github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/google/data_source_google_iam_policy.go

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/google/data_source_google_iam_policy.go (about)

     1  package google
     2  
     3  import (
     4  	"encoding/json"
     5  	"strconv"
     6  
     7  	"github.com/hashicorp/terraform/helper/hashcode"
     8  	"github.com/hashicorp/terraform/helper/schema"
     9  	"google.golang.org/api/cloudresourcemanager/v1"
    10  )
    11  
    12  var iamBinding *schema.Schema = &schema.Schema{
    13  	Type:     schema.TypeSet,
    14  	Required: true,
    15  	Elem: &schema.Resource{
    16  		Schema: map[string]*schema.Schema{
    17  			"role": {
    18  				Type:     schema.TypeString,
    19  				Required: true,
    20  			},
    21  			"members": {
    22  				Type:     schema.TypeSet,
    23  				Required: true,
    24  				Elem:     &schema.Schema{Type: schema.TypeString},
    25  				Set:      schema.HashString,
    26  			},
    27  		},
    28  	},
    29  }
    30  
    31  // dataSourceGoogleIamPolicy returns a *schema.Resource that allows a customer
    32  // to express a Google Cloud IAM policy in a data resource. This is an example
    33  // of how the schema would be used in a config:
    34  //
    35  // data "google_iam_policy" "admin" {
    36  //   binding {
    37  //     role = "roles/storage.objectViewer"
    38  //     members = [
    39  //       "user:evanbrown@google.com",
    40  //     ]
    41  //   }
    42  // }
    43  func dataSourceGoogleIamPolicy() *schema.Resource {
    44  	return &schema.Resource{
    45  		Read: dataSourceGoogleIamPolicyRead,
    46  		Schema: map[string]*schema.Schema{
    47  			"binding": iamBinding,
    48  			"policy_data": {
    49  				Type:     schema.TypeString,
    50  				Computed: true,
    51  			},
    52  		},
    53  	}
    54  }
    55  
    56  // dataSourceGoogleIamPolicyRead reads a data source from config and writes it
    57  // to state.
    58  func dataSourceGoogleIamPolicyRead(d *schema.ResourceData, meta interface{}) error {
    59  	var policy cloudresourcemanager.Policy
    60  	var bindings []*cloudresourcemanager.Binding
    61  
    62  	// The schema supports multiple binding{} blocks
    63  	bset := d.Get("binding").(*schema.Set)
    64  
    65  	// All binding{} blocks will be converted and stored in an array
    66  	bindings = make([]*cloudresourcemanager.Binding, bset.Len())
    67  	policy.Bindings = bindings
    68  
    69  	// Convert each config binding into a cloudresourcemanager.Binding
    70  	for i, v := range bset.List() {
    71  		binding := v.(map[string]interface{})
    72  		policy.Bindings[i] = &cloudresourcemanager.Binding{
    73  			Role:    binding["role"].(string),
    74  			Members: dataSourceGoogleIamPolicyMembers(binding["members"].(*schema.Set)),
    75  		}
    76  	}
    77  
    78  	// Marshal cloudresourcemanager.Policy to JSON suitable for storing in state
    79  	pjson, err := json.Marshal(&policy)
    80  	if err != nil {
    81  		// should never happen if the above code is correct
    82  		return err
    83  	}
    84  	pstring := string(pjson)
    85  
    86  	d.Set("policy_data", pstring)
    87  	d.SetId(strconv.Itoa(hashcode.String(pstring)))
    88  
    89  	return nil
    90  }
    91  
    92  // dataSourceGoogleIamPolicyMembers converts a set of members in a binding
    93  // (a member is a principal, usually an e-mail address) into an array of
    94  // string.
    95  func dataSourceGoogleIamPolicyMembers(d *schema.Set) []string {
    96  	var members []string
    97  	members = make([]string, d.Len())
    98  
    99  	for i, v := range d.List() {
   100  		members[i] = v.(string)
   101  	}
   102  	return members
   103  }