From 6675fb1161549c8be4f8df39b77f2078a6db77de Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Sun, 3 Oct 2021 07:17:55 +0000 Subject: [PATCH 01/13] Add support IAM policy for the Environment of Apigee X --- mmv1/products/apigee/api.yaml | 17 ++-- mmv1/products/apigee/terraform.yaml | 67 ++++++++-------- .../custom_import/apigee_environment.go.erb | 42 ---------- .../custom_import/apigee_organization.go.erb | 40 ---------- .../encoders/apigee_organization.go.erb | 2 - .../examples/apigee_environment_basic.tf.erb | 15 ++-- .../apigee_environment_basic_test.tf.erb | 60 --------------- .../apigee_organization_cloud_basic.tf.erb | 6 +- ...pigee_organization_cloud_basic_test.tf.erb | 53 ------------- .../apigee_organization_cloud_full.tf.erb | 17 ++-- ...apigee_organization_cloud_full_test.tf.erb | 77 +++++-------------- 11 files changed, 82 insertions(+), 314 deletions(-) delete mode 100644 mmv1/templates/terraform/custom_import/apigee_environment.go.erb delete mode 100644 mmv1/templates/terraform/custom_import/apigee_organization.go.erb delete mode 100644 mmv1/templates/terraform/encoders/apigee_organization.go.erb delete mode 100644 mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb delete mode 100644 mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb diff --git a/mmv1/products/apigee/api.yaml b/mmv1/products/apigee/api.yaml index 7b47cb05780d..af4c8756f32c 100644 --- a/mmv1/products/apigee/api.yaml +++ b/mmv1/products/apigee/api.yaml @@ -209,9 +209,8 @@ objects: api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances/create' - !ruby/object:Api::Resource name: 'Environment' - base_url: 'environments' - create_url: '{{org_id}}/environments' - self_link: '{{org_id}}/environments/{{name}}' + base_url: 'organizations/{{org_name}}/environments' + self_link: 'organizations/{{org_name}}/environments/{{name}}' async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation path: 'name' @@ -231,12 +230,18 @@ objects: message: 'message' description: | An `Environment` in Apigee. + iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: false + method_name_separator: ':' + parent_resource_attribute: 'env_name' + import_format: ["organizations/{{org_name}}/environments/{{name}}", "{{name}}"] + base_url: "organizations/{{org_name}}/environments/{{name}}" + self_link: "organizations/{{org_name}}/environments/{{name}}" parameters: - !ruby/object:Api::Type::String - name: 'orgId' + name: 'orgName' description: | - The Apigee Organization associated with the Apigee environment, - in the format `organizations/{{org_name}}`. + The Apigee Organization associated with the Apigee environment. required: true input: true url_param_only: true diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml index 038eecbc961e..7d03c394b829 100644 --- a/mmv1/products/apigee/terraform.yaml +++ b/mmv1/products/apigee/terraform.yaml @@ -18,41 +18,47 @@ overrides: !ruby/object:Overrides::ResourceOverrides examples: - !ruby/object:Provider::Terraform::Examples name: "apigee_organization_cloud_basic" - skip_test: true - - !ruby/object:Provider::Terraform::Examples - # This is a more verbose version of the above that creates all - # the resources needed for the acceptance test. - name: "apigee_organization_cloud_basic_test" - primary_resource_id: "org" - test_env_vars: - org_id: :ORG_ID - billing_account: :BILLING_ACCT - skip_docs: true + primary_resource_id: "apigee-org" + vars: + network_id: "apigee-network" + network_range_id: "apigee-range" # Resource creation race skip_vcr: true - !ruby/object:Provider::Terraform::Examples name: "apigee_organization_cloud_full" + primary_resource_id: "apigee-org" + vars: + network_id: "apigee-network" + network_range_id: "apigee-range" + keyring_id: "apigee-keyring" + key_id: "apigee-key" + # While all Apigee resources in this test are in the GA API, we depend + # on a service identity resource which is only available in the beta + # provider. + min_version: beta + # This example is for docs purpose only. + # For test to pass, google-beta-provider needs to be added to all + # resources, and KMS key lifecycle has to be removed. These are set + # in "apigee_organization_cloud_full_test" below. skip_test: true - !ruby/object:Provider::Terraform::Examples - # This is a more verbose version of the above that creates all - # the resources needed for the acceptance test. While all Apigee - # resources in this test are in the GA API, we depend on a service - # identity resource which is only available in the beta provider. name: "apigee_organization_cloud_full_test" - primary_resource_id: "org" - test_env_vars: - org_id: :ORG_ID - billing_account: :BILLING_ACCT - skip_docs: true + primary_resource_id: "apigee-org" + vars: + network_id: "apigee-network" + network_range_id: "apigee-range" + keyring_id: "apigee-keyring" + key_id: "apigee-key" + # While all Apigee resources in this test are in the GA API, we depend + # on a service identity resource which is only available in the beta + # provider. min_version: beta # Resource creation race skip_vcr: true + skip_docs: true timeouts: !ruby/object:Api::Timeouts insert_minutes: 10 delete_minutes: 10 - custom_code: !ruby/object:Provider::Terraform::CustomCode - custom_import: templates/terraform/custom_import/apigee_organization.go.erb - encoder: templates/terraform/encoders/apigee_organization.go.erb Instance: !ruby/object:Overrides::Terraform::ResourceOverride autogen_async: true import_format: ["{{org_id}}/instances/{{name}}", "{{org_id}}/{{name}}"] @@ -93,27 +99,20 @@ overrides: !ruby/object:Overrides::ResourceOverrides custom_import: templates/terraform/custom_import/apigee_instance.go.erb Environment: !ruby/object:Overrides::Terraform::ResourceOverride autogen_async: true - import_format: ["{{org_id}}/environments/{{name}}", "{{org_id}}/{{name}}"] examples: - !ruby/object:Provider::Terraform::Examples name: "apigee_environment_basic" - skip_test: true - - !ruby/object:Provider::Terraform::Examples - # This is a more verbose version of the above that creates all - # the resources needed for the acceptance test. - name: "apigee_environment_basic_test" primary_resource_id: "apigee_environment" - test_env_vars: - org_id: :ORG_ID - billing_account: :BILLING_ACCT - skip_docs: true + primary_resource_name: "getTestProjectFromEnv(), fmt.Sprintf(\"tf-test-apigee-env%s\", context[\"random_suffix\"])" + vars: + network_id: "apigee-network" + network_range_id: "apigee-range" + apigee_env_id: "apigee-env" # Resource creation race skip_vcr: true timeouts: !ruby/object:Api::Timeouts insert_minutes: 30 delete_minutes: 30 - custom_code: !ruby/object:Provider::Terraform::CustomCode - custom_import: templates/terraform/custom_import/apigee_environment.go.erb Envgroup: !ruby/object:Overrides::Terraform::ResourceOverride autogen_async: true import_format: ["{{org_id}}/envgroups/{{name}}", "{{org_id}}/{{name}}"] diff --git a/mmv1/templates/terraform/custom_import/apigee_environment.go.erb b/mmv1/templates/terraform/custom_import/apigee_environment.go.erb deleted file mode 100644 index cace71906631..000000000000 --- a/mmv1/templates/terraform/custom_import/apigee_environment.go.erb +++ /dev/null @@ -1,42 +0,0 @@ -config := meta.(*Config) - -// current import_formats cannot import fields with forward slashes in their value -if err := parseImportId([]string{"(?P.+)"}, d, config); err != nil { - return nil, err -} - -nameParts := strings.Split(d.Get("name").(string), "/") -if len(nameParts) == 4 { - // `organizations/{{org_name}}/environments/{{name}}` - orgId := fmt.Sprintf("organizations/%s", nameParts[1]) - if err := d.Set("org_id", orgId); err != nil { - return nil, fmt.Errorf("Error setting org_id: %s", err) - } - if err := d.Set("name", nameParts[3]); err != nil { - return nil, fmt.Errorf("Error setting name: %s", err) - } -} else if len(nameParts) == 3 { - // `organizations/{{org_name}}/{{name}}` - orgId := fmt.Sprintf("organizations/%s", nameParts[1]) - if err := d.Set("org_id", orgId); err != nil { - return nil, fmt.Errorf("Error setting org_id: %s", err) - } - if err := d.Set("name", nameParts[2]); err != nil { - return nil, fmt.Errorf("Error setting name: %s", err) - } -} else { - return nil, fmt.Errorf( - "Saw %s when the name is expected to have shape %s or %s", - d.Get("name"), - "organizations/{{org_name}}/environments/{{name}}", - "organizations/{{org_name}}/{{name}}") -} - -// Replace import id for the resource id -id, err := replaceVars(d, config, "{{org_id}}/environments/{{name}}") -if err != nil { - return nil, fmt.Errorf("Error constructing id: %s", err) -} -d.SetId(id) - -return []*schema.ResourceData{d}, nil diff --git a/mmv1/templates/terraform/custom_import/apigee_organization.go.erb b/mmv1/templates/terraform/custom_import/apigee_organization.go.erb deleted file mode 100644 index 7107ac822b14..000000000000 --- a/mmv1/templates/terraform/custom_import/apigee_organization.go.erb +++ /dev/null @@ -1,40 +0,0 @@ -config := meta.(*Config) - -// current import_formats can't import fields with forward slashes in their value -if err := parseImportId([]string{"(?P.+)"}, d, config); err != nil { - return nil, err -} - -parts := strings.Split(d.Get("name").(string), "/") - -var projectId string -switch len(parts) { - case 1: - projectId = parts[0] - case 2: - projectId = parts[1] - default: - return nil, fmt.Errorf( - "Saw %s when the name is expected to have shape %s or %s", - d.Get("name"), - "{{name}}", - "organizations/{{name}}", - ) -} - -if err := d.Set("name", projectId); err != nil { - return nil, fmt.Errorf("Error setting organization: %s", err) -} - -if err := d.Set("project_id", projectId); err != nil { - return nil, fmt.Errorf("Error setting organization: %s", err) -} - -// Replace import id for the resource id -id, err := replaceVars(d, config, "organizations/{{name}}") -if err != nil { - return nil, fmt.Errorf("Error constructing id: %s", err) -} -d.SetId(id) - -return []*schema.ResourceData{d}, nil diff --git a/mmv1/templates/terraform/encoders/apigee_organization.go.erb b/mmv1/templates/terraform/encoders/apigee_organization.go.erb deleted file mode 100644 index 0db9f52cccae..000000000000 --- a/mmv1/templates/terraform/encoders/apigee_organization.go.erb +++ /dev/null @@ -1,2 +0,0 @@ -obj["name"] = d.Get("project_id").(string) -return obj, nil \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb index 7d3eadbb8a66..ab7021b755ae 100644 --- a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb @@ -1,11 +1,11 @@ data "google_client_config" "current" {} resource "google_compute_network" "apigee_network" { - name = "apigee-network" + name = "<%= ctx[:vars]['network_id'] %>" } resource "google_compute_global_address" "apigee_range" { - name = "apigee-range" + name = "<%= ctx[:vars]['network_range_id'] %>" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 @@ -25,10 +25,9 @@ resource "google_apigee_organization" "apigee_org" { depends_on = [google_service_networking_connection.apigee_vpc_connection] } -resource "google_apigee_environment" "env" { - name = "tf-test%{random_suffix}" - description = "Apigee Environment" - displayName = "environment-1" - org_id = google_apigee_organization.apigee_org.id +resource "google_apigee_environment" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['apigee_env_id'] %>" + description = "Apigee Environment" + display_name = "environment-1" + org_name = google_apigee_organization.apigee_org.name } - diff --git a/mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb b/mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb deleted file mode 100644 index b0fa1eb164ca..000000000000 --- a/mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb +++ /dev/null @@ -1,60 +0,0 @@ -resource "google_project" "project" { - project_id = "tf-test%{random_suffix}" - name = "tf-test%{random_suffix}" - org_id = "<%= ctx[:test_env_vars]['org_id'] %>" - billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>" -} - -resource "google_project_service" "apigee" { - project = google_project.project.project_id - service = "apigee.googleapis.com" -} - -resource "google_project_service" "compute" { - project = google_project.project.project_id - service = "compute.googleapis.com" -} - -resource "google_project_service" "servicenetworking" { - project = google_project.project.project_id - service = "servicenetworking.googleapis.com" -} - -resource "google_compute_network" "apigee_network" { - name = "apigee-network" - project = google_project.project.project_id - depends_on = [google_project_service.compute] -} - -resource "google_compute_global_address" "apigee_range" { - name = "apigee-range" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 16 - network = google_compute_network.apigee_network.id - project = google_project.project.project_id -} - -resource "google_service_networking_connection" "apigee_vpc_connection" { - network = google_compute_network.apigee_network.id - service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.apigee_range.name] - depends_on = [google_project_service.servicenetworking] -} - -resource "google_apigee_organization" "apigee_org" { - analytics_region = "us-central1" - project_id = google_project.project.project_id - authorized_network = google_compute_network.apigee_network.id - depends_on = [ - google_service_networking_connection.apigee_vpc_connection, - google_project_service.apigee, - ] -} - -resource "google_apigee_environment" "<%= ctx[:primary_resource_id] %>" { - org_id = google_apigee_organization.apigee_org.id - name = "tf-test%{random_suffix}" - description = "Apigee Environment" - display_name = "environment-1" -} diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb index d2e0ff043303..9079ea68f83f 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb @@ -1,11 +1,11 @@ data "google_client_config" "current" {} resource "google_compute_network" "apigee_network" { - name = "apigee-network" + name = "<%= ctx[:vars]['network_id'] %>" } resource "google_compute_global_address" "apigee_range" { - name = "apigee-range" + name = "<%= ctx[:vars]['network_range_id'] %>" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 @@ -18,7 +18,7 @@ resource "google_service_networking_connection" "apigee_vpc_connection" { reserved_peering_ranges = [google_compute_global_address.apigee_range.name] } -resource "google_apigee_organization" "org" { +resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { analytics_region = "us-central1" project_id = data.google_client_config.current.project authorized_network = google_compute_network.apigee_network.id diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb deleted file mode 100644 index 87fab9350fc3..000000000000 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb +++ /dev/null @@ -1,53 +0,0 @@ -resource "google_project" "project" { - project_id = "tf-test%{random_suffix}" - name = "tf-test%{random_suffix}" - org_id = "<%= ctx[:test_env_vars]['org_id'] %>" - billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>" -} - -resource "google_project_service" "apigee" { - project = google_project.project.project_id - service = "apigee.googleapis.com" -} - -resource "google_project_service" "compute" { - project = google_project.project.project_id - service = "compute.googleapis.com" -} - -resource "google_project_service" "servicenetworking" { - project = google_project.project.project_id - service = "servicenetworking.googleapis.com" -} - -resource "google_compute_network" "apigee_network" { - name = "apigee-network" - project = google_project.project.project_id - depends_on = [google_project_service.compute] -} - -resource "google_compute_global_address" "apigee_range" { - name = "apigee-range" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 16 - network = google_compute_network.apigee_network.id - project = google_project.project.project_id -} - -resource "google_service_networking_connection" "apigee_vpc_connection" { - network = google_compute_network.apigee_network.id - service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.apigee_range.name] - depends_on = [google_project_service.servicenetworking] -} - -resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { - analytics_region = "us-central1" - project_id = google_project.project.project_id - authorized_network = google_compute_network.apigee_network.id - depends_on = [ - google_service_networking_connection.apigee_vpc_connection, - google_project_service.apigee, - ] -} diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb index a8435eba3343..1bde84ac0229 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb @@ -1,11 +1,11 @@ data "google_client_config" "current" {} resource "google_compute_network" "apigee_network" { - name = "apigee-network" + name = "<%= ctx[:vars]['network_id'] %>" } resource "google_compute_global_address" "apigee_range" { - name = "apigee-range" + name = "<%= ctx[:vars]['network_range_id'] %>" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 @@ -19,12 +19,12 @@ resource "google_service_networking_connection" "apigee_vpc_connection" { } resource "google_kms_key_ring" "apigee_keyring" { - name = "apigee-keyring" + name = "<%= ctx[:vars]['keyring_id'] %>" location = "us-central1" } resource "google_kms_crypto_key" "apigee_key" { - name = "apigee-key" + name = "<%= ctx[:vars]['key_id'] %>" key_ring = google_kms_key_ring.apigee_keyring.id lifecycle { @@ -34,8 +34,9 @@ resource "google_kms_crypto_key" "apigee_key" { resource "google_project_service_identity" "apigee_sa" { provider = google-beta - project = google_project.project.project_id - service = google_project_service.apigee.service + + project = data.google_client_config.current.project + service = "apigee.googleapis.com" } resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { @@ -47,7 +48,7 @@ resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { ] } -resource "google_apigee_organization" "org" { +resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { analytics_region = "us-central1" display_name = "apigee-org" description = "Terraform-provisioned Apigee Org." @@ -59,4 +60,4 @@ resource "google_apigee_organization" "org" { google_service_networking_connection.apigee_vpc_connection, google_kms_crypto_key_iam_binding.apigee_sa_keyuser, ] -} \ No newline at end of file +} diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb index bb059d56a92b..7a162f9631ed 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb @@ -1,93 +1,54 @@ -resource "google_project" "project" { - provider = google-beta - - project_id = "tf-test%{random_suffix}" - name = "tf-test%{random_suffix}" - org_id = "<%= ctx[:test_env_vars]['org_id'] %>" - billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>" -} - -resource "google_project_service" "apigee" { - provider = google-beta - - project = google_project.project.project_id - service = "apigee.googleapis.com" -} - -resource "google_project_service" "compute" { - provider = google-beta - - project = google_project.project.project_id - service = "compute.googleapis.com" -} - -resource "google_project_service" "servicenetworking" { - provider = google-beta - - project = google_project.project.project_id - service = "servicenetworking.googleapis.com" -} - -resource "google_project_service" "kms" { - provider = google-beta - - project = google_project.project.project_id - service = "cloudkms.googleapis.com" +data "google_client_config" "current" { + provider = google-beta } resource "google_compute_network" "apigee_network" { - provider = google-beta + provider = google-beta - name = "apigee-network" - project = google_project.project.project_id - depends_on = [google_project_service.compute] + name = "<%= ctx[:vars]['network_id'] %>" } resource "google_compute_global_address" "apigee_range" { - provider = google-beta + provider = google-beta - name = "apigee-range" + name = "<%= ctx[:vars]['network_range_id'] %>" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 network = google_compute_network.apigee_network.id - project = google_project.project.project_id } resource "google_service_networking_connection" "apigee_vpc_connection" { - provider = google-beta + provider = google-beta network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" reserved_peering_ranges = [google_compute_global_address.apigee_range.name] - depends_on = [google_project_service.servicenetworking] } resource "google_kms_key_ring" "apigee_keyring" { provider = google-beta - name = "apigee-keyring" - location = "us-central1" - project = google_project.project.project_id - depends_on = [google_project_service.kms] + name = "<%= ctx[:vars]['keyring_id'] %>" + location = "us-central1" } resource "google_kms_crypto_key" "apigee_key" { - provider = google-beta + provider = google-beta - name = "apigee-key" + name = "<%= ctx[:vars]['key_id'] %>" key_ring = google_kms_key_ring.apigee_keyring.id } resource "google_project_service_identity" "apigee_sa" { provider = google-beta - project = google_project.project.project_id - service = google_project_service.apigee.service + project = data.google_client_config.current.project + service = "apigee.googleapis.com" } resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { - provider = google-beta + provider = google-beta crypto_key_id = google_kms_crypto_key.apigee_key.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" @@ -98,12 +59,12 @@ resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { } resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { - provider = google-beta + provider = google-beta - display_name = "apigee-org" - description = "Terraform-managed Apigee Org" analytics_region = "us-central1" - project_id = google_project.project.project_id + display_name = "apigee-org" + description = "Terraform-provisioned Apigee Org." + project_id = data.google_client_config.current.project authorized_network = google_compute_network.apigee_network.id runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id @@ -111,4 +72,4 @@ resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { google_service_networking_connection.apigee_vpc_connection, google_kms_crypto_key_iam_binding.apigee_sa_keyuser, ] -} \ No newline at end of file +} From 13f920695cd958ef51034658480694301222b28f Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Sun, 3 Oct 2021 07:17:55 +0000 Subject: [PATCH 02/13] Add support IAM policy for the Environment of Apigee X --- mmv1/products/apigee/api.yaml | 12 ++++++------ .../terraform/encoders/apigee_organization.go.erb | 2 ++ .../examples/apigee_environment_basic.tf.erb | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 mmv1/templates/terraform/encoders/apigee_organization.go.erb diff --git a/mmv1/products/apigee/api.yaml b/mmv1/products/apigee/api.yaml index af4c8756f32c..3c540fe1e39a 100644 --- a/mmv1/products/apigee/api.yaml +++ b/mmv1/products/apigee/api.yaml @@ -209,8 +209,8 @@ objects: api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances/create' - !ruby/object:Api::Resource name: 'Environment' - base_url: 'organizations/{{org_name}}/environments' - self_link: 'organizations/{{org_name}}/environments/{{name}}' + base_url: '{{org_id}}/environments' + self_link: '{{org_id}}/environments/{{name}}' async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation path: 'name' @@ -233,10 +233,10 @@ objects: iam_policy: !ruby/object:Api::Resource::IamPolicy exclude: false method_name_separator: ':' - parent_resource_attribute: 'env_name' - import_format: ["organizations/{{org_name}}/environments/{{name}}", "{{name}}"] - base_url: "organizations/{{org_name}}/environments/{{name}}" - self_link: "organizations/{{org_name}}/environments/{{name}}" + parent_resource_attribute: 'env_id' + import_format: ["{{org_id}}/environments/{{name}}", "{{name}}"] + base_url: "{{org_id}}/environments/{{name}}" + self_link: "{{org_id}}/environments/{{name}}" parameters: - !ruby/object:Api::Type::String name: 'orgName' diff --git a/mmv1/templates/terraform/encoders/apigee_organization.go.erb b/mmv1/templates/terraform/encoders/apigee_organization.go.erb new file mode 100644 index 000000000000..03c99cada236 --- /dev/null +++ b/mmv1/templates/terraform/encoders/apigee_organization.go.erb @@ -0,0 +1,2 @@ +obj["name"] = d.Get("project_id").(string) +return obj, nil diff --git a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb index ab7021b755ae..198eaad22a68 100644 --- a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb @@ -29,5 +29,5 @@ resource "google_apigee_environment" "<%= ctx[:primary_resource_id] %>" { name = "<%= ctx[:vars]['apigee_env_id'] %>" description = "Apigee Environment" display_name = "environment-1" - org_name = google_apigee_organization.apigee_org.name + org_id = google_apigee_organization.apigee_org.id } From 88604e6cd295db7b8de67b81cefaac5dbfab995d Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Sun, 3 Oct 2021 07:17:55 +0000 Subject: [PATCH 03/13] Add support IAM policy for the Environment of Apigee X --- mmv1/products/apigee/api.yaml | 5 ++- mmv1/products/apigee/terraform.yaml | 6 +++ .../custom_import/apigee_environment.go.erb | 42 +++++++++++++++++++ .../custom_import/apigee_organization.go.erb | 40 ++++++++++++++++++ 4 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 mmv1/templates/terraform/custom_import/apigee_environment.go.erb create mode 100644 mmv1/templates/terraform/custom_import/apigee_organization.go.erb diff --git a/mmv1/products/apigee/api.yaml b/mmv1/products/apigee/api.yaml index 3c540fe1e39a..f43020f789f9 100644 --- a/mmv1/products/apigee/api.yaml +++ b/mmv1/products/apigee/api.yaml @@ -239,9 +239,10 @@ objects: self_link: "{{org_id}}/environments/{{name}}" parameters: - !ruby/object:Api::Type::String - name: 'orgName' + name: 'orgId' description: | - The Apigee Organization associated with the Apigee environment. + The Apigee Organization associated with the Apigee environment, + in the format `organizations/{{org_name}}`. required: true input: true url_param_only: true diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml index 7d03c394b829..a8a8fb480a41 100644 --- a/mmv1/products/apigee/terraform.yaml +++ b/mmv1/products/apigee/terraform.yaml @@ -59,6 +59,9 @@ overrides: !ruby/object:Overrides::ResourceOverrides timeouts: !ruby/object:Api::Timeouts insert_minutes: 10 delete_minutes: 10 + custom_code: !ruby/object:Provider::Terraform::CustomCode + custom_import: templates/terraform/custom_import/apigee_organization.go.erb + encoder: templates/terraform/encoders/apigee_organization.go.erb Instance: !ruby/object:Overrides::Terraform::ResourceOverride autogen_async: true import_format: ["{{org_id}}/instances/{{name}}", "{{org_id}}/{{name}}"] @@ -99,6 +102,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides custom_import: templates/terraform/custom_import/apigee_instance.go.erb Environment: !ruby/object:Overrides::Terraform::ResourceOverride autogen_async: true + import_format: ["{{org_id}}/environments/{{name}}", "{{org_id}}/{{name}}"] examples: - !ruby/object:Provider::Terraform::Examples name: "apigee_environment_basic" @@ -113,6 +117,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides timeouts: !ruby/object:Api::Timeouts insert_minutes: 30 delete_minutes: 30 + custom_code: !ruby/object:Provider::Terraform::CustomCode + custom_import: templates/terraform/custom_import/apigee_environment.go.erb Envgroup: !ruby/object:Overrides::Terraform::ResourceOverride autogen_async: true import_format: ["{{org_id}}/envgroups/{{name}}", "{{org_id}}/{{name}}"] diff --git a/mmv1/templates/terraform/custom_import/apigee_environment.go.erb b/mmv1/templates/terraform/custom_import/apigee_environment.go.erb new file mode 100644 index 000000000000..cace71906631 --- /dev/null +++ b/mmv1/templates/terraform/custom_import/apigee_environment.go.erb @@ -0,0 +1,42 @@ +config := meta.(*Config) + +// current import_formats cannot import fields with forward slashes in their value +if err := parseImportId([]string{"(?P.+)"}, d, config); err != nil { + return nil, err +} + +nameParts := strings.Split(d.Get("name").(string), "/") +if len(nameParts) == 4 { + // `organizations/{{org_name}}/environments/{{name}}` + orgId := fmt.Sprintf("organizations/%s", nameParts[1]) + if err := d.Set("org_id", orgId); err != nil { + return nil, fmt.Errorf("Error setting org_id: %s", err) + } + if err := d.Set("name", nameParts[3]); err != nil { + return nil, fmt.Errorf("Error setting name: %s", err) + } +} else if len(nameParts) == 3 { + // `organizations/{{org_name}}/{{name}}` + orgId := fmt.Sprintf("organizations/%s", nameParts[1]) + if err := d.Set("org_id", orgId); err != nil { + return nil, fmt.Errorf("Error setting org_id: %s", err) + } + if err := d.Set("name", nameParts[2]); err != nil { + return nil, fmt.Errorf("Error setting name: %s", err) + } +} else { + return nil, fmt.Errorf( + "Saw %s when the name is expected to have shape %s or %s", + d.Get("name"), + "organizations/{{org_name}}/environments/{{name}}", + "organizations/{{org_name}}/{{name}}") +} + +// Replace import id for the resource id +id, err := replaceVars(d, config, "{{org_id}}/environments/{{name}}") +if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) +} +d.SetId(id) + +return []*schema.ResourceData{d}, nil diff --git a/mmv1/templates/terraform/custom_import/apigee_organization.go.erb b/mmv1/templates/terraform/custom_import/apigee_organization.go.erb new file mode 100644 index 000000000000..7107ac822b14 --- /dev/null +++ b/mmv1/templates/terraform/custom_import/apigee_organization.go.erb @@ -0,0 +1,40 @@ +config := meta.(*Config) + +// current import_formats can't import fields with forward slashes in their value +if err := parseImportId([]string{"(?P.+)"}, d, config); err != nil { + return nil, err +} + +parts := strings.Split(d.Get("name").(string), "/") + +var projectId string +switch len(parts) { + case 1: + projectId = parts[0] + case 2: + projectId = parts[1] + default: + return nil, fmt.Errorf( + "Saw %s when the name is expected to have shape %s or %s", + d.Get("name"), + "{{name}}", + "organizations/{{name}}", + ) +} + +if err := d.Set("name", projectId); err != nil { + return nil, fmt.Errorf("Error setting organization: %s", err) +} + +if err := d.Set("project_id", projectId); err != nil { + return nil, fmt.Errorf("Error setting organization: %s", err) +} + +// Replace import id for the resource id +id, err := replaceVars(d, config, "organizations/{{name}}") +if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) +} +d.SetId(id) + +return []*schema.ResourceData{d}, nil From 974e3d0c1bf6e47347e0696ec6aa06db66e006f3 Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Sun, 3 Oct 2021 07:17:55 +0000 Subject: [PATCH 04/13] Add support IAM policy for the Environment of Apigee X --- mmv1/products/apigee/api.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mmv1/products/apigee/api.yaml b/mmv1/products/apigee/api.yaml index f43020f789f9..0323e8314cb4 100644 --- a/mmv1/products/apigee/api.yaml +++ b/mmv1/products/apigee/api.yaml @@ -209,7 +209,8 @@ objects: api: 'https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances/create' - !ruby/object:Api::Resource name: 'Environment' - base_url: '{{org_id}}/environments' + base_url: 'environments' + create_url: '{{org_id}}/environments' self_link: '{{org_id}}/environments/{{name}}' async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation From 702d8be1bf5219e62e2ad6206669da1b08da69dc Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Tue, 19 Oct 2021 18:05:57 +0000 Subject: [PATCH 05/13] Revert all changes to test files. --- mmv1/products/apigee/terraform.yaml | 62 +++++++-------- .../examples/apigee_environment_basic.tf.erb | 17 ++--- .../apigee_environment_basic_test.tf.erb | 60 +++++++++++++++ .../apigee_organization_cloud_basic.tf.erb | 7 +- ...pigee_organization_cloud_basic_test.tf.erb | 54 +++++++++++++ .../apigee_organization_cloud_full.tf.erb | 18 ++--- ...apigee_organization_cloud_full_test.tf.erb | 76 ++++++++++++++----- 7 files changed, 217 insertions(+), 77 deletions(-) create mode 100644 mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb create mode 100644 mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml index a8a8fb480a41..fea76b759322 100644 --- a/mmv1/products/apigee/terraform.yaml +++ b/mmv1/products/apigee/terraform.yaml @@ -10,7 +10,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - --- !ruby/object:Provider::Terraform::Config overrides: !ruby/object:Overrides::ResourceOverrides Organization: !ruby/object:Overrides::Terraform::ResourceOverride @@ -18,44 +17,35 @@ overrides: !ruby/object:Overrides::ResourceOverrides examples: - !ruby/object:Provider::Terraform::Examples name: "apigee_organization_cloud_basic" - primary_resource_id: "apigee-org" - vars: - network_id: "apigee-network" - network_range_id: "apigee-range" + skip_test: true + - !ruby/object:Provider::Terraform::Examples + # This is a more verbose version of the above that creates all + # the resources needed for the acceptance test. + name: "apigee_organization_cloud_basic_test" + primary_resource_id: "org" + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true # Resource creation race skip_vcr: true - !ruby/object:Provider::Terraform::Examples name: "apigee_organization_cloud_full" - primary_resource_id: "apigee-org" - vars: - network_id: "apigee-network" - network_range_id: "apigee-range" - keyring_id: "apigee-keyring" - key_id: "apigee-key" - # While all Apigee resources in this test are in the GA API, we depend - # on a service identity resource which is only available in the beta - # provider. - min_version: beta - # This example is for docs purpose only. - # For test to pass, google-beta-provider needs to be added to all - # resources, and KMS key lifecycle has to be removed. These are set - # in "apigee_organization_cloud_full_test" below. skip_test: true - !ruby/object:Provider::Terraform::Examples + # This is a more verbose version of the above that creates all + # the resources needed for the acceptance test. While all Apigee + # resources in this test are in the GA API, we depend on a service + # identity resource which is only available in the beta provider. name: "apigee_organization_cloud_full_test" - primary_resource_id: "apigee-org" - vars: - network_id: "apigee-network" - network_range_id: "apigee-range" - keyring_id: "apigee-keyring" - key_id: "apigee-key" - # While all Apigee resources in this test are in the GA API, we depend - # on a service identity resource which is only available in the beta - # provider. + primary_resource_id: "org" + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true min_version: beta # Resource creation race skip_vcr: true - skip_docs: true timeouts: !ruby/object:Api::Timeouts insert_minutes: 10 delete_minutes: 10 @@ -106,12 +96,16 @@ overrides: !ruby/object:Overrides::ResourceOverrides examples: - !ruby/object:Provider::Terraform::Examples name: "apigee_environment_basic" + skip_test: true + - !ruby/object:Provider::Terraform::Examples + # This is a more verbose version of the above that creates all + # the resources needed for the acceptance test. + name: "apigee_environment_basic_test" primary_resource_id: "apigee_environment" - primary_resource_name: "getTestProjectFromEnv(), fmt.Sprintf(\"tf-test-apigee-env%s\", context[\"random_suffix\"])" - vars: - network_id: "apigee-network" - network_range_id: "apigee-range" - apigee_env_id: "apigee-env" + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true # Resource creation race skip_vcr: true timeouts: !ruby/object:Api::Timeouts diff --git a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb index 198eaad22a68..04da4189e0c8 100644 --- a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb @@ -1,23 +1,21 @@ data "google_client_config" "current" {} resource "google_compute_network" "apigee_network" { - name = "<%= ctx[:vars]['network_id'] %>" + name = "apigee-network" } resource "google_compute_global_address" "apigee_range" { - name = "<%= ctx[:vars]['network_range_id'] %>" + name = "apigee-range" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 network = google_compute_network.apigee_network.id } - resource "google_service_networking_connection" "apigee_vpc_connection" { network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" reserved_peering_ranges = [google_compute_global_address.apigee_range.name] } - resource "google_apigee_organization" "apigee_org" { analytics_region = "us-central1" project_id = data.google_client_config.current.project @@ -25,9 +23,10 @@ resource "google_apigee_organization" "apigee_org" { depends_on = [google_service_networking_connection.apigee_vpc_connection] } -resource "google_apigee_environment" "<%= ctx[:primary_resource_id] %>" { - name = "<%= ctx[:vars]['apigee_env_id'] %>" - description = "Apigee Environment" - display_name = "environment-1" - org_id = google_apigee_organization.apigee_org.id +resource "google_apigee_environment" "env" { + name = "tf-test%{random_suffix}" + description = "Apigee Environment" + displayName = "environment-1" + org_id = google_apigee_organization.apigee_org.id } + diff --git a/mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb b/mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb new file mode 100644 index 000000000000..b0fa1eb164ca --- /dev/null +++ b/mmv1/templates/terraform/examples/apigee_environment_basic_test.tf.erb @@ -0,0 +1,60 @@ +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "<%= ctx[:test_env_vars]['org_id'] %>" + billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_environment" "<%= ctx[:primary_resource_id] %>" { + org_id = google_apigee_organization.apigee_org.id + name = "tf-test%{random_suffix}" + description = "Apigee Environment" + display_name = "environment-1" +} diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb index 9079ea68f83f..dae450621964 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb @@ -1,24 +1,23 @@ data "google_client_config" "current" {} resource "google_compute_network" "apigee_network" { - name = "<%= ctx[:vars]['network_id'] %>" + name = "apigee-network" } resource "google_compute_global_address" "apigee_range" { - name = "<%= ctx[:vars]['network_range_id'] %>" + name = "apigee-range" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 network = google_compute_network.apigee_network.id } - resource "google_service_networking_connection" "apigee_vpc_connection" { network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" reserved_peering_ranges = [google_compute_global_address.apigee_range.name] } -resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { +resource "google_apigee_organization" "org" { analytics_region = "us-central1" project_id = data.google_client_config.current.project authorized_network = google_compute_network.apigee_network.id diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb new file mode 100644 index 000000000000..975fa8dc2b49 --- /dev/null +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb @@ -0,0 +1,54 @@ +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "<%= ctx[:test_env_vars]['org_id'] %>" + billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb index 1bde84ac0229..12bb56f975af 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb @@ -1,17 +1,16 @@ data "google_client_config" "current" {} resource "google_compute_network" "apigee_network" { - name = "<%= ctx[:vars]['network_id'] %>" + name = "apigee-network" } resource "google_compute_global_address" "apigee_range" { - name = "<%= ctx[:vars]['network_range_id'] %>" + name = "apigee-range" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 network = google_compute_network.apigee_network.id } - resource "google_service_networking_connection" "apigee_vpc_connection" { network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" @@ -19,12 +18,12 @@ resource "google_service_networking_connection" "apigee_vpc_connection" { } resource "google_kms_key_ring" "apigee_keyring" { - name = "<%= ctx[:vars]['keyring_id'] %>" + name = "apigee-keyring" location = "us-central1" } resource "google_kms_crypto_key" "apigee_key" { - name = "<%= ctx[:vars]['key_id'] %>" + name = "apigee-key" key_ring = google_kms_key_ring.apigee_keyring.id lifecycle { @@ -34,28 +33,25 @@ resource "google_kms_crypto_key" "apigee_key" { resource "google_project_service_identity" "apigee_sa" { provider = google-beta - - project = data.google_client_config.current.project - service = "apigee.googleapis.com" + project = google_project.project.project_id + service = google_project_service.apigee.service } resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { crypto_key_id = google_kms_crypto_key.apigee_key.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ "serviceAccount:${google_project_service_identity.apigee_sa.email}", ] } -resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { +resource "google_apigee_organization" "org" { analytics_region = "us-central1" display_name = "apigee-org" description = "Terraform-provisioned Apigee Org." project_id = data.google_client_config.current.project authorized_network = google_compute_network.apigee_network.id runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id - depends_on = [ google_service_networking_connection.apigee_vpc_connection, google_kms_crypto_key_iam_binding.apigee_sa_keyuser, diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb index 7a162f9631ed..cc62f08fd427 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb @@ -1,70 +1,108 @@ -data "google_client_config" "current" { - provider = google-beta +resource "google_project" "project" { + provider = google-beta + + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "<%= ctx[:test_env_vars]['org_id'] %>" + billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>" +} + +resource "google_project_service" "apigee" { + provider = google-beta + + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "compute" { + provider = google-beta + + project = google_project.project.project_id + service = "compute.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + provider = google-beta + + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" +} + +resource "google_project_service" "kms" { + provider = google-beta + + project = google_project.project.project_id + service = "cloudkms.googleapis.com" } resource "google_compute_network" "apigee_network" { - provider = google-beta + provider = google-beta - name = "<%= ctx[:vars]['network_id'] %>" + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] } resource "google_compute_global_address" "apigee_range" { - provider = google-beta + provider = google-beta - name = "<%= ctx[:vars]['network_range_id'] %>" + name = "apigee-range" purpose = "VPC_PEERING" address_type = "INTERNAL" prefix_length = 16 network = google_compute_network.apigee_network.id + project = google_project.project.project_id } resource "google_service_networking_connection" "apigee_vpc_connection" { - provider = google-beta + provider = google-beta network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] } resource "google_kms_key_ring" "apigee_keyring" { provider = google-beta - name = "<%= ctx[:vars]['keyring_id'] %>" - location = "us-central1" + name = "apigee-keyring" + location = "us-central1" + project = google_project.project.project_id + depends_on = [google_project_service.kms] } resource "google_kms_crypto_key" "apigee_key" { - provider = google-beta + provider = google-beta - name = "<%= ctx[:vars]['key_id'] %>" + name = "apigee-key" key_ring = google_kms_key_ring.apigee_keyring.id } resource "google_project_service_identity" "apigee_sa" { provider = google-beta - project = data.google_client_config.current.project - service = "apigee.googleapis.com" + project = google_project.project.project_id + service = google_project_service.apigee.service } resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { - provider = google-beta + provider = google-beta crypto_key_id = google_kms_crypto_key.apigee_key.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ "serviceAccount:${google_project_service_identity.apigee_sa.email}", ] } resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { - provider = google-beta + provider = google-beta - analytics_region = "us-central1" display_name = "apigee-org" - description = "Terraform-provisioned Apigee Org." - project_id = data.google_client_config.current.project + description = "Terraform-managed Apigee Org" + analytics_region = "us-central1" + project_id = google_project.project.project_id authorized_network = google_compute_network.apigee_network.id runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id From c506d874a0f80e6fcb7368521eb34fb1b02e7519 Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Tue, 19 Oct 2021 18:05:57 +0000 Subject: [PATCH 06/13] Revert all changes to test files. --- .../examples/apigee_organization_cloud_basic_test.tf.erb | 1 - 1 file changed, 1 deletion(-) diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb index 975fa8dc2b49..87fab9350fc3 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic_test.tf.erb @@ -51,4 +51,3 @@ resource "google_apigee_organization" "<%= ctx[:primary_resource_id] %>" { google_project_service.apigee, ] } - From 27bca670f0b615164248957ccc25ddace0902cad Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Tue, 19 Oct 2021 18:12:12 +0000 Subject: [PATCH 07/13] Revert all changes to test files. --- mmv1/products/apigee/terraform.yaml | 1 + .../terraform/examples/apigee_environment_basic.tf.erb | 2 ++ .../terraform/examples/apigee_organization_cloud_basic.tf.erb | 1 + .../terraform/examples/apigee_organization_cloud_full.tf.erb | 3 +++ .../examples/apigee_organization_cloud_full_test.tf.erb | 1 + 5 files changed, 8 insertions(+) diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml index fea76b759322..038eecbc961e 100644 --- a/mmv1/products/apigee/terraform.yaml +++ b/mmv1/products/apigee/terraform.yaml @@ -10,6 +10,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + --- !ruby/object:Provider::Terraform::Config overrides: !ruby/object:Overrides::ResourceOverrides Organization: !ruby/object:Overrides::Terraform::ResourceOverride diff --git a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb index 04da4189e0c8..7d3eadbb8a66 100644 --- a/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_environment_basic.tf.erb @@ -11,11 +11,13 @@ resource "google_compute_global_address" "apigee_range" { prefix_length = 16 network = google_compute_network.apigee_network.id } + resource "google_service_networking_connection" "apigee_vpc_connection" { network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" reserved_peering_ranges = [google_compute_global_address.apigee_range.name] } + resource "google_apigee_organization" "apigee_org" { analytics_region = "us-central1" project_id = data.google_client_config.current.project diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb index dae450621964..d2e0ff043303 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_basic.tf.erb @@ -11,6 +11,7 @@ resource "google_compute_global_address" "apigee_range" { prefix_length = 16 network = google_compute_network.apigee_network.id } + resource "google_service_networking_connection" "apigee_vpc_connection" { network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb index 12bb56f975af..891fb47422a9 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_full.tf.erb @@ -11,6 +11,7 @@ resource "google_compute_global_address" "apigee_range" { prefix_length = 16 network = google_compute_network.apigee_network.id } + resource "google_service_networking_connection" "apigee_vpc_connection" { network = google_compute_network.apigee_network.id service = "servicenetworking.googleapis.com" @@ -40,6 +41,7 @@ resource "google_project_service_identity" "apigee_sa" { resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { crypto_key_id = google_kms_crypto_key.apigee_key.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + members = [ "serviceAccount:${google_project_service_identity.apigee_sa.email}", ] @@ -52,6 +54,7 @@ resource "google_apigee_organization" "org" { project_id = data.google_client_config.current.project authorized_network = google_compute_network.apigee_network.id runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id + depends_on = [ google_service_networking_connection.apigee_vpc_connection, google_kms_crypto_key_iam_binding.apigee_sa_keyuser, diff --git a/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb b/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb index cc62f08fd427..32b47756f31a 100644 --- a/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb +++ b/mmv1/templates/terraform/examples/apigee_organization_cloud_full_test.tf.erb @@ -91,6 +91,7 @@ resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { crypto_key_id = google_kms_crypto_key.apigee_key.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + members = [ "serviceAccount:${google_project_service_identity.apigee_sa.email}", ] From f4fde558b11b34bfd6241b7225a9a78ef267a2f9 Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Tue, 19 Oct 2021 23:31:44 +0000 Subject: [PATCH 08/13] Add primary_resource_name to fix tests. --- mmv1/products/apigee/terraform.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml index 038eecbc961e..22ab424b4cb5 100644 --- a/mmv1/products/apigee/terraform.yaml +++ b/mmv1/products/apigee/terraform.yaml @@ -103,6 +103,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides # the resources needed for the acceptance test. name: "apigee_environment_basic_test" primary_resource_id: "apigee_environment" + primary_resource_name: "getTestProjectFromEnv(), fmt.Sprintf(\"tf-test-apigee-env%s\", context[\"random_suffix\"])" test_env_vars: org_id: :ORG_ID billing_account: :BILLING_ACCT From 0c4ac429ba58da7e73eea5f669469f497f765875 Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Mon, 25 Oct 2021 21:34:35 +0000 Subject: [PATCH 09/13] Update iam_attributes.tf.erb to honor skip_test. --- mmv1/templates/terraform/iam/iam_attributes.tf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/templates/terraform/iam/iam_attributes.tf.erb b/mmv1/templates/terraform/iam/iam_attributes.tf.erb index a67618cf232a..94d98aed6467 100644 --- a/mmv1/templates/terraform/iam/iam_attributes.tf.erb +++ b/mmv1/templates/terraform/iam/iam_attributes.tf.erb @@ -1,4 +1,4 @@ -<% example = object.examples +<% example = object.examples.reject(&:skip_test) .reject { |e| @api.version_obj_or_closest(version) < @api.version_obj_or_closest(e.min_version) } .first -%> <% self_link_url = object.iam_policy.self_link || object.self_link_url -%> @@ -11,4 +11,4 @@ <% attribute_val = p.underscore -%> <% end -%> <%= attribute_val.underscore -%> = <%= parent_resource_type_type -%>.<%= example.primary_resource_id -%>.<%= p.underscore %> -<% end -%> \ No newline at end of file +<% end -%> From 4c435e5958870fd76de6b34b25c8a6474231fd46 Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Wed, 27 Oct 2021 19:14:41 +0000 Subject: [PATCH 10/13] Don't reject skip_tests when example is nil. --- mmv1/templates/terraform/iam/iam_attributes.tf.erb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mmv1/templates/terraform/iam/iam_attributes.tf.erb b/mmv1/templates/terraform/iam/iam_attributes.tf.erb index 94d98aed6467..171e3f258e28 100644 --- a/mmv1/templates/terraform/iam/iam_attributes.tf.erb +++ b/mmv1/templates/terraform/iam/iam_attributes.tf.erb @@ -1,6 +1,11 @@ <% example = object.examples.reject(&:skip_test) .reject { |e| @api.version_obj_or_closest(version) < @api.version_obj_or_closest(e.min_version) } - .first -%> + .first -%> +<% if !example -%> +<% example = object.examples + .reject { |e| @api.version_obj_or_closest(version) < @api.version_obj_or_closest(e.min_version) } + .first -%> +<% end -%> <% self_link_url = object.iam_policy.self_link || object.self_link_url -%> <% parent_resource_last_param_name = extract_identifiers(self_link_url).last -%> <% parent_resource_type_type = object.iam_policy.parent_resource_type || resource_ns -%> From 68d42494227c9f32a54ccbef84158123e74e1f85 Mon Sep 17 00:00:00 2001 From: xuchenma <67921399+xuchenma@users.noreply.github.com> Date: Fri, 5 Nov 2021 11:35:37 -0700 Subject: [PATCH 11/13] Update mmv1/products/apigee/api.yaml Co-authored-by: Stephen Lewis (Burrows) --- mmv1/products/apigee/api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/apigee/api.yaml b/mmv1/products/apigee/api.yaml index 0323e8314cb4..3f0c46710d8a 100644 --- a/mmv1/products/apigee/api.yaml +++ b/mmv1/products/apigee/api.yaml @@ -235,7 +235,7 @@ objects: exclude: false method_name_separator: ':' parent_resource_attribute: 'env_id' - import_format: ["{{org_id}}/environments/{{name}}", "{{name}}"] + import_format: ["{{%org_id}}/environments/{{name}}", "{{name}}"] base_url: "{{org_id}}/environments/{{name}}" self_link: "{{org_id}}/environments/{{name}}" parameters: From 5586f70d77a82736bc504693be69cdce099cc6fd Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Wed, 10 Nov 2021 19:40:16 +0000 Subject: [PATCH 12/13] Fix primary_resource_name for apigee organization name. --- mmv1/products/apigee/terraform.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml index 3d3169bb5cda..d3e700cecc20 100644 --- a/mmv1/products/apigee/terraform.yaml +++ b/mmv1/products/apigee/terraform.yaml @@ -103,7 +103,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides # the resources needed for the acceptance test. name: "apigee_environment_basic_test" primary_resource_id: "apigee_environment" - primary_resource_name: "getTestProjectFromEnv(), fmt.Sprintf(\"tf-test-apigee-env%s\", context[\"random_suffix\"])" + primary_resource_name: "fmt.Sprintf(\"organizations/tf-test%s\", context[\"random_suffix\"]), fmt.Sprintf(\"tf-test%s\", context[\"random_suffix\"])" test_env_vars: org_id: :ORG_ID billing_account: :BILLING_ACCT From bb3918581c76e5abcf4f1574f95e2f1ad889e52f Mon Sep 17 00:00:00 2001 From: Xuchen Ma Date: Fri, 7 Jan 2022 06:58:42 +0000 Subject: [PATCH 13/13] Add a new field "ipRange". --- mmv1/products/apigee/api.yaml | 10 ++++ mmv1/products/apigee/terraform.yaml | 14 +++++ .../examples/apigee_instance_ip_range.tf.erb | 33 ++++++++++ .../apigee_instance_ip_range_test.tf.erb | 60 +++++++++++++++++++ 4 files changed, 117 insertions(+) create mode 100644 mmv1/templates/terraform/examples/apigee_instance_ip_range.tf.erb create mode 100644 mmv1/templates/terraform/examples/apigee_instance_ip_range_test.tf.erb diff --git a/mmv1/products/apigee/api.yaml b/mmv1/products/apigee/api.yaml index 03dea2fdad62..e6e692ca0efe 100644 --- a/mmv1/products/apigee/api.yaml +++ b/mmv1/products/apigee/api.yaml @@ -175,6 +175,16 @@ objects: description: | The size of the CIDR block range that will be reserved by the instance. For valid values, see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. + - !ruby/object:Api::Type::String + name: 'ipRange' + description: | + IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22" - !ruby/object:Api::Type::String name: 'description' description: | diff --git a/mmv1/products/apigee/terraform.yaml b/mmv1/products/apigee/terraform.yaml index 5d85297bd55a..afde6711b9ef 100644 --- a/mmv1/products/apigee/terraform.yaml +++ b/mmv1/products/apigee/terraform.yaml @@ -85,6 +85,20 @@ overrides: !ruby/object:Overrides::ResourceOverrides skip_docs: true # Resource creation race skip_vcr: true + - !ruby/object:Provider::Terraform::Examples + name: "apigee_instance_ip_range" + skip_test: true + - !ruby/object:Provider::Terraform::Examples + # This is a more verbose version of the above that creates all + # the resources needed for the acceptance test. + name: "apigee_instance_ip_range_test" + primary_resource_id: "apigee_instance" + test_env_vars: + org_id: :ORG_ID + billing_account: :BILLING_ACCT + skip_docs: true + # Resource creation race + skip_vcr: true - !ruby/object:Provider::Terraform::Examples name: "apigee_instance_full" skip_test: true diff --git a/mmv1/templates/terraform/examples/apigee_instance_ip_range.tf.erb b/mmv1/templates/terraform/examples/apigee_instance_ip_range.tf.erb new file mode 100644 index 000000000000..5bc9fe3dc818 --- /dev/null +++ b/mmv1/templates/terraform/examples/apigee_instance_ip_range.tf.erb @@ -0,0 +1,33 @@ +data "google_client_config" "current" {} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 22 + network = google_compute_network.apigee_network.id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = data.google_client_config.current.project + authorized_network = google_compute_network.apigee_network.id + depends_on = [google_service_networking_connection.apigee_vpc_connection] +} + +resource "google_apigee_instance" "apigee_instance" { + name = "tf-test%{random_suffix}" + location = "us-central1-b" + org_id = google_apigee_organization.apigee_org.id + ip_range = "10.87.8.0/22" +} diff --git a/mmv1/templates/terraform/examples/apigee_instance_ip_range_test.tf.erb b/mmv1/templates/terraform/examples/apigee_instance_ip_range_test.tf.erb new file mode 100644 index 000000000000..feabd6d45256 --- /dev/null +++ b/mmv1/templates/terraform/examples/apigee_instance_ip_range_test.tf.erb @@ -0,0 +1,60 @@ +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "<%= ctx[:test_env_vars]['org_id'] %>" + billing_account = "<%= ctx[:test_env_vars]['billing_account'] %>" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 22 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_instance" "<%= ctx[:primary_resource_id] %>" { + name = "tf-test%{random_suffix}" + location = "us-central1" + org_id = google_apigee_organization.apigee_org.id + ip_range = "10.87.8.0/22" +}