Ignore members with "deleted:" prefix in bigquery IAM member#4388
Ignore members with "deleted:" prefix in bigquery IAM member#4388c2thorn merged 2 commits intoGoogleCloudPlatform:masterfrom
Conversation
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=166658" |
| // these types are used as keys in the access JSON payload | ||
| func iamMemberToAccess(member string) (string, string, error) { | ||
| // Remove any occurrence of "deleted:" | ||
| member = strings.TrimPrefix(member, "deleted:") |
There was a problem hiding this comment.
I don't think this is what we want here. This will remove deleted: which will make Terraform believe that the non-deleted member has access when they shouldn't, and cause subsequent updates to try to add back permission to a member that may no longer exist
Can we check for deleted: and then change the switch to read from the correct spot, then return the original member so we don't modify members in here?
There was a problem hiding this comment.
Tried to modify the switch block and send the full member string as the email (deleted:type:email) but got an error from the API.
Instead, I modified the logic to just skip any members with deleted: prefix
There was a problem hiding this comment.
do you receive Error: Provider produced inconsistent result after apply?
|
I have triggered VCR tests in RECORDING mode for the following tests that failed during VCR: TestAccInstanceTemplateDatasource_filter|TestAccInstanceTemplateDatasource_filter_mostRecent|TestAccDataSourceGoogleSubnetwork|TestAccDataSourceStorageBucketObjectContent_Basic|TestAccActiveDirectoryDomainTrust_activeDirectoryDomainTrustBasicExample|TestAccApigeeOrganization_apigeeOrganizationCloudBasicTestExample|TestAccApigeeOrganization_apigeeOrganizationCloudFullTestExample|TestAccContainerCluster_withConfidentialNodes|TestAccContainerCluster_withPrivateClusterConfigMissingCidrBlock You can view the result here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=166661" |
c2thorn
changed the title
|
Tested with the steps provided in hashicorp/terraform-provider-google#7896 (comment) |
|
I have triggered VCR tests based on this PR's diffs. See the results here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=166675" |
|
I have triggered VCR tests in RECORDING mode for the following tests that failed during VCR: TestAccInstanceTemplateDatasource_filter|TestAccInstanceTemplateDatasource_filter_mostRecent|TestAccDataSourceGoogleSubnetwork|TestAccDataSourceStorageBucketObjectContent_Basic|TestAccActiveDirectoryDomainTrust_activeDirectoryDomainTrustBasicExample|TestAccApigeeOrganization_apigeeOrganizationCloudBasicTestExample|TestAccApigeeOrganization_apigeeOrganizationCloudFullTestExample|TestAccContainerCluster_withPrivateClusterConfigMissingCidrBlock You can view the result here: "https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=166690" |
|
@slevenick when you get a chance, I added logic to look for the |
4 participants
Fixes: hashicorp/terraform-provider-google#8132
If this PR is for Terraform, I acknowledge that I have:
make testandmake lintto ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)