Handle case where policy_data is empty (#5896)

mmv1/third_party/validator/iam_helpers.go

@@ -12,13 +12,17 @@ import (
 // expandIamPolicyBindings is used in google_<type>_iam_policy resources.
 func expandIamPolicyBindings(d TerraformResourceData) ([]IAMBinding, error) {
 	ps := d.Get("policy_data").(string)
+	var bindings []IAMBinding
+	// policy_data is (known after apply) in terraform plan, hence an empty string
+	if ps == "" {
+		return bindings, nil
+	}
 	// The policy string is just a marshaled cloudresourcemanager.Policy.
 	policy := &cloudresourcemanager.Policy{}
 	if err := json.Unmarshal([]byte(ps), policy); err != nil {
-		return nil, fmt.Errorf("Could not unmarshal %s:\n: %v", ps, err)
+		return nil, fmt.Errorf("Could not unmarshal %s: %v", ps, err)
 	}
 
-	var bindings []IAMBinding
 	for _, b := range policy.Bindings {
 		bindings = append(bindings, IAMBinding{
 			Role:    b.Role,
@@ -134,7 +138,7 @@ func mergeDeleteAdditiveBindings(existing, incoming []IAMBinding) []IAMBinding {
 		}
 		if newMembers != nil {
 			newExisting = append(newExisting, IAMBinding{
-				Role: binding.Role,
+				Role:    binding.Role,
 				Members: newMembers,
 			})
 		}

mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy_empty_policy_data.json

@@ -0,0 +1,22 @@
+[
+  {
+    "name": "//bigquery.googleapis.com/projects/{{.Provider.project}}/datasets/example_dataset",
+    "asset_type": "bigquery.googleapis.com/Dataset",
+    "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}",
+    "resource": {
+      "version": "v2",
+      "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/bigquery/v2/rest",
+      "discovery_name": "Dataset",
+      "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}",
+      "data": {
+        "datasetReference": {
+          "datasetId": "example_dataset"
+        },
+        "location": "US"
+      }
+    },
+    "iam_policy": {
+      "bindings": null
+    }
+  }
+]

mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy_empty_policy_data.tf

@@ -0,0 +1,54 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+      version = "~> {{.Provider.version}}"
+    }
+  }
+}
+
+provider "google" {
+  {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}}
+}
+
+resource "random_string" "suffix" {
+  length  = 4
+  upper   = false
+  special = false
+}
+
+
+data "google_iam_policy" "owner" {
+  binding {
+    role = "roles/bigquery.dataOwner"
+
+    members = [
+      "${random_string.suffix.result}:jane@example.com",
+    ]
+  }
+}
+
+resource "google_bigquery_dataset" "dataset" {
+  dataset_id = "example_dataset"
+}
+
+resource "google_bigquery_dataset_iam_policy" "dataset" {
+  dataset_id  = google_bigquery_dataset.dataset.dataset_id
+  policy_data = data.google_iam_policy.owner.policy_data
+}