Add cloud identity group (#3696) (#2224)

* add cloud identity to mm

* make labels key value pair

* add cloud identity group

* fix white spacing, add description to update test

* make tests beta-only

* make customer id var beta-only

* Update products/cloudidentity/api.yaml

Co-authored-by: Dana Hoffman <danahoffman@google.com>

* Update products/cloudidentity/terraform.yaml

Co-authored-by: Dana Hoffman <danahoffman@google.com>

* update code review comments

* move unless ga to top of file for test

* move unless ga back

* add group membership back in

* remove last comma

* update per review comments

* add group membership test for user

* update admin -> identity, tabs -> spaces

Co-authored-by: Dana Hoffman <danahoffman@google.com>
Signed-off-by: Modular Magician <magic-modules@google.com>

Co-authored-by: Dana Hoffman <danahoffman@google.com>

.changelog/3696.txt

@@ -0,0 +1,6 @@
+```release-note:new-resource
+`google_cloud_identity_group` (TPGB-only)
+```
+```release-note:note
+added the `https://www.googleapis.com/auth/cloud-identity` scope to the provider by default
+```

google-beta/config.go

@@ -91,6 +91,7 @@ type Config struct {
 	BinaryAuthorizationBasePath  string
 	CloudBuildBasePath           string
 	CloudFunctionsBasePath       string
+	CloudIdentityBasePath        string
 	CloudIotBasePath             string
 	CloudRunBasePath             string
 	CloudSchedulerBasePath       string
@@ -244,6 +245,7 @@ var BillingDefaultBasePath = "https://billingbudgets.googleapis.com/v1beta1/"
 var BinaryAuthorizationDefaultBasePath = "https://binaryauthorization.googleapis.com/v1/"
 var CloudBuildDefaultBasePath = "https://cloudbuild.googleapis.com/v1/"
 var CloudFunctionsDefaultBasePath = "https://cloudfunctions.googleapis.com/v1/"
+var CloudIdentityDefaultBasePath = "https://cloudidentity.googleapis.com/v1beta1/"
 var CloudIotDefaultBasePath = "https://cloudiot.googleapis.com/v1/"
 var CloudRunDefaultBasePath = "https://{{location}}-run.googleapis.com/"
 var CloudSchedulerDefaultBasePath = "https://cloudscheduler.googleapis.com/v1/"
@@ -292,6 +294,7 @@ var VPCAccessDefaultBasePath = "https://vpcaccess.googleapis.com/v1/"
 var defaultClientScopes = []string{
 	"https://www.googleapis.com/auth/compute",
 	"https://www.googleapis.com/auth/cloud-platform",
+	"https://www.googleapis.com/auth/cloud-identity",
 	"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
 	"https://www.googleapis.com/auth/devstorage.full_control",
 	"https://www.googleapis.com/auth/userinfo.email",
@@ -772,6 +775,7 @@ func ConfigureBasePaths(c *Config) {
 	c.BinaryAuthorizationBasePath = BinaryAuthorizationDefaultBasePath
 	c.CloudBuildBasePath = CloudBuildDefaultBasePath
 	c.CloudFunctionsBasePath = CloudFunctionsDefaultBasePath
+	c.CloudIdentityBasePath = CloudIdentityDefaultBasePath
 	c.CloudIotBasePath = CloudIotDefaultBasePath
 	c.CloudRunBasePath = CloudRunDefaultBasePath
 	c.CloudSchedulerBasePath = CloudSchedulerDefaultBasePath

google-beta/provider.go

@@ -205,6 +205,14 @@ func Provider() terraform.ResourceProvider {
 					"GOOGLE_CLOUD_FUNCTIONS_CUSTOM_ENDPOINT",
 				}, CloudFunctionsDefaultBasePath),
 			},
+			"cloud_identity_custom_endpoint": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateCustomEndpoint,
+				DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+					"GOOGLE_CLOUD_IDENTITY_CUSTOM_ENDPOINT",
+				}, CloudIdentityDefaultBasePath),
+			},
 			"cloud_iot_custom_endpoint": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -663,9 +671,9 @@ func Provider() terraform.ResourceProvider {
 	return provider
 }
 
-// Generated resources: 165
+// Generated resources: 167
 // Generated IAM resources: 66
-// Total generated resources: 231
+// Total generated resources: 233
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -705,6 +713,8 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_cloudfunctions_function_iam_binding":                   ResourceIamBinding(CloudFunctionsCloudFunctionIamSchema, CloudFunctionsCloudFunctionIamUpdaterProducer, CloudFunctionsCloudFunctionIdParseFunc),
 			"google_cloudfunctions_function_iam_member":                    ResourceIamMember(CloudFunctionsCloudFunctionIamSchema, CloudFunctionsCloudFunctionIamUpdaterProducer, CloudFunctionsCloudFunctionIdParseFunc),
 			"google_cloudfunctions_function_iam_policy":                    ResourceIamPolicy(CloudFunctionsCloudFunctionIamSchema, CloudFunctionsCloudFunctionIamUpdaterProducer, CloudFunctionsCloudFunctionIdParseFunc),
+			"google_cloud_identity_group":                                  resourceCloudIdentityGroup(),
+			"google_cloud_identity_group_membership":                       resourceCloudIdentityGroupMembership(),
 			"google_cloudiot_registry":                                     resourceCloudIotDeviceRegistry(),
 			"google_cloud_run_domain_mapping":                              resourceCloudRunDomainMapping(),
 			"google_cloud_run_service":                                     resourceCloudRunService(),
@@ -1085,6 +1095,7 @@ func providerConfigure(d *schema.ResourceData, p *schema.Provider, terraformVers
 	config.BinaryAuthorizationBasePath = d.Get("binary_authorization_custom_endpoint").(string)
 	config.CloudBuildBasePath = d.Get("cloud_build_custom_endpoint").(string)
 	config.CloudFunctionsBasePath = d.Get("cloud_functions_custom_endpoint").(string)
+	config.CloudIdentityBasePath = d.Get("cloud_identity_custom_endpoint").(string)
 	config.CloudIotBasePath = d.Get("cloud_iot_custom_endpoint").(string)
 	config.CloudRunBasePath = d.Get("cloud_run_custom_endpoint").(string)
 	config.CloudSchedulerBasePath = d.Get("cloud_scheduler_custom_endpoint").(string)

google-beta/provider_test.go

@@ -65,6 +65,14 @@ var orgEnvVars = []string{
 	"GOOGLE_ORG",
 }
 
+var custIdEnvVars = []string{
+	"GOOGLE_CUST_ID",
+}
+
+var identityUserEnvVars = []string{
+	"GOOGLE_IDENTITY_USER",
+}
+
 var orgEnvDomainVars = []string{
 	"GOOGLE_ORG_DOMAIN",
 }
@@ -837,6 +845,14 @@ func getTestZoneFromEnv() string {
 	return multiEnvSearch(zoneEnvVars)
 }
 
+func getTestCustIdFromEnv(t *testing.T) string {
+	return multiEnvSearch(custIdEnvVars)
+}
+
+func getTestIdentityUserFromEnv(t *testing.T) string {
+	return multiEnvSearch(identityUserEnvVars)
+}
+
 // Firestore can't be enabled at the same time as Datastore, so we need a new
 // project to manage it until we can enable Firestore programmatically.
 func getTestFirestoreProjectFromEnv(t *testing.T) string {

google-beta/resource_bigquery_data_transfer_config.go

@@ -204,7 +204,15 @@ func resourceBigqueryDataTransferConfigCreate(d *schema.ResourceData, meta inter
 	// `name` is autogenerated from the api so needs to be set post-create
 	name, ok := res["name"]
 	if !ok {
-		return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+		respBody, ok := res["response"]
+		if !ok {
+			return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+		}
+
+		name, ok = respBody.(map[string]interface{})["name"]
+		if !ok {
+			return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+		}
 	}
 	d.Set("name", name.(string))
 	d.SetId(name.(string))

google-beta/resource_billing_budget.go

@@ -247,7 +247,15 @@ func resourceBillingBudgetCreate(d *schema.ResourceData, meta interface{}) error
 	// `name` is autogenerated from the api so needs to be set post-create
 	name, ok := res["name"]
 	if !ok {
-		return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+		respBody, ok := res["response"]
+		if !ok {
+			return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+		}
+
+		name, ok = respBody.(map[string]interface{})["name"]
+		if !ok {
+			return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+		}
 	}
 	d.Set("name", name.(string))
 	d.SetId(name.(string))