fix(bigquery_dataset): fixed handling of non-legacy roles for access … #14569
Conversation
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 17 Click here to see the affected service packages
View the build log |
sachinpro
force-pushed
the
fix_dataset_non_legacy_roles
branch
from
a57930b to
319e962
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 69 Click here to see the affected service packages
Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
sachinpro
force-pushed
the
fix_dataset_non_legacy_roles
branch
from
319e962 to
62042a2
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 83 Click here to see the affected service packages
Found 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
Hello! I am a robot. Tests will require approval from a repository maintainer to run. Googlers: For automatic test runs see go/terraform-auto-test-runs. @melinath, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look. You can help make sure that review is quick by doing a self-review and by running impacted tests locally. |
@BBBmau, I am not sure why this is failing. |
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
| @@ -10,7 +10,7 @@ resource "google_bigquery_dataset" "{{$.PrimaryResourceId}}" { | |||
| } | |||
|
|
|||
| access { | |||
There was a problem hiding this comment.
In the documentation we can advertise the user to use the new role syntax. In the test at least, we should keep the old case and add a new test for the new role so we have both to prevent regression. We also want to make sure the case in hashicorp/terraform-provider-google#8370 (comment) is tested and handled.
There was a problem hiding this comment.
In the documentation we can advertise the user to use the new role syntax.
It is not shown in the diff but this test validates both cases:
access {
role = "roles/bigquery.dataOwner"
user_by_email = google_service_account.bqowner.email
}
access {
role = "READER"
domain = "hashicorp.com"
}
This test is reflected in the documentation showing both ways to specify role.
Do you still think we need another test?
We also want to make sure the case in hashicorp/terraform-provider-google#8370 (comment) is tested and handled.
Let me check this. I don't think it is an issue anymore.
There was a problem hiding this comment.
If the test covers both legacy and new syntax then it should be sufficient.
There was a problem hiding this comment.
We also want to make sure the case in hashicorp/terraform-provider-google#8370 (comment) is tested and handled.
I couldn't reproduce this by adding access blocks with group_by_email and special_group:
access {
role = "READER"
group_by_email = "[email protected]"
}
access {
role = "READER"
special_group = "projectWriters"
}
I did find one issue with case sensitivity though, which is there on main and this branch. Updating this line to domain = "hashicorp.coM"(for example) will give this error:
| # google_bigquery_dataset.dataset will be updated in-place
| ~ resource "google_bigquery_dataset" "dataset" {
| id = "<redacted>"
| # (18 unchanged attributes hidden)
|
| - access {
| - role = "OWNER" -> null
| - user_by_email = "<redacted>" -> null
| }
| - access {
| - domain = "hashicorp.com" -> null
| - role = "READER" -> null
| }
| + access {
| + domain = "hashicorp.coM"
| + role = "READER"
| }
| + access {
| + role = "OWNER"
| + user_by_email = "<redacted>"
| }
| }
Case sensitivity doesn't seem to cause error in that comment though.
There was a problem hiding this comment.
Thanks for testing. The case permadiff sounds related to hashicorp/terraform-provider-google#21928. I added this observation in the tracking issue and we can track and fix that separately.
@wj-chen The DiffSuppressFunc on a field within a set element doesn't work because Terraform hashes the entire element to see if it has changed. Since "OWNER" and "roles/bigquery.dataOwner" are different strings, they produce different hashes, and Terraform sees one access block being removed and another being added, rather than an in-place change. I can make the change if there is a better way to handle this. |
Could you check if it's related to the test added in #14483? Error message: So looks like our table column drop logic still tried to run on the partition column, and it happened after the connection resource was deleted to cause the failure. Let's prioritize fixing this. |
|
@BBBmau This PR has been waiting for review for 3 weekdays. Please take a look! Use the label |
|
@GoogleCloudPlatform/terraform-team @BBBmau This PR has been waiting for review for 1 week. Please take a look! Use the label |
This approach LGTM. |
sachinpro
force-pushed
the
fix_dataset_non_legacy_roles
branch
from
62042a2 to
63af990
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 137 Click here to see the affected service packages
Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
@GoogleCloudPlatform/terraform-team @BBBmau This PR has been waiting for review for 2 weeks. Please take a look! Use the label |
|
@modular-magician reassign-reviewer |
github-actions
bot
requested review from
melinath
and removed request for
BBBmau
sachinpro
force-pushed
the
fix_dataset_non_legacy_roles
branch
from
63af990 to
4bc4d81
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 137 Click here to see the affected service packages
Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
…block inside bigquery_dataset resource
sachinpro
force-pushed
the
fix_dataset_non_legacy_roles
branch
from
4bc4d81 to
7beb1f2
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 137 Click here to see the affected service packages
🟢 All tests passed! View the build log |
|
Moving forward with merge since it looks like there aren't meaningful changes since @wj-chen's last review. As a side note, I tested this manually locally & confirmed that there's no diff on upgrade. Like with any diff suppress, users will see a more complex diff if anything in the access block does change, but that's expected. |
Added a flag to prevent Terraform from showing diff for server generated schema columns(like hive partitioned ones)
Fixes hashicorp/terraform-provider-google#8370
Release Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.