GoogleCloudPlatform · modular-magician · Sep 5, 2019 · Aug 8, 2019 · Aug 9, 2019 · Aug 9, 2019
diff --git a/api/resource/iam_policy.rb b/api/resource/iam_policy.rb
@@ -30,11 +30,40 @@ class IamPolicy < Api::Object
       # While Compute subnetwork uses {resource}/getIamPolicy
       attr_reader :method_name_separator
 
+      # The terraform type of the parent resource if it is not the same as the
+      # IAM resource. The IAP product needs these as its IAM policies refer
+      # to compute resources
+      attr_reader :parent_resource_type
+
+      # Some resources allow retrieving the IAM policy with GET requests,
+      # others expect POST requests
+      attr_reader :fetch_iam_policy_verb
+
+      # Certain resources allow different sets of roles to be set with IAM policies
+      # This is a role that is acceptable for the given IAM policy resource for use in tests
+      attr_reader :allowed_iam_role
+
+      # Certain resources need an attribute other than "id" from their parent resource
+      # Especially when a parent is not the same type as the IAM resource
+      attr_reader :parent_resource_attribute
+
+      # If the IAM resource test needs a new project to be created, this is the name of the project
+      attr_reader :test_project_name
+
+      # Resource name may need a custom diff suppress function. Default is to use
+      # compareSelfLinkOrResourceName
+      attr_reader :custom_diff_suppress
+
       def validate
         super
 
         check :exclude, type: :boolean, default: false
         check :method_name_separator, type: String, default: '/'
+        check :parent_resource_type, type: String
+        check :fetch_iam_policy_verb, type: Symbol, default: :GET, allowed: %i[GET POST]
+        check :allowed_iam_role, type: String, default: 'roles/viewer'
+        check :parent_resource_attribute, type: String, default: 'id'
+        check :test_project_name, type: String
       end
     end
   end

diff --git a/build/terraform b/build/terraform
diff --git a/build/terraform-beta b/build/terraform-beta
diff --git a/build/terraform-mapper b/build/terraform-mapper
diff --git a/products/iap/api.yaml b/products/iap/api.yaml
@@ -0,0 +1,75 @@
+# Copyright 2019 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Product
+name: Iap
+display_name: Identity-Aware Proxy
+versions:
+  - !ruby/object:Api::Product::Version
+    name: ga
+    base_url: https://iap.googleapis.com/v1/
+scopes:
+  - https://www.googleapis.com/auth/cloud-platform
+apis_required:
+  - !ruby/object:Api::Product::ApiReference
+    name: Cloud Identity-Aware Proxy
+    url: https://console.cloud.google.com/apis/library/iap.googleapis.com/
+objects:
+  - !ruby/object:Api::Resource
+    name: 'Web'
+    base_url: 'projects/{{project}}/iap_web'
+    self_link: 'projects/{{project}}/iap_web'
+    exclude_resource: true
+    description: |
+      Only used to generate IAM resources
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        description: Dummy property.
+        required: true
+  - !ruby/object:Api::Resource
+    name: 'WebTypeCompute'
+    base_url: 'projects/{{project}}/iap_web/compute'
+    self_link: 'projects/{{project}}/iap_web/compute'
+    exclude_resource: true
+    description: |
+      Only used to generate IAM resources
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        description: Dummy property.
+        required: true
+  - !ruby/object:Api::Resource
+    name: 'WebTypeAppEngine'
+    base_url: 'projects/{{project}}/iap_web/appengine-{{appId}}'
+    self_link: 'projects/{{project}}/iap_web/appengine-{{appId}}'
+    exclude_resource: true
+    description: |
+      Only used to generate IAM resources
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'appId'
+        description: Id of the App Engine application.
+        required: true
+  - !ruby/object:Api::Resource
+    name: 'WebBackendService'
+    base_url: 'projects/{{project}}/iap_web/compute/services/{{backendServiceName}}'
+    self_link: 'projects/{{project}}/iap_web/compute/services/{{backendServiceName}}'
+    exclude_resource: true
+    description: |
+      Only used to generate IAM resources
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'backendServiceName'
+        description: Name or self link of a backend service.
+        required: true
diff --git a/products/iap/terraform.yaml b/products/iap/terraform.yaml
@@ -0,0 +1,92 @@
+# Copyright 2019 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Provider::Terraform::Config
+overrides: !ruby/object:Overrides::ResourceOverrides
+  Web: !ruby/object:Overrides::Terraform::ResourceOverride
+    id_format: "projects/{{project}}/iap_web"
+    import_format: ["projects/{{project}}/iap_web"]
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      exclude: false
+      method_name_separator: ':'
+      parent_resource_type: 'google_project_service'
+      fetch_iam_policy_verb: :POST
+      allowed_iam_role: 'roles/iap.httpsResourceAccessor'
+      parent_resource_attribute: 'project'
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "iap_project"
+        primary_resource_id: "project_service"
+        primary_resource_name: "fmt.Sprintf(\"tf-test%s\", context[\"random_suffix\"])"
+        test_env_vars:
+          org_id: :ORG_ID
+  WebTypeCompute: !ruby/object:Overrides::Terraform::ResourceOverride
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      exclude: false
+      method_name_separator: ':'
+      parent_resource_type: 'google_project_service'
+      parent_resource_attribute: 'project'
+      fetch_iam_policy_verb: :POST
+      allowed_iam_role: 'roles/iap.httpsResourceAccessor'
+    id_format: "projects/{{project}}/iap_web/compute"
+    import_format: ["projects/{{project}}/iap_web/compute"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "iap_project"
+        primary_resource_id: "project_service"
+        primary_resource_name: "fmt.Sprintf(\"tf-test%s\", context[\"random_suffix\"])"
+        test_env_vars:
+          org_id: :ORG_ID
+  WebTypeAppEngine: !ruby/object:Overrides::Terraform::ResourceOverride
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      exclude: false
+      method_name_separator: ':'
+      parent_resource_type: 'google_app_engine_application'
+      parent_resource_attribute: 'app_id'
+      fetch_iam_policy_verb: :POST
+      allowed_iam_role: 'roles/iap.httpsResourceAccessor'
+      test_project_name: "tf-test"
+      custom_diff_suppress: 'templates/terraform/iam/iap_web_appengine_diff_suppress.go.erb'
+    id_format: "projects/{{project}}/iap_web/appengine-{{appId}}"
+    import_format: ["projects/{{project}}/iap_web/appengine-{{appId}}"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "iap_appengine"
+        primary_resource_id: "app"
+        primary_resource_name: "context[\"project_id\"]"
+        test_env_vars:
+          org_id: :ORG_ID
+  WebBackendService: !ruby/object:Overrides::Terraform::ResourceOverride
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      exclude: false
+      method_name_separator: ':'
+      parent_resource_type: 'google_compute_backend_service'
+      parent_resource_attribute: 'name'
+      fetch_iam_policy_verb: :POST
+      allowed_iam_role: 'roles/iap.httpsResourceAccessor'
+    id_format: "projects/{{project}}/iap_web/compute/services/{{backendServiceName}}"
+    import_format: ["projects/{{project}}/iap_web/compute/services/{{backendServiceName}}"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "backend_service_basic"
+        primary_resource_id: "default"
+        vars:
+          backend_service_name: "backend-service"
+          http_health_check_name: "health-check"
+        primary_resource_name: "fmt.Sprintf(\"backend-service%s\", context[\"random_suffix\"])"
+# This is for copying files over
+files: !ruby/object:Provider::Config::Files
+  # These files have templating (ERB) code that will be run.
+  # This is usually to add licensing info, autogeneration notices, etc.
+  compile:
+<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%>
diff --git a/provider/terraform.rb b/provider/terraform.rb
@@ -242,5 +242,9 @@ def build_object_data(object, output_folder, version)
         build_env
       )
     end
+
+    def extract_identifiers(url)
+      url.scan(/\{\{(\w+)\}\}/).flatten
+    end
   end
 end