tpgiamresource

package
v1.20.1-0...-1f39225 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2025 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Copyright (c) HashiCorp, Inc. SPDX-License-Identifier: MPL-2.0

Copyright (c) HashiCorp, Inc. SPDX-License-Identifier: MPL-2.0 Utils for modifying IAM policies for resources across GCP

Copyright (c) HashiCorp, Inc. SPDX-License-Identifier: MPL-2.0

Copyright (c) HashiCorp, Inc. SPDX-License-Identifier: MPL-2.0

Copyright (c) HashiCorp, Inc. SPDX-License-Identifier: MPL-2.0

Copyright (c) HashiCorp, Inc. SPDX-License-Identifier: MPL-2.0

Copyright (c) HashiCorp, Inc. SPDX-License-Identifier: MPL-2.0

Index

Constants

View Source 
const IamPolicyVersion = 3

Variables

View Source 
var IamMemberBaseSchema = map[string]*schema.Schema{
	"role": {
		Type:     schema.TypeString,
		Required: true,
		ForceNew: true,
	},
	"member": {
		Type:             schema.TypeString,
		Required:         true,
		ForceNew:         true,
		DiffSuppressFunc: iamMemberCaseDiffSuppress,
		ValidateFunc:     validateIAMMember,
	},
	"condition": {
		Type:     schema.TypeList,
		Optional: true,
		MaxItems: 1,
		ForceNew: true,
		Elem: &schema.Resource{
			Schema: map[string]*schema.Schema{
				"expression": {
					Type:     schema.TypeString,
					Required: true,
					ForceNew: true,
				},
				"title": {
					Type:     schema.TypeString,
					Required: true,
					ForceNew: true,
				},
				"description": {
					Type:     schema.TypeString,
					Optional: true,
					ForceNew: true,
				},
			},
		},
	},
	"etag": {
		Type:     schema.TypeString,
		Computed: true,
	},
}
View Source 
var IamPolicyBaseDataSourceSchema = map[string]*schema.Schema{
	"policy_data": {
		Type:     schema.TypeString,
		Computed: true,
	},
	"etag": {
		Type:     schema.TypeString,
		Computed: true,
	},
}
View Source 
var IamPolicyBaseSchema = map[string]*schema.Schema{
	"policy_data": {
		Type:             schema.TypeString,
		Required:         true,
		DiffSuppressFunc: jsonPolicyDiffSuppress,
		ValidateFunc:     validateIamPolicy,
	},
	"etag": {
		Type:     schema.TypeString,
		Computed: true,
	},
}

Functions

func BatchRequestModifyIamPolicy 

func BatchRequestModifyIamPolicy(updater ResourceIamUpdater, modify iamPolicyModifyFunc, config *transport_tpg.Config, reqDesc string) error

func CompareAuditConfigs 

func CompareAuditConfigs(a, b []*cloudresourcemanager.AuditConfig) bool

func CompareBindings 

func CompareBindings(a, b []*cloudresourcemanager.Binding) bool

func DataSourceIamPolicy 

func DataSourceIamPolicy(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, options ...func(*IamSettings)) *schema.Resource

func DatasourceIamPolicyRead 

func DatasourceIamPolicyRead(newUpdaterFunc NewResourceIamUpdaterFunc) schema.ReadFunc

func DebugPrintAuditConfigs 

func DebugPrintAuditConfigs(bs []*cloudresourcemanager.AuditConfig) string

Util to deref and print auditConfigs

func DebugPrintBindings 

func DebugPrintBindings(bs []*cloudresourcemanager.Binding) string

Util to deref and print bindings

func ExpandIamCondition 

func ExpandIamCondition(v interface{}) *cloudresourcemanager.Expr

func FlattenIamCondition 

func FlattenIamCondition(condition *cloudresourcemanager.Expr) []map[string]interface{}

func IamWithBatching 

func IamWithBatching(s *IamSettings)

func IamWithDeprecationMessage 

func IamWithDeprecationMessage(message string) func(s *IamSettings)

func IamWithGAResourceDeprecation 

func IamWithGAResourceDeprecation() func(s *IamSettings)

func MergeBindings 

func MergeBindings(bindings []*cloudresourcemanager.Binding) []*cloudresourcemanager.Binding

Flattens a list of Bindings so each role+condition has a single Binding with combined members

func MissingBindings 

func MissingBindings(a, b []*cloudresourcemanager.Binding) []*cloudresourcemanager.Binding

Returns the bindings that are in the first set of bindings but not the second.

func ResourceIamAuditConfig 

func ResourceIamAuditConfig(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser ResourceIdParserFunc, options ...func(*IamSettings)) *schema.Resource

func ResourceIamBinding 

func ResourceIamBinding(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser ResourceIdParserFunc, options ...func(*IamSettings)) *schema.Resource

func ResourceIamMember 

func ResourceIamMember(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser ResourceIdParserFunc, options ...func(*IamSettings)) *schema.Resource

func ResourceIamPolicy 

func ResourceIamPolicy(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser ResourceIdParserFunc, options ...func(*IamSettings)) *schema.Resource

func ResourceIamPolicyCreate 

func ResourceIamPolicyCreate(newUpdaterFunc NewResourceIamUpdaterFunc) schema.CreateFunc

func ResourceIamPolicyDelete 

func ResourceIamPolicyDelete(newUpdaterFunc NewResourceIamUpdaterFunc) schema.DeleteFunc

func ResourceIamPolicyRead 

func ResourceIamPolicyRead(newUpdaterFunc NewResourceIamUpdaterFunc) schema.ReadFunc

func ResourceIamPolicyUpdate 

func ResourceIamPolicyUpdate(newUpdaterFunc NewResourceIamUpdaterFunc) schema.UpdateFunc

Types

type IamSettings 

type IamSettings struct {
	DeprecationMessage string
	EnableBatching     bool
}

func NewIamSettings 

func NewIamSettings(options ...func(*IamSettings)) *IamSettings

type NewResourceIamUpdaterFunc 

type NewResourceIamUpdaterFunc func(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (ResourceIamUpdater, error)

Factory for generating ResourceIamUpdater for given ResourceData resource

type ResourceIamUpdater 

type ResourceIamUpdater interface {
	// Fetch the existing IAM policy attached to a resource.
	GetResourceIamPolicy() (*cloudresourcemanager.Policy, error)

	// Replaces the existing IAM Policy attached to a resource.
	SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error

	// A mutex guards against concurrent to call to the SetResourceIamPolicy method.
	// The mutex key should be made of the resource type and resource id.
	// For example: `iam-project-{id}`.
	GetMutexKey() string

	// Returns the unique resource identifier.
	GetResourceId() string

	// Textual description of this resource to be used in error message.
	// The description should include the unique resource identifier.
	DescribeResource() string
}

The ResourceIamUpdater interface is implemented for each GCP resource supporting IAM policy. Implementations should be created per resource and should keep track of the resource identifier.

type ResourceIdParserFunc 

type ResourceIdParserFunc func(d *schema.ResourceData, config *transport_tpg.Config) error

Parser for Terraform resource identifier (d.Id) for resource whose IAM policy is being changed

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.