From 3b3b167608060bb456137c51633ce43465c2af3a Mon Sep 17 00:00:00 2001 From: The Magician Date: Thu, 22 Dec 2022 13:56:15 -0800 Subject: [PATCH] Revert "Fix cloud_identity_group_membership to properly handle 403 responses when membership does not exist (#6999)" (#7032) (#5023) This reverts commit 927d9e93ddc2fe8a28c4fcc6eb50c009dea86174. Signed-off-by: Modular Magician Signed-off-by: Modular Magician --- .changelog/7032.txt | 2 + .../cloud_identity_group_membership_utils.go | 27 ------ ...esource_cloud_identity_group_membership.go | 2 +- ...ce_cloud_identity_group_membership_test.go | 82 ------------------- 4 files changed, 3 insertions(+), 110 deletions(-) create mode 100644 .changelog/7032.txt delete mode 100644 google-beta/cloud_identity_group_membership_utils.go diff --git a/.changelog/7032.txt b/.changelog/7032.txt new file mode 100644 index 0000000000..e0943c5a4f --- /dev/null +++ b/.changelog/7032.txt @@ -0,0 +1,2 @@ +```release-note:none +``` diff --git a/google-beta/cloud_identity_group_membership_utils.go b/google-beta/cloud_identity_group_membership_utils.go deleted file mode 100644 index e2a1e22b81..0000000000 --- a/google-beta/cloud_identity_group_membership_utils.go +++ /dev/null @@ -1,27 +0,0 @@ -package google - -import ( - "log" - "strings" - - "github.com/hashicorp/errwrap" - "google.golang.org/api/googleapi" -) - -func transformCloudIdentityGroupMembershipReadError(err error) error { - if gErr, ok := errwrap.GetType(err, &googleapi.Error{}).(*googleapi.Error); ok { - if gErr.Code == 403 && strings.Contains(gErr.Message, "(or it may not exist)") { - // This error occurs when either the group membership does not exist, or permission is denied. It is - // deliberately ambiguous so that existence information is not revealed to the caller. However, for - // the Read function, we can only assume that the membership does not exist, and proceed with attempting - // other operations. Since handleNotFoundError(...) expects an error code of 404 when a resource does not - // exist, to get the desired behavior, we modify the error code to be 404. - gErr.Code = 404 - } - - log.Printf("[DEBUG] Transformed CloudIdentityGroupMembership error") - return gErr - } - - return err -} diff --git a/google-beta/resource_cloud_identity_group_membership.go b/google-beta/resource_cloud_identity_group_membership.go index 8646b797a4..dbbdcfe23f 100644 --- a/google-beta/resource_cloud_identity_group_membership.go +++ b/google-beta/resource_cloud_identity_group_membership.go @@ -274,7 +274,7 @@ func resourceCloudIdentityGroupMembershipRead(d *schema.ResourceData, meta inter res, err := sendRequest(config, "GET", billingProject, url, userAgent, nil) if err != nil { - return handleNotFoundError(transformCloudIdentityGroupMembershipReadError(err), d, fmt.Sprintf("CloudIdentityGroupMembership %q", d.Id())) + return handleNotFoundError(err, d, fmt.Sprintf("CloudIdentityGroupMembership %q", d.Id())) } if err := d.Set("name", flattenCloudIdentityGroupMembershipName(res["name"], d, config)); err != nil { diff --git a/google-beta/resource_cloud_identity_group_membership_test.go b/google-beta/resource_cloud_identity_group_membership_test.go index c1c595eec6..b289f8612c 100644 --- a/google-beta/resource_cloud_identity_group_membership_test.go +++ b/google-beta/resource_cloud_identity_group_membership_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "google.golang.org/api/iam/v1" ) func TestAccCloudIdentityGroupMembership_update(t *testing.T) { @@ -176,87 +175,6 @@ resource "google_cloud_identity_group_membership" "basic" { `, context) } -func TestAccCloudIdentityGroupMembership_membershipDoesNotExist(t *testing.T) { - t.Parallel() - - context := map[string]interface{}{ - "org_domain": getTestOrgDomainFromEnv(t), - "cust_id": getTestCustIdFromEnv(t), - "random_suffix": randString(t, 10), - } - - saId := "tf-test-sa-" + randString(t, 10) - project := getTestProjectFromEnv() - config := BootstrapConfig(t) - - r := &iam.CreateServiceAccountRequest{ - AccountId: saId, - ServiceAccount: &iam.ServiceAccount{}, - } - - sa, err := config.NewIamClient(config.userAgent).Projects.ServiceAccounts.Create("projects/"+project, r).Do() - if err != nil { - t.Errorf("Error creating service account: %s", err) - } - - context["member_id"] = sa.Email - - vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckCloudIdentityGroupMembershipDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testAccCloudIdentityGroupMembership_dne(context), - }, - { - PreConfig: func() { - config := googleProviderConfig(t) - - _, err := config.NewIamClient(config.userAgent).Projects.ServiceAccounts.Delete(sa.Name).Do() - if err != nil { - t.Errorf("cannot delete service account %s: %v", sa.Name, err) - return - } - }, - Config: testAccCloudIdentityGroupMembership_dne(context), - PlanOnly: true, - ExpectNonEmptyPlan: true, - }, - }, - }) -} - -func testAccCloudIdentityGroupMembership_dne(context map[string]interface{}) string { - return Nprintf(` -resource "google_cloud_identity_group" "group" { - display_name = "tf-test-my-identity-group-%{random_suffix}" - - parent = "customers/%{cust_id}" - - group_key { - id = "tf-test-my-identity-group-%{random_suffix}@%{org_domain}" - } - - labels = { - "cloudidentity.googleapis.com/groups.discussion_forum" = "" - } -} - -resource "google_cloud_identity_group_membership" "basic" { - group = google_cloud_identity_group.group.id - - preferred_member_key { - id = "%{member_id}" - } - - roles { - name = "MEMBER" - } -} -`, context) -} - func TestAccCloudIdentityGroupMembership_cloudIdentityGroupMembershipWithMemberKey(t *testing.T) { t.Parallel()