Add IAM support for privateca CertificateTemplate (#5904) (#645)

Signed-off-by: Modular Magician <magic-modules@google.com>
GoogleCloudPlatform · Apr 11, 2022 · efaa911 · efaa911
1 parent 55841b9
commit efaa911
Show file tree

Hide file tree

Showing 5 changed files with 355 additions and 3 deletions.
diff --git a/converters/google/resources/iam_privateca_certificate_template.go b/converters/google/resources/iam_privateca_certificate_template.go
@@ -0,0 +1,226 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+package google
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"google.golang.org/api/cloudresourcemanager/v1"
+)
+
+var PrivatecaCertificateTemplateIamSchema = map[string]*schema.Schema{
+	"project": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"location": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"certificate_template": {
+		Type:             schema.TypeString,
+		Required:         true,
+		ForceNew:         true,
+		DiffSuppressFunc: compareSelfLinkOrResourceName,
+	},
+}
+
+type PrivatecaCertificateTemplateIamUpdater struct {
+	project             string
+	location            string
+	certificateTemplate string
+	d                   TerraformResourceData
+	Config              *Config
+}
+
+func PrivatecaCertificateTemplateIamUpdaterProducer(d TerraformResourceData, config *Config) (ResourceIamUpdater, error) {
+	values := make(map[string]string)
+
+	project, _ := getProject(d, config)
+	if project != "" {
+		if err := d.Set("project", project); err != nil {
+			return nil, fmt.Errorf("Error setting project: %s", err)
+		}
+	}
+	values["project"] = project
+	location, _ := getLocation(d, config)
+	if location != "" {
+		if err := d.Set("location", location); err != nil {
+			return nil, fmt.Errorf("Error setting location: %s", err)
+		}
+	}
+	values["location"] = location
+	if v, ok := d.GetOk("certificate_template"); ok {
+		values["certificate_template"] = v.(string)
+	}
+
+	// We may have gotten either a long or short name, so attempt to parse long name if possible
+	m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/certificateTemplates/(?P<certificate_template>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<certificate_template>[^/]+)", "(?P<location>[^/]+)/(?P<certificate_template>[^/]+)"}, d, config, d.Get("certificate_template").(string))
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &PrivatecaCertificateTemplateIamUpdater{
+		project:             values["project"],
+		location:            values["location"],
+		certificateTemplate: values["certificate_template"],
+		d:                   d,
+		Config:              config,
+	}
+
+	if err := d.Set("project", u.project); err != nil {
+		return nil, fmt.Errorf("Error setting project: %s", err)
+	}
+	if err := d.Set("location", u.location); err != nil {
+		return nil, fmt.Errorf("Error setting location: %s", err)
+	}
+	if err := d.Set("certificate_template", u.GetResourceId()); err != nil {
+		return nil, fmt.Errorf("Error setting certificate_template: %s", err)
+	}
+
+	return u, nil
+}
+
+func PrivatecaCertificateTemplateIdParseFunc(d *schema.ResourceData, config *Config) error {
+	values := make(map[string]string)
+
+	project, _ := getProject(d, config)
+	if project != "" {
+		values["project"] = project
+	}
+
+	location, _ := getLocation(d, config)
+	if location != "" {
+		values["location"] = location
+	}
+
+	m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/certificateTemplates/(?P<certificate_template>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<certificate_template>[^/]+)", "(?P<location>[^/]+)/(?P<certificate_template>[^/]+)"}, d, config, d.Id())
+	if err != nil {
+		return err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &PrivatecaCertificateTemplateIamUpdater{
+		project:             values["project"],
+		location:            values["location"],
+		certificateTemplate: values["certificate_template"],
+		d:                   d,
+		Config:              config,
+	}
+	if err := d.Set("certificate_template", u.GetResourceId()); err != nil {
+		return fmt.Errorf("Error setting certificate_template: %s", err)
+	}
+	d.SetId(u.GetResourceId())
+	return nil
+}
+
+func (u *PrivatecaCertificateTemplateIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
+	url, err := u.qualifyCertificateTemplateUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
+
+	project, err := getProject(u.d, u.Config)
+	if err != nil {
+		return nil, err
+	}
+	var obj map[string]interface{}
+	url, err = addQueryParams(url, map[string]string{"options.requestedPolicyVersion": fmt.Sprintf("%d", iamPolicyVersion)})
+	if err != nil {
+		return nil, err
+	}
+
+	userAgent, err := generateUserAgentString(u.d, u.Config.userAgent)
+	if err != nil {
+		return nil, err
+	}
+
+	policy, err := sendRequest(u.Config, "GET", project, url, userAgent, obj)
+	if err != nil {
+		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	out := &cloudresourcemanager.Policy{}
+	err = Convert(policy, out)
+	if err != nil {
+		return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err)
+	}
+
+	return out, nil
+}
+
+func (u *PrivatecaCertificateTemplateIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
+	json, err := ConvertToMap(policy)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	obj["policy"] = json
+
+	url, err := u.qualifyCertificateTemplateUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
+	project, err := getProject(u.d, u.Config)
+	if err != nil {
+		return err
+	}
+
+	userAgent, err := generateUserAgentString(u.d, u.Config.userAgent)
+	if err != nil {
+		return err
+	}
+
+	_, err = sendRequestWithTimeout(u.Config, "POST", project, url, userAgent, obj, u.d.Timeout(schema.TimeoutCreate))
+	if err != nil {
+		return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	return nil
+}
+
+func (u *PrivatecaCertificateTemplateIamUpdater) qualifyCertificateTemplateUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{PrivatecaBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/%s/certificateTemplates/%s", u.project, u.location, u.certificateTemplate), methodIdentifier)
+	url, err := replaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
+}
+
+func (u *PrivatecaCertificateTemplateIamUpdater) GetResourceId() string {
+	return fmt.Sprintf("projects/%s/locations/%s/certificateTemplates/%s", u.project, u.location, u.certificateTemplate)
+}
+
+func (u *PrivatecaCertificateTemplateIamUpdater) GetMutexKey() string {
+	return fmt.Sprintf("iam-privateca-certificatetemplate-%s", u.GetResourceId())
+}
+
+func (u *PrivatecaCertificateTemplateIamUpdater) DescribeResource() string {
+	return fmt.Sprintf("privateca certificatetemplate %q", u.GetResourceId())
+}
diff --git a/converters/google/resources/privateca_certificate_template_iam.go b/converters/google/resources/privateca_certificate_template_iam.go
@@ -0,0 +1,123 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package google
+
+import "fmt"
+
+// Provide a separate asset type constant so we don't have to worry about name conflicts between IAM and non-IAM converter files
+const PrivatecaCertificateTemplateIAMAssetType string = "privateca.googleapis.com/CertificateTemplate"
+
+func resourceConverterPrivatecaCertificateTemplateIamPolicy() ResourceConverter {
+	return ResourceConverter{
+		AssetType:         PrivatecaCertificateTemplateIAMAssetType,
+		Convert:           GetPrivatecaCertificateTemplateIamPolicyCaiObject,
+		MergeCreateUpdate: MergePrivatecaCertificateTemplateIamPolicy,
+	}
+}
+
+func resourceConverterPrivatecaCertificateTemplateIamBinding() ResourceConverter {
+	return ResourceConverter{
+		AssetType:         PrivatecaCertificateTemplateIAMAssetType,
+		Convert:           GetPrivatecaCertificateTemplateIamBindingCaiObject,
+		FetchFullResource: FetchPrivatecaCertificateTemplateIamPolicy,
+		MergeCreateUpdate: MergePrivatecaCertificateTemplateIamBinding,
+		MergeDelete:       MergePrivatecaCertificateTemplateIamBindingDelete,
+	}
+}
+
+func resourceConverterPrivatecaCertificateTemplateIamMember() ResourceConverter {
+	return ResourceConverter{
+		AssetType:         PrivatecaCertificateTemplateIAMAssetType,
+		Convert:           GetPrivatecaCertificateTemplateIamMemberCaiObject,
+		FetchFullResource: FetchPrivatecaCertificateTemplateIamPolicy,
+		MergeCreateUpdate: MergePrivatecaCertificateTemplateIamMember,
+		MergeDelete:       MergePrivatecaCertificateTemplateIamMemberDelete,
+	}
+}
+
+func GetPrivatecaCertificateTemplateIamPolicyCaiObject(d TerraformResourceData, config *Config) ([]Asset, error) {
+	return newPrivatecaCertificateTemplateIamAsset(d, config, expandIamPolicyBindings)
+}
+
+func GetPrivatecaCertificateTemplateIamBindingCaiObject(d TerraformResourceData, config *Config) ([]Asset, error) {
+	return newPrivatecaCertificateTemplateIamAsset(d, config, expandIamRoleBindings)
+}
+
+func GetPrivatecaCertificateTemplateIamMemberCaiObject(d TerraformResourceData, config *Config) ([]Asset, error) {
+	return newPrivatecaCertificateTemplateIamAsset(d, config, expandIamMemberBindings)
+}
+
+func MergePrivatecaCertificateTemplateIamPolicy(existing, incoming Asset) Asset {
+	existing.IAMPolicy = incoming.IAMPolicy
+	return existing
+}
+
+func MergePrivatecaCertificateTemplateIamBinding(existing, incoming Asset) Asset {
+	return mergeIamAssets(existing, incoming, mergeAuthoritativeBindings)
+}
+
+func MergePrivatecaCertificateTemplateIamBindingDelete(existing, incoming Asset) Asset {
+	return mergeDeleteIamAssets(existing, incoming, mergeDeleteAuthoritativeBindings)
+}
+
+func MergePrivatecaCertificateTemplateIamMember(existing, incoming Asset) Asset {
+	return mergeIamAssets(existing, incoming, mergeAdditiveBindings)
+}
+
+func MergePrivatecaCertificateTemplateIamMemberDelete(existing, incoming Asset) Asset {
+	return mergeDeleteIamAssets(existing, incoming, mergeDeleteAdditiveBindings)
+}
+
+func newPrivatecaCertificateTemplateIamAsset(
+	d TerraformResourceData,
+	config *Config,
+	expandBindings func(d TerraformResourceData) ([]IAMBinding, error),
+) ([]Asset, error) {
+	bindings, err := expandBindings(d)
+	if err != nil {
+		return []Asset{}, fmt.Errorf("expanding bindings: %v", err)
+	}
+
+	name, err := assetName(d, config, "//privateca.googleapis.com/projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}/{{certificatetemplate}}")
+	if err != nil {
+		return []Asset{}, err
+	}
+
+	return []Asset{{
+		Name: name,
+		Type: PrivatecaCertificateTemplateIAMAssetType,
+		IAMPolicy: &IAMPolicy{
+			Bindings: bindings,
+		},
+	}}, nil
+}
+
+func FetchPrivatecaCertificateTemplateIamPolicy(d TerraformResourceData, config *Config) (Asset, error) {
+	// Check if the identity field returns a value
+	if _, ok := d.GetOk("location"); !ok {
+		return Asset{}, ErrEmptyIdentityField
+	}
+	if _, ok := d.GetOk("certificate_template"); !ok {
+		return Asset{}, ErrEmptyIdentityField
+	}
+
+	return fetchIamPolicy(
+		PrivatecaCertificateTemplateIamUpdaterProducer,
+		d,
+		config,
+		"//privateca.googleapis.com/projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}/{{certificatetemplate}}",
+		PrivatecaCertificateTemplateIAMAssetType,
+	)
+}
diff --git a/converters/google/resources/resource_converters.go b/converters/google/resources/resource_converters.go
@@ -144,6 +144,9 @@ func ResourceConverters() map[string][]ResourceConverter {
 		"google_privateca_ca_pool_iam_policy":                     {resourceConverterPrivatecaCaPoolIamPolicy()},
 		"google_privateca_ca_pool_iam_binding":                    {resourceConverterPrivatecaCaPoolIamBinding()},
 		"google_privateca_ca_pool_iam_member":                     {resourceConverterPrivatecaCaPoolIamMember()},
+		"google_privateca_certificate_template_iam_policy":        {resourceConverterPrivatecaCertificateTemplateIamPolicy()},
+		"google_privateca_certificate_template_iam_binding":       {resourceConverterPrivatecaCertificateTemplateIamBinding()},
+		"google_privateca_certificate_template_iam_member":        {resourceConverterPrivatecaCertificateTemplateIamMember()},
 		"google_pubsub_topic_iam_policy":                          {resourceConverterPubsubTopicIamPolicy()},
 		"google_pubsub_topic_iam_binding":                         {resourceConverterPubsubTopicIamBinding()},
 		"google_pubsub_topic_iam_member":                          {resourceConverterPubsubTopicIamMember()},

diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/terraform-json v0.13.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.1
-	github.com/hashicorp/terraform-provider-google v1.20.1-0.20220408205705-d6734812e2c6
+	github.com/hashicorp/terraform-provider-google v1.20.1-0.20220411205438-2aa30516e00d
 	github.com/kr/pretty v0.3.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/onsi/gomega v1.17.0 // indirect

diff --git a/go.sum b/go.sum
@@ -696,8 +696,8 @@ github.com/hashicorp/terraform-plugin-log v0.2.0 h1:rjflRuBqCnSk3UHOR25MP1G5BDLK
 github.com/hashicorp/terraform-plugin-log v0.2.0/go.mod h1:E1kJmapEHzqu1x6M++gjvhzM2yMQNXPVWZRCB8sgYjg=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.1 h1:B9AocC+dxrCqcf4vVhztIkSkt3gpRjUkEka8AmZWGlQ=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.1/go.mod h1:FjM9DXWfP0w/AeOtJoSKHBZ01LqmaO6uP4bXhv3fekw=
-github.com/hashicorp/terraform-provider-google v1.20.1-0.20220408205705-d6734812e2c6 h1:fO/Smmj+4dOo5jYNegKMrFL1PzkhAjVgdLkRR0iSrxI=
-github.com/hashicorp/terraform-provider-google v1.20.1-0.20220408205705-d6734812e2c6/go.mod h1:zuersTi7DrjFzHJ9B6noGikoBdHD6EJj6RlQ2YMQNb4=
+github.com/hashicorp/terraform-provider-google v1.20.1-0.20220411205438-2aa30516e00d h1:wn3AVH3ZpGu3tx1M+fGcpSPl+fjIJnD67kb+ou5tNEA=
+github.com/hashicorp/terraform-provider-google v1.20.1-0.20220411205438-2aa30516e00d/go.mod h1:zuersTi7DrjFzHJ9B6noGikoBdHD6EJj6RlQ2YMQNb4=
 github.com/hashicorp/terraform-registry-address v0.0.0-20210412075316-9b2996cce896 h1:1FGtlkJw87UsTMg5s8jrekrHmUPUJaMcu6ELiVhQrNw=
 github.com/hashicorp/terraform-registry-address v0.0.0-20210412075316-9b2996cce896/go.mod h1:bzBPnUIkI0RxauU8Dqo+2KrZZ28Cf48s8V6IHt3p4co=
 github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0=