search

GoogleCloudPlatform / terraform-validator

Terraform Validator is not an officially supported Google product; it is a library for conversion of Terraform plan data to CAI Assets. If you have been using terraform-validator directly in the past, we recommend migrating to `gcloud beta terraform vet`.
https://cloud.google.com/docs/terraform/policy-validation
Apache License 2.0
439 stars 95 forks source link

ancestry_path is deprecated; use ancestors #105

Open yukinying opened 4 years ago

yukinying commented 4 years ago

https://github.com/forseti-security/config-validator/blob/87b4ae546420814b2a6766a1b4569278f5e1627e/api/validator.proto#L44 

  // Ancestor list as returned by CAI (added sometime around Oct 2019)
  repeated string ancestors = 6;

I have also verified that CAI now do not return ancestry_path. Instead it returns ancestors, which is a list of strings instead of a single string. For example,

        "ancestors": [
            "folders/12345",
            "organizations/67890"
        ]

I think this will make the logic on generating ancestry be easier.

melinath commented 2 years ago

It looks like config-validator uses ancestry_path internally and converts "ancestors" to a path if it's provided - however, I think this would make the expected structure more clear to users and it would be easier to change now than later.