Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add warnings about custom role format for IAM bindings #2937

Merged
merged 3 commits into from
Jan 8, 2020
Merged

Add warnings about custom role format for IAM bindings #2937

merged 3 commits into from
Jan 8, 2020

Conversation

emilymye
Copy link
Contributor

@emilymye emilymye commented Jan 8, 2020

Related to hashicorp/terraform-provider-google#5250

IAM bindings allow for empty members - this means we need to support import/read for IAM bindings that do not actually exist in the Policy. However, we can't tell this apart from a user specifying the wrong role, which will cause the import to succeed but an subsequent apply to create the binding.

Given the above expected but weird behavior, this PR:

  • adds a note to IAM docs to prevent confusion in the case of custom roles
  • adds a warning to log output when we read in a non-existing binding as having no members

@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
I see that this PR has already had some downstream PRs generated. Any open downstreams are already updated to your most recent commit, 8fbcd96.

Pull request statuses

No diff detected in terraform-google-conversion.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed.
depends: hashicorp/terraform-provider-google-beta#1600
depends: hashicorp/terraform-provider-google#5335

emilymye and others added 3 commits January 8, 2020 20:45
@emilymye @modular-magician
add note about custom role to iam binding/member docs
fb9039c
@emilymye @modular-magician
add warning to IAM binding read
8f1972d
@modular-magician
Update tracked submodules -> HEAD on Wed Jan 8 20:45:59 UTC 2020
b860fea 
Tracked submodules are build/terraform-beta build/terraform-mapper build/terraform build/ansible build/inspec.
@modular-magician modular-magician merged commit 02510f2 into GoogleCloudPlatform:master Jan 8, 2020
This was referenced Jan 8, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisst chrisst chrisst approved these changes

@slevenick slevenick Awaiting requested review from slevenick

Assignees
No one assigned
Labels
automerged cla: yes downstream-generated terraform-provider-google terraform-provider-google-beta
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@emilymye @modular-magician @chrisst @googlebot