From 889fb8270acde06b5f2b667f2a46571120d18c8f Mon Sep 17 00:00:00 2001 From: The Magician Date: Mon, 14 Jun 2021 12:37:56 -0700 Subject: [PATCH] basic roles removed from the IAM condition examples (#4861) (#3339) * basic roles removed from the IAM condition examples * typo corrected - PR comments Signed-off-by: Modular Magician --- .changelog/4861.txt | 3 +++ google-beta/resource_gke_hub_feature_membership_test.go | 2 +- website/docs/r/google_folder_iam.html.markdown | 9 ++++++--- 3 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 .changelog/4861.txt diff --git a/.changelog/4861.txt b/.changelog/4861.txt new file mode 100644 index 0000000000..8ec013c069 --- /dev/null +++ b/.changelog/4861.txt @@ -0,0 +1,3 @@ +```release-note:none + +``` diff --git a/google-beta/resource_gke_hub_feature_membership_test.go b/google-beta/resource_gke_hub_feature_membership_test.go index 7dd9a8e59b..4daf2967c1 100644 --- a/google-beta/resource_gke_hub_feature_membership_test.go +++ b/google-beta/resource_gke_hub_feature_membership_test.go @@ -5,7 +5,7 @@ import ( "fmt" "testing" - dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl" + "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl" gkehub "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/gkehub/beta" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" diff --git a/website/docs/r/google_folder_iam.html.markdown b/website/docs/r/google_folder_iam.html.markdown index 60ff11eeb3..780f90bee5 100644 --- a/website/docs/r/google_folder_iam.html.markdown +++ b/website/docs/r/google_folder_iam.html.markdown @@ -21,6 +21,9 @@ Four different resources help you manage your IAM policy for a folder. Each of t ~> **Note:** `google_folder_iam_binding` resources **can be** used in conjunction with `google_folder_iam_member` resources **only if** they do not grant privilege to the same role. +~> **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, + IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource. + ## google\_folder\_iam\_policy ~> **Be careful!** You can accidentally lock yourself out of your folder @@ -58,7 +61,7 @@ resource "google_folder_iam_policy" "folder" { data "google_iam_policy" "admin" { binding { - role = "roles/editor" + role = "roles/compute.admin" members = [ "user:jane@example.com", @@ -91,7 +94,7 @@ With IAM Conditions: ```hcl resource "google_folder_iam_binding" "folder" { folder = "folders/1234567" - role = "roles/editor" + role = "roles/container.admin" members = [ "user:jane@example.com", @@ -120,7 +123,7 @@ With IAM Conditions: ```hcl resource "google_folder_iam_member" "folder" { folder = "folders/1234567" - role = "roles/editor" + role = "roles/firebase.admin" member = "user:jane@example.com" condition {