Skip to content

Commit

Permalink
Iap iam rework
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <magic-modules@google.com>
  • Loading branch information
slevenick authored and modular-magician committed Aug 30, 2019
1 parent 48060e6 commit b3ef304
Show file tree
Hide file tree
Showing 28 changed files with 2,572 additions and 177 deletions.
3 changes: 3 additions & 0 deletions google-beta/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ type Config struct {
FilestoreBasePath string
FirestoreBasePath string
HealthcareBasePath string
IapBasePath string
KMSBasePath string
LoggingBasePath string
MLEngineBasePath string
Expand Down Expand Up @@ -223,6 +224,7 @@ var DNSDefaultBasePath = "https://www.googleapis.com/dns/v1beta2/"
var FilestoreDefaultBasePath = "https://file.googleapis.com/v1/"
var FirestoreDefaultBasePath = "https://firestore.googleapis.com/v1/"
var HealthcareDefaultBasePath = "https://healthcare.googleapis.com/v1beta1/"
var IapDefaultBasePath = "https://iap.googleapis.com/v1/"
var KMSDefaultBasePath = "https://cloudkms.googleapis.com/v1/"
var LoggingDefaultBasePath = "https://logging.googleapis.com/v2/"
var MLEngineDefaultBasePath = "https://ml.googleapis.com/v1/"
Expand Down Expand Up @@ -708,6 +710,7 @@ func ConfigureBasePaths(c *Config) {
c.FilestoreBasePath = FilestoreDefaultBasePath
c.FirestoreBasePath = FirestoreDefaultBasePath
c.HealthcareBasePath = HealthcareDefaultBasePath
c.IapBasePath = IapDefaultBasePath
c.KMSBasePath = KMSDefaultBasePath
c.LoggingBasePath = LoggingDefaultBasePath
c.MLEngineBasePath = MLEngineDefaultBasePath
Expand Down
77 changes: 77 additions & 0 deletions google-beta/iam.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"log"
"reflect"
"regexp"
"strings"
"time"

Expand Down Expand Up @@ -347,3 +348,79 @@ func compareAuditConfigs(a, b []*cloudresourcemanager.AuditConfig) bool {
bMap := createIamAuditConfigsMap(b)
return reflect.DeepEqual(aMap, bMap)
}

// Parse an import id extracting field values using the given list of regexes.
// They are applied in order. The first in the list is tried first.
// This does not mutate any of the parameters, returning a map of matches
// Similar to parseImportId in import.go, but less import specific
//
// e.g:
// - projects/(?P<project>[^/]+)/regions/(?P<region>[^/]+)/subnetworks/(?P<name>[^/]+) (applied first)
// - (?P<project>[^/]+)/(?P<region>[^/]+)/(?P<name>[^/]+),
// - (?P<name>[^/]+) (applied last)
func getImportIdQualifiers(idRegexes []string, d TerraformResourceData, config *Config, id string) (map[string]string, error) {
for _, idFormat := range idRegexes {
re, err := regexp.Compile(idFormat)

if err != nil {
log.Printf("[DEBUG] Could not compile %s.", idFormat)
return nil, fmt.Errorf("Import is not supported. Invalid regex formats.")
}

if fieldValues := re.FindStringSubmatch(id); fieldValues != nil {
var result map[string]string
result = make(map[string]string)
log.Printf("[DEBUG] matching ID %s to regex %s.", id, idFormat)
// Starting at index 1, the first match is the full string.
for i := 1; i < len(fieldValues); i++ {
fieldName := re.SubexpNames()[i]
fieldValue := fieldValues[i]
result[fieldName] = fieldValue
}

defaults, err := getDefaultValues(idRegexes[0], d, config)
if err != nil {
return nil, err
}

for k, v := range defaults {
if _, ok := result[k]; !ok {
// Set any fields that are defaultable and not specified in import ID
result[k] = v
}
}

return result, nil
}
}
return nil, fmt.Errorf("Import id %q doesn't match any of the accepted formats: %v", d.Id(), idRegexes)
}

// Returns a set of default values that are contained in a regular expression
// This does not mutate any parameters, instead returning a map of defaults
func getDefaultValues(idRegex string, d TerraformResourceData, config *Config) (map[string]string, error) {
var result map[string]string
result = make(map[string]string)
if _, ok := d.GetOk("project"); !ok && strings.Contains(idRegex, "?P<project>") {
project, err := getProject(d, config)
if err != nil {
return nil, err
}
result["project"] = project
}
if _, ok := d.GetOk("region"); !ok && strings.Contains(idRegex, "?P<region>") {
region, err := getRegion(d, config)
if err != nil {
return nil, err
}
result["region"] = region
}
if _, ok := d.GetOk("zone"); !ok && strings.Contains(idRegex, "?P<zone>") {
zone, err := getZone(d, config)
if err != nil {
return nil, err
}
result["zone"] = zone
}
return result, nil
}
165 changes: 165 additions & 0 deletions google-beta/iam_iap_web.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Magic Modules and manual
// changes will be clobbered when the file is regenerated.
//
// Please read more about how to change this file in
// .github/CONTRIBUTING.md.
//
// ----------------------------------------------------------------------------
package google

import (
"fmt"

"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform/helper/schema"
"google.golang.org/api/cloudresourcemanager/v1"
)

var IapWebIamSchema = map[string]*schema.Schema{
"project": {
Type: schema.TypeString,
Computed: true,
Optional: true,
ForceNew: true,
DiffSuppressFunc: compareSelfLinkOrResourceName,
},
}

type IapWebIamUpdater struct {
project string
d *schema.ResourceData
Config *Config
}

func IapWebIamUpdaterProducer(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) {
values := make(map[string]string)

project, err := getProject(d, config)
if err != nil {
return nil, err
}

// While this may be overridden by the "project" value from getImportIdQualifiers below,
// setting project here ensures the value is set even if the value set in config is the short
// name or otherwise doesn't include the project.
values["project"] = project

// We may have gotten either a long or short name, so attempt to parse long name if possible
m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/iap_web", "(?P<project>[^/]+)"}, d, config, d.Get("project").(string))
if err != nil {
return nil, err
}

for k, v := range m {
values[k] = v
}

u := &IapWebIamUpdater{
project: values["project"],
d: d,
Config: config,
}

d.Set("project", u.project)

d.SetId(u.GetResourceId())

return u, nil
}

func IapWebIdParseFunc(d *schema.ResourceData, config *Config) error {
values := make(map[string]string)

project, err := getProject(d, config)
if err != nil {
return err
}

values["project"] = project

m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/iap_web", "(?P<project>[^/]+)"}, d, config, d.Id())
if err != nil {
return err
}

for k, v := range m {
values[k] = v
}

u := &IapWebIamUpdater{
project: values["project"],
d: d,
Config: config,
}
d.Set("project", u.project)
d.SetId(u.GetResourceId())
return nil
}

func (u *IapWebIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
url := u.qualifyWebUrl("getIamPolicy")

project, err := getProject(u.d, u.Config)
if err != nil {
return nil, err
}

policy, err := sendRequest(u.Config, "POST", project, url, nil)
if err != nil {
return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)
}

out := &cloudresourcemanager.Policy{}
err = Convert(policy, out)
if err != nil {
return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err)
}

return out, nil
}

func (u *IapWebIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
json, err := ConvertToMap(policy)
if err != nil {
return err
}

obj := make(map[string]interface{})
obj["policy"] = json

url := u.qualifyWebUrl("setIamPolicy")

project, err := getProject(u.d, u.Config)
if err != nil {
return err
}

_, err = sendRequestWithTimeout(u.Config, "POST", project, url, obj, u.d.Timeout(schema.TimeoutCreate))
if err != nil {
return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
}

return nil
}

func (u *IapWebIamUpdater) qualifyWebUrl(methodIdentifier string) string {
return fmt.Sprintf("https://iap.googleapis.com/v1/%s:%s", fmt.Sprintf("projects/%s/iap_web", u.project), methodIdentifier)
}

func (u *IapWebIamUpdater) GetResourceId() string {
return fmt.Sprintf("projects/%s/iap_web", u.project)
}

func (u *IapWebIamUpdater) GetMutexKey() string {
return fmt.Sprintf("iam-iap-web-%s", u.GetResourceId())
}

func (u *IapWebIamUpdater) DescribeResource() string {
return fmt.Sprintf("iap web %q", u.GetResourceId())
}
Loading

0 comments on commit b3ef304

Please sign in to comment.