chore: Added description for custom role at org and project level (te…

…rraform-google-modules#100) * Added custom_role submodule * Changed count for org level custom role resource * Addressing PR comments * Addressing PR comments, added org example and integration test * Added Org Role Admin permission to project SA in test/setup. * Addressing PR comments * Fixed integration tests and lint issues * Added random bit for role_id for org level custom role * Added registry in README * Setting description default * Fixed README for module * Added description variable for custom role and test Co-authored-by: Kunal Kumar Gupta <kunalkgupta@kunalkgupta-macbookpro3.roam.corp.google.com>
chrisghill · Mar 25, 2020 · 25367f4 · 25367f4
1 parent 68e7f91
commit 25367f4
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 0 deletions.
diff --git a/examples/custom_role_org/main.tf b/examples/custom_role_org/main.tf
@@ -39,4 +39,5 @@ module "custom-roles-org" {
   target_id    = var.org_id
   role_id      = "iamDeleter_${random_id.rand_custom_id.hex}"
   permissions  = ["iam.roles.list", "iam.roles.delete"]
+  description  = "This is an organization level custom role."
 }
diff --git a/examples/custom_role_project/main.tf b/examples/custom_role_project/main.tf
@@ -35,4 +35,5 @@ module "custom-role-project" {
   target_id    = var.project_id
   role_id      = "iamDeleter"
   permissions  = ["iam.roles.list", "iam.roles.delete"]
+  description  = "This is a project level custom role."
 }
diff --git a/modules/custom_role_iam/main.tf b/modules/custom_role_iam/main.tf
@@ -27,6 +27,7 @@ resource "google_organization_iam_custom_role" "org-custom-role" {
   org_id      = var.target_id
   role_id     = var.role_id
   title       = var.title == "" ? var.role_id : var.title
+  description = var.description
   permissions = var.permissions
 }
 
@@ -39,5 +40,6 @@ resource "google_project_iam_custom_role" "project-custom-role" {
   project     = var.target_id
   role_id     = var.role_id
   title       = var.title == "" ? var.role_id : var.title
+  description = var.description
   permissions = var.permissions
 }
diff --git a/test/integration/custom-role/controls/custom-role.rb b/test/integration/custom-role/controls/custom-role.rb
@@ -36,6 +36,7 @@
 
         describe "custom_role" do
             it "have role" do
+                expect(data["description"]).to include("This is a project level custom role.")
                 expect(data["includedPermissions"]).to include("iam.roles.list")
                 expect(data["includedPermissions"]).to include("iam.roles.delete")
             end
@@ -56,6 +57,7 @@
 
         describe "custom_role" do
             it "have role" do
+                expect(data["description"]).to include("This is an organization level custom role.")
                 expect(data["includedPermissions"]).to include("iam.roles.list")
                 expect(data["includedPermissions"]).to include("iam.roles.delete")
             end