Skip to content

Commit 5714963

Browse files
shuyama1shuyama1
authored
Backport bigtable IAM change (#10746)
1 parent 1aacace commit 5714963

File tree

2 files changed

+177
-13
lines changed

2 files changed

+177
-13
lines changed

google-beta/services/bigtable/iam_bigtable_table.go

Lines changed: 42 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,19 @@ import (
3131

3232
var IamBigtableTableSchema = map[string]*schema.Schema{
3333
"instance": {
34-
Type: schema.TypeString,
35-
Required: true,
36-
ForceNew: true,
34+
Type: schema.TypeString,
35+
Optional: true,
36+
Computed: true,
37+
ForceNew: true,
38+
ExactlyOneOf: []string{"instance", "instance_name"},
39+
Deprecated: "`instance` is deprecated in favor of `instance_name`",
40+
},
41+
"instance_name": {
42+
Type: schema.TypeString,
43+
Optional: true,
44+
Computed: true,
45+
ForceNew: true,
46+
ExactlyOneOf: []string{"instance", "instance_name"},
3747
},
3848
"project": {
3949
Type: schema.TypeString,
@@ -49,11 +59,12 @@ var IamBigtableTableSchema = map[string]*schema.Schema{
4959
}
5060

5161
type BigtableTableIamUpdater struct {
52-
project string
53-
instance string
54-
table string
55-
d tpgresource.TerraformResourceData
56-
Config *transport_tpg.Config
62+
project string
63+
instance string
64+
instanceName string
65+
table string
66+
d tpgresource.TerraformResourceData
67+
Config *transport_tpg.Config
5768
}
5869

5970
func NewBigtableTableUpdater(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (tpgiamresource.ResourceIamUpdater, error) {
@@ -66,12 +77,26 @@ func NewBigtableTableUpdater(d tpgresource.TerraformResourceData, config *transp
6677
return nil, fmt.Errorf("Error setting project: %s", err)
6778
}
6879

80+
instance := d.Get("instance").(string)
81+
if instance == "" {
82+
instance = d.Get("instance_name").(string)
83+
}
84+
85+
if err := d.Set("instance", instance); err != nil {
86+
return nil, fmt.Errorf("Error setting instance: %s", err)
87+
}
88+
89+
if err := d.Set("instance_name", instance); err != nil {
90+
return nil, fmt.Errorf("Error setting instance_name: %s", err)
91+
}
92+
6993
return &BigtableTableIamUpdater{
70-
project: project,
71-
instance: d.Get("instance").(string),
72-
table: d.Get("table").(string),
73-
d: d,
74-
Config: config,
94+
project: project,
95+
instance: instance,
96+
instanceName: instance,
97+
table: d.Get("table").(string),
98+
d: d,
99+
Config: config,
75100
}, nil
76101
}
77102

@@ -97,6 +122,10 @@ func BigtableTableIdParseFunc(d *schema.ResourceData, config *transport_tpg.Conf
97122
return fmt.Errorf("Error setting instance: %s", err)
98123
}
99124

125+
if err := d.Set("instance_name", values["instance"]); err != nil {
126+
return fmt.Errorf("Error setting instance_name: %s", err)
127+
}
128+
100129
if err := d.Set("table", values["table"]); err != nil {
101130
return fmt.Errorf("Error setting table: %s", err)
102131
}

google-beta/services/bigtable/resource_bigtable_table_iam_test.go

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,20 @@ func TestAccBigtableTableIamBinding(t *testing.T) {
5656
ImportState: true,
5757
ImportStateVerify: true,
5858
},
59+
{
60+
// // Test IAM Binding - Update instance to instance_name
61+
Config: testAccBigtableTableIamBinding_basicUpdateName(instance, cluster, account, role),
62+
Check: resource.ComposeTestCheckFunc(
63+
resource.TestCheckResourceAttr(
64+
"google_bigtable_table_iam_binding.binding", "role", role),
65+
),
66+
},
67+
{
68+
ResourceName: "google_bigtable_table_iam_binding.binding",
69+
ImportStateId: importId,
70+
ImportState: true,
71+
ImportStateVerify: true,
72+
},
5973
{
6074
// Test IAM Binding update
6175
Config: testAccBigtableTableIamBinding_update(instance, cluster, account, role),
@@ -107,6 +121,38 @@ func TestAccBigtableTableIamMember(t *testing.T) {
107121
ImportState: true,
108122
ImportStateVerify: true,
109123
},
124+
{
125+
// Test IAM Binding - Update instance to instance_name
126+
Config: testAccBigtableTableIamMember_updateName(instance, cluster, account, role),
127+
Check: resource.ComposeTestCheckFunc(
128+
resource.TestCheckResourceAttr(
129+
"google_bigtable_table_iam_member.member", "role", role),
130+
resource.TestCheckResourceAttr(
131+
"google_bigtable_table_iam_member.member", "member", "serviceAccount:"+envvar.ServiceAccountCanonicalEmail(account)),
132+
),
133+
},
134+
{
135+
ResourceName: "google_bigtable_table_iam_member.member",
136+
ImportStateId: importId,
137+
ImportState: true,
138+
ImportStateVerify: true,
139+
},
140+
{
141+
// Test IAM Binding - Update instance_name to instance
142+
Config: testAccBigtableTableIamMember(instance, cluster, account, role),
143+
Check: resource.ComposeTestCheckFunc(
144+
resource.TestCheckResourceAttr(
145+
"google_bigtable_table_iam_member.member", "role", role),
146+
resource.TestCheckResourceAttr(
147+
"google_bigtable_table_iam_member.member", "member", "serviceAccount:"+envvar.ServiceAccountCanonicalEmail(account)),
148+
),
149+
},
150+
{
151+
ResourceName: "google_bigtable_table_iam_member.member",
152+
ImportStateId: importId,
153+
ImportState: true,
154+
ImportStateVerify: true,
155+
},
110156
},
111157
})
112158
}
@@ -139,6 +185,28 @@ func TestAccBigtableTableIamPolicy(t *testing.T) {
139185
ImportState: true,
140186
ImportStateVerify: true,
141187
},
188+
{
189+
// Test IAM Binding - Update instance to instance_name
190+
Config: testAccBigtableTableIamPolicy_updateName(instance, cluster, account, role),
191+
Check: resource.TestCheckResourceAttrSet("data.google_bigtable_table_iam_policy.policy", "policy_data"),
192+
},
193+
{
194+
ResourceName: "google_bigtable_table_iam_policy.policy",
195+
ImportStateId: importId,
196+
ImportState: true,
197+
ImportStateVerify: true,
198+
},
199+
{
200+
// Test IAM Binding - Update instance_name to instance
201+
Config: testAccBigtableTableIamPolicy(instance, cluster, account, role),
202+
Check: resource.TestCheckResourceAttrSet("data.google_bigtable_table_iam_policy.policy", "policy_data"),
203+
},
204+
{
205+
ResourceName: "google_bigtable_table_iam_policy.policy",
206+
ImportStateId: importId,
207+
ImportState: true,
208+
ImportStateVerify: true,
209+
},
142210
},
143211
})
144212
}
@@ -166,6 +234,29 @@ resource "google_bigtable_table_iam_binding" "binding" {
166234
`, instance, cluster, cluster, account, account, role)
167235
}
168236

237+
func testAccBigtableTableIamBinding_basicUpdateName(instance, cluster, account, role string) string {
238+
return fmt.Sprintf(testBigtableTableIam+`
239+
resource "google_service_account" "test-account1" {
240+
account_id = "%s-1"
241+
display_name = "Bigtable Table IAM Testing Account"
242+
}
243+
244+
resource "google_service_account" "test-account2" {
245+
account_id = "%s-2"
246+
display_name = "Bigtable Table Iam Testing Account"
247+
}
248+
249+
resource "google_bigtable_table_iam_binding" "binding" {
250+
instance_name = google_bigtable_instance.instance.name
251+
table = google_bigtable_table.table.name
252+
role = "%s"
253+
members = [
254+
"serviceAccount:${google_service_account.test-account1.email}",
255+
]
256+
}
257+
`, instance, cluster, cluster, account, account, role)
258+
}
259+
169260
func testAccBigtableTableIamBinding_update(instance, cluster, account, role string) string {
170261
return fmt.Sprintf(testBigtableTableIam+`
171262
resource "google_service_account" "test-account1" {
@@ -206,6 +297,22 @@ resource "google_bigtable_table_iam_member" "member" {
206297
`, instance, cluster, cluster, account, role)
207298
}
208299

300+
func testAccBigtableTableIamMember_updateName(instance, cluster, account, role string) string {
301+
return fmt.Sprintf(testBigtableTableIam+`
302+
resource "google_service_account" "test-account" {
303+
account_id = "%s"
304+
display_name = "Bigtable Table IAM Testing Account"
305+
}
306+
307+
resource "google_bigtable_table_iam_member" "member" {
308+
instance_name = google_bigtable_instance.instance.name
309+
table = google_bigtable_table.table.name
310+
role = "%s"
311+
member = "serviceAccount:${google_service_account.test-account.email}"
312+
}
313+
`, instance, cluster, cluster, account, role)
314+
}
315+
209316
func testAccBigtableTableIamPolicy(instance, cluster, account, role string) string {
210317
return fmt.Sprintf(testBigtableTableIam+`
211318
resource "google_service_account" "test-account" {
@@ -226,6 +333,34 @@ resource "google_bigtable_table_iam_policy" "policy" {
226333
policy_data = data.google_iam_policy.policy.policy_data
227334
}
228335
336+
data "google_bigtable_table_iam_policy" "policy" {
337+
instance_name = google_bigtable_instance.instance.name
338+
table = google_bigtable_table.table.name
339+
}
340+
341+
`, instance, cluster, cluster, account, role)
342+
}
343+
344+
func testAccBigtableTableIamPolicy_updateName(instance, cluster, account, role string) string {
345+
return fmt.Sprintf(testBigtableTableIam+`
346+
resource "google_service_account" "test-account" {
347+
account_id = "%s"
348+
display_name = "Bigtable Table IAM Testing Account"
349+
}
350+
351+
data "google_iam_policy" "policy" {
352+
binding {
353+
role = "%s"
354+
members = ["serviceAccount:${google_service_account.test-account.email}"]
355+
}
356+
}
357+
358+
resource "google_bigtable_table_iam_policy" "policy" {
359+
instance_name = google_bigtable_instance.instance.name
360+
table = google_bigtable_table.table.name
361+
policy_data = data.google_iam_policy.policy.policy_data
362+
}
363+
229364
data "google_bigtable_table_iam_policy" "policy" {
230365
instance = google_bigtable_instance.instance.name
231366
table = google_bigtable_table.table.name

0 commit comments

Comments
 (0)