search

tdesrosi / gcp-terraform-config-validator

If you're looking to use Cloud Asset Manager to validate your GCP environment, see https://github.com/GoogleCloudPlatform/config-validator. This repository is a rebuild in the same style (using Gatekeeper operation methodoloy) to validate attempted resource changes via terraform.
Apache License 2.0
0 stars 0 forks source link

Bolster unit testing for iam_allowed_bindings #1

Open tdesrosi opened 1 year ago

tdesrosi commented 1 year ago

Current testing suites are a minimal suite for rapid development. New tests need to be created/added for a production run.

tdesrosi commented 1 year ago

From documentation - hashicorp/google provider:

Warning: You must specify the role field using the legacy format OWNER instead of roles/bigquery.dataOwner. The API does accept both formats but it will always return the legacy format which results in Terraform showing permanent diff on each plan and apply operation.

This is for google_bigquery_dataset_access: Legacy format must be specified for the "role" field, while CAI uses modern terminology (ie. roles/owner). See how to remedy this in rego, although it's not time sensitive (no projects use this functionality yet)