From 0d17007c9d93808a9ecb3273008b9f398965f01e Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 6 Nov 2020 08:18:57 +0100 Subject: [PATCH] new iam variable in endpoints module --- modules/endpoints/README.md | 13 +++---- modules/endpoints/main.tf | 2 +- modules/endpoints/variables.tf | 7 ++-- tests/modules/endpoints/__init__.py | 13 +++++++ tests/modules/endpoints/fixture/main.tf | 25 +++++++++++++ tests/modules/endpoints/fixture/openapi.yaml | 13 +++++++ tests/modules/endpoints/fixture/variables.tf | 20 ++++++++++ tests/modules/endpoints/test_plan.py | 39 ++++++++++++++++++++ 8 files changed, 121 insertions(+), 11 deletions(-) create mode 100644 tests/modules/endpoints/__init__.py create mode 100644 tests/modules/endpoints/fixture/main.tf create mode 100644 tests/modules/endpoints/fixture/openapi.yaml create mode 100644 tests/modules/endpoints/fixture/variables.tf create mode 100644 tests/modules/endpoints/test_plan.py diff --git a/modules/endpoints/README.md b/modules/endpoints/README.md index adb98de55..6706c9441 100644 --- a/modules/endpoints/README.md +++ b/modules/endpoints/README.md @@ -1,6 +1,6 @@ # Google Cloud Endpoints -This module allows simple management of ['Google Cloud Endpoints'](https://cloud.google.com/endpoints/) services. It supports creating ['OpenAPI'](https://cloud.google.com/endpoints/docs/openapi) or ['gRPC'](https://cloud.google.com/endpoints/docs/grpc/about-grpc) endpoints. +This module allows simple management of ['Google Cloud Endpoints'](https://cloud.google.com/endpoints/) services. It supports creating ['OpenAPI'](https://cloud.google.com/endpoints/docs/openapi) or ['gRPC'](https://cloud.google.com/endpoints/docs/grpc/about-grpc) endpoints. ## Examples @@ -12,24 +12,23 @@ module "endpoint" { project_id = "my-project" service_name = "YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog" openapi_config = { "yaml_path" = "openapi.yaml" } - grpc_config = null - iam_members = { - "servicemanagement.serviceController" = ["serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com"] + iam = { + "servicemanagement.serviceController" = ["serviceAccount:123456890-compute@developer.gserviceaccount.com"] } } ``` -[Here](https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/endpoints/getting-started/openapi.yaml) you can find an example of an openapi.yaml file. Once created the endpoint, remember to activate the service at project level. +[Here](https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/endpoints/getting-started/openapi.yaml) you can find an example of an openapi.yaml file. Once created the endpoint, remember to activate the service at project level. ## Variables | name | description | type | required | default | |---|---|:---: |:---:|:---:| -| grpc_config | The configuration for a gRPC enpoint. Either this or openapi_config must be specified. | object({...}) | ✓ | | | openapi_config | The configuration for an OpenAPI endopoint. Either this or grpc_config must be specified. | object({...}) | ✓ | | | service_name | The name of the service. Usually of the form '$apiname.endpoints.$projectid.cloud.goog'. | string | ✓ | | -| *iam_members* | Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved. | map(set(string)) | | {} | +| *grpc_config* | The configuration for a gRPC enpoint. Either this or openapi_config must be specified. | object({...}) | | null | +| *iam* | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | *project_id* | The project ID that the service belongs to. | string | | null | ## Outputs diff --git a/modules/endpoints/main.tf b/modules/endpoints/main.tf index 872b7107a..782e61ff2 100644 --- a/modules/endpoints/main.tf +++ b/modules/endpoints/main.tf @@ -23,7 +23,7 @@ resource "google_endpoints_service" "default" { } resource "google_endpoints_service_iam_binding" "default" { - for_each = var.iam_members + for_each = var.iam service_name = google_endpoints_service.default.service_name role = each.key members = each.value diff --git a/modules/endpoints/variables.tf b/modules/endpoints/variables.tf index acf23401c..1d9286f7b 100644 --- a/modules/endpoints/variables.tf +++ b/modules/endpoints/variables.tf @@ -20,12 +20,13 @@ variable "grpc_config" { yaml_path = string protoc_output_path = string }) + default = null } -variable "iam_members" { - description = "Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved." - type = map(set(string)) +variable "iam" { + description = "IAM bindings for topic in {ROLE => [MEMBERS]} format." + type = map(list(string)) default = {} } diff --git a/tests/modules/endpoints/__init__.py b/tests/modules/endpoints/__init__.py new file mode 100644 index 000000000..6913f02e3 --- /dev/null +++ b/tests/modules/endpoints/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/modules/endpoints/fixture/main.tf b/tests/modules/endpoints/fixture/main.tf new file mode 100644 index 000000000..375fc7bdc --- /dev/null +++ b/tests/modules/endpoints/fixture/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "test" { + source = "../../../../modules/endpoints" + project_id = "my-project" + service_name = var.service_name + openapi_config = { "yaml_path" = "openapi.yaml" } + iam = { + "roles/servicemanagement.serviceController" = ["user:me@example.com"] + } +} diff --git a/tests/modules/endpoints/fixture/openapi.yaml b/tests/modules/endpoints/fixture/openapi.yaml new file mode 100644 index 000000000..6913f02e3 --- /dev/null +++ b/tests/modules/endpoints/fixture/openapi.yaml @@ -0,0 +1,13 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/modules/endpoints/fixture/variables.tf b/tests/modules/endpoints/fixture/variables.tf new file mode 100644 index 000000000..40ffe31ae --- /dev/null +++ b/tests/modules/endpoints/fixture/variables.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "service_name" { + type = string + default = "foo.endpoints.test.cloud.goog" +} diff --git a/tests/modules/endpoints/test_plan.py b/tests/modules/endpoints/test_plan.py new file mode 100644 index 000000000..84bcda7b4 --- /dev/null +++ b/tests/modules/endpoints/test_plan.py @@ -0,0 +1,39 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import os +import pytest + + +FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture') + + +@pytest.fixture +def resources(plan_runner): + _, resources = plan_runner(FIXTURES_DIR) + return resources + + +def test_resource_count(resources): + "Test number of resources created." + assert len(resources) == 2 + + +def test_iam(resources): + "Test IAM binding resources." + bindings = [r['values'] for r in resources if r['type'] + == 'google_endpoints_service_iam_binding'] + assert len(bindings) == 1 + assert bindings[0]['role'] == 'roles/servicemanagement.serviceController'