Skip to content

Commit

Permalink
Adding labels field to the GKEHub Scope RBAC RoleBinding resource (#8869
Browse files Browse the repository at this point in the history
) (#15729)

* Adding Terraform resources for Tenancy APIs in GKEHub

* Segregating MembershipBinding and MembershipRBACRoleBinding to keep things simpler in the review

* Fixing the docu URIs

* Adding TF support for Tenancy API for Membership Binding

* Adding dependent membership binding to the same commit chain

* Making Scope un-updatable and replacing hard coded project number with the one from test env

* Making Scope RRBAC updatable

* Making Namespace immutable

* Adding update test cases

* Removing all memberships field from Scope since it is no longer supported

* Removing all_memberships field for Scope from all test cases

* Adding labels to the Scope RBAC Role Binding resource

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Sep 5, 2023
1 parent c3817ef commit 20699e9
Show file tree
Hide file tree
Showing 5 changed files with 59 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .changelog/8869.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
GKEHUB: added `labels` fields to `google_gke_hub_scope_rbac_role_binding` resource
```
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,12 @@ is required). Updating one will unset the other automatically.
group is the group, as seen by the kubernetes cluster.`,
ExactlyOneOf: []string{"user", "group"},
},
"labels": {
Type: schema.TypeMap,
Optional: true,
Description: `Labels for this ScopeRBACRoleBinding.`,
Elem: &schema.Schema{Type: schema.TypeString},
},
"user": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -170,6 +176,12 @@ func resourceGKEHub2ScopeRBACRoleBindingCreate(d *schema.ResourceData, meta inte
} else if v, ok := d.GetOkExists("role"); !tpgresource.IsEmptyValue(reflect.ValueOf(roleProp)) && (ok || !reflect.DeepEqual(v, roleProp)) {
obj["role"] = roleProp
}
labelsProp, err := expandGKEHub2ScopeRBACRoleBindingLabels(d.Get("labels"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(labelsProp)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}

url, err := tpgresource.ReplaceVars(d, config, "{{GKEHub2BasePath}}projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/?rbacrolebinding_id={{scope_rbac_role_binding_id}}")
if err != nil {
Expand Down Expand Up @@ -306,6 +318,9 @@ func resourceGKEHub2ScopeRBACRoleBindingRead(d *schema.ResourceData, meta interf
if err := d.Set("role", flattenGKEHub2ScopeRBACRoleBindingRole(res["role"], d, config)); err != nil {
return fmt.Errorf("Error reading ScopeRBACRoleBinding: %s", err)
}
if err := d.Set("labels", flattenGKEHub2ScopeRBACRoleBindingLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading ScopeRBACRoleBinding: %s", err)
}

return nil
}
Expand Down Expand Up @@ -344,6 +359,12 @@ func resourceGKEHub2ScopeRBACRoleBindingUpdate(d *schema.ResourceData, meta inte
} else if v, ok := d.GetOkExists("role"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, roleProp)) {
obj["role"] = roleProp
}
labelsProp, err := expandGKEHub2ScopeRBACRoleBindingLabels(d.Get("labels"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}

url, err := tpgresource.ReplaceVars(d, config, "{{GKEHub2BasePath}}projects/{{project}}/locations/global/scopes/{{scope_id}}/rbacrolebindings/{{scope_rbac_role_binding_id}}")
if err != nil {
Expand All @@ -364,6 +385,10 @@ func resourceGKEHub2ScopeRBACRoleBindingUpdate(d *schema.ResourceData, meta inte
if d.HasChange("role") {
updateMask = append(updateMask, "role")
}

if d.HasChange("labels") {
updateMask = append(updateMask, "labels")
}
// updateMask is a URL parameter but not present in the schema, so ReplaceVars
// won't set it
url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
Expand Down Expand Up @@ -538,6 +563,10 @@ func flattenGKEHub2ScopeRBACRoleBindingRolePredefinedRole(v interface{}, d *sche
return v
}

func flattenGKEHub2ScopeRBACRoleBindingLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func expandGKEHub2ScopeRBACRoleBindingUser(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
Expand Down Expand Up @@ -568,3 +597,14 @@ func expandGKEHub2ScopeRBACRoleBindingRole(v interface{}, d tpgresource.Terrafor
func expandGKEHub2ScopeRBACRoleBindingRolePredefinedRole(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandGKEHub2ScopeRBACRoleBindingLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
}
m := make(map[string]string)
for k, val := range v.(map[string]interface{}) {
m[k] = val.(string)
}
return m, nil
}
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ resource "google_gke_hub_scope_rbac_role_binding" "scoperbacrolebinding" {
role {
predefined_role = "ADMIN"
}
labels = {
key = "value"
}
depends_on = [google_gke_hub_scope.scoperbacrolebinding]
}
`, context)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ resource "google_gke_hub_scope_rbac_role_binding" "scoperbacrolebinding" {
role {
predefined_role = "ADMIN"
}
labels = {
key = "value"
}
depends_on = [google_gke_hub_scope.scoperbacrolebinding]
}
`, context)
Expand All @@ -76,6 +79,9 @@ resource "google_gke_hub_scope_rbac_role_binding" "scoperbacrolebinding" {
role {
predefined_role = "VIEW"
}
labels = {
key = "updated_value"
}
depends_on = [google_gke_hub_scope.scoperbacrolebinding]
}
`, context)
Expand Down
7 changes: 7 additions & 0 deletions website/docs/r/gke_hub_scope_rbac_role_binding.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ resource "google_gke_hub_scope_rbac_role_binding" "scoperbacrolebinding" {
role {
predefined_role = "ADMIN"
}
labels = {
key = "value"
}
depends_on = [google_gke_hub_scope.scoperbacrolebinding]
}
```
Expand Down Expand Up @@ -89,6 +92,10 @@ The following arguments are supported:
is required). Updating one will unset the other automatically.
group is the group, as seen by the kubernetes cluster.

* `labels` -
(Optional)
Labels for this ScopeRBACRoleBinding.

* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.

Expand Down

0 comments on commit 20699e9

Please sign in to comment.