rewrite - 9/17 refresh (GoogleCloudPlatform#11745)

mmv1/products/compute/go_BackendService.yaml

@@ -742,6 +742,7 @@ properties:
   - name: 'iap'
     type: NestedObject
     description: Settings for enabling Cloud Identity Aware Proxy
+    default_from_api: true
     send_empty_value: true
     properties:
       - name: 'enabled'

mmv1/products/compute/go_Interconnect.yaml

@@ -25,7 +25,7 @@ references:
 docs:
 base_url: 'projects/{{project}}/global/interconnects'
 self_link: 'projects/{{project}}/global/interconnects/{{name}}'
-immutable: true
+update_verb: 'PATCH'
 timeouts:
   insert_minutes: 20
   update_minutes: 20
@@ -376,6 +376,7 @@ properties:
     description: |
       Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside
       of Google's network that the interconnect is connected to.
+    immutable: true
   - name: 'requestedFeatures'
     type: Array
     description: |
@@ -384,6 +385,7 @@ properties:
       specified, the default value is false, which allocates non-MACsec capable ports first if
       available). Note that MACSEC is still technically allowed for compatibility reasons, but it
       does not work with the API, and will be removed in an upcoming major version.
+    immutable: true
     item_type:
       type: Enum
       description: |

mmv1/products/compute/go_RegionBackendService.yaml

@@ -747,6 +747,7 @@ properties:
   - name: 'iap'
     type: NestedObject
     description: Settings for enabling Cloud Identity Aware Proxy
+    default_from_api: true
     send_empty_value: true
     properties:
       - name: 'enabled'

mmv1/products/looker/go_Instance.yaml

@@ -62,6 +62,12 @@ examples:
       instance_name: 'my-instance'
       client_id: 'my-client-id'
       client_secret: 'my-client-secret'
+  - name: 'looker_instance_fips'
+    primary_resource_id: 'looker-instance'
+    vars:
+      instance_name: 'my-instance-fips'
+      client_id: 'my-client-id'
+      client_secret: 'my-client-secret'
   - name: 'looker_instance_enterprise_full'
     primary_resource_id: 'looker-instance'
     vars:
@@ -260,6 +266,10 @@ properties:
           Full name and version of the CMEK key currently in use to encrypt Looker data.
         output: true
   # Encryption Config  Object - End
+  - name: 'fipsEnabled'
+    type: Boolean
+    description: |
+      FIPS 140-2 Encryption enablement for Looker (Google Cloud Core).
   - name: 'ingressPrivateIp'
     type: String
     description: |

mmv1/products/metastore/go_Service.yaml

@@ -64,6 +64,14 @@ examples:
     primary_resource_name: 'fmt.Sprintf("tf-test-metastore-srv%s", context["random_suffix"])'
     vars:
       metastore_service_name: 'metastore-srv'
+  - name: 'dataproc_metastore_service_deletion_protection'
+    primary_resource_id: 'default'
+    primary_resource_name: 'fmt.Sprintf("tf-test-metastore-srv%s", context["random_suffix"])'
+    vars:
+      metastore_service_name: 'metastore-srv'
+      deletion_protection: 'true'
+    test_vars_overrides:
+      'deletion_protection': 'false'
   - name: 'dataproc_metastore_service_cmek_test'
     primary_resource_id: 'default'
     vars:
@@ -297,6 +305,10 @@ properties:
         description: |
           A Cloud Storage URI of a folder, in the format gs://<bucket_name>/<path_inside_bucket>. A sub-folder <backup_folder> containing backup files will be stored below it.
         required: true
+  - name: 'deletionProtection'
+    type: Boolean
+    description: |
+      Indicates if the dataproc metastore should be protected against accidental deletions.
   - name: 'maintenanceWindow'
     type: NestedObject
     description: |

mmv1/products/secretmanagerregional/go_RegionalSecret.yaml

@@ -138,19 +138,18 @@ properties:
 
       An object containing a list of "key": value pairs. Example:
       { "name": "wrench", "mass": "1.3kg", "count": "3" }.
-  # TODO : Add versionAliases field support once google_secret_manager_regional_secret_version is added
-  # - !ruby/object:Api::Type::KeyValuePairs
-  #   name: versionAliases
-  #   description: |
-  #     Mapping from version alias to version name.
+  - name: 'versionAliases'
+    type: KeyValuePairs
+    description: |
+      Mapping from version alias to version name.
 
-  #     A version alias is a string with a maximum length of 63 characters and can contain
-  #     uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')
-  #     characters. An alias string must start with a letter and cannot be the string
-  #     'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.
+      A version alias is a string with a maximum length of 63 characters and can contain
+      uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')
+      characters. An alias string must start with a letter and cannot be the string
+      'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.
 
-  #     An object containing a list of "key": value pairs. Example:
-  #     { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+      An object containing a list of "key": value pairs. Example:
+      { "name": "wrench", "mass": "1.3kg", "count": "3" }.
   - name: 'customerManagedEncryption'
     type: NestedObject
     description: |

mmv1/products/secretmanagerregional/go_RegionalSecretVersion.yaml

@@ -0,0 +1,161 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Warning: This is a temporary file, and should not be edited directly
+---
+name: 'RegionalSecretVersion'
+description: |
+  A regional secret version resource.
+docs:
+  optional_properties: |
+    * `is_secret_data_base64` - (Optional) If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.
+base_url: '{{name}}'
+self_link: '{{name}}'
+create_url: '{{secret}}:addVersion'
+delete_url: '{{name}}:destroy'
+delete_verb: 'POST'
+import_format:
+  - 'projects/{{%project}}/locations/{{%location}}/secrets/{{%secret_id}}/versions/{{%version}}'
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+custom_code:
+  extra_schema_entry: 'templates/terraform/extra_schema_entry/go/secret_version_is_secret_data_base64.go.tmpl'
+  decoder: 'templates/terraform/decoders/go/treat_destroyed_state_as_gone.tmpl'
+  pre_create: 'templates/terraform/pre_create/go/secret_manager_regional_secret_version.go.tmpl'
+  post_create: 'templates/terraform/post_create/go/regional_secret_version.go.tmpl'
+  pre_read: 'templates/terraform/pre_read/go/secret_manager_regional_secret_version.go.tmpl'
+  custom_update: 'templates/terraform/custom_update/go/regional_secret_version.go.tmpl'
+  pre_delete: 'templates/terraform/pre_delete/go/regional_secret_version_deletion_policy.go.tmpl'
+  custom_import: 'templates/terraform/custom_import/go/regional_secret_version.go.tmpl'
+# Sweeper skipped as this resource has customized deletion.
+exclude_sweeper: true
+examples:
+  - name: 'regional_secret_version_basic'
+    primary_resource_id: 'regional_secret_version_basic'
+    vars:
+      secret_id: 'secret-version'
+      data: 'secret-data'
+  - name: 'regional_secret_version_with_base64_data'
+    primary_resource_id: 'regional_secret_version_base64'
+    vars:
+      secret_id: 'secret-version'
+      data: 'secret-data.pfx'
+    test_vars_overrides:
+      'data': '"./test-fixtures/binary-file.pfx"'
+    ignore_read_extra:
+      - 'is_secret_data_base64'
+  - name: 'regional_secret_version_disabled'
+    primary_resource_id: 'regional_secret_version_disabled'
+    vars:
+      secret_id: 'secret-version'
+      data: 'secret-data'
+  - name: 'regional_secret_version_deletion_policy_abandon'
+    primary_resource_id: 'regional_secret_version_deletion_policy'
+    vars:
+      secret_id: 'secret-version'
+      data: 'secret-data'
+    ignore_read_extra:
+      - 'deletion_policy'
+  - name: 'regional_secret_version_deletion_policy_disable'
+    primary_resource_id: 'regional_secret_version_deletion_policy'
+    vars:
+      secret_id: 'secret-version'
+      data: 'secret-data'
+    ignore_read_extra:
+      - 'deletion_policy'
+virtual_fields:
+  - name: 'deletion_policy'
+    description: |
+      The deletion policy for the regional secret version. Setting `ABANDON` allows the resource
+      to be abandoned rather than deleted. Setting `DISABLE` allows the resource to be
+      disabled rather than deleted. Default is `DELETE`. Possible values are:
+        * DELETE
+        * DISABLE
+        * ABANDON
+    type: String
+    default_value: "DELETE"
+parameters:
+  - name: 'secret'
+    type: ResourceRef
+    description: |
+      Secret Manager regional secret resource.
+    url_param_only: true
+    required: true
+    immutable: true
+    resource: 'RegionalSecret'
+    imports: 'name'
+  - name: 'location'
+    type: String
+    description: |
+      Location of Secret Manager regional secret resource.
+    url_param_only: true
+    output: true
+properties:
+  - name: 'name'
+    type: String
+    description: |
+      The resource name of the regional secret version. Format:
+      `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}}`
+    output: true
+  - name: 'createTime'
+    type: String
+    description: |
+      The time at which the regional secret version was created.
+    output: true
+  - name: 'destroyTime'
+    type: String
+    description: |
+      The time at which the regional secret version was destroyed. Only present if state is DESTROYED.
+    output: true
+  - name: 'customerManagedEncryption'
+    type: NestedObject
+    description: |
+      The customer-managed encryption configuration of the regional secret.
+    output: true
+    properties:
+      - name: 'kmsKeyVersionName'
+        type: String
+        description: |
+          The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
+        output: true
+  - name: 'version'
+    type: String
+    description: |
+      The version of the Regional Secret.
+    output: true
+    custom_flatten: 'templates/terraform/custom_flatten/go/regional_secret_version_version.go.tmpl'
+  - name: 'enabled'
+    type: Boolean
+    description: |
+      The current state of the regional secret version.
+    api_name: state
+    custom_flatten: 'templates/terraform/custom_flatten/go/secret_version_enable.go.tmpl'
+    custom_expand: 'templates/terraform/custom_expand/go/regional_secret_version_enable.go.tmpl'
+    default_value: true
+  - name: 'payload'
+    type: NestedObject
+    description: The secret payload of the Regional SecretVersion.
+    required: true
+    custom_flatten: 'templates/terraform/custom_flatten/go/regional_secret_version_access.go.tmpl'
+    flatten_object: true
+    properties:
+      - name: 'secret_data'
+        type: String
+        description: The secret data. Must be no larger than 64KiB.
+        api_name: data
+        required: true
+        immutable: true
+        sensitive: true
+        custom_expand: 'templates/terraform/custom_expand/go/secret_version_secret_data.go.tmpl'

mmv1/provider/terraform.rb

@@ -416,7 +416,8 @@ def generate_object_modified(object, output_folder, version_name)
       return if (output_folder.include? 'healthcare') || (output_folder.include? 'memorystore')
 
       generate_product = false
-      if @go_yaml_files
+
+      unless @go_yaml_files.empty?
         found = false
         @go_yaml_files.each do |f|
           no_ext = Pathname.new(f).sub_ext ''
@@ -433,11 +434,13 @@ def generate_object_modified(object, output_folder, version_name)
       data = build_object_data(pwd, object, output_folder, version_name)
       Dir.chdir output_folder
       Google::LOGGER.info "Generating #{object.name} rewrite yaml"
-      if @go_yaml_files
+      # rubocop:disable Style/UnlessElse
+      unless @go_yaml_files.empty?
         generate_newyaml_temp(pwd, data.clone, generate_product)
       else
         generate_newyaml(pwd, data.clone)
       end
+      # rubocop:enable Style/UnlessElse
       Dir.chdir pwd
     end
 

mmv1/templates/terraform/custom_expand/go/regional_secret_version_enable.go.tmpl

@@ -0,0 +1,50 @@
+{{/*
+	The license inside this block applies to this file
+	Copyright 2024 Google Inc.
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/ -}}
+func expand{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	name := d.Get("name").(string)
+	if name == "" {
+		return "", nil
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{"{{"}}SecretManagerRegionalBasePath{{"}}"}}{{"{{"}}name{{"}}"}}")
+	if err != nil {
+		return nil, err
+	}
+
+	if v == true {
+		url = fmt.Sprintf("%s:enable", url)
+	} else {
+		url = fmt.Sprintf("%s:disable", url)
+	}
+
+	parts := strings.Split(name, "/")
+	project := parts[1]
+
+	userAgent, err :=  tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config: config,
+		Method: "POST",
+		Project: project,
+		RawURL: url,
+		UserAgent: userAgent,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return nil, nil
+}