From ebdffd6d0a29072f5c1c644bf0903bbe3dc9ac04 Mon Sep 17 00:00:00 2001 From: Tom Samaras Date: Fri, 28 Jan 2022 16:06:47 -0500 Subject: [PATCH 01/22] add configuration for nonpreemptible secondary dataproc nodes --- mmv1/products/dataproc/api.yaml | 33 +++++++++++ .../resource_dataproc_cluster.go.erb | 28 +++++++++- .../resource_dataproc_cluster_test.go.erb | 56 +++++++++++++++++++ 3 files changed, 114 insertions(+), 3 deletions(-) diff --git a/mmv1/products/dataproc/api.yaml b/mmv1/products/dataproc/api.yaml index 4ed026314f1c..ed575636ecc3 100644 --- a/mmv1/products/dataproc/api.yaml +++ b/mmv1/products/dataproc/api.yaml @@ -326,8 +326,19 @@ objects: Number of attached SSDs, from 0 to 4. - !ruby/object:Api::Type::Boolean name: 'isPreemptible' + output: true description: | Specifies if this instance group contains preemptible instances. + - !ruby/object:Api::Type::Enum + name: 'preemptibility' + description: | + Specifies the preemptibility of the instance group. + The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. + The default value for secondary instances is PREEMPTIBLE. + values: + - :PREEMPTIBILITY_UNSPECIFIED + - :NON_PREEMPTIBLE + - :PREEMPTIBLE - !ruby/object:Api::Type::NestedObject name: 'managedGroupConfig' output: true @@ -387,8 +398,19 @@ objects: Number of attached SSDs, from 0 to 4. - !ruby/object:Api::Type::Boolean name: 'isPreemptible' + output: true description: | Specifies if this instance group contains preemptible instances. + - !ruby/object:Api::Type::Enum + name: 'preemptibility' + description: | + Specifies the preemptibility of the instance group. + The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. + The default value for secondary instances is PREEMPTIBLE. + values: + - :PREEMPTIBILITY_UNSPECIFIED + - :NON_PREEMPTIBLE + - :PREEMPTIBLE - !ruby/object:Api::Type::NestedObject name: 'managedGroupConfig' output: true @@ -448,8 +470,19 @@ objects: Number of attached SSDs, from 0 to 4. - !ruby/object:Api::Type::Boolean name: 'isPreemptible' + output: true description: | Specifies if this instance group contains preemptible instances. + - !ruby/object:Api::Type::Enum + name: 'preemptibility' + description: | + Specifies the preemptibility of the instance group. + The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. + The default value for secondary instances is PREEMPTIBLE. + values: + - :PREEMPTIBILITY_UNSPECIFIED + - :NON_PREEMPTIBLE + - :PREEMPTIBLE - !ruby/object:Api::Type::NestedObject name: 'managedGroupConfig' output: true diff --git a/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb b/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb index 1cf7667d0799..1f72b9b29196 100644 --- a/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb +++ b/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb @@ -336,6 +336,7 @@ func resourceDataprocCluster() *schema.Resource { Description: `Specifies the number of preemptible nodes to create. Defaults to 0.`, AtLeastOneOf: []string{ "cluster_config.0.preemptible_worker_config.0.num_instances", + "cluster_config.0.preemptible_worker_config.0.preemptibility", "cluster_config.0.preemptible_worker_config.0.disk_config", }, }, @@ -344,6 +345,25 @@ func resourceDataprocCluster() *schema.Resource { // It always uses whatever is specified for the worker_config // "machine_type": { ... } // "min_cpu_platform": { ... } + "is_preemptible": { + Type: schema.TypeBool, + Computed: true, + Description: `Specifies that this instance group contains preemptible instances.`, + }, + + "preemptibility": { + Type: schema.TypeString, + Optional: true, + Description: `Specifies the preemptibility of the secondary nodes. Defaults to PREEMPTIBLE.`, + AtLeastOneOf: []string{ + "cluster_config.0.preemptible_worker_config.0.num_instances", + "cluster_config.0.preemptible_worker_config.0.preemptibility", + "cluster_config.0.preemptible_worker_config.0.disk_config", + }, + ForceNew: true, + ValidateFunc: validation.StringInSlice([]string{"PREEMPTIBILITY_UNSPECIFIED", "NON_PREEMPTIBLE", "PREEMPTIBLE"}, false), + }, + "disk_config": { Type: schema.TypeList, Optional: true, @@ -351,6 +371,7 @@ func resourceDataprocCluster() *schema.Resource { Description: `Disk Config`, AtLeastOneOf: []string{ "cluster_config.0.preemptible_worker_config.0.num_instances", + "cluster_config.0.preemptible_worker_config.0.preemptibility", "cluster_config.0.preemptible_worker_config.0.disk_config", }, MaxItems: 1, @@ -982,9 +1003,6 @@ func expandClusterConfig(d *schema.ResourceData, config *Config) (*dataproc.Clus if cfg, ok := configOptions(d, "cluster_config.0.preemptible_worker_config"); ok { log.Println("[INFO] got preemptible worker config") conf.SecondaryWorkerConfig = expandPreemptibleInstanceGroupConfig(cfg) - if conf.SecondaryWorkerConfig.NumInstances > 0 { - conf.SecondaryWorkerConfig.IsPreemptible = true - } } return conf, nil } @@ -1221,6 +1239,9 @@ func expandPreemptibleInstanceGroupConfig(cfg map[string]interface{}) *dataproc. } } } + if p, ok := cfg["preemptibility"]; ok { + icg.Preemptibility = p.(string) + } return icg } @@ -1662,6 +1683,7 @@ func flattenPreemptibleInstanceGroupConfig(d *schema.ResourceData, icg *dataproc if icg != nil { data["num_instances"] = icg.NumInstances data["instance_names"] = icg.InstanceNames + data["preemptibility"] = icg.Preemptibility if icg.DiskConfig != nil { disk["boot_disk_size_gb"] = icg.DiskConfig.BootDiskSizeGb disk["num_local_ssds"] = icg.DiskConfig.NumLocalSsds diff --git a/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb b/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb index 4b834dbe1b58..1cb3541499dc 100644 --- a/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb @@ -399,6 +399,27 @@ func TestAccDataprocCluster_updatable(t *testing.T) { }) } +func TestAccDataprocCluster_nonPreemptibleSecondary(t *testing.T) { + t.Parallel() + + rnd := randString(t, 10) + var cluster dataproc.Cluster + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDataprocClusterDestroy(t), + Steps: []resource.TestStep{ + { + Config: testAccDataprocCluster_nonPreemptibleSecondary(rnd), + Check: resource.ComposeTestCheckFunc( + testAccCheckDataprocClusterExists(t, "google_dataproc_cluster.non_preemptible", &cluster), + resource.TestCheckResourceAttr("google_dataproc_cluster.non_preemptible", "cluster_config.0.preemptible_worker_config.0.preemptibility", "NON_PREEMPTIBLE"), + ), + }, + }, + }) +} + func TestAccDataprocCluster_withStagingBucket(t *testing.T) { t.Parallel() @@ -1352,6 +1373,41 @@ resource "google_dataproc_cluster" "updatable" { `, rnd, w, p) } +func testAccDataprocCluster_nonPreemptibleSecondary(rnd string) string { + return fmt.Sprintf(` +resource "google_dataproc_cluster" "non_preemptible_secondary" { + name = "tf-test-dproc-%s" + region = "us-central1" + + cluster_config { + master_config { + num_instances = "1" + machine_type = "e2-medium" + disk_config { + boot_disk_size_gb = 35 + } + } + + worker_config { + num_instances = "2" + machine_type = "e2-medium" + disk_config { + boot_disk_size_gb = 35 + } + } + + preemptible_worker_config { + num_instances = "1" + preemptibility = "NON_PREEMPTIBLE" + disk_config { + boot_disk_size_gb = 35 + } + } + } +} + `, rnd) +} + func testAccDataprocCluster_withStagingBucketOnly(bucketName string) string { return fmt.Sprintf(` resource "google_storage_bucket" "bucket" { From 40d4e9ff150553c83c89b6469c7b2cb46b822cdb Mon Sep 17 00:00:00 2001 From: "Stephen Lewis (Burrows)" Date: Mon, 24 Jan 2022 09:52:40 -0800 Subject: [PATCH 02/22] Allow extension of default user agent in GetConfig (#5639) --- mmv1/third_party/validator/getconfig.go | 18 +++++++++++++++++- mmv1/third_party/validator/getconfig_test.go | 18 +++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/mmv1/third_party/validator/getconfig.go b/mmv1/third_party/validator/getconfig.go index bd9fb3d56feb..a4a4755c8b78 100644 --- a/mmv1/third_party/validator/getconfig.go +++ b/mmv1/third_party/validator/getconfig.go @@ -2,13 +2,23 @@ package google import ( "context" + "fmt" + "os" "github.com/pkg/errors" + + "github.com/GoogleCloudPlatform/terraform-validator/version" ) +// Return the value of the private userAgent field +func (c *Config) UserAgent() string { + return c.userAgent +} + func GetConfig(ctx context.Context, project string, offline bool) (*Config, error) { cfg := &Config{ - Project: project, + Project: project, + userAgent: fmt.Sprintf("config-validator-tf/%s", version.BuildVersion()), } // Search for default credentials @@ -26,6 +36,12 @@ func GetConfig(ctx context.Context, project string, offline bool) (*Config, erro "GOOGLE_IMPERSONATE_SERVICE_ACCOUNT", }) + // opt in extension for adding to the User-Agent header + if ext := os.Getenv("GOOGLE_TERRAFORM_VALIDATOR_USERAGENT_EXTENSION"); ext != "" { + ua := cfg.userAgent + cfg.userAgent = fmt.Sprintf("%s %s", ua, ext) + } + if !offline { ConfigureBasePaths(cfg) if err := cfg.LoadAndValidate(ctx); err != nil { diff --git a/mmv1/third_party/validator/getconfig_test.go b/mmv1/third_party/validator/getconfig_test.go index 662f23176991..911b4abddb60 100644 --- a/mmv1/third_party/validator/getconfig_test.go +++ b/mmv1/third_party/validator/getconfig_test.go @@ -19,6 +19,9 @@ func getAccessToken(cfg *Config) string { func getImpersonateServiceAccount(cfg *Config) string { return cfg.ImpersonateServiceAccount } +func getUserAgent(cfg *Config) string { + return cfg.UserAgent() +} func TestGetConfigExtractsEnvVars(t *testing.T) { ctx := context.Background() @@ -27,38 +30,51 @@ func TestGetConfigExtractsEnvVars(t *testing.T) { name string envKey string envValue string + expected string getConfigValue configAttrGetter }{ { name: "GOOGLE_CREDENTIALS", envKey: "GOOGLE_CREDENTIALS", envValue: "whatever", + expected: "whatever", getConfigValue: getCredentials, }, { name: "GOOGLE_CLOUD_KEYFILE_JSON", envKey: "GOOGLE_CLOUD_KEYFILE_JSON", envValue: "whatever", + expected: "whatever", getConfigValue: getCredentials, }, { name: "GCLOUD_KEYFILE_JSON", envKey: "GCLOUD_KEYFILE_JSON", envValue: "whatever", + expected: "whatever", getConfigValue: getCredentials, }, { name: "GOOGLE_OAUTH_ACCESS_TOKEN", envKey: "GOOGLE_OAUTH_ACCESS_TOKEN", envValue: "whatever", + expected: "whatever", getConfigValue: getAccessToken, }, { name: "GOOGLE_IMPERSONATE_SERVICE_ACCOUNT", envKey: "GOOGLE_IMPERSONATE_SERVICE_ACCOUNT", envValue: "whatever", + expected: "whatever", getConfigValue: getImpersonateServiceAccount, }, + { + name: "GOOGLE_TERRAFORM_VALIDATOR_USERAGENT_EXTENSION", + envKey: "GOOGLE_TERRAFORM_VALIDATOR_USERAGENT_EXTENSION", + envValue: "whatever", + expected: "config-validator-tf/dev whatever", + getConfigValue: getUserAgent, + }, } for _, c := range cases { @@ -74,7 +90,7 @@ func TestGetConfigExtractsEnvVars(t *testing.T) { t.Fatalf("error building converter: %s", err) } - assert.EqualValues(t, c.getConfigValue(cfg), c.envValue) + assert.Equal(t, c.expected, c.getConfigValue(cfg)) if isSet { err = os.Setenv(c.envKey, originalValue) From e9c908ab2a6872986b95183439c3f5440d7e6a57 Mon Sep 17 00:00:00 2001 From: Riley Karson Date: Mon, 24 Jan 2022 10:11:14 -0800 Subject: [PATCH 03/22] Use utility functions to reduce the need for strconv, validation imports (#5621) --- mmv1/templates/terraform/constants/tpu_node.erb | 2 +- mmv1/templates/terraform/custom_flatten/default_if_empty.erb | 2 +- .../terraform/decoders/avoid_meaningless_project_update.erb | 4 ++-- mmv1/templates/terraform/flatten_property_method.erb | 2 +- mmv1/templates/terraform/schema_property.erb | 4 ++-- .../data_source_google_kms_crypto_key_version.go | 3 +-- mmv1/third_party/terraform/utils/privateca_utils.go | 3 +-- mmv1/third_party/terraform/utils/provider_test.go.erb | 2 +- mmv1/third_party/terraform/utils/utils.go | 5 +++++ mmv1/third_party/terraform/utils/validation.go | 4 ++++ 10 files changed, 19 insertions(+), 12 deletions(-) diff --git a/mmv1/templates/terraform/constants/tpu_node.erb b/mmv1/templates/terraform/constants/tpu_node.erb index 34faf4054ddd..75b195917368 100644 --- a/mmv1/templates/terraform/constants/tpu_node.erb +++ b/mmv1/templates/terraform/constants/tpu_node.erb @@ -32,7 +32,7 @@ func tpuNodeCustomizeDiff(_ context.Context, diff *schema.ResourceDiff, meta int if networkLinkRegex.MatchString(old.(string)) { parts := networkLinkRegex.FindStringSubmatch(old.(string)) - i, err := strconv.ParseInt(parts[1], 10, 64) + i, err := stringToFixed64(parts[1]) if err == nil { if project.ProjectNumber == i { if err := diff.SetNew("network", old); err != nil { diff --git a/mmv1/templates/terraform/custom_flatten/default_if_empty.erb b/mmv1/templates/terraform/custom_flatten/default_if_empty.erb index f6f4c492110d..498d0a84bf1e 100644 --- a/mmv1/templates/terraform/custom_flatten/default_if_empty.erb +++ b/mmv1/templates/terraform/custom_flatten/default_if_empty.erb @@ -19,7 +19,7 @@ func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d <%- if property.is_a?(Api::Type::Integer) -%> // Handles the string fixed64 format if strVal, ok := v.(string); ok { - if intVal, err := strconv.ParseInt(strVal, 10, 64); err == nil { + if intVal, err := stringToFixed64(strVal); err == nil { return intVal } // let terraform core handle it if we can't convert the string to an int. } diff --git a/mmv1/templates/terraform/decoders/avoid_meaningless_project_update.erb b/mmv1/templates/terraform/decoders/avoid_meaningless_project_update.erb index 07646d7abf9f..f86efdedf65b 100644 --- a/mmv1/templates/terraform/decoders/avoid_meaningless_project_update.erb +++ b/mmv1/templates/terraform/decoders/avoid_meaningless_project_update.erb @@ -34,7 +34,7 @@ // If it's a project ID var oldProjId int64 var newProjId int64 - if oldVal, err := strconv.ParseInt(old, 10, 64); err == nil { + if oldVal, err := stringToFixed64(old); err == nil { log.Printf("[DEBUG] The old value was a real number: %d", oldVal) oldProjId = oldVal } else { @@ -44,7 +44,7 @@ } oldProjId = pOld.ProjectNumber } - if newVal, err := strconv.ParseInt(new, 10, 64); err == nil { + if newVal, err := stringToFixed64(new); err == nil { log.Printf("[DEBUG] The new value was a real number: %d", newVal) newProjId = newVal } else { diff --git a/mmv1/templates/terraform/flatten_property_method.erb b/mmv1/templates/terraform/flatten_property_method.erb index d16691e0f447..f2c15085c141 100644 --- a/mmv1/templates/terraform/flatten_property_method.erb +++ b/mmv1/templates/terraform/flatten_property_method.erb @@ -95,7 +95,7 @@ func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d <% elsif property.is_a?(Api::Type::Integer) -%> // Handles the string fixed64 format if strVal, ok := v.(string); ok { - if intVal, err := strconv.ParseInt(strVal, 10, 64); err == nil { + if intVal, err := stringToFixed64(strVal); err == nil { return intVal } } diff --git a/mmv1/templates/terraform/schema_property.erb b/mmv1/templates/terraform/schema_property.erb index 97339747a822..fef48db3d9d6 100644 --- a/mmv1/templates/terraform/schema_property.erb +++ b/mmv1/templates/terraform/schema_property.erb @@ -54,7 +54,7 @@ enum_values = property.values enum_values.push "" unless property.required -%> - ValidateFunc: validation.StringInSlice([]string{"<%= enum_values.join '","' -%>"}, false), + ValidateFunc: validateEnum([]string{"<%= enum_values.join '","' -%>"}), <% end -%> <% if !property.diff_suppress_func.nil? -%> DiffSuppressFunc: <%= property.diff_suppress_func %>, @@ -118,7 +118,7 @@ <% elsif property.item_type.is_a?(Api::Type::Enum) -%> Elem: &schema.Schema{ Type: <%= tf_types[property.item_type.class] -%>, - ValidateFunc: validation.StringInSlice([]string{"<%= property.item_type.values.join '","' -%>"}, false), + ValidateFunc: validateEnum([]string{"<%= property.item_type.values.join '","' -%>"}), }, <% else # array of basic types -%> Elem: &schema.Schema{ diff --git a/mmv1/third_party/terraform/data_sources/data_source_google_kms_crypto_key_version.go b/mmv1/third_party/terraform/data_sources/data_source_google_kms_crypto_key_version.go index 2cadc5bcb8ae..dd97fca6c835 100644 --- a/mmv1/third_party/terraform/data_sources/data_source_google_kms_crypto_key_version.go +++ b/mmv1/third_party/terraform/data_sources/data_source_google_kms_crypto_key_version.go @@ -3,7 +3,6 @@ package google import ( "fmt" "log" - "strconv" "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -136,7 +135,7 @@ func flattenKmsCryptoKeyVersionVersion(v interface{}, d *schema.ResourceData) in parts := strings.Split(v.(string), "/") version := parts[len(parts)-1] // Handles the string fixed64 format - if intVal, err := strconv.ParseInt(version, 10, 64); err == nil { + if intVal, err := stringToFixed64(version); err == nil { return intVal } // let terraform core handle it if we can't convert the string to an int. return v diff --git a/mmv1/third_party/terraform/utils/privateca_utils.go b/mmv1/third_party/terraform/utils/privateca_utils.go index 253087de5d71..851651671c65 100644 --- a/mmv1/third_party/terraform/utils/privateca_utils.go +++ b/mmv1/third_party/terraform/utils/privateca_utils.go @@ -2,7 +2,6 @@ package google import ( "fmt" - "strconv" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -336,7 +335,7 @@ func flattenPrivatecaCertificateConfigX509ConfigCaOptionsIsCa(v interface{}, d * func flattenPrivatecaCertificateConfigX509ConfigCaOptionsMaxIssuerPathLength(v interface{}, d *schema.ResourceData, config *Config) interface{} { // Handles the string fixed64 format if strVal, ok := v.(string); ok { - if intVal, err := strconv.ParseInt(strVal, 10, 64); err == nil { + if intVal, err := stringToFixed64(strVal); err == nil { return intVal } } diff --git a/mmv1/third_party/terraform/utils/provider_test.go.erb b/mmv1/third_party/terraform/utils/provider_test.go.erb index 40301f4a2bc7..76d5be06fdaf 100644 --- a/mmv1/third_party/terraform/utils/provider_test.go.erb +++ b/mmv1/third_party/terraform/utils/provider_test.go.erb @@ -354,7 +354,7 @@ func readSeedFromFile(fileName string) (int64, error) { // Remove NULL characters from seed data = bytes.Trim(data, "\x00") seed := string(data) - return strconv.ParseInt(seed, 10, 64) + return stringToFixed64(seed) } func writeSeedToFile(seed int64, fileName string) error { diff --git a/mmv1/third_party/terraform/utils/utils.go b/mmv1/third_party/terraform/utils/utils.go index a3269526d18f..b48797b2b568 100644 --- a/mmv1/third_party/terraform/utils/utils.go +++ b/mmv1/third_party/terraform/utils/utils.go @@ -7,6 +7,7 @@ import ( "log" "os" "sort" + "strconv" "strings" "time" @@ -310,6 +311,10 @@ func mergeResourceMaps(ms ...map[string]*schema.Resource) (map[string]*schema.Re return merged, err } +func stringToFixed64(v string) (int64, error) { + return strconv.ParseInt(v, 10, 64) +} + func extractFirstMapConfig(m []interface{}) map[string]interface{} { if len(m) == 0 { return map[string]interface{}{} diff --git a/mmv1/third_party/terraform/utils/validation.go b/mmv1/third_party/terraform/utils/validation.go index 82278482cb32..ee198c181c7f 100644 --- a/mmv1/third_party/terraform/utils/validation.go +++ b/mmv1/third_party/terraform/utils/validation.go @@ -112,6 +112,10 @@ func validateRegexp(re string) schema.SchemaValidateFunc { } } +func validateEnum(values []string) schema.SchemaValidateFunc { + return validation.StringInSlice(values, false) +} + func validateRFC1918Network(min, max int) schema.SchemaValidateFunc { return func(i interface{}, k string) (s []string, es []error) { From b4941f98926c769f4a46fe2d9668858a809b25e6 Mon Sep 17 00:00:00 2001 From: Riley Karson Date: Mon, 24 Jan 2022 14:52:01 -0800 Subject: [PATCH 04/22] =?UTF-8?q?Remove=20the=20invalidupgradesettings=20t?= =?UTF-8?q?est.=20=E2=80=A6=20(#5640)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../resource_container_node_pool_test.go.erb | 21 ++----------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/mmv1/third_party/terraform/tests/resource_container_node_pool_test.go.erb b/mmv1/third_party/terraform/tests/resource_container_node_pool_test.go.erb index 9baab935d66c..20fd4b187f7d 100644 --- a/mmv1/third_party/terraform/tests/resource_container_node_pool_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_container_node_pool_test.go.erb @@ -3,7 +3,9 @@ package google import ( "fmt" +<% unless version.nil? || version == 'ga' -%> "regexp" +<% end -%> "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" @@ -472,25 +474,6 @@ func TestAccContainerNodePool_withUpgradeSettings(t *testing.T) { }) } -func TestAccContainerNodePool_withInvalidUpgradeSettings(t *testing.T) { - t.Parallel() - - cluster := fmt.Sprintf("tf-test-cluster-%s", randString(t, 10)) - np := fmt.Sprintf("tf-test-np-%s", randString(t, 10)) - - vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckContainerClusterDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testAccContainerNodePool_withUpgradeSettings(cluster, np, 0, 0), - ExpectError: regexp.MustCompile(`.?Max_surge and max_unavailable must not be negative and at least one of them must be greater than zero.*`), - }, - }, - }) -} - func TestAccContainerNodePool_withGPU(t *testing.T) { t.Parallel() From 4588de677419e6472cada3301066cd8595d1b6a3 Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Tue, 25 Jan 2022 07:25:19 -0800 Subject: [PATCH 05/22] ignore redis instance tests to unblock pr 5557 (#5643) --- .../tests/{data => data-ignored}/example_redis_instance.json | 0 .../tests/{data => data-ignored}/example_redis_instance.tf | 0 .../{data => data-ignored}/example_redis_instance.tfplan.json | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename mmv1/third_party/validator/tests/{data => data-ignored}/example_redis_instance.json (100%) rename mmv1/third_party/validator/tests/{data => data-ignored}/example_redis_instance.tf (100%) rename mmv1/third_party/validator/tests/{data => data-ignored}/example_redis_instance.tfplan.json (100%) diff --git a/mmv1/third_party/validator/tests/data/example_redis_instance.json b/mmv1/third_party/validator/tests/data-ignored/example_redis_instance.json similarity index 100% rename from mmv1/third_party/validator/tests/data/example_redis_instance.json rename to mmv1/third_party/validator/tests/data-ignored/example_redis_instance.json diff --git a/mmv1/third_party/validator/tests/data/example_redis_instance.tf b/mmv1/third_party/validator/tests/data-ignored/example_redis_instance.tf similarity index 100% rename from mmv1/third_party/validator/tests/data/example_redis_instance.tf rename to mmv1/third_party/validator/tests/data-ignored/example_redis_instance.tf diff --git a/mmv1/third_party/validator/tests/data/example_redis_instance.tfplan.json b/mmv1/third_party/validator/tests/data-ignored/example_redis_instance.tfplan.json similarity index 100% rename from mmv1/third_party/validator/tests/data/example_redis_instance.tfplan.json rename to mmv1/third_party/validator/tests/data-ignored/example_redis_instance.tfplan.json From f62b26f68770227b5cd37334478fb32010e589a8 Mon Sep 17 00:00:00 2001 From: Sampath Kumar Date: Tue, 25 Jan 2022 23:01:01 +0530 Subject: [PATCH 06/22] Add CDN load balancer with Cloud Storage buckets as backend (#5575) --- mmv1/products/compute/terraform.yaml | 17 +++ ...external_cnd_lb_with_backend_bucket.tf.erb | 137 ++++++++++++++++++ 2 files changed, 154 insertions(+) create mode 100644 mmv1/templates/terraform/examples/external_cnd_lb_with_backend_bucket.tf.erb diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index 9d8767aa6b0b..2679f75bc11f 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -939,6 +939,23 @@ overrides: !ruby/object:Overrides::ResourceOverrides post_create: templates/terraform/post_create/labels.erb GlobalForwardingRule: !ruby/object:Overrides::Terraform::ResourceOverride examples: + - !ruby/object:Provider::Terraform::Examples + name: "external_cnd_lb_with_backend_bucket" + primary_resource_id: "default" + vars: + cdn_network: "cdn-network" + cdn_subnet: "cdn-subnet" + cdn_static_ip: "cdn-static-ip" + cdn_forwarding_rule: "cdn-forwarding-rule" + cdn_target_http_proxy: "cdn-target-http-proxy" + cdn_url_map: "cdn-url-map" + image_backend_bucket: "image-backend-bucket" + cdn_backend_storage_bucket: "cdn-backend-storage-bucket" + min_version: beta + ignore_read_extra: + - "port_range" + - "target" + - "ip_address" - !ruby/object:Provider::Terraform::Examples name: "external_ssl_proxy_lb_mig_backend" primary_resource_id: "default" diff --git a/mmv1/templates/terraform/examples/external_cnd_lb_with_backend_bucket.tf.erb b/mmv1/templates/terraform/examples/external_cnd_lb_with_backend_bucket.tf.erb new file mode 100644 index 000000000000..08d0b1a34e38 --- /dev/null +++ b/mmv1/templates/terraform/examples/external_cnd_lb_with_backend_bucket.tf.erb @@ -0,0 +1,137 @@ +# CDN load balancer with Cloud bucket as backend + +# [START cloudloadbalancing_cdn_with_backend_bucket] +# VPC +resource "google_compute_network" "default" { + name = "<%= ctx[:vars]['cdn_network'] %>" + provider = google-beta + auto_create_subnetworks = false +} + +# backend subnet +resource "google_compute_subnetwork" "default" { + name = "<%= ctx[:vars]['cdn_subnet'] %>" + provider = google-beta + ip_cidr_range = "10.0.1.0/24" + region = "us-central1" + network = google_compute_network.default.id +} + +# reserve IP address +resource "google_compute_global_address" "default" { + provider = google-beta + name = "<%= ctx[:vars]['cdn_static_ip'] %>" +} + +# forwarding rule +resource "google_compute_global_forwarding_rule" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['cdn_forwarding_rule'] %>" + provider = google-beta + ip_protocol = "TCP" + load_balancing_scheme = "EXTERNAL" + port_range = "80" + target = google_compute_target_http_proxy.default.id + ip_address = google_compute_global_address.default.id +} + +# http proxy +resource "google_compute_target_http_proxy" "default" { + name = "<%= ctx[:vars]['cdn_target_http_proxy'] %>" + provider = google-beta + url_map = google_compute_url_map.default.id +} + +# url map +resource "google_compute_url_map" "default" { + name = "<%= ctx[:vars]['cdn_url_map'] %>" + provider = google-beta + default_service = google_compute_backend_bucket.default.id +} + +# backend bucket with CDN policy with default ttl settings +resource "google_compute_backend_bucket" "default" { + name = "<%= ctx[:vars]['image_backend_bucket'] %>" + description = "Contains beautiful images" + bucket_name = google_storage_bucket.default.name + enable_cdn = true + cdn_policy { + cache_mode = "CACHE_ALL_STATIC" + client_ttl = 3600 + default_ttl = 3600 + max_ttl = 86400 + negative_caching = true + serve_while_stale = 86400 + } +} + +# cdn backend bucket +resource "google_storage_bucket" "default" { + name = "<%= ctx[:vars]['cdn_backend_storage_bucket'] %>" + location = "US" + uniform_bucket_level_access = true + // delete bucket and contents on destroy. + force_destroy = true + // Assign specialty files + website { + main_page_suffix = "index.html" + not_found_page = "404.html" + } +} + +# make bucket public +resource "google_storage_bucket_iam_member" "default" { + bucket = google_storage_bucket.default.name + role = "roles/storage.objectViewer" + member = "allUsers" +} + +resource "google_storage_bucket_object" "index_page" { + name = "index.html" + source = "index.html" + bucket = google_storage_bucket.default.name + depends_on = [local_file.index_page] +} + +resource "google_storage_bucket_object" "error_page" { + name = "404.html" + source = "404.html" + bucket = google_storage_bucket.default.name + depends_on = [local_file.error_page] +} + +# image object for testing, try to access http:///test.jpg +resource "google_storage_bucket_object" "test_image" { + name = "test.jpg" + source = "test.jpg" + content_type = "image/jpeg" + bucket = google_storage_bucket.default.name + depends_on = [null_resource.test_image] +} + +# cdn sample index page +resource "local_file" "index_page" { + filename = "index.html" + content = <<-EOT + +

Congratulations on setting up Google Cloud CDN with Storage backend!

+ + EOT +} + +# cdn default error page +resource "local_file" "error_page" { + filename = "404.html" + content = <<-EOT + +

404 Error: Object you are looking for is no longer available!

+ + EOT +} + +# cdn sample image +resource "null_resource" "test_image" { + provisioner "local-exec" { + command = "wget -O test.jpg https://upload.wikimedia.org/wikipedia/commons/c/c8/Thank_you_001.jpg" + } +} +# [END cloudloadbalancing_cdn_with_backend_bucket] From 01d8ad2eaa4311aab7680893f64a55e4a4f5580b Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Tue, 25 Jan 2022 09:31:32 -0800 Subject: [PATCH 07/22] Upstream firewalls DSF update to allow unknown values coming from interpolation (#5526) --- .../terraform/constants/firewall.erb | 4 +- .../resource_compute_firewall_test.go.erb | 60 +++++++++++++++++++ 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/mmv1/templates/terraform/constants/firewall.erb b/mmv1/templates/terraform/constants/firewall.erb index bccc467ec5dc..afc4c4f963a9 100644 --- a/mmv1/templates/terraform/constants/firewall.erb +++ b/mmv1/templates/terraform/constants/firewall.erb @@ -70,10 +70,10 @@ func resourceComputeFirewallSourceFieldsCustomizeDiff(_ context.Context, diff *s _, sasOk := diff.GetOk("source_service_accounts") _, tagsExist := diff.GetOkExists("source_tags") - // ranges is computed, but this is what we're trying to avoid, so we're not going to check this + _, rangesExist := diff.GetOkExists("source_ranges") _, sasExist := diff.GetOkExists("source_service_accounts") - if !tagsOk && !rangesOk && !sasOk && !tagsExist && !sasExist { + if !tagsOk && !rangesOk && !sasOk && !tagsExist && !rangesExist && !sasExist { return fmt.Errorf("one of source_tags, source_ranges, or source_service_accounts must be defined") } } diff --git a/mmv1/third_party/terraform/tests/resource_compute_firewall_test.go.erb b/mmv1/third_party/terraform/tests/resource_compute_firewall_test.go.erb index 86a5a03519e0..03dcf3ec8555 100644 --- a/mmv1/third_party/terraform/tests/resource_compute_firewall_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_compute_firewall_test.go.erb @@ -240,6 +240,29 @@ func TestAccComputeFirewall_enableLogging(t *testing.T) { }) } +func TestAccComputeFirewall_moduleOutput(t *testing.T) { + t.Parallel() + + networkName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10)) + firewallName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10)) + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckComputeFirewallDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeFirewall_moduleOutput(networkName, firewallName), + }, + { + ResourceName: "google_compute_firewall.foobar", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testAccComputeFirewall_basic(network, firewall string) string { return fmt.Sprintf(` resource "google_compute_network" "foobar" { @@ -445,3 +468,40 @@ resource "google_compute_firewall" "foobar" { } `, network, firewall, enableLoggingCfg) } + +func testAccComputeFirewall_moduleOutput(network, firewall string) string { + return fmt.Sprintf(` +resource "google_compute_network" "foobar" { + name = "%s" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "foobar" { + name = "%s-subnet" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.foobar.name +} + +resource "google_compute_address" "foobar" { + name = "%s-address" + subnetwork = google_compute_subnetwork.foobar.id + address_type = "INTERNAL" + region = "us-central1" + } + +resource "google_compute_firewall" "foobar" { + name = "%s" + description = "Resource created for Terraform acceptance testing" + network = google_compute_network.foobar.name + direction = "INGRESS" + + source_ranges = ["${google_compute_address.foobar.address}/32"] + target_tags = ["foo"] + + allow { + protocol = "tcp" + } +} +`, network, network, network, firewall) +} From 5224e6f2f80a8dd528dcb4d7a746282e65c7c068 Mon Sep 17 00:00:00 2001 From: John Pellman Date: Tue, 25 Jan 2022 12:36:19 -0500 Subject: [PATCH 08/22] Remove "KERBEROS" from list of accepted values for "optional_components" (#5645) --- .../terraform/website/docs/r/dataproc_cluster.html.markdown | 1 - 1 file changed, 1 deletion(-) diff --git a/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown b/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown index da7d6f95adde..6b7218530c7c 100644 --- a/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown @@ -492,7 +492,6 @@ cluster_config { * HBASE * HIVE_WEBHCAT * JUPYTER - * KERBEROS * PRESTO * RANGER * SOLR From 2b01f82eb2af4ab0a6a7fdf3c5561fad68930179 Mon Sep 17 00:00:00 2001 From: Jacek Kikiewicz Date: Tue, 25 Jan 2022 21:43:15 +0100 Subject: [PATCH 09/22] Added maintenancePolicy attribute to redis instance (#5557) --- mmv1/products/redis/api.yaml | 115 ++++++++++++++++++ mmv1/products/redis/terraform.yaml | 12 ++ .../examples/redis_instance_full.tf.erb | 12 ++ 3 files changed, 139 insertions(+) diff --git a/mmv1/products/redis/api.yaml b/mmv1/products/redis/api.yaml index 27d75362a6ae..bff31620aa2f 100644 --- a/mmv1/products/redis/api.yaml +++ b/mmv1/products/redis/api.yaml @@ -143,6 +143,121 @@ objects: The ID of the instance or a fully qualified identifier for the instance. required: true input: true + - !ruby/object:Api::Type::NestedObject + name: maintenancePolicy + description: Maintenance policy for an instance. + properties: + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + - !ruby/object:Api::Type::Array + name: 'weeklyMaintenanceWindow' + description: | + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'day' + required: true + description: | + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday + values: + - :DAY_OF_WEEK_UNSPECIFIED + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::String + name: 'duration' + output: true + description: | + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::NestedObject + name: 'startTime' + required: true + allow_empty_object: true + send_empty_value: true + description: | + Required. Start time of the window in UTC time. + properties: + - !ruby/object:Api::Type::Integer + name: 'hours' + description: | + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: 'minutes' + description: | + Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: 'seconds' + description: | + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: maintenanceSchedule + description: Upcoming maintenance schedule. + properties: + - !ruby/object:Api::Type::String + name: 'startTime' + output: true + description: | + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'endTime' + output: true + description: | + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'scheduleDeadlineTime' + output: true + description: | + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. - !ruby/object:Api::Type::Integer name: memorySizeGb description: Redis memory size in GiB. diff --git a/mmv1/products/redis/terraform.yaml b/mmv1/products/redis/terraform.yaml index fd12f835133e..90481a65dbbc 100644 --- a/mmv1/products/redis/terraform.yaml +++ b/mmv1/products/redis/terraform.yaml @@ -76,6 +76,18 @@ overrides: !ruby/object:Overrides::ResourceOverrides custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' validation: !ruby/object:Provider::Terraform::Validation regex: '^[a-z][a-z0-9-]{0,39}[a-z0-9]$' + maintenancePolicy.weeklyMaintenanceWindow.startTime.hours: !ruby/object:Overrides::Terraform::PropertyOverride + validation: !ruby/object:Provider::Terraform::Validation + function: 'validation.IntBetween(0,23)' + maintenancePolicy.weeklyMaintenanceWindow.startTime.minutes: !ruby/object:Overrides::Terraform::PropertyOverride + validation: !ruby/object:Provider::Terraform::Validation + function: 'validation.IntBetween(0,59)' + maintenancePolicy.weeklyMaintenanceWindow.startTime.seconds: !ruby/object:Overrides::Terraform::PropertyOverride + validation: !ruby/object:Provider::Terraform::Validation + function: 'validation.IntBetween(0,60)' + maintenancePolicy.weeklyMaintenanceWindow.startTime.nanos: !ruby/object:Overrides::Terraform::PropertyOverride + validation: !ruby/object:Provider::Terraform::Validation + function: 'validation.IntBetween(0,999999999)' redisVersion: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true update_url: 'projects/{{project}}/locations/{{region}}/instances/{{name}}:upgrade' diff --git a/mmv1/templates/terraform/examples/redis_instance_full.tf.erb b/mmv1/templates/terraform/examples/redis_instance_full.tf.erb index 7cdafa7d8b7a..e737c4ec6111 100644 --- a/mmv1/templates/terraform/examples/redis_instance_full.tf.erb +++ b/mmv1/templates/terraform/examples/redis_instance_full.tf.erb @@ -16,6 +16,18 @@ resource "google_redis_instance" "<%= ctx[:primary_resource_id] %>" { my_key = "my_val" other_key = "other_val" } + + maintenance_policy { + weekly_maintenance_window { + day = "TUESDAY" + start_time { + hours = 0 + minutes = 30 + seconds = 0 + nanos = 0 + } + } + } } // This example assumes this network already exists. From 6abd6b61501755e9f4e7a7e2a9b47f0aaa5369dc Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Wed, 26 Jan 2022 08:41:22 -0800 Subject: [PATCH 10/22] check in tpg into tfv repository (#5641) --- .ci/containers/downstream-builder/Dockerfile | 3 +-- .ci/containers/downstream-builder/generate_downstream.sh | 9 ++++++++- .ci/gcb-generate-diffs.yml | 4 ++-- .ci/gcb-push-downstream.yml | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.ci/containers/downstream-builder/Dockerfile b/.ci/containers/downstream-builder/Dockerfile index 8ded2f5b9a6f..d036d5e1a07a 100644 --- a/.ci/containers/downstream-builder/Dockerfile +++ b/.ci/containers/downstream-builder/Dockerfile @@ -13,8 +13,7 @@ ENV GO111MODULE "on" # Install Ruby from source. RUN apt-get update -RUN apt-get install -y bzip2 libssl-dev libreadline-dev zlib1g-dev unzip -RUN apt-get install -y rsync +RUN apt-get install -y bzip2 libssl-dev libreadline-dev zlib1g-dev unzip sed rsync RUN git clone https://github.com/rbenv/rbenv.git /rbenv ENV PATH /rbenv/bin:/root/.rbenv/shims:$PATH diff --git a/.ci/containers/downstream-builder/generate_downstream.sh b/.ci/containers/downstream-builder/generate_downstream.sh index 0a91ca937aa9..fb39289f3ef8 100755 --- a/.ci/containers/downstream-builder/generate_downstream.sh +++ b/.ci/containers/downstream-builder/generate_downstream.sh @@ -106,16 +106,23 @@ if [ "$REPO" == "terraform-validator" ] || [ "$REPO" == "tf-conversion" ]; then # require a `google` folder to exist. mkdir -p $LOCAL_PATH/google fi + pushd $LOCAL_PATH # clear out the templates as they are copied during # generation from mmv1/third_party/validator/tests/data rm -rf ./testdata/templates/ rm -rf ./testdata/generatedconvert/ - git add ./testdata + rm -rf ./converters/google/provider find ./test/** -type f -exec git rm {} \; + popd bundle exec compiler -a -e terraform -f validator -o $LOCAL_PATH -v $VERSION pushd $LOCAL_PATH + + git clone --depth=1 --branch=$BRANCH https://modular-magician:$GITHUB_TOKEN@github.com/$SCRATCH_OWNER/terraform-provider-google converters/google/provider + rm -rf ./converters/google/provider/.git + go mod edit -replace github.com/hashicorp/terraform-provider-google/v4@v4.4.1=./converters/google/provider + make build export TFV_CREATE_GENERATED_FILES=true go test ./test -run "TestAcc.*_generated_offline" diff --git a/.ci/gcb-generate-diffs.yml b/.ci/gcb-generate-diffs.yml index 3a132963a439..5cfc9aec7305 100644 --- a/.ci/gcb-generate-diffs.yml +++ b/.ci/gcb-generate-diffs.yml @@ -112,7 +112,7 @@ steps: - name: 'gcr.io/graphite-docker-images/downstream-builder' id: tfv-head secretEnv: ["GITHUB_TOKEN"] - waitFor: ["merged"] + waitFor: ["merged", "tpg-head"] args: - 'head' - 'terraform-validator' @@ -122,7 +122,7 @@ steps: - name: 'gcr.io/graphite-docker-images/downstream-builder' id: tfv-base secretEnv: ["GITHUB_TOKEN"] - waitFor: ["merged"] + waitFor: ["merged", "tpg-base"] args: - 'base' - 'terraform-validator' diff --git a/.ci/gcb-push-downstream.yml b/.ci/gcb-push-downstream.yml index 5f19e4f18e44..655890ad13cb 100644 --- a/.ci/gcb-push-downstream.yml +++ b/.ci/gcb-push-downstream.yml @@ -93,7 +93,7 @@ steps: - name: 'gcr.io/graphite-docker-images/downstream-builder' secretEnv: ["GITHUB_TOKEN"] id: tf-validator-push - waitFor: ["tf-validator-sync"] + waitFor: ["tf-validator-sync", "tpg-push"] args: - 'downstream' - 'terraform-validator' From 7a57c799cdc47819d63b3bb6afddf0fdbf9cc9c4 Mon Sep 17 00:00:00 2001 From: Alex Ellis Date: Wed, 26 Jan 2022 11:54:24 -0500 Subject: [PATCH 11/22] Add EXTERNAL_MANAGED option to global forwarding rule and add example (#5611) --- mmv1/products/compute/api.yaml | 4 +- mmv1/products/compute/terraform.yaml | 11 +++++ ...al_forwarding_rule_external_managed.tf.erb | 45 +++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 mmv1/templates/terraform/examples/global_forwarding_rule_external_managed.tf.erb diff --git a/mmv1/products/compute/api.yaml b/mmv1/products/compute/api.yaml index 3a33222f4161..781eb49a105e 100644 --- a/mmv1/products/compute/api.yaml +++ b/mmv1/products/compute/api.yaml @@ -4264,13 +4264,15 @@ objects: The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, - External TCP/UDP LB, SSL Proxy) + External TCP/UDP LB, SSL Proxy). The value of EXTERNAL_MANAGED means + that this will be used for Global external HTTP(S) load balancers. ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL. default_value: :EXTERNAL values: - :EXTERNAL + - :EXTERNAL_MANAGED - :INTERNAL_SELF_MANAGED - !ruby/object:Api::Type::Array name: 'metadataFilters' diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index 2679f75bc11f..11e06774946b 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -1037,6 +1037,17 @@ overrides: !ruby/object:Overrides::ResourceOverrides ignore_read_extra: - "port_range" - "target" + - !ruby/object:Provider::Terraform::Examples + name: "global_forwarding_rule_external_managed" + min_version: beta + primary_resource_id: "default" + vars: + forwarding_rule_name: "global-rule" + http_proxy_name: "target-proxy" + backend_service_name: "backend" + ignore_read_extra: + - "port_range" + - "target" - !ruby/object:Provider::Terraform::Examples name: "private_service_connect_google_apis" min_version: beta diff --git a/mmv1/templates/terraform/examples/global_forwarding_rule_external_managed.tf.erb b/mmv1/templates/terraform/examples/global_forwarding_rule_external_managed.tf.erb new file mode 100644 index 000000000000..1d38a0ee420b --- /dev/null +++ b/mmv1/templates/terraform/examples/global_forwarding_rule_external_managed.tf.erb @@ -0,0 +1,45 @@ +resource "google_compute_global_forwarding_rule" "default" { + provider = google-beta + name = "<%= ctx[:vars]['forwarding_rule_name'] %>" + target = google_compute_target_http_proxy.default.id + port_range = "80" + load_balancing_scheme = "EXTERNAL_MANAGED" +} + +resource "google_compute_target_http_proxy" "default" { + provider = google-beta + name = "<%= ctx[:vars]['http_proxy_name'] %>" + description = "a description" + url_map = google_compute_url_map.default.id +} + +resource "google_compute_url_map" "default" { + provider = google-beta + name = "url-map-<%= ctx[:vars]['http_proxy_name'] %>" + description = "a description" + default_service = google_compute_backend_service.default.id + + host_rule { + hosts = ["mysite.com"] + path_matcher = "allpaths" + } + + path_matcher { + name = "allpaths" + default_service = google_compute_backend_service.default.id + + path_rule { + paths = ["/*"] + service = google_compute_backend_service.default.id + } + } +} + +resource "google_compute_backend_service" "default" { + provider = google-beta + name = "<%= ctx[:vars]['backend_service_name'] %>" + port_name = "http" + protocol = "HTTP" + timeout_sec = 10 + load_balancing_scheme = "EXTERNAL_MANAGED" +} From 8f695a130bce46c39a5174f9fb18fcc4add5cbac Mon Sep 17 00:00:00 2001 From: megan07 Date: Wed, 26 Jan 2022 11:07:02 -0600 Subject: [PATCH 12/22] Update google_sql_database_instance documentation (#5649) `settings.backup_configuration.binary_log_enabled` may be true even if `settings.backup_configuration.enabled` is false. This behaviour as changed in https://github.com/GoogleCloudPlatform/magic-modules/pull/4907 Co-authored-by: Matthew Barnes --- .../website/docs/r/sql_database_instance.html.markdown | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown b/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown index 6b1dab914f1e..cf76fe505f21 100644 --- a/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown @@ -258,8 +258,7 @@ The optional `settings.database_flags` sublist supports: The optional `settings.backup_configuration` subblock supports: -* `binary_log_enabled` - (Optional) True if binary logging is enabled. If - `settings.backup_configuration.enabled` is false, this must be as well. +* `binary_log_enabled` - (Optional) True if binary logging is enabled. Cannot be used with Postgres. * `enabled` - (Optional) True if backup configuration is enabled. From 12ce6468a1570f1ed678a2391fb55a96f112c4c6 Mon Sep 17 00:00:00 2001 From: Daniel Randell Date: Wed, 26 Jan 2022 18:00:51 +0000 Subject: [PATCH 13/22] vpc access connector use self_link or name (#5623) --- mmv1/products/vpcaccess/api.yaml | 2 +- mmv1/products/vpcaccess/terraform.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/mmv1/products/vpcaccess/api.yaml b/mmv1/products/vpcaccess/api.yaml index 24e71e5faa1c..5cd3205b000f 100644 --- a/mmv1/products/vpcaccess/api.yaml +++ b/mmv1/products/vpcaccess/api.yaml @@ -72,7 +72,7 @@ objects: - !ruby/object:Api::Type::String name: network description: | - Name of the VPC network. Required if `ip_cidr_range` is set. + Name or self_link of the VPC network. Required if `ip_cidr_range` is set. exactly_one_of: - network - subnet.0.name diff --git a/mmv1/products/vpcaccess/terraform.yaml b/mmv1/products/vpcaccess/terraform.yaml index 798c5f8fc6b9..a1568d87b76c 100644 --- a/mmv1/products/vpcaccess/terraform.yaml +++ b/mmv1/products/vpcaccess/terraform.yaml @@ -44,6 +44,10 @@ overrides: !ruby/object:Overrides::ResourceOverrides properties: name: !ruby/object:Overrides::Terraform::PropertyOverride custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + network: !ruby/object:Overrides::Terraform::PropertyOverride + custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + custom_expand: 'templates/terraform/custom_expand/resource_from_self_link.go.erb' + diff_suppress_func: 'compareResourceNames' minThroughput: !ruby/object:Overrides::Terraform::PropertyOverride validation: !ruby/object:Provider::Terraform::Validation function: 'validation.IntBetween(200, 1000)' From 23f8341edc41d708dd451dd44309338e12ea76e7 Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Wed, 26 Jan 2022 13:36:04 -0800 Subject: [PATCH 14/22] Update downstream builder to use the updated package reference (#5651) --- .ci/containers/downstream-builder/generate_downstream.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/containers/downstream-builder/generate_downstream.sh b/.ci/containers/downstream-builder/generate_downstream.sh index fb39289f3ef8..9dd6c38ee295 100755 --- a/.ci/containers/downstream-builder/generate_downstream.sh +++ b/.ci/containers/downstream-builder/generate_downstream.sh @@ -121,7 +121,7 @@ if [ "$REPO" == "terraform-validator" ] || [ "$REPO" == "tf-conversion" ]; then git clone --depth=1 --branch=$BRANCH https://modular-magician:$GITHUB_TOKEN@github.com/$SCRATCH_OWNER/terraform-provider-google converters/google/provider rm -rf ./converters/google/provider/.git - go mod edit -replace github.com/hashicorp/terraform-provider-google/v4@v4.4.1=./converters/google/provider + go mod edit -replace github.com/hashicorp/terraform-provider-google@v0.0.0=./converters/google/provider make build export TFV_CREATE_GENERATED_FILES=true From 383570b1d21d40b421d4dbaaf31f0d3fed7d2350 Mon Sep 17 00:00:00 2001 From: Riley Karson Date: Thu, 27 Jan 2022 11:01:33 -0800 Subject: [PATCH 15/22] Fix new-ish vet errors (#5658) --- .../third_party/terraform/tests/resource_bigquery_table_test.go | 2 +- .../terraform/tests/resource_bigtable_gc_policy_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/third_party/terraform/tests/resource_bigquery_table_test.go b/mmv1/third_party/terraform/tests/resource_bigquery_table_test.go index 3bf07adb35c8..a8379c5dbaa0 100644 --- a/mmv1/third_party/terraform/tests/resource_bigquery_table_test.go +++ b/mmv1/third_party/terraform/tests/resource_bigquery_table_test.go @@ -1079,7 +1079,7 @@ func (testcase *testUnitBigQueryDataTableJSONChangeableTestCase) check(t *testin err = resourceBigQueryTableSchemaCustomizeDiffFunc(d) if err != nil { - t.Errorf("error on testcase %s - %w", testcase.name, err) + t.Errorf("error on testcase %s - %v", testcase.name, err) } if !testcase.changeable != d.IsForceNew { t.Errorf("%s: expected d.IsForceNew to be %v, but was %v", testcase.name, !testcase.changeable, d.IsForceNew) diff --git a/mmv1/third_party/terraform/tests/resource_bigtable_gc_policy_test.go b/mmv1/third_party/terraform/tests/resource_bigtable_gc_policy_test.go index 2a0b30eef830..26b64ba7bf3c 100644 --- a/mmv1/third_party/terraform/tests/resource_bigtable_gc_policy_test.go +++ b/mmv1/third_party/terraform/tests/resource_bigtable_gc_policy_test.go @@ -141,7 +141,7 @@ func (testcase *testUnitBigtableGCPolicyCustomizeDiffTestcase) check(t *testing. err := resourceBigtableGCPolicyCustomizeDiffFunc(d) if err != nil { - t.Errorf("error on testcase %s - %w", testcase.testName, err) + t.Errorf("error on testcase %s - %v", testcase.testName, err) } var cleared bool = d.Cleared != nil && d.Cleared["max_age.0.duration"] == true && d.Cleared["max_age.0.days"] == true From 1b00f3ac521fae8d28319e7a5e6276ccfb7891e3 Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Thu, 27 Jan 2022 11:03:18 -0800 Subject: [PATCH 16/22] run `go mod tidy` after ingesting lastest build to accound for dependency changes (#5661) --- .ci/containers/downstream-builder/generate_downstream.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/containers/downstream-builder/generate_downstream.sh b/.ci/containers/downstream-builder/generate_downstream.sh index 9dd6c38ee295..1e0198c6819f 100755 --- a/.ci/containers/downstream-builder/generate_downstream.sh +++ b/.ci/containers/downstream-builder/generate_downstream.sh @@ -122,6 +122,7 @@ if [ "$REPO" == "terraform-validator" ] || [ "$REPO" == "tf-conversion" ]; then git clone --depth=1 --branch=$BRANCH https://modular-magician:$GITHUB_TOKEN@github.com/$SCRATCH_OWNER/terraform-provider-google converters/google/provider rm -rf ./converters/google/provider/.git go mod edit -replace github.com/hashicorp/terraform-provider-google@v0.0.0=./converters/google/provider + go mod tidy make build export TFV_CREATE_GENERATED_FILES=true From 67eb8ed1d332d5e27ecd32f686acc7c49cab5e3d Mon Sep 17 00:00:00 2001 From: Iris Chen <10179943+iyabchen@users.noreply.github.com> Date: Fri, 28 Jan 2022 13:45:27 -0500 Subject: [PATCH 17/22] Fix kms crypto key iam asset name (#5654) --- .../validator/resource_converter_iam.go.erb | 2 +- .../validator/kms_crypto_key_iam.go | 28 +- .../example_kms_crypto_key_iam_binding.json | 69 ++-- .../example_kms_crypto_key_iam_binding.tf | 10 +- ...ple_kms_crypto_key_iam_binding.tfplan.json | 350 +++++++++--------- .../example_kms_crypto_key_iam_member.json | 61 ++- .../data/example_kms_crypto_key_iam_member.tf | 10 +- ...mple_kms_crypto_key_iam_member.tfplan.json | 335 ++++++++--------- .../example_kms_crypto_key_iam_policy.json | 69 ++-- .../data/example_kms_crypto_key_iam_policy.tf | 10 +- ...mple_kms_crypto_key_iam_policy.tfplan.json | 315 +++++++--------- 11 files changed, 546 insertions(+), 713 deletions(-) diff --git a/mmv1/templates/validator/resource_converter_iam.go.erb b/mmv1/templates/validator/resource_converter_iam.go.erb index 6ee8d0ab24fa..d7530974c5f0 100644 --- a/mmv1/templates/validator/resource_converter_iam.go.erb +++ b/mmv1/templates/validator/resource_converter_iam.go.erb @@ -127,7 +127,7 @@ func new<%= resource_name -%>IamAsset( func Fetch<%= resource_name -%>IamPolicy(d TerraformResourceData, config *Config) (Asset, error) { // Check if the identity field returns a value <% resource_params.each do |param| -%> - if _, ok := d.GetOk("{{<%= param.underscore -%>}}"); !ok { + if _, ok := d.GetOk("<%= param.underscore -%>"); !ok { return Asset{}, ErrEmptyIdentityField } <% end # resource_params.each -%> diff --git a/mmv1/third_party/validator/kms_crypto_key_iam.go b/mmv1/third_party/validator/kms_crypto_key_iam.go index 6745960cb09b..b7ed8ab43675 100644 --- a/mmv1/third_party/validator/kms_crypto_key_iam.go +++ b/mmv1/third_party/validator/kms_crypto_key_iam.go @@ -1,6 +1,9 @@ package google -import "fmt" +import ( + "fmt" + "strings" +) func resourceConverterKmsCryptoKeyIamPolicy() ResourceConverter { return ResourceConverter{ @@ -73,7 +76,8 @@ func newKmsCryptoKeyIamAsset( return []Asset{}, fmt.Errorf("expanding bindings: %v", err) } - name, err := assetName(d, config, "//cloudkms.googleapis.com/{{crypto_key_id}}") + assetNameTemplate := constructAssetNameTemplate(d) + name, err := assetName(d, config, assetNameTemplate) if err != nil { return []Asset{}, err } @@ -93,12 +97,28 @@ func FetchKmsCryptoKeyIamPolicy(d TerraformResourceData, config *Config) (Asset, return Asset{}, ErrEmptyIdentityField } + assetNameTemplate := constructAssetNameTemplate(d) + // We use crypto_key_id in the asset name template to be consistent with newKmsCryptoKeyIamAsset. return fetchIamPolicy( NewKmsCryptoKeyIamUpdater, d, config, - "//cloudkms.googleapis.com/{{crypto_key_id}}", // asset name - "cloudkms.googleapis.com/CryptoKey", // asset type + assetNameTemplate, // asset name + "cloudkms.googleapis.com/CryptoKey", // asset type ) } + +func constructAssetNameTemplate(d TerraformResourceData) string { + assetNameTemplate := "//cloudkms.googleapis.com/{{crypto_key_id}}" + if val, ok := d.GetOk("crypto_key_id"); ok { + cryptoKeyID := val.(string) + splits := strings.Split(cryptoKeyID, "/") + if len(splits) == 4 { + assetNameTemplate = fmt.Sprintf("//cloudkms.googleapis.com/projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", splits[0], splits[1], splits[2], splits[3]) + } else if len(splits) == 3 { + assetNameTemplate = fmt.Sprintf("//cloudkms.googleapis.com/projects/{{project}}/locations/%s/keyRings/%s/cryptoKeys/%s", splits[0], splits[1], splits[2]) + } + } + return assetNameTemplate +} diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json index 7e6c4d9a6fd6..cd765e5bc893 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json @@ -1,44 +1,27 @@ [ - { - "name": "//cloudkms.googleapis.com/placeholder-BpLnfgDs/cryptoKeys/crypto-key-example", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "CryptoKey", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": { - "purpose": "ENCRYPT_DECRYPT" - } - } - }, - { - "name": "//cloudkms.googleapis.com/placeholder-c2WD8F2q", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "iam_policy": { - "bindings": [ - { - "role": "roles/cloudkms.admin", - "members": [ - "allUsers", - "allAuthenticatedUsers" - ] - } - ] - } - }, - { - "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", - "asset_type": "cloudkms.googleapis.com/KeyRing", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "KeyRing", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": null - } - } -] \ No newline at end of file + { + "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example/cryptoKeys/crypto-key-example", + "asset_type": "cloudkms.googleapis.com/CryptoKey", + "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", + "resource": { + "version": "v1", + "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", + "discovery_name": "CryptoKey", + "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", + "data": { + "purpose": "ENCRYPT_DECRYPT" + } + }, + "iam_policy": { + "bindings": [ + { + "role": "roles/cloudkms.admin", + "members": [ + "allUsers", + "allAuthenticatedUsers" + ] + } + ] + } + } +] diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf index a66c3cb90df2..56ce6fc1f95a 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf @@ -27,19 +27,13 @@ provider "google" { {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}} } -resource "google_kms_key_ring" "example_keyring" { - name = "keyring-example" - location = "global" - project = "{{.Provider.project}}" -} - resource "google_kms_crypto_key" "example_crypto_key" { name = "crypto-key-example" - key_ring = google_kms_key_ring.example_keyring.id + key_ring = "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" } resource "google_kms_crypto_key_iam_binding" "crypto_key" { - crypto_key_id = google_kms_crypto_key.example_crypto_key.id + crypto_key_id = "{{.Provider.project}}/global/keyring-example/crypto-key-example" role = "roles/cloudkms.admin" members = [ "allUsers", "allAuthenticatedUsers" diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json index 4670182a6345..2942be72bdf2 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json @@ -1,183 +1,171 @@ { - "format_version": "0.1", - "terraform_version": "0.12.31", - "planned_values": { - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "schema_version": 1, - "values": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": null, - "timeouts": null - } - }, { - "address": "google_kms_crypto_key_iam_binding.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_binding", - "name": "crypto_key", - "provider_name": "google", - "schema_version": 0, - "values": { - "condition": [], - "members": ["allAuthenticatedUsers", "allUsers"], - "role": "roles/cloudkms.admin" - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "schema_version": 0, - "values": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - } - }] - } - }, - "resource_changes": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": null, - "timeouts": null - }, - "after_unknown": { - "destroy_scheduled_duration": true, - "id": true, - "key_ring": true, - "self_link": true, - "version_template": true - } - } - }, { - "address": "google_kms_crypto_key_iam_binding.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_binding", - "name": "crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "condition": [], - "members": ["allAuthenticatedUsers", "allUsers"], - "role": "roles/cloudkms.admin" - }, - "after_unknown": { - "condition": [], - "crypto_key_id": true, - "etag": true, - "id": true, - "members": [false, false] - } - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - }, - "after_unknown": { - "id": true, - "self_link": true - } - } - }], - "configuration": { - "provider_config": { - "google": { - "name": "google", - "expressions": { - "credentials": { - "constant_value": "{{.Provider.project}}" - } - } - } - }, - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_config_key": "google", - "expressions": { - "key_ring": { - "references": ["google_kms_key_ring.example_keyring"] - }, - "name": { - "constant_value": "crypto-key-example" - } - }, - "schema_version": 1 - }, { - "address": "google_kms_crypto_key_iam_binding.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_binding", - "name": "crypto_key", - "provider_config_key": "google", - "expressions": { - "crypto_key_id": { - "references": ["google_kms_crypto_key.example_crypto_key"] - }, - "members": { - "constant_value": ["allUsers", "allAuthenticatedUsers"] - }, - "role": { - "constant_value": "roles/cloudkms.admin" - } - }, - "schema_version": 0 - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_config_key": "google", - "expressions": { - "location": { - "constant_value": "global" - }, - "name": { - "constant_value": "keyring-example" - }, - "project": { - "constant_value": "{{.Provider.project}}" - } - }, - "schema_version": 0 - }] - } - } + "format_version": "0.2", + "terraform_version": "1.0.10", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 1, + "values": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "sensitive_values": { + "version_template": [] + } + }, + { + "address": "google_kms_crypto_key_iam_binding.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_binding", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "condition": [], + "crypto_key_id": "{{.Provider.project}}/global/keyring-example/crypto-key-example", + "members": [ + "allAuthenticatedUsers", + "allUsers" + ], + "role": "roles/cloudkms.admin" + }, + "sensitive_values": { + "condition": [], + "members": [ + false, + false + ] + } + } + ] + } + }, + "resource_changes": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "after_unknown": { + "destroy_scheduled_duration": true, + "id": true, + "import_only": true, + "version_template": true + }, + "before_sensitive": false, + "after_sensitive": { + "version_template": [] + } + } + }, + { + "address": "google_kms_crypto_key_iam_binding.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_binding", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "condition": [], + "crypto_key_id": "{{.Provider.project}}/global/keyring-example/crypto-key-example", + "members": [ + "allAuthenticatedUsers", + "allUsers" + ], + "role": "roles/cloudkms.admin" + }, + "after_unknown": { + "condition": [], + "etag": true, + "id": true, + "members": [ + false, + false + ] + }, + "before_sensitive": false, + "after_sensitive": { + "condition": [], + "members": [ + false, + false + ] + } + } + } + ], + "configuration": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_config_key": "google", + "expressions": { + "key_ring": { + "constant_value": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" + }, + "name": { + "constant_value": "crypto-key-example" + } + }, + "schema_version": 1 + }, + { + "address": "google_kms_crypto_key_iam_binding.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_binding", + "name": "crypto_key", + "provider_config_key": "google", + "expressions": { + "crypto_key_id": { + "constant_value": "{{.Provider.project}}/global/keyring-example/crypto-key-example" + }, + "members": { + "constant_value": [ + "allUsers", + "allAuthenticatedUsers" + ] + }, + "role": { + "constant_value": "roles/cloudkms.admin" + } + }, + "schema_version": 0 + } + ] + } + } } diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json index aff1e5fe9aef..f743cc71d904 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json @@ -1,43 +1,26 @@ [ - { - "name": "//cloudkms.googleapis.com/placeholder-BpLnfgDs/cryptoKeys/crypto-key-example", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "CryptoKey", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": { - "purpose": "ENCRYPT_DECRYPT" - } - } - }, - { - "name": "//cloudkms.googleapis.com/placeholder-c2WD8F2q", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "iam_policy": { - "bindings": [ - { - "role": "roles/cloudkms.admin", - "members": [ - "allAuthenticatedUsers" - ] - } - ] - } + { + "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example/cryptoKeys/crypto-key-example", + "asset_type": "cloudkms.googleapis.com/CryptoKey", + "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", + "resource": { + "version": "v1", + "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", + "discovery_name": "CryptoKey", + "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", + "data": { + "purpose": "ENCRYPT_DECRYPT" + } }, - { - "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", - "asset_type": "cloudkms.googleapis.com/KeyRing", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "KeyRing", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": null + "iam_policy": { + "bindings": [ + { + "role": "roles/cloudkms.admin", + "members": [ + "allAuthenticatedUsers" + ] } + ] } -] \ No newline at end of file + } +] diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf index 02d07e5a2a27..011241ad25a8 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf @@ -27,19 +27,13 @@ provider "google" { {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}} } -resource "google_kms_key_ring" "example_keyring" { - name = "keyring-example" - location = "global" - project = "{{.Provider.project}}" -} - resource "google_kms_crypto_key" "example_crypto_key" { name = "crypto-key-example" - key_ring = google_kms_key_ring.example_keyring.id + key_ring = "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" } resource "google_kms_crypto_key_iam_member" "crypto_key" { - crypto_key_id = google_kms_crypto_key.example_crypto_key.id + crypto_key_id = "global/keyring-example/crypto-key-example" role = "roles/cloudkms.admin" member = "allAuthenticatedUsers" } diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json index 8018c7d0f748..c3075bf106ee 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json @@ -1,191 +1,150 @@ { - "format_version": "0.1", - "terraform_version": "0.12.31", - "planned_values": { - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "schema_version": 1, - "values": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - } - }, { - "address": "google_kms_crypto_key_iam_member.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_member", - "name": "crypto_key", - "provider_name": "google", - "schema_version": 0, - "values": { - "condition": [], - "member": "allAuthenticatedUsers", - "role": "roles/cloudkms.admin" - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "schema_version": 0, - "values": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - } - }] - } - }, - "resource_changes": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - }, - "after_unknown": { - "id": true, - "key_ring": true, - "self_link": true, - "version_template": true - }, - "before_sensitive": false, - "after_sensitive": { - "version_template": [] - } - } - }, { - "address": "google_kms_crypto_key_iam_member.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_member", - "name": "crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "condition": [], - "member": "allAuthenticatedUsers", - "role": "roles/cloudkms.admin" - }, - "after_unknown": { - "condition": [], - "crypto_key_id": true, - "etag": true, - "id": true - }, - "before_sensitive": false, - "after_sensitive": { - "condition": [] - } - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - }, - "after_unknown": { - "id": true, - "self_link": true - }, - "before_sensitive": false, - "after_sensitive": {} - } - }], - "configuration": { - "provider_config": { - "google": { - "name": "google", - "expressions": { - "project": { - "constant_value": "{{.Provider.project}}" - } - } + "format_version": "0.2", + "terraform_version": "1.0.10", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 1, + "values": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "sensitive_values": { + "version_template": [] + } + }, + { + "address": "google_kms_crypto_key_iam_member.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_member", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "condition": [], + "crypto_key_id": "global/keyring-example/crypto-key-example", + "member": "allAuthenticatedUsers", + "role": "roles/cloudkms.admin" + }, + "sensitive_values": { + "condition": [] + } + } + ] + } + }, + "resource_changes": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "after_unknown": { + "destroy_scheduled_duration": true, + "id": true, + "import_only": true, + "version_template": true + }, + "before_sensitive": false, + "after_sensitive": { + "version_template": [] + } + } + }, + { + "address": "google_kms_crypto_key_iam_member.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_member", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "condition": [], + "crypto_key_id": "global/keyring-example/crypto-key-example", + "member": "allAuthenticatedUsers", + "role": "roles/cloudkms.admin" + }, + "after_unknown": { + "condition": [], + "etag": true, + "id": true + }, + "before_sensitive": false, + "after_sensitive": { + "condition": [] + } + } + } + ], + "configuration": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_config_key": "google", + "expressions": { + "key_ring": { + "constant_value": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" + }, + "name": { + "constant_value": "crypto-key-example" } - }, - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_config_key": "google", - "expressions": { - "key_ring": { - "references": ["google_kms_key_ring.example_keyring"] - }, - "name": { - "constant_value": "crypto-key-example" - } - }, - "schema_version": 1 - }, { - "address": "google_kms_crypto_key_iam_member.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_member", - "name": "crypto_key", - "provider_config_key": "google", - "expressions": { - "crypto_key_id": { - "references": ["google_kms_crypto_key.example_crypto_key"] - }, - "member": { - "constant_value": "allAuthenticatedUsers" - }, - "role": { - "constant_value": "roles/cloudkms.admin" - } - }, - "schema_version": 0 - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_config_key": "google", - "expressions": { - "location": { - "constant_value": "global" - }, - "name": { - "constant_value": "keyring-example" - }, - "project": { - "constant_value": "{{.Provider.project}}" - } - }, - "schema_version": 0 - }] - } - } + }, + "schema_version": 1 + }, + { + "address": "google_kms_crypto_key_iam_member.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_member", + "name": "crypto_key", + "provider_config_key": "google", + "expressions": { + "crypto_key_id": { + "constant_value": "global/keyring-example/crypto-key-example" + }, + "member": { + "constant_value": "allAuthenticatedUsers" + }, + "role": { + "constant_value": "roles/cloudkms.admin" + } + }, + "schema_version": 0 + } + ] + } + } } diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json index ef39bbfd9e56..64c09c1bf1bd 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json @@ -1,44 +1,27 @@ [ - { - "name": "//cloudkms.googleapis.com/placeholder-BpLnfgDs/cryptoKeys/crypto-key-example", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "CryptoKey", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": { - "purpose": "ENCRYPT_DECRYPT" - } - } - }, - { - "name": "//cloudkms.googleapis.com/placeholder-c2WD8F2q", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "iam_policy": { - "bindings": [ - { - "role": "roles/cloudkms.admin", - "members": [ - "allAuthenticatedUsers", - "serviceAccount:998476993360@cloudservices.gserviceaccount.com" - ] - } - ] - } - }, - { - "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", - "asset_type": "cloudkms.googleapis.com/KeyRing", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "KeyRing", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": null - } - } -] \ No newline at end of file + { + "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example/cryptoKeys/crypto-key-example", + "asset_type": "cloudkms.googleapis.com/CryptoKey", + "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", + "resource": { + "version": "v1", + "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", + "discovery_name": "CryptoKey", + "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", + "data": { + "purpose": "ENCRYPT_DECRYPT" + } + }, + "iam_policy": { + "bindings": [ + { + "role": "roles/cloudkms.admin", + "members": [ + "allAuthenticatedUsers", + "serviceAccount:998476993360@cloudservices.gserviceaccount.com" + ] + } + ] + } + } +] diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf index 5b43dc4817e6..b10e12f3064a 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf @@ -27,19 +27,13 @@ provider "google" { {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}} } -resource "google_kms_key_ring" "example_keyring" { - name = "keyring-example" - location = "global" - project = "{{.Provider.project}}" -} - resource "google_kms_crypto_key" "example_crypto_key" { name = "crypto-key-example" - key_ring = google_kms_key_ring.example_keyring.id + key_ring = "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" } resource "google_kms_crypto_key_iam_policy" "crypto_key" { - crypto_key_id = google_kms_crypto_key.example_crypto_key.id + crypto_key_id = "global/keyring-example/crypto-key-example" policy_data = jsonencode( { bindings = [ diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json index 65d16b928cc7..43f28a43ff4a 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json @@ -1,201 +1,136 @@ { - "format_version": "0.1", - "terraform_version": "0.12.31", - "planned_values": { - "root_module": { - "resources": [ - { - "address": "google_kms_crypto_key_iam_policy.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_policy", - "name": "crypto_key", - "provider_name": "google", - "schema_version": 0, - "values": { - "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" - } - }, - { - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "schema_version": 1, - "values": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - } - }, - { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "schema_version": 0, - "values": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - } - } - ] - } - }, - "resource_changes": [ + "format_version": "0.2", + "terraform_version": "1.0.10", + "planned_values": { + "root_module": { + "resources": [ { - "address": "google_kms_crypto_key_iam_policy.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_policy", - "name": "crypto_key", - "provider_name": "google", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" - }, - "after_unknown": { - "crypto_key_id": true, - "etag": true, - "id": true - }, - "before_sensitive": false, - "after_sensitive": {} - } + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 1, + "values": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "sensitive_values": { + "version_template": [] + } }, { - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - }, - "after_unknown": { - "id": true, - "key_ring": true, - "self_link": true, - "version_template": true - }, - "before_sensitive": false, - "after_sensitive": { - "version_template": [] - } - } + "address": "google_kms_crypto_key_iam_policy.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_policy", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "crypto_key_id": "global/keyring-example/crypto-key-example", + "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" + }, + "sensitive_values": {} + } + ] + } + }, + "resource_changes": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null }, - { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - }, - "after_unknown": { - "id": true, - "self_link": true - }, - "before_sensitive": false, - "after_sensitive": {} - } + "after_unknown": { + "destroy_scheduled_duration": true, + "id": true, + "import_only": true, + "version_template": true + }, + "before_sensitive": false, + "after_sensitive": { + "version_template": [] } - ], - "configuration": { - "provider_config": { - "google": { - "name": "google", - "expressions": { - "project": { - "constant_value": "{{.Provider.project}}" - } - } + } + }, + { + "address": "google_kms_crypto_key_iam_policy.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_policy", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "crypto_key_id": "global/keyring-example/crypto-key-example", + "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" + }, + "after_unknown": { + "etag": true, + "id": true + }, + "before_sensitive": false, + "after_sensitive": {} + } + } + ], + "configuration": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_config_key": "google", + "expressions": { + "key_ring": { + "constant_value": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" + }, + "name": { + "constant_value": "crypto-key-example" } + }, + "schema_version": 1 }, - "root_module": { - "resources": [ - { - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_config_key": "google", - "expressions": { - "key_ring": { - "references": [ - "google_kms_key_ring.example_keyring" - ] - }, - "name": { - "constant_value": "crypto-key-example" - } - }, - "schema_version": 1 - }, - { - "address": "google_kms_crypto_key_iam_policy.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_policy", - "name": "crypto_key", - "provider_config_key": "google", - "expressions": { - "crypto_key_id": { - "references": [ - "google_kms_crypto_key.example_crypto_key" - ] - }, - "policy_data": {} - }, - "schema_version": 0 - }, - { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_config_key": "google", - "expressions": { - "location": { - "constant_value": "global" - }, - "name": { - "constant_value": "keyring-example" - }, - "project": { - "constant_value": "{{.Provider.project}}" - } - }, - "schema_version": 0 - } - ] + { + "address": "google_kms_crypto_key_iam_policy.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_policy", + "name": "crypto_key", + "provider_config_key": "google", + "expressions": { + "crypto_key_id": { + "constant_value": "global/keyring-example/crypto-key-example" + }, + "policy_data": {} + }, + "schema_version": 0 } + ] } + } } From b28455fb6917bf16a6f4681b339979b25dff672d Mon Sep 17 00:00:00 2001 From: prateek2408 Date: Sat, 29 Jan 2022 00:53:00 +0530 Subject: [PATCH 18/22] Adding support for zone and region via env (#5646) --- mmv1/third_party/validator/getconfig.go | 12 +++++ mmv1/third_party/validator/getconfig_test.go | 48 ++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/mmv1/third_party/validator/getconfig.go b/mmv1/third_party/validator/getconfig.go index a4a4755c8b78..88383ba2dd14 100644 --- a/mmv1/third_party/validator/getconfig.go +++ b/mmv1/third_party/validator/getconfig.go @@ -36,6 +36,18 @@ func GetConfig(ctx context.Context, project string, offline bool) (*Config, erro "GOOGLE_IMPERSONATE_SERVICE_ACCOUNT", }) + cfg.Zone = multiEnvSearch([]string{ + "GOOGLE_ZONE", + "GCLOUD_ZONE", + "CLOUDSDK_COMPUTE_ZONE", + }) + + cfg.Region = multiEnvSearch([]string{ + "GOOGLE_REGION", + "GCLOUD_REGION", + "CLOUDSDK_COMPUTE_REGION", + }) + // opt in extension for adding to the User-Agent header if ext := os.Getenv("GOOGLE_TERRAFORM_VALIDATOR_USERAGENT_EXTENSION"); ext != "" { ua := cfg.userAgent diff --git a/mmv1/third_party/validator/getconfig_test.go b/mmv1/third_party/validator/getconfig_test.go index 911b4abddb60..3e17c7d607b5 100644 --- a/mmv1/third_party/validator/getconfig_test.go +++ b/mmv1/third_party/validator/getconfig_test.go @@ -22,6 +22,12 @@ func getImpersonateServiceAccount(cfg *Config) string { func getUserAgent(cfg *Config) string { return cfg.UserAgent() } +func getZoneValue(cfg *Config) string { + return cfg.Zone +} +func getRegionValue(cfg *Config) string { + return cfg.Region +} func TestGetConfigExtractsEnvVars(t *testing.T) { ctx := context.Background() @@ -68,6 +74,48 @@ func TestGetConfigExtractsEnvVars(t *testing.T) { expected: "whatever", getConfigValue: getImpersonateServiceAccount, }, + { + name: "GOOGLE_ZONE", + envKey: "GOOGLE_ZONE", + envValue: "whatever", + expected: "whatever", + getConfigValue: getZoneValue, + }, + { + name: "GCLOUD_ZONE", + envKey: "GCLOUD_ZONE", + envValue: "whatever", + expected: "whatever", + getConfigValue: getZoneValue, + }, + { + name: "CLOUDSDK_COMPUTE_ZONE", + envKey: "CLOUDSDK_COMPUTE_ZONE", + envValue: "whatever", + expected: "whatever", + getConfigValue: getZoneValue, + }, + { + name: "GOOGLE_REGION", + envKey: "GOOGLE_REGION", + envValue: "whatever", + expected: "whatever", + getConfigValue: getRegionValue, + }, + { + name: "GCLOUD_REGION", + envKey: "GCLOUD_REGION", + envValue: "whatever", + expected: "whatever", + getConfigValue: getRegionValue, + }, + { + name: "CLOUDSDK_COMPUTE_REGION", + envKey: "CLOUDSDK_COMPUTE_REGION", + envValue: "whatever", + expected: "whatever", + getConfigValue: getRegionValue, + }, { name: "GOOGLE_TERRAFORM_VALIDATOR_USERAGENT_EXTENSION", envKey: "GOOGLE_TERRAFORM_VALIDATOR_USERAGENT_EXTENSION", From eb52d7bbcaadf28bdb050a854c06f49c3b2325e3 Mon Sep 17 00:00:00 2001 From: Tom Samaras Date: Mon, 31 Jan 2022 16:44:20 -0500 Subject: [PATCH 19/22] adding test for isPreemptible property --- GNUmakefile | 4 ++-- mmv1/Gemfile.lock | 3 +-- .../terraform/tests/resource_dataproc_cluster_test.go.erb | 1 + 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index ea4ed4568f45..849aa10a6466 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -58,7 +58,7 @@ terraform build: mmv1: cd mmv1;\ bundle; \ - bundle exec compiler -e terraform -o $(OUTPUT_PATH) -v $(VERSION) $(mmv1_compile); + bundle exec ruby compiler.rb -e terraform -o $(OUTPUT_PATH) -v $(VERSION) $(mmv1_compile); tpgtools: cd tpgtools;\ @@ -67,7 +67,7 @@ tpgtools: validator: cd mmv1;\ bundle; \ - bundle exec compiler -e terraform -f validator -o $(OUTPUT_PATH) $(mmv1_compile); + bundle exec ruby compiler.rb -e terraform -f validator -o $(OUTPUT_PATH) $(mmv1_compile); serialize: cd tpgtools;\ diff --git a/mmv1/Gemfile.lock b/mmv1/Gemfile.lock index 3450bc664951..53f9746caf26 100644 --- a/mmv1/Gemfile.lock +++ b/mmv1/Gemfile.lock @@ -74,5 +74,4 @@ DEPENDENCIES rubocop (>= 0.77.0) BUNDLED WITH - 1.17.2 - + 1.17.2 diff --git a/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb b/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb index 1cb3541499dc..658495555b7a 100644 --- a/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb @@ -414,6 +414,7 @@ func TestAccDataprocCluster_nonPreemptibleSecondary(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckDataprocClusterExists(t, "google_dataproc_cluster.non_preemptible", &cluster), resource.TestCheckResourceAttr("google_dataproc_cluster.non_preemptible", "cluster_config.0.preemptible_worker_config.0.preemptibility", "NON_PREEMPTIBLE"), + resource.TestCheckResourceAttr("google_dataproc_cluster.non_preemptible", "cluster_config.0.preemptible_worker_config.0.is_preemptible", "false"), ), }, }, From 06bca2caf4e8335a251c7176916e9115508d2778 Mon Sep 17 00:00:00 2001 From: Tom Samaras Date: Thu, 3 Feb 2022 17:28:32 -0500 Subject: [PATCH 20/22] final cleanup and documentation --- mmv1/products/dataproc/api.yaml | 15 --------------- .../resources/resource_dataproc_cluster.go.erb | 6 ------ .../tests/resource_dataproc_cluster_test.go.erb | 5 ++--- .../website/docs/r/dataproc_cluster.html.markdown | 6 ++++++ 4 files changed, 8 insertions(+), 24 deletions(-) diff --git a/mmv1/products/dataproc/api.yaml b/mmv1/products/dataproc/api.yaml index ed575636ecc3..045dce0d30cd 100644 --- a/mmv1/products/dataproc/api.yaml +++ b/mmv1/products/dataproc/api.yaml @@ -324,11 +324,6 @@ objects: name: 'numLocalSsds' description: | Number of attached SSDs, from 0 to 4. - - !ruby/object:Api::Type::Boolean - name: 'isPreemptible' - output: true - description: | - Specifies if this instance group contains preemptible instances. - !ruby/object:Api::Type::Enum name: 'preemptibility' description: | @@ -396,11 +391,6 @@ objects: name: 'numLocalSsds' description: | Number of attached SSDs, from 0 to 4. - - !ruby/object:Api::Type::Boolean - name: 'isPreemptible' - output: true - description: | - Specifies if this instance group contains preemptible instances. - !ruby/object:Api::Type::Enum name: 'preemptibility' description: | @@ -468,11 +458,6 @@ objects: name: 'numLocalSsds' description: | Number of attached SSDs, from 0 to 4. - - !ruby/object:Api::Type::Boolean - name: 'isPreemptible' - output: true - description: | - Specifies if this instance group contains preemptible instances. - !ruby/object:Api::Type::Enum name: 'preemptibility' description: | diff --git a/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb b/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb index 1f72b9b29196..bcb4172f1f43 100644 --- a/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb +++ b/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb @@ -345,12 +345,6 @@ func resourceDataprocCluster() *schema.Resource { // It always uses whatever is specified for the worker_config // "machine_type": { ... } // "min_cpu_platform": { ... } - "is_preemptible": { - Type: schema.TypeBool, - Computed: true, - Description: `Specifies that this instance group contains preemptible instances.`, - }, - "preemptibility": { Type: schema.TypeString, Optional: true, diff --git a/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb b/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb index 658495555b7a..62f5e0fa9c52 100644 --- a/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_dataproc_cluster_test.go.erb @@ -412,9 +412,8 @@ func TestAccDataprocCluster_nonPreemptibleSecondary(t *testing.T) { { Config: testAccDataprocCluster_nonPreemptibleSecondary(rnd), Check: resource.ComposeTestCheckFunc( - testAccCheckDataprocClusterExists(t, "google_dataproc_cluster.non_preemptible", &cluster), - resource.TestCheckResourceAttr("google_dataproc_cluster.non_preemptible", "cluster_config.0.preemptible_worker_config.0.preemptibility", "NON_PREEMPTIBLE"), - resource.TestCheckResourceAttr("google_dataproc_cluster.non_preemptible", "cluster_config.0.preemptible_worker_config.0.is_preemptible", "false"), + testAccCheckDataprocClusterExists(t, "google_dataproc_cluster.non_preemptible_secondary", &cluster), + resource.TestCheckResourceAttr("google_dataproc_cluster.non_preemptible_secondary", "cluster_config.0.preemptible_worker_config.0.preemptibility", "NON_PREEMPTIBLE"), ), }, }, diff --git a/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown b/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown index 6b7218530c7c..36cd3d0bc7a0 100644 --- a/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/dataproc_cluster.html.markdown @@ -443,6 +443,12 @@ will be set for you based on whatever was set for the `worker_config.machine_typ * `num_instances`- (Optional) Specifies the number of preemptible nodes to create. Defaults to 0. +* `preemptibility`- (Optional) Specifies the preemptibility of the secondary workers. The default value is `PREEMPTIBLE` + Accepted values are: + * PREEMPTIBILITY_UNSPECIFIED + * NON_PREEMPTIBLE + * PREEMPTIBLE + * `disk_config` (Optional) Disk Config * `boot_disk_type` - (Optional) The disk type of the primary disk attached to each preemptible worker node. From f1856ae803c993c29f47d582ff3da6595f30c6c8 Mon Sep 17 00:00:00 2001 From: Tom Samaras Date: Thu, 3 Feb 2022 18:17:30 -0500 Subject: [PATCH 21/22] revert api changes --- mmv1/products/dataproc/api.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/mmv1/products/dataproc/api.yaml b/mmv1/products/dataproc/api.yaml index 045dce0d30cd..ed575636ecc3 100644 --- a/mmv1/products/dataproc/api.yaml +++ b/mmv1/products/dataproc/api.yaml @@ -324,6 +324,11 @@ objects: name: 'numLocalSsds' description: | Number of attached SSDs, from 0 to 4. + - !ruby/object:Api::Type::Boolean + name: 'isPreemptible' + output: true + description: | + Specifies if this instance group contains preemptible instances. - !ruby/object:Api::Type::Enum name: 'preemptibility' description: | @@ -391,6 +396,11 @@ objects: name: 'numLocalSsds' description: | Number of attached SSDs, from 0 to 4. + - !ruby/object:Api::Type::Boolean + name: 'isPreemptible' + output: true + description: | + Specifies if this instance group contains preemptible instances. - !ruby/object:Api::Type::Enum name: 'preemptibility' description: | @@ -458,6 +468,11 @@ objects: name: 'numLocalSsds' description: | Number of attached SSDs, from 0 to 4. + - !ruby/object:Api::Type::Boolean + name: 'isPreemptible' + output: true + description: | + Specifies if this instance group contains preemptible instances. - !ruby/object:Api::Type::Enum name: 'preemptibility' description: | From dcce0ed475cdb4022e3d9d0751c02b7514c1f850 Mon Sep 17 00:00:00 2001 From: Tom Samaras Date: Mon, 7 Feb 2022 14:54:48 -0500 Subject: [PATCH 22/22] set default for preemptibility --- GNUmakefile | 4 ++-- mmv1/Gemfile.lock | 3 ++- .../terraform/resources/resource_dataproc_cluster.go.erb | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 849aa10a6466..ea4ed4568f45 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -58,7 +58,7 @@ terraform build: mmv1: cd mmv1;\ bundle; \ - bundle exec ruby compiler.rb -e terraform -o $(OUTPUT_PATH) -v $(VERSION) $(mmv1_compile); + bundle exec compiler -e terraform -o $(OUTPUT_PATH) -v $(VERSION) $(mmv1_compile); tpgtools: cd tpgtools;\ @@ -67,7 +67,7 @@ tpgtools: validator: cd mmv1;\ bundle; \ - bundle exec ruby compiler.rb -e terraform -f validator -o $(OUTPUT_PATH) $(mmv1_compile); + bundle exec compiler -e terraform -f validator -o $(OUTPUT_PATH) $(mmv1_compile); serialize: cd tpgtools;\ diff --git a/mmv1/Gemfile.lock b/mmv1/Gemfile.lock index 53f9746caf26..3450bc664951 100644 --- a/mmv1/Gemfile.lock +++ b/mmv1/Gemfile.lock @@ -74,4 +74,5 @@ DEPENDENCIES rubocop (>= 0.77.0) BUNDLED WITH - 1.17.2 + 1.17.2 + diff --git a/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb b/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb index 7c263e1129d8..d02625959a6b 100644 --- a/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb +++ b/mmv1/third_party/terraform/resources/resource_dataproc_cluster.go.erb @@ -354,8 +354,9 @@ func resourceDataprocCluster() *schema.Resource { "cluster_config.0.preemptible_worker_config.0.preemptibility", "cluster_config.0.preemptible_worker_config.0.disk_config", }, - ForceNew: true, + ForceNew: true, ValidateFunc: validation.StringInSlice([]string{"PREEMPTIBILITY_UNSPECIFIED", "NON_PREEMPTIBLE", "PREEMPTIBLE"}, false), + Default: "PREEMPTIBLE", }, "disk_config": {