From 25367f4bc24796ee702a4e58610671d318cd8a71 Mon Sep 17 00:00:00 2001 From: Kunal Kumar Gupta Date: Wed, 25 Mar 2020 12:31:35 -0500 Subject: [PATCH] chore: Added description for custom role at org and project level (#100) * Added custom_role submodule * Changed count for org level custom role resource * Addressing PR comments * Addressing PR comments, added org example and integration test * Added Org Role Admin permission to project SA in test/setup. * Addressing PR comments * Fixed integration tests and lint issues * Added random bit for role_id for org level custom role * Added registry in README * Setting description default * Fixed README for module * Added description variable for custom role and test Co-authored-by: Kunal Kumar Gupta --- examples/custom_role_org/main.tf | 1 + examples/custom_role_project/main.tf | 1 + modules/custom_role_iam/main.tf | 2 ++ test/integration/custom-role/controls/custom-role.rb | 2 ++ 4 files changed, 6 insertions(+) diff --git a/examples/custom_role_org/main.tf b/examples/custom_role_org/main.tf index bfc9b66b..900717c6 100644 --- a/examples/custom_role_org/main.tf +++ b/examples/custom_role_org/main.tf @@ -39,4 +39,5 @@ module "custom-roles-org" { target_id = var.org_id role_id = "iamDeleter_${random_id.rand_custom_id.hex}" permissions = ["iam.roles.list", "iam.roles.delete"] + description = "This is an organization level custom role." } diff --git a/examples/custom_role_project/main.tf b/examples/custom_role_project/main.tf index 69bd1a94..d6692649 100644 --- a/examples/custom_role_project/main.tf +++ b/examples/custom_role_project/main.tf @@ -35,4 +35,5 @@ module "custom-role-project" { target_id = var.project_id role_id = "iamDeleter" permissions = ["iam.roles.list", "iam.roles.delete"] + description = "This is a project level custom role." } diff --git a/modules/custom_role_iam/main.tf b/modules/custom_role_iam/main.tf index 34e59399..8203d54d 100644 --- a/modules/custom_role_iam/main.tf +++ b/modules/custom_role_iam/main.tf @@ -27,6 +27,7 @@ resource "google_organization_iam_custom_role" "org-custom-role" { org_id = var.target_id role_id = var.role_id title = var.title == "" ? var.role_id : var.title + description = var.description permissions = var.permissions } @@ -39,5 +40,6 @@ resource "google_project_iam_custom_role" "project-custom-role" { project = var.target_id role_id = var.role_id title = var.title == "" ? var.role_id : var.title + description = var.description permissions = var.permissions } diff --git a/test/integration/custom-role/controls/custom-role.rb b/test/integration/custom-role/controls/custom-role.rb index 352dfcfc..a2610336 100644 --- a/test/integration/custom-role/controls/custom-role.rb +++ b/test/integration/custom-role/controls/custom-role.rb @@ -36,6 +36,7 @@ describe "custom_role" do it "have role" do + expect(data["description"]).to include("This is a project level custom role.") expect(data["includedPermissions"]).to include("iam.roles.list") expect(data["includedPermissions"]).to include("iam.roles.delete") end @@ -56,6 +57,7 @@ describe "custom_role" do it "have role" do + expect(data["description"]).to include("This is an organization level custom role.") expect(data["includedPermissions"]).to include("iam.roles.list") expect(data["includedPermissions"]).to include("iam.roles.delete") end