IAM interface refactor (#1595)

* IAM modules refactor proposal * policy * subheading * Update 20230816-iam-refactor.md * log Julio's +1 * data-catalog-policy-tag * dataproc * dataproc * folder * folder * folder * folder * project * better filtering in test examples * project * folder * folder * organization * fix variable descriptions * kms * net-vpc * dataplex-datascan * modules/iam-service-account * modules/source-repository/ * blueprints/cloud-operations/vm-migration/ * blueprints/third-party-solutions/wordpress * dataplex-datascan * blueprints/cloud-operations/workload-identity-federation * blueprints/data-solutions/cloudsql-multiregion/ * blueprints/data-solutions/composer-2 * Update 20230816-iam-refactor.md * Update 20230816-iam-refactor.md * capture discussion in architectural doc * update variable names and refactor proposal * project * blueprints first round * folder * organization * data-catalog-policy-tag * re-enable folder inventory * project module style fix * dataproc * source-repository * source-repository tests * dataplex-datascan * dataplex-datascan tests * net-vpc * net-vpc test examples * iam-service-account * iam-service-account test examples * kms * boilerplate * tfdoc * fix module tests * more blueprint fixes * fix typo in data blueprints * incomplete refactor of data platform foundations * tfdoc * data platform foundation * refactor data platform foundation iam locals * remove redundant example test * shielded folder fix * fix typo * project factory * project factory outputs * tfdoc * test workflow: less verbose tests, fix tf version * re-enable -vv, shorter traceback, fix action version * ignore github extension warning, re-enable action version * fast bootstrap IAM, untested * bootstrap stage IAM fixes * stage 0 tests * fast stage 1 * tenant stage 1 * minor changes to fast stage 0 and 1 * fast security stage * fast mt stage 0 * fast mt stage 0 * fast pf
2023-08-20 09:44:20 +02:00
parent 6eeba5e599
commit 819894d2ba
154 changed files with 3273 additions and 3773 deletions
--- a/tests/modules/organization/examples/basic.yaml
+++ b/tests/modules/organization/examples/basic.yaml
@@ -166,17 +166,7 @@ values:
    - group:cloud-admins@example.org
    org_id: '1234567890'
    role: roles/resourcemanager.projectCreator
-  module.org.google_organization_iam_member.additive["roles/compute.admin-user:compute@example.org"]:
-    condition: []
-    member: user:compute@example.org
-    org_id: '1234567890'
-    role: roles/compute.admin
-  module.org.google_organization_iam_member.additive["roles/container.viewer-user:compute@example.org"]:
-    condition: []
-    member: user:compute@example.org
-    org_id: '1234567890'
-    role: roles/container.viewer
-  module.org.google_organization_iam_member.members["am1-storage-admin"]:
+  module.org.google_organization_iam_member.bindings["am1-storage-admin"]:
    condition: []
    member: user:am1@example.org
    org_id: '1234567890'
@@ -200,10 +190,10 @@ values:
 counts:
  google_org_policy_policy: 8
  google_organization_iam_binding: 3
-  google_organization_iam_member: 3
+  google_organization_iam_member: 1
  google_tags_tag_key: 1
  google_tags_tag_value: 2
  modules: 1
-  resources: 17
+  resources: 15

 outputs: {}
--- a/tests/modules/organization/examples/iam-policy.yaml
+++ b/tests/modules/organization/examples/iam-policy.yaml
@@ -1,23 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  module.org.google_organization_iam_policy.authoritative[0]:
-    org_id: '1122334455'
-    policy_data: '{"auditConfigs":[{"auditLogConfigs":[{"exemptedMembers":["group:organization-admins@example.org"],"logType":"ADMIN_READ"}],"service":"allServices"},{"auditLogConfigs":[{"logType":"DATA_WRITE"},{"logType":"DATA_READ"}],"service":"storage.googleapis.com"}],"bindings":[{"members":["group:org-admins@example.com"],"role":"roles/owner"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.folderAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.organizationAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.projectCreator"}]}'
-
-counts:
-  google_organization_iam_policy: 1
-  modules: 1
-  resources: 1
--- a/tests/modules/organization/test_plan_org_policies_modules.py
+++ b/tests/modules/organization/test_plan_org_policies_modules.py
@@ -57,9 +57,9 @@ def test_policy_implementation():
      '@@ -116,0 +117,9 @@\n',
      '+  depends_on = [\n',
      '+    google_organization_iam_binding.authoritative,\n',
+      '+    google_organization_iam_binding.bindings,\n',
+      '+    google_organization_iam_member.bindings,\n',
      '+    google_organization_iam_custom_role.roles,\n',
-      '+    google_organization_iam_member.additive,\n',
-      '+    google_organization_iam_policy.authoritative,\n',
      '+    google_org_policy_custom_constraint.constraint,\n',
      '+    google_tags_tag_key.default,\n',
      '+    google_tags_tag_value.default,\n',