-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added org policy policy resource. #5199
Added org policy policy resource. #5199
Conversation
Oops! It looks like you're using an unknown release-note type in your changelog entries:
Please only use the types listed in https://github.com/GoogleCloudPlatform/magic-modules/blob/master/.ci/RELEASE_NOTES_GUIDE.md. |
Hello! I am a robot who works on Magic Modules PRs. I have detected that you are a community contributor, so your PR will be assigned to someone with a commit-bit on this repo for initial review. Thanks for your contribution! A human will be with you soon. @c2thorn, please review this PR or find an appropriate assignee. |
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 29 files changed, 1356 insertions(+), 9574 deletions(-)) |
|
||
func resourceOrgPolicyPolicyCustomImport(d *schema.ResourceData, meta interface{}) error { | ||
config := meta.(*Config) | ||
if err := parseImportId([]string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add a comment which says "this differs from the normal import method because it permits slashes in the first element and requires the parent to start at the beginning of the string.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't think of any off the top of my head, but do we see this import pattern in other resources? Any merit to a generic solution?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are other resources in the DCL that allow a forward slashes in the values for certain fields. Usually, as it is here, this is because the field is a parent field and there can be more than one type of parent for the resource.
- type: SERIALIZATION_ONLY | ||
- type: CUSTOM_TERRAFORM_PRODUCT_NAME | ||
details: | ||
product: "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe a comment that says "this produces the correct name google_folder
"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
// of the DCL resource with a different location type. All references in samples | ||
// to a resource with an alternate location will point to the main version. | ||
func (r Resource) IsAlternateLocation() bool { | ||
// For now, we consider non-regional resources to be alternate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd extend this comment to say "non-locational resources have the empty string for their location."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
return serializeProjectToHCL(m) | ||
} | ||
|
||
func serializeProjectToHCL(m map[string]interface{}) (string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I notice this doesn't have folder, is that a git history mishap or is that on purpose?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Folder does not need a custom serializer because it has the same schema in DCL and terraform.
@@ -235,9 +235,9 @@ func resource{{$.PathType}}Create(d *schema.ResourceData, meta interface{}) erro | |||
} | |||
{{ end }} | |||
|
|||
id, err := {{ $.IdFunction }}(d, config, "{{$.ID}}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean we can remove IdFunction
and ID
now that the DCL exports an ID
method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe so. Should I do that in this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm... leave a TODO, maybe? This does already include an awful lot of changes that are required-but-tangentially-related.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this would be better tracked if there were a GH issue that this TODO could point to
@c2thorn - Thomas and I pair programmed most of this, so I'll take a first pass on review but we'll ping you when we need a fresh pair of eyes. :) |
70ed626
to
d474c59
Compare
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 29 files changed, 1356 insertions(+), 9574 deletions(-)) |
go.sum
Outdated
@@ -0,0 +1 @@ | |||
3644975SUM_LINE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file should be removed - some kind of issue copying makefile commands I assume?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
mmv1/third_party/terraform/go.sum
Outdated
@@ -1577,3 +1579,6 @@ rsc.io/sampler v1.3.0 h1:7uVkIFmeBqHfdjD+gZwtXXI+RODJ2Wc4O7MPEh/QiW4= | |||
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= | |||
sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= | |||
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= | |||
3644975SUM_LINE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line should be removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've amended the commit that added this line. Let me know if it's still incorrect.
You'll need to rebase + update those |
5c995c5
to
01b7437
Compare
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 21 files changed, 1333 insertions(+), 24 deletions(-)) |
Awesome, looks like this all compiles and passes lints. /gcbrun to get the full test suite running. It'll take til tomorrow, we'll look at it in the morning. |
01b7437
to
5e4d5e5
Compare
/gcbrun |
Ah, sorry, it needed me to do it. It's going to complain you're not on the allowlist. But it did trigger, we can check in at https://ci-oss.hashicorp.engineering/buildConfiguration/GoogleCloudBeta_ProviderGoogleCloudBetaMmUpstreamVcr/205879? in the morning - although I suspect permissions there will be a hassle. Something else to get sorted before the e2e experiment. |
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 21 files changed, 1333 insertions(+), 24 deletions(-)) |
There's an issue in a DCL-based resource which is likely related to DCL-side handling of the |
Okay, I pushed a change that should fix that test failure. We'll have to see after the diff generation. |
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 21 files changed, 1324 insertions(+), 15 deletions(-)) |
/gcbrun |
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 21 files changed, 1324 insertions(+), 15 deletions(-)) |
I have triggered VCR tests in RECORDING mode for the following tests that failed during VCR: TestAccOrgPolicyPolicy_EnforcePolicy|TestAccOrgPolicyPolicy_FolderPolicy|TestAccOrgPolicyPolicy_OrganizationPolicy|TestAccOrgPolicyPolicy_ProjectPolicy You can view the result here: https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=206047 |
Great. Now only the new tests are failing and we have gotten all of them to pass on our side already so we have a good reason to think they will pass when they run. |
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 31 files changed, 1377 insertions(+), 9575 deletions(-)) |
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 23 files changed, 1356 insertions(+), 15 deletions(-)) |
/gcbrun |
1 similar comment
/gcbrun |
8f63d84
to
af6f45a
Compare
af6f45a
to
9edff17
Compare
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 23 files changed, 1354 insertions(+), 13 deletions(-)) |
/gcbrun |
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 23 files changed, 1354 insertions(+), 13 deletions(-)) |
I have triggered VCR tests in RECORDING mode for the following tests that failed during VCR: TestAccComputeManagedSslCertificate_managedSslCertificateBasicExample|TestAccComputeServiceAttachment_serviceAttachmentBasicExample|TestAccOrgPolicyPolicy_EnforcePolicy|TestAccOrgPolicyPolicy_FolderPolicy|TestAccOrgPolicyPolicy_OrganizationPolicy|TestAccOrgPolicyPolicy_ProjectPolicy You can view the result here: https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=206583 |
Tests failed during RECORDING mode: TestAccOrgPolicyPolicy_OrganizationPolicy|TestAccOrgPolicyPolicy_FolderPolicy|TestAccOrgPolicyPolicy_ProjectPolicy|TestAccOrgPolicyPolicy_EnforcePolicy|TestAccComputeServiceAttachment_serviceAttachmentBasicExample Please fix these to complete your PR |
if err != nil { | ||
return fmt.Errorf("Error constructing id: %s", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why remove this extra formatting? The message still seems appropriate to me for the UseDCLID
case, but if we need to modify it I think that's better than fully removing. Just makes it easier to read in the logs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've put the extra formatting back, lowercased in case the error isn't at the start of a sentence.
details: | ||
function: resourceOrgPolicyPolicyCustomImport | ||
- type: USE_DCL_ID | ||
- type: ENUM_BOOL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non-review question: how would contributors be able to to recognize that a boolean should have this override applied to it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the field is a boolean in the DCL and it's necessary to be able to distinguish between true
, false
, and nil
, then it needs to be an enum/string in terraform which can be "TRUE"
, "FALSE"
, or ""
.
In this case the distinction is important because these fields conflict with each other and setting enforce
to false
is different than leaving all of them unset.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it needs to have an unset case which is distinct from false. This would be a good place to insist we write those override docs!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes if we could add a one-pager doc per override added, that would help. I don't quite remember if we had a specific place where we've kept them all, @ndmckinley do you remember? Maybe we can chat in an internal chat about it.
FYI with respect to tests the issue was "api not enabled", enabled and rerunning. |
@@ -0,0 +1,10 @@ | |||
- type: CUSTOM_IMPORT_FUNCTION |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The generated sweeper does not seem to work correctly likely tied to the need for the custom import. We should probably add a NO_SWEEPER
override for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, yes, thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added.
FYI those tests all passed - this is a fully green run. |
…construction errors.
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 23 files changed, 1354 insertions(+), 13 deletions(-)) |
I seem to have linked this issue in the wrong PR. |
@trodge @ndmckinley this is hashicorp/terraform-provider-google#9341, right? |
Thanks, yes - I got the internal bugs and missed the external one. Appreciate the pointer. |
* Added org policy policy resource. * Added additional comments. * Allow resources to use the normal terraform ID process by default - DCL by override. * Added a way to expand and flatten between terraform strings and dcl booleans. * Updated GA version of policy.yaml. * Ran make upgrade-dcl (and added missing tab to tf go.mod). * Added NO_SWEEPER override for orgpolicy policy and formatting for id construction errors. Co-authored-by: Nathan Mckinley <[email protected]>
Added org policy policy resource to tpgtools. This is a new, schema-incompatible version of google_organization_policy, google_folder_organization_policy, and google_project_organization_policy which can have any of the three parent resources.
Added cloudresourcemanager folder and project resources with serialization only override for use in testing. These resources are still not implemented in terraform through the DCL.
fixes hashicorp/terraform-provider-google#2605
If this PR is for Terraform, I acknowledge that I have:
make test
andmake lint
to ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)