Merge pull request #790 from GoogleCloudPlatform/lcaggio/group-factory
Cloud Identity Group factory
This commit is contained in:
commit
3278014c8d
|
@ -38,6 +38,7 @@ If needed, converting factories to consume JSON is a matter of switching from `y
|
||||||
|
|
||||||
### Dedicated Factories
|
### Dedicated Factories
|
||||||
|
|
||||||
|
- [cloud-identity-group-factory](cloud-identity-group-factory/README.md) for Cloud Identity group
|
||||||
- [net-vpc-firewall-yaml](net-vpc-firewall-yaml/README.md) for VPC firewall rules across different projects/VPCs
|
- [net-vpc-firewall-yaml](net-vpc-firewall-yaml/README.md) for VPC firewall rules across different projects/VPCs
|
||||||
- [project-factory](project-factory/README.md) for projects
|
- [project-factory](project-factory/README.md) for projects
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,59 @@
|
||||||
|
# Google Cloud Identity Group Factory
|
||||||
|
|
||||||
|
This module allows creation and management of Cloud Identity Groups by defining them in well formatted `yaml` files.
|
||||||
|
|
||||||
|
Yaml abstraction for Groups can simplify groups creation and members management. Yaml can be simpler and clearer comparing to HCL.
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
### Terraform code
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "prod-firewall" {
|
||||||
|
source = "./examples/factories/cloud-identity-group-factory"
|
||||||
|
|
||||||
|
customer_id = "customers/C0xxxxxxx"
|
||||||
|
data_dir = "data"
|
||||||
|
}
|
||||||
|
# tftest skip
|
||||||
|
```
|
||||||
|
|
||||||
|
### Configuration Structure
|
||||||
|
Groups configuration should be placed in a set of yaml files. The name of the file identify the name of the group.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
├── data
|
||||||
|
├── group1@domain.com.yaml
|
||||||
|
├── group2@domain.com.yaml
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
### Group definition format and structure
|
||||||
|
|
||||||
|
Within each file, the group entry structure is following:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
display_name: Group 1 # Group display name.
|
||||||
|
description: Group 1 description # Group description.
|
||||||
|
members: # List of group members.
|
||||||
|
- user_1@example.com
|
||||||
|
- user_2@example.com
|
||||||
|
managers: # List of group managers.
|
||||||
|
- manager_1@example.com
|
||||||
|
```
|
||||||
|
<!-- BEGIN TFDOC -->
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| name | description | type | required | default |
|
||||||
|
|---|---|:---:|:---:|:---:|
|
||||||
|
| [customer_id](variables.tf#L17) | Directory customer ID in the form customers/C0xxxxxxx. | <code>string</code> | ✓ | |
|
||||||
|
| [data_dir](variables.tf#L22) | Relative path for the folder storing configuration data. | <code>string</code> | ✓ | |
|
||||||
|
|
||||||
|
## Outputs
|
||||||
|
|
||||||
|
| name | description | sensitive |
|
||||||
|
|---|---|:---:|
|
||||||
|
| [group_id](outputs.tf#L17) | Group name => Group ID mapping. | |
|
||||||
|
|
||||||
|
<!-- END TFDOC -->
|
|
@ -0,0 +1,33 @@
|
||||||
|
/**
|
||||||
|
* Copyright 2022 Google LLC
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
locals {
|
||||||
|
groups = {
|
||||||
|
for f in fileset("${var.data_dir}", "**/*.yaml") :
|
||||||
|
trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module "group" {
|
||||||
|
source = "../../../modules/cloud-identity-group"
|
||||||
|
for_each = local.groups
|
||||||
|
customer_id = var.customer_id
|
||||||
|
name = each.key
|
||||||
|
display_name = try(each.value.display_name, null)
|
||||||
|
description = try(each.value.description, null)
|
||||||
|
members = try(each.value.members, [])
|
||||||
|
managers = try(each.value.managers, [])
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
/**
|
||||||
|
* Copyright 2022 Google LLC
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
output "group_id" {
|
||||||
|
description = "Group name => Group ID mapping."
|
||||||
|
value = {
|
||||||
|
for k in module.group :
|
||||||
|
k.name => k.id
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
/**
|
||||||
|
* Copyright 2022 Google LLC
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
variable "customer_id" {
|
||||||
|
description = "Directory customer ID in the form customers/C0xxxxxxx."
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "data_dir" {
|
||||||
|
description = "Relative path for the folder storing configuration data."
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
# Copyright 2022 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
|
@ -0,0 +1,8 @@
|
||||||
|
# skip boilerplate check
|
||||||
|
|
||||||
|
display_name: Group 1
|
||||||
|
description: Group 1
|
||||||
|
members:
|
||||||
|
- user1@example.com
|
||||||
|
managers:
|
||||||
|
- user2@example.com
|
|
@ -0,0 +1,21 @@
|
||||||
|
/**
|
||||||
|
* Copyright 2022 Google LLC
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
module "test" {
|
||||||
|
source = "../../../../../examples/factories/cloud-identity-group-factory/"
|
||||||
|
customer_id = "customers/C01234567"
|
||||||
|
data_dir = "data"
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
# Copyright 2022 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
def test_resources(e2e_plan_runner):
|
||||||
|
"Test that plan works and the numbers of resources is as expected."
|
||||||
|
modules, resources = e2e_plan_runner()
|
||||||
|
assert len(modules) == 1
|
||||||
|
assert len(resources) == 3
|
Loading…
Reference in New Issue