Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support IAM policy for the Environment of Apigee X #5270

Merged
merged 18 commits into from
Nov 19, 2021
Merged

Add support IAM policy for the Environment of Apigee X #5270

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
6675fb1
Add support IAM policy for the Environment of Apigee X
xuchenma Oct 3, 2021
f03205f
Merge branch 'GoogleCloudPlatform:master' into master
xuchenma Oct 12, 2021
13f9206
Add support IAM policy for the Environment of Apigee X
xuchenma Oct 3, 2021
88604e6
Add support IAM policy for the Environment of Apigee X
xuchenma Oct 3, 2021
974e3d0
Add support IAM policy for the Environment of Apigee X
xuchenma Oct 3, 2021
a485e31
Merge branch 'GoogleCloudPlatform:master' into master
xuchenma Oct 19, 2021
702d8be
Revert all changes to test files.
xuchenma Oct 19, 2021
c506d87
Revert all changes to test files.
xuchenma Oct 19, 2021
27bca67
Revert all changes to test files.
xuchenma Oct 19, 2021
f4fde55
Add primary_resource_name to fix tests.
xuchenma Oct 19, 2021
e018130
Merge branch 'GoogleCloudPlatform:master' into master
xuchenma Oct 21, 2021
0c4ac42
Update iam_attributes.tf.erb to honor skip_test.
xuchenma Oct 25, 2021
4c435e5
Don't reject skip_tests when example is nil.
xuchenma Oct 27, 2021
eaaba25
Merge branch 'GoogleCloudPlatform:master' into master
xuchenma Oct 28, 2021
68d4249
Update mmv1/products/apigee/api.yaml
xuchenma Nov 5, 2021
1e0499e
Merge branch 'GoogleCloudPlatform:master' into master
xuchenma Nov 5, 2021
602cc27
Merge branch 'GoogleCloudPlatform:master' into master
xuchenma Nov 10, 2021
5586f70
Fix primary_resource_name for apigee organization name.
xuchenma Nov 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions mmv1/products/apigee/api.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,13 @@ objects:
message: 'message'
description: |
An `Environment` in Apigee.
iam_policy: !ruby/object:Api::Resource::IamPolicy
exclude: false
method_name_separator: ':'
parent_resource_attribute: 'env_id'
import_format: ["{{org_id}}/environments/{{name}}", "{{name}}"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This % will indicate that the org_id can contain slashes, which should resolve the problem. (Currently the import_format regex excludes the "organization/" at the start of the org id.)

Suggested change
import_format: ["{{org_id}}/environments/{{name}}", "{{name}}"]
import_format: ["{{%org_id}}/environments/{{name}}", "{{name}}"]

base_url: "{{org_id}}/environments/{{name}}"
self_link: "{{org_id}}/environments/{{name}}"
parameters:
- !ruby/object:Api::Type::String
name: 'orgId'
Expand Down
61 changes: 33 additions & 28 deletions mmv1/products/apigee/terraform.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,35 +18,44 @@ overrides: !ruby/object:Overrides::ResourceOverrides
examples:
- !ruby/object:Provider::Terraform::Examples
name: "apigee_organization_cloud_basic"
skip_test: true
- !ruby/object:Provider::Terraform::Examples
# This is a more verbose version of the above that creates all
# the resources needed for the acceptance test.
name: "apigee_organization_cloud_basic_test"
primary_resource_id: "org"
test_env_vars:
org_id: :ORG_ID
billing_account: :BILLING_ACCT
skip_docs: true
primary_resource_id: "apigee-org"
vars:
network_id: "apigee-network"
network_range_id: "apigee-range"
# Resource creation race
skip_vcr: true
- !ruby/object:Provider::Terraform::Examples
name: "apigee_organization_cloud_full"
primary_resource_id: "apigee-org"
vars:
network_id: "apigee-network"
network_range_id: "apigee-range"
keyring_id: "apigee-keyring"
key_id: "apigee-key"
# While all Apigee resources in this test are in the GA API, we depend
# on a service identity resource which is only available in the beta
# provider.
min_version: beta
# This example is for docs purpose only.
# For test to pass, google-beta-provider needs to be added to all
# resources, and KMS key lifecycle has to be removed. These are set
# in "apigee_organization_cloud_full_test" below.
skip_test: true
- !ruby/object:Provider::Terraform::Examples
# This is a more verbose version of the above that creates all
# the resources needed for the acceptance test. While all Apigee
# resources in this test are in the GA API, we depend on a service
# identity resource which is only available in the beta provider.
name: "apigee_organization_cloud_full_test"
primary_resource_id: "org"
test_env_vars:
org_id: :ORG_ID
billing_account: :BILLING_ACCT
skip_docs: true
primary_resource_id: "apigee-org"
vars:
network_id: "apigee-network"
network_range_id: "apigee-range"
keyring_id: "apigee-keyring"
key_id: "apigee-key"
# While all Apigee resources in this test are in the GA API, we depend
# on a service identity resource which is only available in the beta
# provider.
min_version: beta
# Resource creation race
skip_vcr: true
skip_docs: true
timeouts: !ruby/object:Api::Timeouts
insert_minutes: 10
delete_minutes: 10
Expand Down Expand Up @@ -97,16 +106,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides
examples:
- !ruby/object:Provider::Terraform::Examples
name: "apigee_environment_basic"
skip_test: true
- !ruby/object:Provider::Terraform::Examples
# This is a more verbose version of the above that creates all
# the resources needed for the acceptance test.
name: "apigee_environment_basic_test"
primary_resource_id: "apigee_environment"
test_env_vars:
org_id: :ORG_ID
billing_account: :BILLING_ACCT
skip_docs: true
primary_resource_name: "getTestProjectFromEnv(), fmt.Sprintf(\"tf-test-apigee-env%s\", context[\"random_suffix\"])"
Copy link
Member

@melinath melinath Nov 10, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like this is causing issues; it is causing things like this to be generated:

			{
				ResourceName:      "google_apigee_environment_iam_binding.foo",
				ImportStateId:     fmt.Sprintf("%s/environments/%s roles/viewer", getTestProjectFromEnv(), fmt.Sprintf("tf-test-apigee-env%s", context["random_suffix"])),
				ImportState:       true,
				ImportStateVerify: true,
			},

This results in the import id being set to something like my-project/environments/tf-test-apigee-envasdfklj but it should be organizations/tf-testasdfklj/environments/tf-testasdfklj. I think you could resolve the issue with something like this:

Suggested change
primary_resource_name: "getTestProjectFromEnv(), fmt.Sprintf(\"tf-test-apigee-env%s\", context[\"random_suffix\"])"
primary_resource_name: "fmt.Sprintf(\"organizations/tf-test%s\", context[\"random_suffix\"]), fmt.Sprintf(\"tf-test%s\", context[\"random_suffix\"])"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me know if that helps the tests pass for you locally!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, done! I'm still working with my team to setup the permission for me to run tests locally. We can try and see if the tests pass in your system.

vars:
network_id: "apigee-network"
network_range_id: "apigee-range"
apigee_env_id: "apigee-env"
# Resource creation race
skip_vcr: true
timeouts: !ruby/object:Api::Timeouts
Expand Down
2 changes: 1 addition & 1 deletion mmv1/templates/terraform/encoders/apigee_organization.go.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
obj["name"] = d.Get("project_id").(string)
return obj, nil
return obj, nil
15 changes: 7 additions & 8 deletions mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
data "google_client_config" "current" {}

resource "google_compute_network" "apigee_network" {
name = "apigee-network"
name = "<%= ctx[:vars]['network_id'] %>"
}

resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
name = "<%= ctx[:vars]['network_range_id'] %>"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
Expand All @@ -25,10 +25,9 @@ resource "google_apigee_organization" "apigee_org" {
depends_on = [google_service_networking_connection.apigee_vpc_connection]
}

resource "google_apigee_environment" "env" {
name = "tf-test%{random_suffix}"
description = "Apigee Environment"
displayName = "environment-1"
org_id = google_apigee_organization.apigee_org.id
resource "google_apigee_environment" "<%= ctx[:primary_resource_id] %>" {
name = "<%= ctx[:vars]['apigee_env_id'] %>"
description = "Apigee Environment"
display_name = "environment-1"
org_id = google_apigee_organization.apigee_org.id
}

60 changes: 0 additions & 60 deletions mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb
View file
Open in desktop

This file was deleted.

6 changes: 3 additions & 3 deletions mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
data "google_client_config" "current" {}

resource "google_compute_network" "apigee_network" {
name = "apigee-network"
name = "<%= ctx[:vars]['network_id'] %>"
}

resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
name = "<%= ctx[:vars]['network_range_id'] %>"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
Expand All @@ -18,7 +18,7 @@ resource "google_service_networking_connection" "apigee_vpc_connection" {
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}

resource "google_apigee_organization" "org" {
resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" {
analytics_region = "us-central1"
project_id = data.google_client_config.current.project
authorized_network = google_compute_network.apigee_network.id
Expand Down
53 changes: 0 additions & 53 deletions mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb
View file
Open in desktop

This file was deleted.

17 changes: 9 additions & 8 deletions mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
data "google_client_config" "current" {}

resource "google_compute_network" "apigee_network" {
name = "apigee-network"
name = "<%= ctx[:vars]['network_id'] %>"
}

resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
name = "<%= ctx[:vars]['network_range_id'] %>"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
Expand All @@ -19,12 +19,12 @@ resource "google_service_networking_connection" "apigee_vpc_connection" {
}

resource "google_kms_key_ring" "apigee_keyring" {
name = "apigee-keyring"
name = "<%= ctx[:vars]['keyring_id'] %>"
location = "us-central1"
}

resource "google_kms_crypto_key" "apigee_key" {
name = "apigee-key"
name = "<%= ctx[:vars]['key_id'] %>"
key_ring = google_kms_key_ring.apigee_keyring.id

lifecycle {
Expand All @@ -34,8 +34,9 @@ resource "google_kms_crypto_key" "apigee_key" {

resource "google_project_service_identity" "apigee_sa" {
provider = google-beta
project = google_project.project.project_id
service = google_project_service.apigee.service

project = data.google_client_config.current.project
service = "apigee.googleapis.com"
}

resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
Expand All @@ -47,7 +48,7 @@ resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
]
}

resource "google_apigee_organization" "org" {
resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" {
analytics_region = "us-central1"
display_name = "apigee-org"
description = "Terraform-provisioned Apigee Org."
Expand All @@ -59,4 +60,4 @@ resource "google_apigee_organization" "org" {
google_service_networking_connection.apigee_vpc_connection,
google_kms_crypto_key_iam_binding.apigee_sa_keyuser,
]
}
}
Loading