From b3b2d64e94e4ab275d1f283ff33128c6587728a0 Mon Sep 17 00:00:00 2001 From: Edward Sun Date: Thu, 18 Jun 2020 18:23:40 +0000 Subject: [PATCH] add desc to schema for 2 org iam resources --- ...rce_google_organization_iam_custom_role.go | 44 +++++++++++-------- .../resources/resource_iam_audit_config.go | 27 +++++++----- .../terraform/utils/iam_organization.go | 7 +-- 3 files changed, 46 insertions(+), 32 deletions(-) diff --git a/third_party/terraform/resources/resource_google_organization_iam_custom_role.go b/third_party/terraform/resources/resource_google_organization_iam_custom_role.go index 6582ea4af3ea..ee23550f2344 100644 --- a/third_party/terraform/resources/resource_google_organization_iam_custom_role.go +++ b/third_party/terraform/resources/resource_google_organization_iam_custom_role.go @@ -21,43 +21,51 @@ func resourceGoogleOrganizationIamCustomRole() *schema.Resource { Schema: map[string]*schema.Schema{ "role_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The role id to use for this role.`, }, "org_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The numeric ID of the organization in which you want to create a custom role.`, }, "title": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + Description: `A human-readable title for the role.`, }, "permissions": { - Type: schema.TypeSet, - Required: true, - MinItems: 1, - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeSet, + Required: true, + MinItems: 1, + Description: `The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.`, + Elem: &schema.Schema{Type: schema.TypeString}, }, "stage": { Type: schema.TypeString, Optional: true, Default: "GA", + Description: `The current launch stage of the role. Defaults to GA.`, ValidateFunc: validation.StringInSlice([]string{"ALPHA", "BETA", "GA", "DEPRECATED", "DISABLED", "EAP"}, false), DiffSuppressFunc: emptyOrDefaultStringSuppress("ALPHA"), }, "description": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Description: `A human-readable description for the role.`, }, "deleted": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Computed: true, + Description: `The current deleted state of the role.`, }, "name": { - Type: schema.TypeString, - Computed: true, + Type: schema.TypeString, + Computed: true, + Description: `The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.`, }, }, } diff --git a/third_party/terraform/resources/resource_iam_audit_config.go b/third_party/terraform/resources/resource_iam_audit_config.go index bec5b1634d9d..3196d5dd725b 100644 --- a/third_party/terraform/resources/resource_iam_audit_config.go +++ b/third_party/terraform/resources/resource_iam_audit_config.go @@ -12,29 +12,34 @@ import ( var iamAuditConfigSchema = map[string]*schema.Schema{ "service": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + Description: `Service which will be enabled for audit logging. The special value allServices covers all services.`, }, "audit_log_config": { - Type: schema.TypeSet, - Required: true, + Type: schema.TypeSet, + Required: true, + Description: `The configuration for logging of each type of permission. This can be specified multiple times.`, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "log_type": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + Description: `Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.`, }, "exempted_members": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + Description: `Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.`, }, }, }, }, "etag": { - Type: schema.TypeString, - Computed: true, + Type: schema.TypeString, + Computed: true, + Description: `The etag of iam policy`, }, } diff --git a/third_party/terraform/utils/iam_organization.go b/third_party/terraform/utils/iam_organization.go index 99ed48f7f669..99b742b8d18a 100644 --- a/third_party/terraform/utils/iam_organization.go +++ b/third_party/terraform/utils/iam_organization.go @@ -9,9 +9,10 @@ import ( var IamOrganizationSchema = map[string]*schema.Schema{ "org_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The numeric ID of the organization in which you want to manage the audit logging config.`, }, }