Use better role for secrets in docs. (#3730) (#6752)

Upstream #6739. Signed-off-by: Modular Magician <[email protected]>
hashicorp · Jul 7, 2020 · 2c61867 · 2c61867
1 parent 47fb997
commit 2c61867
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/.changelog/3730.txt b/.changelog/3730.txt
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
diff --git a/google/iam_secret_manager_secret_generated_test.go b/google/iam_secret_manager_secret_generated_test.go
@@ -26,7 +26,7 @@ func TestAccSecretManagerSecretIamBindingGenerated(t *testing.T) {
 
 	context := map[string]interface{}{
 		"random_suffix": randString(t, 10),
-		"role":          "roles/viewer",
+		"role":          "roles/secretmanager.secretAccessor",
 	}
 
 	vcrTest(t, resource.TestCase{
@@ -38,7 +38,7 @@ func TestAccSecretManagerSecretIamBindingGenerated(t *testing.T) {
 			},
 			{
 				ResourceName:      "google_secret_manager_secret_iam_binding.foo",
-				ImportStateId:     fmt.Sprintf("projects/%s/secrets/%s roles/viewer", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
+				ImportStateId:     fmt.Sprintf("projects/%s/secrets/%s roles/secretmanager.secretAccessor", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
@@ -48,7 +48,7 @@ func TestAccSecretManagerSecretIamBindingGenerated(t *testing.T) {
 			},
 			{
 				ResourceName:      "google_secret_manager_secret_iam_binding.foo",
-				ImportStateId:     fmt.Sprintf("projects/%s/secrets/%s roles/viewer", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
+				ImportStateId:     fmt.Sprintf("projects/%s/secrets/%s roles/secretmanager.secretAccessor", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
@@ -61,7 +61,7 @@ func TestAccSecretManagerSecretIamMemberGenerated(t *testing.T) {
 
 	context := map[string]interface{}{
 		"random_suffix": randString(t, 10),
-		"role":          "roles/viewer",
+		"role":          "roles/secretmanager.secretAccessor",
 	}
 
 	vcrTest(t, resource.TestCase{
@@ -74,7 +74,7 @@ func TestAccSecretManagerSecretIamMemberGenerated(t *testing.T) {
 			},
 			{
 				ResourceName:      "google_secret_manager_secret_iam_member.foo",
-				ImportStateId:     fmt.Sprintf("projects/%s/secrets/%s roles/viewer user:[email protected]", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
+				ImportStateId:     fmt.Sprintf("projects/%s/secrets/%s roles/secretmanager.secretAccessor user:[email protected]", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
@@ -87,7 +87,7 @@ func TestAccSecretManagerSecretIamPolicyGenerated(t *testing.T) {
 
 	context := map[string]interface{}{
 		"random_suffix": randString(t, 10),
-		"role":          "roles/viewer",
+		"role":          "roles/secretmanager.secretAccessor",
 	}
 
 	vcrTest(t, resource.TestCase{

diff --git a/website/docs/r/secret_manager_secret_iam.html.markdown b/website/docs/r/secret_manager_secret_iam.html.markdown
@@ -38,7 +38,7 @@ Three different resources help you manage your IAM policy for Secret Manager Sec
 ```hcl
 data "google_iam_policy" "admin" {
   binding {
-    role = "roles/viewer"
+    role = "roles/secretmanager.secretAccessor"
     members = [
       "user:[email protected]",
     ]
@@ -58,7 +58,7 @@ resource "google_secret_manager_secret_iam_policy" "policy" {
 resource "google_secret_manager_secret_iam_binding" "binding" {
   project = google_secret_manager_secret.secret-basic.project
   secret_id = google_secret_manager_secret.secret-basic.secret_id
-  role = "roles/viewer"
+  role = "roles/secretmanager.secretAccessor"
   members = [
     "user:[email protected]",
   ]
@@ -121,12 +121,12 @@ Secret Manager secret IAM resources can be imported using the resource identifie
 
 IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
 ```
-$ terraform import google_secret_manager_secret_iam_member.editor "projects/{{project}}/secrets/{{secret_id}} roles/viewer [email protected]"
+$ terraform import google_secret_manager_secret_iam_member.editor "projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor [email protected]"
 ```
 
 IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
 ```
-$ terraform import google_secret_manager_secret_iam_binding.editor "projects/{{project}}/secrets/{{secret_id}} roles/viewer"
+$ terraform import google_secret_manager_secret_iam_binding.editor "projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor"
 ```
 
 IAM policy imports use the identifier of the resource in question, e.g.