ones.

templates/terraform/examples/base_configs/iam_test_file.go.erb Outdated Show resolved Hide resolved
api/resource/iam_policy.rb Outdated Show resolved Hide resolved
templates/terraform/examples/base_configs/iam_test_file.go.erb Show resolved Hide resolved
templates/terraform/examples/base_configs/iam_test_file.go.erb Outdated Show resolved Hide resolved
templates/terraform/examples/base_configs/iam_test_file.go.erb Show resolved Hide resolved
templates/terraform/iam_policy.go.erb Outdated Show resolved Hide resolved
templates/terraform/provider_gen.erb Outdated Show resolved Hide resolved
templates/terraform/resource_iam.html.markdown.erb Outdated Show resolved Hide resolved
templates/terraform/resource_iam.html.markdown.erb Show resolved Hide resolved
templates/terraform/resource_iam.html.markdown.erb
}

resource "<%= terraform_name -%>_policy" "editor" {
<%= object.name.underscore -%> = "<%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}")-%>"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the change to partial URI in pubsub intentional? Will specifying that work? https://github.com/terraform-providers/terraform-provider-google-beta/pull/914/files#diff-5bc4b7188e596ed679a95ddfd0c495c2R45

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I believe changing to the partial URI makes the tests and examples more deterministic. Currently the pubsub topic IAM resources allow many different ways of specifying the topic that is the subject of IAM policies. For example topic = "topic-name" uses the default project, but still works. Tests of these different ways of declaring it can be found here: https://github.com/terraform-providers/terraform-provider-google-beta/blob/master/google-beta/resource_pubsub_topic_iam_test.go and are still being used to test the generated version

It makes sense to me to be as specific as possible in test/example code rather than leaving the project unspecified. It also allows for the generation to be more generic

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd guess that most users expect to use short names, and so I lean slightly more towards short names than partial URIs. That said, not strongly enough to block- the distinction doesn't end up mattering much, and it's easier for us if users specify the partial URI as well.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, db406cd.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, d4aecf9.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, f5f6d85.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

1 similar comment
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, f5f6d85.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

rileykarson
rileykarson approved these changes Jul 9, 2019
View reviewed changes
Copy link
Member

@rileykarson rileykarson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Just a few small things.

templates/terraform/iam_policy.go.erb Show resolved Hide resolved
templates/terraform/iam_policy.go.erb Show resolved Hide resolved
templates/terraform/iam_policy.go.erb Outdated Show resolved Hide resolved
templates/terraform/resource_iam.html.markdown.erb Show resolved Hide resolved
templates/terraform/resource_iam.html.markdown.erb
}

resource "<%= terraform_name -%>_policy" "editor" {
<%= object.name.underscore -%> = "<%= object.id_format.gsub('{{name}}', "{{#{object.name.underscore}}}")-%>"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd guess that most users expect to use short names, and so I lean slightly more towards short names than partial URIs. That said, not strongly enough to block- the distinction doesn't end up mattering much, and it's easier for us if users specify the partial URI as well.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 71f7439.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 8d0c6a0.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@slevenick slevenick force-pushed the terraform-generate-iam branch from c9cc2c6 to 82c2ecc Compare July 10, 2019 17:26
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, c9cc2c6.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 82c2ecc.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@slevenick slevenick force-pushed the terraform-generate-iam branch from 82c2ecc to c62ec3e Compare July 10, 2019 20:31
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, c62ec3e.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@slevenick slevenick force-pushed the terraform-generate-iam branch from c62ec3e to 0b1d4f4 Compare July 10, 2019 20:45
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 0b1d4f4.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@slevenick slevenick force-pushed the terraform-generate-iam branch from 0b1d4f4 to 8c7c5ee Compare July 10, 2019 20:59
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 8c7c5ee.

Pull request statuses

terraform-provider-google-beta already has an open PR.
No diff detected in terraform-google-conversion.
terraform-provider-google already has an open PR.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I didn't open any new pull requests because of this PR.

@modular-magician
Update tracked submodules -> HEAD on Wed Jul 10 21:18:48 UTC 2019
fb6dbe1 
Tracked submodules are build/terraform-beta build/terraform-mapper build/terraform build/ansible build/inspec.
@modular-magician modular-magician merged commit ccfda0a into GoogleCloudPlatform:master Jul 10, 2019
@drebes drebes mentioned this pull request Aug 20, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rileykarson rileykarson rileykarson approved these changes

Assignees
No one assigned
Labels
automerged cla: yes downstream-generated terraform-google-conversion terraform-provider-google terraform-provider-google-beta
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add IAM support for Google Cloud Source Repositories
5 participants
@slevenick @modular-magician @drebes @rileykarson @googlebot