Skip to content

Commit

Permalink
basic roles removed from the IAM condition examples (#4861) (#3339)
Browse files Browse the repository at this point in the history 
* basic roles removed from the IAM condition examples

* typo corrected - PR comments

Signed-off-by: Modular Magician <magic-modules@google.com>
  • Loading branch information
@modular-magician
modular-magician authored Jun 14, 2021
1 parent 57cf453 commit 889fb82
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 4 deletions.
3 changes: 3 additions & 0 deletions .changelog/4861.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:none

```
2 changes: 1 addition & 1 deletion google-beta/resource_gke_hub_feature_membership_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import (
"fmt"
"testing"

dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
"github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
gkehub "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/gkehub/beta"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
Expand Down
9 changes: 6 additions & 3 deletions website/docs/r/google_folder_iam.html.markdown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ Four different resources help you manage your IAM policy for a folder. Each of t

~> **Note:** `google_folder_iam_binding` resources **can be** used in conjunction with `google_folder_iam_member` resources **only if** they do not grant privilege to the same role.

~> **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints,
IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.

## google\_folder\_iam\_policy

~> **Be careful!** You can accidentally lock yourself out of your folder
Expand Down Expand Up @@ -58,7 +61,7 @@ resource "google_folder_iam_policy" "folder" {
data "google_iam_policy" "admin" {
binding {
role = "roles/editor"
role = "roles/compute.admin"
members = [
"user:jane@example.com",
Expand Down Expand Up @@ -91,7 +94,7 @@ With IAM Conditions:
```hcl
resource "google_folder_iam_binding" "folder" {
folder = "folders/1234567"
role = "roles/editor"
role = "roles/container.admin"
members = [
"user:jane@example.com",
Expand Down Expand Up @@ -120,7 +123,7 @@ With IAM Conditions:
```hcl
resource "google_folder_iam_member" "folder" {
folder = "folders/1234567"
role = "roles/editor"
role = "roles/firebase.admin"
member = "user:jane@example.com"
condition {
Expand Down

0 comments on commit 889fb82

Please sign in to comment.