From bf76ec34af49725bfb617eaf3b27c1cbd36a1948 Mon Sep 17 00:00:00 2001 From: Cameron Thornton Date: Thu, 5 Sep 2024 11:18:41 -0500 Subject: [PATCH] rewrite - fix GA diffs + small refresh (#11642) --- mmv1/api/resource.go | 11 ++- mmv1/api/type.go | 2 +- .../certificatemanager/go_Certificate.yaml | 7 ++ mmv1/products/cloudrun/go_Service.yaml | 8 +- mmv1/products/cloudrunv2/go_Job.yaml | 18 +++- mmv1/products/cloudrunv2/go_Service.yaml | 22 ++++- .../go_WorkloadIdentityPoolProvider.yaml | 63 +++++++++++++ .../securitycenter/go_NotificationConfig.yaml | 3 + .../go_ProjectNotificationConfig.yaml | 3 + .../go_OrganizationNotificationConfig.yaml | 3 + .../go_ProjectNotificationConfig.yaml | 3 + mmv1/provider/terraform.go | 7 +- mmv1/template-converter.go | 4 +- ..._identity_pool_provider_x509_basic.tf.tmpl | 18 ++++ ...d_identity_pool_provider_x509_full.tf.tmpl | 24 +++++ .../terraform/flatten_property_method.go.tmpl | 8 +- .../terraform/schema_property.go.tmpl | 8 +- .../terraform/schema_subresource.go.tmpl | 2 +- .../fwtransport/go/framework_config.go.tmpl | 11 +++ .../go/provider_mmv1_resources.go.tmpl | 1 - .../provider/go/provider_test.go.tmpl | 69 -------------- .../go/data_source_google_compute_instance.go | 2 +- ...rce_compute_instance_template_test.go.tmpl | 3 + ...ompute_region_backend_service_test.go.tmpl | 4 +- .../services/container/go/node_config.go.tmpl | 4 +- .../resource_container_cluster_test.go.tmpl | 6 +- .../resource_container_node_pool_test.go.tmpl | 8 +- .../go/resource_dns_managed_zone_test.go.tmpl | 4 +- ...rkload_identity_pool_provider_test.go.tmpl | 92 +++++++++++++++++++ 29 files changed, 307 insertions(+), 111 deletions(-) create mode 100644 mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_basic.tf.tmpl create mode 100644 mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_full.tf.tmpl diff --git a/mmv1/api/resource.go b/mmv1/api/resource.go index cb1ab7daa791..5406d75b33fb 100644 --- a/mmv1/api/resource.go +++ b/mmv1/api/resource.go @@ -349,6 +349,9 @@ func (r *Resource) SetDefault(product *Product) { for _, property := range r.AllProperties() { property.SetDefault(r) } + if r.IamPolicy != nil && r.IamPolicy.MinVersion == "" { + r.IamPolicy.MinVersion = r.MinVersion + } } func (r *Resource) Validate() { @@ -430,6 +433,12 @@ func (r Resource) AllProperties() []*Type { return google.Concat(r.Properties, r.Parameters) } +func (r Resource) AllPropertiesInVersion() []*Type { + return google.Reject(google.Concat(r.Properties, r.Parameters), func(p *Type) bool { + return p.Exclude + }) +} + // def properties_with_excluded func (r Resource) PropertiesWithExcluded() []*Type { return r.Properties @@ -960,7 +969,7 @@ func (r Resource) Updatable() bool { if !r.Immutable { return true } - for _, p := range r.AllProperties() { + for _, p := range r.AllPropertiesInVersion() { if p.UpdateUrl != "" { return true } diff --git a/mmv1/api/type.go b/mmv1/api/type.go index df6cbfb18bf7..0558be2cbb74 100644 --- a/mmv1/api/type.go +++ b/mmv1/api/type.go @@ -1422,7 +1422,7 @@ func (t *Type) GetPropertySchemaPath(schemaPath string) string { } if index == -1 { - continue + return "" } prop := nestedProps[index] diff --git a/mmv1/products/certificatemanager/go_Certificate.yaml b/mmv1/products/certificatemanager/go_Certificate.yaml index 8450def41b28..1dab11d18490 100644 --- a/mmv1/products/certificatemanager/go_Certificate.yaml +++ b/mmv1/products/certificatemanager/go_Certificate.yaml @@ -133,6 +133,13 @@ properties: immutable: true diff_suppress_func: 'certManagerDefaultScopeDiffSuppress' default_value: "DEFAULT" + - name: 'sanDnsnames' + type: Array + description: | + The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6) + output: true + item_type: + type: String - name: 'selfManaged' type: NestedObject description: | diff --git a/mmv1/products/cloudrun/go_Service.yaml b/mmv1/products/cloudrun/go_Service.yaml index 4f36bbd0580d..a6f6495bc60c 100644 --- a/mmv1/products/cloudrun/go_Service.yaml +++ b/mmv1/products/cloudrun/go_Service.yaml @@ -846,15 +846,13 @@ properties: type: NestedObject description: |- A filesystem specified by the Container Storage Interface (CSI). - min_version: 'beta' properties: - name: 'driver' type: String description: |- Unique name representing the type of file system to be created. Cloud Run supports the following values: * gcsfuse.run.googleapis.com: Mount a Google Cloud Storage bucket using GCSFuse. This driver requires the - run.googleapis.com/execution-environment annotation to be set to "gen2" and - run.googleapis.com/launch-stage set to "BETA" or "ALPHA". + run.googleapis.com/execution-environment annotation to be unset or set to "gen2" required: true - name: 'readOnly' type: Boolean @@ -871,9 +869,7 @@ properties: type: NestedObject description: |- A filesystem backed by a Network File System share. This filesystem requires the - run.googleapis.com/execution-environment annotation to be set to "gen2" and - run.googleapis.com/launch-stage set to "BETA" or "ALPHA". - min_version: 'beta' + run.googleapis.com/execution-environment annotation to be unset or set to "gen2" properties: - name: 'server' type: String diff --git a/mmv1/products/cloudrunv2/go_Job.yaml b/mmv1/products/cloudrunv2/go_Job.yaml index 77160e111161..398ff9c94bb1 100644 --- a/mmv1/products/cloudrunv2/go_Job.yaml +++ b/mmv1/products/cloudrunv2/go_Job.yaml @@ -522,8 +522,13 @@ properties: - name: 'gcs' type: NestedObject description: |- - Cloud Storage bucket mounted as a volume using GCSFuse. This feature requires the launch stage to be set to ALPHA or BETA. - min_version: 'beta' + Cloud Storage bucket mounted as a volume using GCSFuse. + # exactly_one_of: + # - template.0.volumes.0.secret + # - template.0.volumes.0.cloudSqlInstance + # - template.0.volumes.0.emptyDir + # - template.0.volumes.0.gcs + # - template.0.volumes.0.nfs properties: - name: 'bucket' type: String @@ -537,8 +542,13 @@ properties: - name: 'nfs' type: NestedObject description: |- - NFS share mounted as a volume. This feature requires the launch stage to be set to ALPHA or BETA. - min_version: 'beta' + NFS share mounted as a volume. + # exactly_one_of: + # - template.0.volumes.0.secret + # - template.0.volumes.0.cloudSqlInstance + # - template.0.volumes.0.emptyDir + # - template.0.volumes.0.gcs + # - template.0.volumes.0.nfs properties: - name: 'server' type: String diff --git a/mmv1/products/cloudrunv2/go_Service.yaml b/mmv1/products/cloudrunv2/go_Service.yaml index c33947cb0a89..ee98c8fe647b 100644 --- a/mmv1/products/cloudrunv2/go_Service.yaml +++ b/mmv1/products/cloudrunv2/go_Service.yaml @@ -139,6 +139,16 @@ examples: ignore_read_extra: - 'deletion_protection' skip_vcr: true + - name: 'cloudrunv2_service_mesh' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service-%s", context["random_suffix"])' + min_version: 'beta' + vars: + cloud_run_service_name: 'cloudrun-service' + mesh_name: 'network-services-mesh' + ignore_read_extra: + - 'deletion_protection' + external_providers: ["time"] virtual_fields: - name: 'deletion_protection' description: | @@ -813,7 +823,7 @@ properties: - name: 'gcs' type: NestedObject description: |- - Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. # exactly_one_of: # - template.0.volumes.0.secret # - template.0.volumes.0.cloudSqlInstance @@ -865,6 +875,16 @@ properties: type: Boolean description: |- Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity + - name: 'serviceMesh' + type: NestedObject + description: |- + Enables Cloud Service Mesh for this Revision. + min_version: 'beta' + properties: + - name: 'mesh' + type: String + description: |- + The Mesh resource name. For more information see https://cloud.google.com/service-mesh/docs/reference/network-services/rest/v1/projects.locations.meshes#resource:-mesh. - name: 'traffic' type: Array description: |- diff --git a/mmv1/products/iambeta/go_WorkloadIdentityPoolProvider.yaml b/mmv1/products/iambeta/go_WorkloadIdentityPoolProvider.yaml index 7bc6308f2e31..cfa05f7ec071 100644 --- a/mmv1/products/iambeta/go_WorkloadIdentityPoolProvider.yaml +++ b/mmv1/products/iambeta/go_WorkloadIdentityPoolProvider.yaml @@ -85,6 +85,16 @@ examples: vars: workload_identity_pool_id: 'example-pool' workload_identity_pool_provider_id: 'example-prvdr' + - name: 'iam_workload_identity_pool_provider_x509_basic' + primary_resource_id: 'example' + vars: + workload_identity_pool_id: 'example-pool' + workload_identity_pool_provider_id: 'example-prvdr' + - name: 'iam_workload_identity_pool_provider_x509_full' + primary_resource_id: 'example' + vars: + workload_identity_pool_id: 'example-pool' + workload_identity_pool_provider_id: 'example-prvdr' parameters: properties: - name: 'workloadIdentityPoolId' @@ -233,6 +243,7 @@ properties: - 'aws' - 'oidc' - 'saml' + - 'x509' properties: - name: 'accountId' type: String @@ -251,6 +262,7 @@ properties: - 'aws' - 'oidc' - 'saml' + - 'x509' properties: - name: 'allowedAudiences' type: Array @@ -309,8 +321,59 @@ properties: - 'aws' - 'oidc' - 'saml' + - 'x509' properties: - name: 'idpMetadataXml' type: String description: SAML Identity provider configuration metadata xml doc. required: true + - name: 'x509' + type: NestedObject + description: | + An X.509-type identity provider represents a CA. It is trusted to assert a + client identity if the client has a certificate that chains up to this CA. + exactly_one_of: + - 'aws' + - 'oidc' + - 'saml' + - 'x509' + properties: + - name: 'trustStore' + type: NestedObject + description: | + A Trust store, use this trust store as a wrapper to config the trust + anchor and optional intermediate cas to help build the trust chain for + the incoming end entity certificate. Follow the x509 guidelines to + define those PEM encoded certs. Only 1 trust store is currently + supported. + required: true + properties: + - name: 'trustAnchors' + type: Array + description: | + List of Trust Anchors to be used while performing validation + against a given TrustStore. The incoming end entity's certificate + must be chained up to one of the trust anchors here. + required: true + item_type: + type: NestedObject + properties: + - name: 'pemCertificate' + type: String + description: | + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). + - name: 'intermediateCas' + type: Array + description: | + Set of intermediate CA certificates used for building the trust chain to + trust anchor. + IMPORTANT: Intermediate CAs are only supported when configuring x509 federation. + item_type: + type: NestedObject + properties: + - name: 'pemCertificate' + type: String + description: | + PEM certificate of the PKI used for validation. Must only contain one + ca certificate(either root or intermediate cert). diff --git a/mmv1/products/securitycenter/go_NotificationConfig.yaml b/mmv1/products/securitycenter/go_NotificationConfig.yaml index 907ce77b9c17..4171078113bc 100644 --- a/mmv1/products/securitycenter/go_NotificationConfig.yaml +++ b/mmv1/products/securitycenter/go_NotificationConfig.yaml @@ -93,6 +93,8 @@ properties: description: | The config for triggering streaming-based notifications. required: true + send_empty_value: true + allow_empty_object: true update_mask_fields: - 'streamingConfig.filter' properties: @@ -125,3 +127,4 @@ properties: [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) for information on how to write a filter. required: true + send_empty_value: true diff --git a/mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml b/mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml index 57879dd3a948..3d4a2dae57f1 100644 --- a/mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml +++ b/mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml @@ -87,6 +87,8 @@ properties: description: | The config for triggering streaming-based notifications. required: true + send_empty_value: true + allow_empty_object: true update_mask_fields: - 'streamingConfig.filter' properties: @@ -119,3 +121,4 @@ properties: [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) for information on how to write a filter. required: true + send_empty_value: true diff --git a/mmv1/products/securitycenterv2/go_OrganizationNotificationConfig.yaml b/mmv1/products/securitycenterv2/go_OrganizationNotificationConfig.yaml index 9ba89f6b3fd8..1e4aeae4dffb 100644 --- a/mmv1/products/securitycenterv2/go_OrganizationNotificationConfig.yaml +++ b/mmv1/products/securitycenterv2/go_OrganizationNotificationConfig.yaml @@ -100,6 +100,8 @@ properties: description: | The config for triggering streaming-based notifications. required: true + send_empty_value: true + allow_empty_object: true update_mask_fields: - 'streamingConfig.filter' properties: @@ -132,3 +134,4 @@ properties: [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) for information on how to write a filter. required: true + send_empty_value: true diff --git a/mmv1/products/securitycenterv2/go_ProjectNotificationConfig.yaml b/mmv1/products/securitycenterv2/go_ProjectNotificationConfig.yaml index 62f92ffa8f3c..bb14bb308707 100644 --- a/mmv1/products/securitycenterv2/go_ProjectNotificationConfig.yaml +++ b/mmv1/products/securitycenterv2/go_ProjectNotificationConfig.yaml @@ -97,6 +97,8 @@ properties: description: | The config for triggering streaming-based notifications. required: true + send_empty_value: true + allow_empty_object: true update_mask_fields: - 'streamingConfig.filter' properties: @@ -129,3 +131,4 @@ properties: [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) for information on how to write a filter. required: true + send_empty_value: true diff --git a/mmv1/provider/terraform.go b/mmv1/provider/terraform.go index 860aeee9bd9c..427f151f2bef 100644 --- a/mmv1/provider/terraform.go +++ b/mmv1/provider/terraform.go @@ -25,6 +25,7 @@ import ( "path" "path/filepath" "reflect" + "slices" "strings" "time" @@ -198,7 +199,7 @@ func (t *Terraform) GenerateOperation(outputFolder string) { // IAM policies separately from the resource itself // def generate_iam_policy(pwd, data, generate_code, generate_docs) func (t *Terraform) GenerateIamPolicy(object api.Resource, templateData TemplateData, outputFolder string, generateCode, generateDocs bool) { - if generateCode && object.IamPolicy != nil && (object.IamPolicy.MinVersion == "" || object.IamPolicy.MinVersion >= t.TargetVersionName) { + if generateCode && object.IamPolicy != nil && (object.IamPolicy.MinVersion == "" || slices.Index(product.ORDER, object.IamPolicy.MinVersion) <= slices.Index(product.ORDER, t.TargetVersionName)) { productName := t.Product.ApiName targetFolder := path.Join(outputFolder, t.FolderName(), "services", productName) if err := os.MkdirAll(targetFolder, os.ModePerm); err != nil { @@ -993,10 +994,10 @@ func (t Terraform) SupportedProviderVersions() []string { if i == 0 { continue } - supported = append(supported, v) - if v == t.TargetVersionName { + if i > slices.Index(product.ORDER, t.TargetVersionName) { break } + supported = append(supported, v) } return supported } diff --git a/mmv1/template-converter.go b/mmv1/template-converter.go index a2ea36d1fbf1..79abd4051c18 100644 --- a/mmv1/template-converter.go +++ b/mmv1/template-converter.go @@ -224,14 +224,14 @@ func replace(data []byte) []byte { if err != nil { log.Fatalf("Cannot compile the regular expression: %v", err) } - data = r.ReplaceAll(data, []byte("\n\n$1{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }}")) + data = r.ReplaceAll(data, []byte("\n\n$1{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }}")) // Replace <% unless version.nil? || version == ['|"]ga['|"] -%> r, err = regexp.Compile(`<% unless version\.nil\? \|\| version == ['|"]ga['|"] -%>`) if err != nil { log.Fatalf("Cannot compile the regular expression: %v", err) } - data = r.ReplaceAll(data, []byte(`{{- if or (ne $.TargetVersionName "") (eq $.TargetVersionName "ga") }}`)) + data = r.ReplaceAll(data, []byte(`{{- if not (or (eq $.TargetVersionName "") (eq $.TargetVersionName "ga")) }}`)) // Replace <% if version.nil? || version == ['|"]ga['|"] -%> r, err = regexp.Compile(`<% if version\.nil\? \|\| version == ['|"]ga['|"] -%>`) diff --git a/mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_basic.tf.tmpl new file mode 100644 index 000000000000..a1ae8ab0d277 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_basic.tf.tmpl @@ -0,0 +1,18 @@ +resource "google_iam_workload_identity_pool" "pool" { + workload_identity_pool_id = "{{index $.Vars "workload_identity_pool_id"}}" +} + +resource "google_iam_workload_identity_pool_provider" "{{$.PrimaryResourceId}}" { + workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id + workload_identity_pool_provider_id = "{{index $.Vars "workload_identity_pool_provider_id"}}" + attribute_mapping = { + "google.subject" = "assertion.subject.dn.cn" + } + x509 { + trust_store { + trust_anchors { + pem_certificate = file("test-fixtures/trust_anchor.pem") + } + } + } +} diff --git a/mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_full.tf.tmpl b/mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_full.tf.tmpl new file mode 100644 index 000000000000..9b06b491408d --- /dev/null +++ b/mmv1/templates/terraform/examples/go/iam_workload_identity_pool_provider_x509_full.tf.tmpl @@ -0,0 +1,24 @@ +resource "google_iam_workload_identity_pool" "pool" { + workload_identity_pool_id = "{{index $.Vars "workload_identity_pool_id"}}" +} + +resource "google_iam_workload_identity_pool_provider" "{{$.PrimaryResourceId}}" { + workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id + workload_identity_pool_provider_id = "{{index $.Vars "workload_identity_pool_provider_id"}}" + display_name = "Name of provider" + description = "X.509 identity pool provider for automated test" + disabled = true + attribute_mapping = { + "google.subject" = "assertion.subject.dn.cn" + } + x509 { + trust_store { + trust_anchors { + pem_certificate = file("test-fixtures/trust_anchor.pem") + } + intermediate_cas { + pem_certificate = file("test-fixtures/intermediate_ca.pem") + } + } + } +} diff --git a/mmv1/templates/terraform/flatten_property_method.go.tmpl b/mmv1/templates/terraform/flatten_property_method.go.tmpl index 1f82fc54f02f..28d81ac7b0a0 100644 --- a/mmv1/templates/terraform/flatten_property_method.go.tmpl +++ b/mmv1/templates/terraform/flatten_property_method.go.tmpl @@ -28,11 +28,11 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso if len(original) == 0 { return nil } - {{- else if $.Properties }} + {{- else if $.UserProperties }} original := v.(map[string]interface{}) {{- end }} transformed := make(map[string]interface{}) - {{- range $prop := $.Properties }} + {{- range $prop := $.UserProperties }} {{- if $prop.FlattenObject }} if {{ $prop.ApiName }} := flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}{{$prop.TitlelizeProperty}}(original["{{ $prop.ApiName }}"], d, config); {{ $prop.ApiName }} != nil { obj := {{ $prop.ApiName }}.([]interface{})[0] @@ -72,7 +72,7 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso transformed = append(transformed, map[string]interface{}{ {{- end }} - {{- range $prop := $.ItemType.Properties }} + {{- range $prop := $.ItemType.UserProperties }} {{- if not $prop.IgnoreRead }} "{{ underscore $prop.Name }}": flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}{{$prop.TitlelizeProperty}}(original["{{ $prop.ApiName }}"], d, config), {{- end }} @@ -90,7 +90,7 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso original := raw.(map[string]interface{}) transformed = append(transformed, map[string]interface{}{ "{{ $.KeyName }}": k, - {{- range $prop := $.ValueType.Properties }} + {{- range $prop := $.ValueType.UserProperties }} "{{ underscore $prop.Name }}": flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}{{$prop.TitlelizeProperty}}(original["{{ $prop.ApiName }}"], d, config), {{- end }} }) diff --git a/mmv1/templates/terraform/schema_property.go.tmpl b/mmv1/templates/terraform/schema_property.go.tmpl index 10a70b36781e..d825d792dcf4 100644 --- a/mmv1/templates/terraform/schema_property.go.tmpl +++ b/mmv1/templates/terraform/schema_property.go.tmpl @@ -14,7 +14,7 @@ */}} {{- define "SchemaFields"}} {{- if .FlattenObject -}} - {{- range $prop := .ResourceMetadata.OrderProperties .Properties -}} + {{- range $prop := .ResourceMetadata.OrderProperties .UserProperties -}} {{ template "SchemaFields" $prop }} {{ end -}} {{- else -}} @@ -76,7 +76,7 @@ Default value: {{ .ItemType.DefaultValue -}} {{ end -}} Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - {{- range $prop := .ResourceMetadata.OrderProperties $.Properties }} + {{- range $prop := .ResourceMetadata.OrderProperties $.UserProperties }} {{template "SchemaFields" $prop}} {{- end }} }, @@ -94,7 +94,7 @@ Default value: {{ .ItemType.DefaultValue -}} {{ else -}} Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - {{- range $prop := .ResourceMetadata.OrderProperties $.ItemType.Properties }} + {{- range $prop := .ResourceMetadata.OrderProperties $.ItemType.UserProperties }} {{template "SchemaFields" $prop}} {{- end }} }, @@ -149,7 +149,7 @@ Default value: {{ .ItemType.DefaultValue -}} ForceNew: true, {{ end -}} }, - {{- range $prop := .ResourceMetadata.OrderProperties $.ValueType.Properties }} + {{- range $prop := .ResourceMetadata.OrderProperties $.ValueType.UserProperties }} {{template "SchemaFields" $prop}} {{- end }} }, diff --git a/mmv1/templates/terraform/schema_subresource.go.tmpl b/mmv1/templates/terraform/schema_subresource.go.tmpl index 485f1425ebdb..afcd1fb62d98 100644 --- a/mmv1/templates/terraform/schema_subresource.go.tmpl +++ b/mmv1/templates/terraform/schema_subresource.go.tmpl @@ -18,7 +18,7 @@ func {{ .NamespaceProperty }}Schema() *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ - {{- range $prop := $.ResourceMetadata.OrderProperties $.ItemType.Properties }} + {{- range $prop := $.ResourceMetadata.OrderProperties $.ItemType.UserProperties }} {{template "SchemaFields" $prop}} {{- end }} }, diff --git a/mmv1/third_party/terraform/fwtransport/go/framework_config.go.tmpl b/mmv1/third_party/terraform/fwtransport/go/framework_config.go.tmpl index d148d7e0300f..7593754f37c1 100644 --- a/mmv1/third_party/terraform/fwtransport/go/framework_config.go.tmpl +++ b/mmv1/third_party/terraform/fwtransport/go/framework_config.go.tmpl @@ -32,6 +32,11 @@ import ( ) type FrameworkProviderConfig struct { + // Temporary, as we'll replace use of FrameworkProviderConfig with transport_tpg.Config soon + // transport_tpg.Config has a Credentials field, hence this change is needed + Credentials types.String + // End temporary + BillingProject types.String Client *http.Client Context context.Context @@ -96,6 +101,12 @@ func (p *FrameworkProviderConfig) LoadAndValidateFramework(ctx context.Context, p.{{ $product.Name }}BasePath = data.{{ $product.Name }}CustomEndpoint.ValueString() {{- end }} + // Temporary + p.Credentials = data.Credentials + // End temporary + + // Copy values from the ProviderModel struct containing data about the provider configuration (present only when responsing to ConfigureProvider rpc calls) + // to the FrameworkProviderConfig struct that will be passed and available to all resources/data sources p.Context = ctx p.BillingProject = data.BillingProject p.DefaultLabels = data.DefaultLabels diff --git a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl index c7dc42e4882f..c725501f250c 100644 --- a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl +++ b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl @@ -230,7 +230,6 @@ var handwrittenDatasources = map[string]*schema.Resource{ "google_vmwareengine_private_cloud": vmwareengine.DataSourceVmwareenginePrivateCloud(), "google_vmwareengine_subnet": vmwareengine.DataSourceVmwareengineSubnet(), "google_vmwareengine_vcenter_credentials": vmwareengine.DataSourceVmwareengineVcenterCredentials(), - // ####### END handwritten datasources ########### } diff --git a/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl b/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl index 14d7bae0ae3b..96a6c3665d29 100644 --- a/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl +++ b/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl @@ -180,75 +180,6 @@ func TestAccProviderIndirectUserProjectOverride(t *testing.T) { }) } -func TestAccProviderCredentialsEmptyString(t *testing.T) { - // Test is not parallel because ENVs are set. - // Need to skip VCR as this test downloads providers from the Terraform Registry - acctest.SkipIfVcr(t) - - creds := envvar.GetTestCredsFromEnv() - project := envvar.GetTestProjectFromEnv() - t.Setenv("GOOGLE_CREDENTIALS", creds) - t.Setenv("GOOGLE_PROJECT", project) - - pid := "tf-test-" + acctest.RandString(t, 10) - - acctest.VcrTest(t, resource.TestCase{ - PreCheck: func() { acctest.AccTestPreCheck(t) }, - // No TestDestroy since that's not really the point of this test - Steps: []resource.TestStep{ - { - // This is a control for the other test steps; the provider block doesn't contain `credentials = ""` - Config: testAccProviderCredentials_actWithCredsFromEnv(pid), - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), - PlanOnly: true, - ExpectNonEmptyPlan: true, - }, - { - // Assert that errors are expected with credentials when - // - GOOGLE_CREDENTIALS is set - // - provider block has credentials = "" - // - TPG v4.60.2 is used - // Context: this was an addidental breaking change introduced with muxing - Config: testAccProviderCredentials_actWithCredsFromEnv_emptyString(pid), - ExternalProviders: map[string]resource.ExternalProvider{ - "google": { - VersionConstraint: "4.60.2", - Source: "hashicorp/google", - }, - }, - PlanOnly: true, - ExpectNonEmptyPlan: true, - ExpectError: regexp.MustCompile(`unexpected end of JSON input`), - }, - { - // Assert that errors are NOT expected with credentials when - // - GOOGLE_CREDENTIALS is set - // - provider block has credentials = "" - // - TPG v4.84.0 is used - // Context: this was the fix for the unintended breaking change in 4.60.2 - Config: testAccProviderCredentials_actWithCredsFromEnv_emptyString(pid), - ExternalProviders: map[string]resource.ExternalProvider{ - "google": { - VersionConstraint: "4.84.0", - Source: "hashicorp/google", - }, - }, - PlanOnly: true, - ExpectNonEmptyPlan: true, - }, - { - // Validation errors are expected in 5.0.0+ - // Context: we intentionally introduced the breaking change again in 5.0.0+ - Config: testAccProviderCredentials_actWithCredsFromEnv_emptyString(pid), - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), - PlanOnly: true, - ExpectNonEmptyPlan: true, - ExpectError: regexp.MustCompile(`expected a non-empty string`), - }, - }, - }) -} - func TestAccProviderEmptyStrings(t *testing.T) { t.Parallel() diff --git a/mmv1/third_party/terraform/services/compute/go/data_source_google_compute_instance.go b/mmv1/third_party/terraform/services/compute/go/data_source_google_compute_instance.go index b2c37aef359f..f38a1f8971f2 100644 --- a/mmv1/third_party/terraform/services/compute/go/data_source_google_compute_instance.go +++ b/mmv1/third_party/terraform/services/compute/go/data_source_google_compute_instance.go @@ -58,7 +58,7 @@ func dataSourceGoogleComputeInstanceRead(d *schema.ResourceData, meta interface{ if err != nil { return err } - if err := d.Set("network_inferface", networkInterfaces); err != nil { + if err := d.Set("network_interface", networkInterfaces); err != nil { return err } diff --git a/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_template_test.go.tmpl b/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_template_test.go.tmpl index da3487257612..e3e52c48dee5 100644 --- a/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_template_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_template_test.go.tmpl @@ -875,6 +875,9 @@ func TestAccComputeInstanceTemplate_invalidDiskType(t *testing.T) { } func TestAccComputeInstanceTemplate_withNamePrefix(t *testing.T) { + // Randomness from generated name suffix + acctest.SkipIfVcr(t) + t.Parallel() // 8 + 46 = 54 which is the valid max diff --git a/mmv1/third_party/terraform/services/compute/go/resource_compute_region_backend_service_test.go.tmpl b/mmv1/third_party/terraform/services/compute/go/resource_compute_region_backend_service_test.go.tmpl index 5a2eed79d6b4..9d3d9e1bfbce 100644 --- a/mmv1/third_party/terraform/services/compute/go/resource_compute_region_backend_service_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/go/resource_compute_region_backend_service_test.go.tmpl @@ -706,7 +706,7 @@ resource "google_compute_region_backend_service" "lipsum" { backend { group = google_compute_instance_group_manager.foobar.instance_group balancing_mode = "CONNECTION" -{{- if or (ne $.TargetVersionName "") (eq $.TargetVersionName "ga") }} +{{- if not (or (eq $.TargetVersionName "") (eq $.TargetVersionName "ga")) }} failover = true } @@ -776,7 +776,7 @@ resource "google_compute_region_backend_service" "lipsum" { backend { group = google_compute_instance_group_manager.foobar.instance_group balancing_mode = "CONNECTION" -{{- if or (ne $.TargetVersionName "") (eq $.TargetVersionName "ga") }} +{{- if not (or (eq $.TargetVersionName "") (eq $.TargetVersionName "ga")) }} failover = true } diff --git a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl index 179d06855493..7492bd73572a 100644 --- a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl @@ -231,7 +231,7 @@ func schemaNodeConfig() *schema.Schema { Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, Description: `The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.`, - {{- if or (ne $.TargetVersionName "") (eq $.TargetVersionName "ga") }} + {{- if not (or (eq $.TargetVersionName "") (eq $.TargetVersionName "ga")) }} DiffSuppressFunc: containerNodePoolLabelsSuppress, {{- end }} }, @@ -1692,7 +1692,7 @@ func flattenWorkloadMetadataConfig(c *container.WorkloadMetadataConfig) []map[st } return result } -{{- if or (ne $.TargetVersionName "") (eq $.TargetVersionName "ga") }} +{{- if not (or (eq $.TargetVersionName "") (eq $.TargetVersionName "ga")) }} func flattenSandboxConfig(c *container.SandboxConfig) []map[string]interface{} { result := []map[string]interface{}{} if c != nil { diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl index b46574d58170..baaae76280ee 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl @@ -1999,7 +1999,7 @@ func TestAccContainerCluster_withWorkloadMetadataConfig(t *testing.T) { }) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func TestAccContainerCluster_withSandboxConfig(t *testing.T) { t.Parallel() @@ -7098,7 +7098,7 @@ resource "google_container_cluster" "with_workload_metadata_config" { `, clusterName, networkName, subnetworkName) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func testAccContainerCluster_withSandboxConfig(clusterName, networkName, subnetworkName string) string { return fmt.Sprintf(` data "google_container_engine_versions" "central1a" { @@ -8816,7 +8816,7 @@ resource "google_container_cluster" "with_workload_identity_config" { } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func testAccContainerCluster_sharedVpc(org, billingId, projectName, name string, suffix string) string { return fmt.Sprintf(` resource "google_project" "host_project" { diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl index 748e0cb13375..acf1ba6b7b82 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl @@ -482,7 +482,7 @@ func TestAccContainerNodePool_withWorkloadIdentityConfig(t *testing.T) { }) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func TestAccContainerNodePool_withSandboxConfig(t *testing.T) { t.Parallel() @@ -835,7 +835,7 @@ resource "google_container_node_pool" "with_enable_private_nodes" { `, network, cluster, np, flag) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func TestAccContainerNodePool_withBootDiskKmsKey(t *testing.T) { // Uses generated time-based rotation time acctest.SkipIfVcr(t) @@ -3078,7 +3078,7 @@ resource "google_container_node_pool" "with_workload_metadata_config" { `, projectID, cluster, networkName, subnetworkName, np) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func testAccContainerNodePool_withSandboxConfig(cluster, np, networkName, subnetworkName string) string { return fmt.Sprintf(` data "google_container_engine_versions" "central1a" { @@ -3505,7 +3505,7 @@ resource "google_container_node_pool" "with_multi_nic" { `, network, network, network, network, network, network, cluster, np) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func testAccContainerNodePool_withBootDiskKmsKey(cluster, np, networkName, subnetworkName string) string { return fmt.Sprintf(` data "google_container_engine_versions" "central1a" { diff --git a/mmv1/third_party/terraform/services/dns/go/resource_dns_managed_zone_test.go.tmpl b/mmv1/third_party/terraform/services/dns/go/resource_dns_managed_zone_test.go.tmpl index 73f97903ba79..37b7f7656c91 100644 --- a/mmv1/third_party/terraform/services/dns/go/resource_dns_managed_zone_test.go.tmpl +++ b/mmv1/third_party/terraform/services/dns/go/resource_dns_managed_zone_test.go.tmpl @@ -199,7 +199,7 @@ func TestAccDNSManagedZone_cloudLoggingConfigUpdate(t *testing.T) { }) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func TestAccDNSManagedZone_reverseLookup(t *testing.T) { t.Parallel() @@ -531,7 +531,7 @@ resource "google_dns_managed_zone" "foobar" { `, suffix, suffix, enableCloudLogging) } -{{ if or (ne $.TargetVersionName ``) (eq $.TargetVersionName `ga`) }} +{{ if not (or (eq $.TargetVersionName ``) (eq $.TargetVersionName `ga`)) }} func testAccDnsManagedZone_reverseLookup(suffix string) string { return fmt.Sprintf(` resource "google_dns_managed_zone" "reverse" { diff --git a/mmv1/third_party/terraform/services/iambeta/go/resource_iam_workload_identity_pool_provider_test.go.tmpl b/mmv1/third_party/terraform/services/iambeta/go/resource_iam_workload_identity_pool_provider_test.go.tmpl index 3bf1357f820e..961ca73d5a56 100644 --- a/mmv1/third_party/terraform/services/iambeta/go/resource_iam_workload_identity_pool_provider_test.go.tmpl +++ b/mmv1/third_party/terraform/services/iambeta/go/resource_iam_workload_identity_pool_provider_test.go.tmpl @@ -239,4 +239,96 @@ resource "google_iam_workload_identity_pool_provider" "my_provider" { `, context) } +func TestAccIAMBetaWorkloadIdentityPoolProvider_x509(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckIAMBetaWorkloadIdentityPoolProviderDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccIAMBetaWorkloadIdentityPoolProvider_x509_full(context), + }, + { + ResourceName: "google_iam_workload_identity_pool_provider.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"workload_identity_pool_id", "workload_identity_pool_provider_id"}, + }, + { + Config: testAccIAMBetaWorkloadIdentityPoolProvider_x509_update(context), + }, + { + ResourceName: "google_iam_workload_identity_pool_provider.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"workload_identity_pool_id", "workload_identity_pool_provider_id"}, + }, + }, + }) +} + +func testAccIAMBetaWorkloadIdentityPoolProvider_x509_full(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_iam_workload_identity_pool" "pool" { + workload_identity_pool_id = "tf-test-example-pool%{random_suffix}" +} + +resource "google_iam_workload_identity_pool_provider" "example" { + workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id + workload_identity_pool_provider_id = "tf-test-example-prvdr%{random_suffix}" + display_name = "Name of provider" + description = "X.509 identity pool provider for automated test" + disabled = true + attribute_mapping = { + "google.subject" = "assertion.subject.dn.cn" + } + x509 { + trust_store { + trust_anchors { + pem_certificate = file("test-fixtures/trust_anchor.pem") + } + intermediate_cas { + pem_certificate = file("test-fixtures/intermediate_ca.pem") + } + } + } +} +`, context) +} + +func testAccIAMBetaWorkloadIdentityPoolProvider_x509_update(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_iam_workload_identity_pool" "pool" { + workload_identity_pool_id = "tf-test-example-pool%{random_suffix}" +} + +resource "google_iam_workload_identity_pool_provider" "example" { + workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id + workload_identity_pool_provider_id = "tf-test-example-prvdr%{random_suffix}" + display_name = "Name of provider" + description = "X.509 identity pool provider for automated test" + disabled = true + attribute_mapping = { + "google.subject" = "assertion.subject.dn.cn" + } + x509 { + trust_store { + trust_anchors { + pem_certificate = file("test-fixtures/trust_anchor_updated.pem") + } + trust_anchors { + pem_certificate = file("test-fixtures/intermediate_ca.pem") + } + } + } +} +`, context) +} + {{ end }}