IAM: fix resource identity imports for parents with multi-segment URIs#17652
Conversation
|
Hi there, I'm the Modular magician. I've detected the following information about your changes for commit dba3be1: Diff reportYour PR generated the following diffs in downstream repositories:
Test reportAnalytics
Affected Service Packages
Step 1: Replaying Mode Action takenFound 16 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
View the replaying VCR build log Step 2: Recording Mode
Caution Issues requiring attention before PR completion 🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details. 🔴 Replaying Rerun Failed: Some tests failed due to non-determinism when VCR replayed the response. See the table above for details. Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer. View the recording VCR build log or the debug logs folder for detailed results. |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 3c53081: Diff reportYour PR generated the following diffs in downstream repositories:
Test reportAnalytics
Affected Service Packages
Step 1: Replaying Mode Action takenFound 10 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
View the replaying VCR build log Step 2: Recording Mode
Caution Issues requiring attention before PR completion 🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details. 🔴 Replaying Rerun Failed: Some tests failed due to non-determinism when VCR replayed the response. See the table above for details. Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer. View the recording VCR build log or the debug logs folder for detailed results. |
IAM: derive regex from UriFormat for resource Identity test fixesIAM: fix resource identity imports for parents with multi-segment URIs
|
Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 7367176: Diff reportYour PR generated the following diffs in downstream repositories:
Test reportAnalytics
Affected Service Packages
Step 1: Replaying Mode Action takenFound 14 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
View the replaying VCR build log Step 2: Recording Mode
Caution Issues requiring attention before PR completion 🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details. 🔴 Replaying Rerun Failed: Some tests failed due to non-determinism when VCR replayed the response. See the table above for details. Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer. View the recording VCR build log or the debug logs folder for detailed results. |
shuyama1
left a comment
There was a problem hiding this comment.
Looks like resource identity failure in TestAccProjectIamBinding_noMembers is addressed by #17672
The rest VCR failures are unrelated.
The re-replaying failure is due to non-determinism, but not introduced by this PR, so non-blocking
c531289
Resource-identity imports for IAM resources (
google_*_iam_member, etc.) were broken whenever the parent resource's identity attribute carried the full URI (e.g.projects/my-proj/locations/us-central1/instances/foo) rather than a bare name.Explanation
Resource:
google_cloud_run_v2_service_iam_memberUriFormat = "projects/%s/locations/%s/services/%s"(params:project,location,name).Before
User runs:
ParseIamResourceIdentityappliedGetResourceNameFromSelfLinkto the last param, collapsing"projects/my-proj/locations/us-central1/services/svc-42"→"svc-42".projectandlocationwere empty, so import failed with"import identity is missing attribute \"project\""even though the value was right there in the URI.After
The function builds a regex from
UriFormat:and matches it against any non-empty identity value. The full URI in
namematches → captures["my-proj", "us-central1", "svc-42"], which back-fill the emptyprojectandlocationslots. Import succeeds.Non-greedy detail
Non-final captures use
(.+?)so they stop at the first literal separator that follows. Greedy(.+)would match the last occurrence and mis-split paths likeorganizations/123/sources/abc(where the parent itself contains/).Release Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.