Skip to content

Commit cc8deb3

Browse files
modular-magicianmodular-magician
authored
Use better role for secrets in docs. (#3730) (#2256)
Upstream hashicorp/terraform-provider-google#6739. Signed-off-by: Modular Magician <[email protected]>
1 parent ba538ae commit cc8deb3

File tree

3 files changed

+14
-11
lines changed

3 files changed

+14
-11
lines changed

.changelog/3730.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:none
2+
3+
```

google-beta/iam_secret_manager_secret_generated_test.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ func TestAccSecretManagerSecretIamBindingGenerated(t *testing.T) {
2626

2727
context := map[string]interface{}{
2828
"random_suffix": randString(t, 10),
29-
"role": "roles/viewer",
29+
"role": "roles/secretmanager.secretAccessor",
3030
}
3131

3232
vcrTest(t, resource.TestCase{
@@ -38,7 +38,7 @@ func TestAccSecretManagerSecretIamBindingGenerated(t *testing.T) {
3838
},
3939
{
4040
ResourceName: "google_secret_manager_secret_iam_binding.foo",
41-
ImportStateId: fmt.Sprintf("projects/%s/secrets/%s roles/viewer", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
41+
ImportStateId: fmt.Sprintf("projects/%s/secrets/%s roles/secretmanager.secretAccessor", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
4242
ImportState: true,
4343
ImportStateVerify: true,
4444
},
@@ -48,7 +48,7 @@ func TestAccSecretManagerSecretIamBindingGenerated(t *testing.T) {
4848
},
4949
{
5050
ResourceName: "google_secret_manager_secret_iam_binding.foo",
51-
ImportStateId: fmt.Sprintf("projects/%s/secrets/%s roles/viewer", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
51+
ImportStateId: fmt.Sprintf("projects/%s/secrets/%s roles/secretmanager.secretAccessor", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
5252
ImportState: true,
5353
ImportStateVerify: true,
5454
},
@@ -61,7 +61,7 @@ func TestAccSecretManagerSecretIamMemberGenerated(t *testing.T) {
6161

6262
context := map[string]interface{}{
6363
"random_suffix": randString(t, 10),
64-
"role": "roles/viewer",
64+
"role": "roles/secretmanager.secretAccessor",
6565
}
6666

6767
vcrTest(t, resource.TestCase{
@@ -74,7 +74,7 @@ func TestAccSecretManagerSecretIamMemberGenerated(t *testing.T) {
7474
},
7575
{
7676
ResourceName: "google_secret_manager_secret_iam_member.foo",
77-
ImportStateId: fmt.Sprintf("projects/%s/secrets/%s roles/viewer user:[email protected]", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
77+
ImportStateId: fmt.Sprintf("projects/%s/secrets/%s roles/secretmanager.secretAccessor user:[email protected]", getTestProjectFromEnv(), fmt.Sprintf("secret%s", context["random_suffix"])),
7878
ImportState: true,
7979
ImportStateVerify: true,
8080
},
@@ -87,7 +87,7 @@ func TestAccSecretManagerSecretIamPolicyGenerated(t *testing.T) {
8787

8888
context := map[string]interface{}{
8989
"random_suffix": randString(t, 10),
90-
"role": "roles/viewer",
90+
"role": "roles/secretmanager.secretAccessor",
9191
}
9292

9393
vcrTest(t, resource.TestCase{

website/docs/r/secret_manager_secret_iam.html.markdown

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ Three different resources help you manage your IAM policy for Secret Manager Sec
3838
```hcl
3939
data "google_iam_policy" "admin" {
4040
binding {
41-
role = "roles/viewer"
41+
role = "roles/secretmanager.secretAccessor"
4242
members = [
4343
"user:[email protected]",
4444
]
@@ -58,7 +58,7 @@ resource "google_secret_manager_secret_iam_policy" "policy" {
5858
resource "google_secret_manager_secret_iam_binding" "binding" {
5959
project = google_secret_manager_secret.secret-basic.project
6060
secret_id = google_secret_manager_secret.secret-basic.secret_id
61-
role = "roles/viewer"
61+
role = "roles/secretmanager.secretAccessor"
6262
members = [
6363
"user:[email protected]",
6464
]
@@ -71,7 +71,7 @@ resource "google_secret_manager_secret_iam_binding" "binding" {
7171
resource "google_secret_manager_secret_iam_member" "member" {
7272
project = google_secret_manager_secret.secret-basic.project
7373
secret_id = google_secret_manager_secret.secret-basic.secret_id
74-
role = "roles/viewer"
74+
role = "roles/secretmanager.secretAccessor"
7575
member = "user:[email protected]"
7676
}
7777
```
@@ -121,12 +121,12 @@ Secret Manager secret IAM resources can be imported using the resource identifie
121121

122122
IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
123123
```
124-
$ terraform import google_secret_manager_secret_iam_member.editor "projects/{{project}}/secrets/{{secret_id}} roles/viewer [email protected]"
124+
$ terraform import google_secret_manager_secret_iam_member.editor "projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor [email protected]"
125125
```
126126

127127
IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
128128
```
129-
$ terraform import google_secret_manager_secret_iam_binding.editor "projects/{{project}}/secrets/{{secret_id}} roles/viewer"
129+
$ terraform import google_secret_manager_secret_iam_binding.editor "projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor"
130130
```
131131

132132
IAM policy imports use the identifier of the resource in question, e.g.

0 commit comments

Comments
 (0)