Sync 5.0.0 with main (#9039) (#6344)

Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · Sep 22, 2023 · 82c389a · 82c389a
1 parent fb04a99
commit 82c389a
Show file tree

Hide file tree

Showing 21 changed files with 1,982 additions and 85 deletions.
diff --git a/.changelog/9039.txt b/.changelog/9039.txt
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
diff --git a/google-beta/fwtransport/framework_config_test.go b/google-beta/fwtransport/framework_config_test.go
@@ -336,61 +336,63 @@ func TestFrameworkProvider_LoadAndValidateFramework_credentials(t *testing.T) {
 	}
 }
 
-func TestFrameworkProvider_LoadAndValidateFramework_credentials_unknown(t *testing.T) {
-	// This test case is kept separate from other credentials tests, as it requires comparing
-	// error messages returned by two different error states:
-	// - When credentials = Null
-	// - When credentials = Unknown
-
-	t.Run("the same error is returned whether credentials is set as a null or unknown value (and access_token isn't set)", func(t *testing.T) {
-
-		// Arrange
-		acctest.UnsetTestProviderConfigEnvs(t)
-
-		ctx := context.Background()
-		tfVersion := "foobar"
-		providerversion := "999"
-
-		impersonateServiceAccountDelegates, _ := types.ListValue(types.StringType, []attr.Value{}) // empty list
-
-		// Null data and error collection
-		diagsNull := diag.Diagnostics{}
-		dataNull := fwmodels.ProviderModel{
-			Credentials: types.StringNull(),
-		}
-		dataNull.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
-
-		// Unknown data and error collection
-		diagsUnknown := diag.Diagnostics{}
-		dataUnknown := fwmodels.ProviderModel{
-			Credentials: types.StringUnknown(),
-		}
-		dataUnknown.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
-
-		pNull := fwtransport.FrameworkProviderConfig{}
-		pUnknown := fwtransport.FrameworkProviderConfig{}
-
-		// Act
-		pNull.LoadAndValidateFramework(ctx, &dataNull, tfVersion, &diagsNull, providerversion)
-		pUnknown.LoadAndValidateFramework(ctx, &dataUnknown, tfVersion, &diagsUnknown, providerversion)
-
-		// Assert
-		if !diagsNull.HasError() {
-			t.Fatalf("expect errors when credentials is null, but [%d] errors occurred", diagsNull.ErrorsCount())
-		}
-		if !diagsUnknown.HasError() {
-			t.Fatalf("expect errors when credentials is unknown, but [%d] errors occurred", diagsUnknown.ErrorsCount())
-		}
-
-		errNull := diagsNull.Errors()
-		errUnknown := diagsUnknown.Errors()
-		for i := 0; i < len(errNull); i++ {
-			if errNull[i] != errUnknown[i] {
-				t.Fatalf("expect errors to be the same for null and unknown credentials values, instead got \nnull=`%s` \nunknown=%s", errNull[i], errUnknown[i])
-			}
-		}
-	})
-}
+// NOTE: these tests can't run in Cloud Build due to ADC locating credentials despite `GOOGLE_APPLICATION_CREDENTIALS` being unset
+// See https://cloud.google.com/docs/authentication/application-default-credentials#search_order
+// Also, when running these tests locally you need to run `gcloud auth application-default revoke` to ensure your machine isn't supplying ADCs
+// func TestFrameworkProvider_LoadAndValidateFramework_credentials_unknown(t *testing.T) {
+// 	// This test case is kept separate from other credentials tests, as it requires comparing
+// 	// error messages returned by two different error states:
+// 	// - When credentials = Null
+// 	// - When credentials = Unknown
+
+// 	t.Run("the same error is returned whether credentials is set as a null or unknown value (and access_token isn't set)", func(t *testing.T) {
+// 		// Arrange
+// 		acctest.UnsetTestProviderConfigEnvs(t)
+
+// 		ctx := context.Background()
+// 		tfVersion := "foobar"
+// 		providerversion := "999"
+
+// 		impersonateServiceAccountDelegates, _ := types.ListValue(types.StringType, []attr.Value{}) // empty list
+
+// 		// Null data and error collection
+// 		diagsNull := diag.Diagnostics{}
+// 		dataNull := fwmodels.ProviderModel{
+// 			Credentials: types.StringNull(),
+// 		}
+// 		dataNull.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
+
+// 		// Unknown data and error collection
+// 		diagsUnknown := diag.Diagnostics{}
+// 		dataUnknown := fwmodels.ProviderModel{
+// 			Credentials: types.StringUnknown(),
+// 		}
+// 		dataUnknown.ImpersonateServiceAccountDelegates = impersonateServiceAccountDelegates
+
+// 		pNull := fwtransport.FrameworkProviderConfig{}
+// 		pUnknown := fwtransport.FrameworkProviderConfig{}
+
+// 		// Act
+// 		pNull.LoadAndValidateFramework(ctx, &dataNull, tfVersion, &diagsNull, providerversion)
+// 		pUnknown.LoadAndValidateFramework(ctx, &dataUnknown, tfVersion, &diagsUnknown, providerversion)
+
+// 		// Assert
+// 		if !diagsNull.HasError() {
+// 			t.Fatalf("expect errors when credentials is null, but [%d] errors occurred", diagsNull.ErrorsCount())
+// 		}
+// 		if !diagsUnknown.HasError() {
+// 			t.Fatalf("expect errors when credentials is unknown, but [%d] errors occurred", diagsUnknown.ErrorsCount())
+// 		}
+
+// 		errNull := diagsNull.Errors()
+// 		errUnknown := diagsUnknown.Errors()
+// 		for i := 0; i < len(errNull); i++ {
+// 			if errNull[i] != errUnknown[i] {
+// 				t.Fatalf("expect errors to be the same for null and unknown credentials values, instead got \nnull=`%s` \nunknown=%s", errNull[i], errUnknown[i])
+// 			}
+// 		}
+// 	})
+// }
 
 func TestFrameworkProvider_LoadAndValidateFramework_billingProject(t *testing.T) {
 

diff --git a/google-beta/provider/provider.go b/google-beta/provider/provider.go
@@ -871,6 +871,7 @@ func DatasourceMapWithErrors() (map[string]*schema.Resource, error) {
 		"google_beyondcorp_app_gateway":                       beyondcorp.DataSourceGoogleBeyondcorpAppGateway(),
 		"google_billing_account":                              billing.DataSourceGoogleBillingAccount(),
 		"google_bigquery_default_service_account":             bigquery.DataSourceGoogleBigqueryDefaultServiceAccount(),
+		"google_certificate_manager_certificate_map":          certificatemanager.DataSourceGoogleCertificateManagerCertificateMap(),
 		"google_cloudbuild_trigger":                           cloudbuild.DataSourceGoogleCloudBuildTrigger(),
 		"google_cloudfunctions_function":                      cloudfunctions.DataSourceGoogleCloudFunctionsFunction(),
 		"google_cloudfunctions2_function":                     cloudfunctions2.DataSourceGoogleCloudFunctions2Function(),
@@ -1113,9 +1114,9 @@ func DatasourceMapWithErrors() (map[string]*schema.Resource, error) {
 		})
 }
 
-// Generated resources: 380
+// Generated resources: 381
 // Generated IAM resources: 237
-// Total generated resources: 617
+// Total generated resources: 618
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -1663,6 +1664,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_secret_manager_secret_version":                           secretmanager.ResourceSecretManagerSecretVersion(),
 			"google_scc_mute_config":                                         securitycenter.ResourceSecurityCenterMuteConfig(),
 			"google_scc_notification_config":                                 securitycenter.ResourceSecurityCenterNotificationConfig(),
+			"google_scc_project_custom_module":                               securitycenter.ResourceSecurityCenterProjectCustomModule(),
 			"google_scc_source":                                              securitycenter.ResourceSecurityCenterSource(),
 			"google_scc_source_iam_binding":                                  tpgiamresource.ResourceIamBinding(securitycenter.SecurityCenterSourceIamSchema, securitycenter.SecurityCenterSourceIamUpdaterProducer, securitycenter.SecurityCenterSourceIdParseFunc),
 			"google_scc_source_iam_member":                                   tpgiamresource.ResourceIamMember(securitycenter.SecurityCenterSourceIamSchema, securitycenter.SecurityCenterSourceIamUpdaterProducer, securitycenter.SecurityCenterSourceIdParseFunc),

diff --git a/...eta/services/certificatemanager/data_source_google_certificate_manager_certificate_map.go b/...eta/services/certificatemanager/data_source_google_certificate_manager_certificate_map.go
@@ -0,0 +1,46 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package certificatemanager
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+func DataSourceGoogleCertificateManagerCertificateMap() *schema.Resource {
+
+	dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceCertificateManagerCertificateMap().Schema)
+	tpgresource.AddRequiredFieldsToSchema(dsSchema, "name")
+	tpgresource.AddOptionalFieldsToSchema(dsSchema, "project")
+
+	return &schema.Resource{
+		Read:   dataSourceGoogleCertificateManagerCertificateMapRead,
+		Schema: dsSchema,
+	}
+}
+
+func dataSourceGoogleCertificateManagerCertificateMapRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+
+	name := d.Get("name").(string)
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return err
+	}
+
+	id := fmt.Sprintf("projects/%s/locations/global/certificateMaps/%s", project, name)
+	d.SetId(id)
+	err = resourceCertificateManagerCertificateMapRead(d, meta)
+	if err != nil {
+		return err
+	}
+
+	if d.Id() == "" {
+		return fmt.Errorf("%s not found", id)
+	}
+	return nil
+}
diff --git a/...ervices/certificatemanager/data_source_google_certificate_manager_certificate_map_test.go b/...ervices/certificatemanager/data_source_google_certificate_manager_certificate_map_test.go
@@ -0,0 +1,111 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package certificatemanager_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/acctest"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/envvar"
+)
+
+func TestAccDataSourceGoogleCertificateManagerCertificateMap_basic(t *testing.T) {
+	t.Parallel()
+
+	project := envvar.GetTestProjectFromEnv()
+
+	description := "My acceptance data source test certificate map"
+	name := fmt.Sprintf("tf-test-certificate-map-%d", acctest.RandInt(t))
+	id := fmt.Sprintf("projects/%s/locations/global/certificateMaps/%s", project, name)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceGoogleCertificateManagerCertificateMap_basic(name, description),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.google_certificate_manager_certificate_map.cert_map_data", "id", id),
+					resource.TestCheckResourceAttr("data.google_certificate_manager_certificate_map.cert_map_data", "description", description),
+					resource.TestCheckResourceAttr("data.google_certificate_manager_certificate_map.cert_map_data", "name", name),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceGoogleCertificateManagerCertificateMap_basic(certificateMapName, certificateMapDescription string) string {
+	return fmt.Sprintf(`
+resource "google_certificate_manager_certificate_map" "cert_map" {
+	name        = "%s"
+	description = "%s"
+	labels      = {
+		"terraform" : true,
+		"acc-test"  : true,
+	}
+}
+data "google_certificate_manager_certificate_map" "cert_map_data" {
+	name = google_certificate_manager_certificate_map.cert_map.name
+}
+`, certificateMapName, certificateMapDescription)
+}
+
+func TestAccDataSourceGoogleCertificateManagerCertificateMap_certificateMapEntryUsingMapDatasource(t *testing.T) {
+	t.Parallel()
+
+	project := envvar.GetTestProjectFromEnv()
+
+	certName := fmt.Sprintf("tf-test-certificate-%d", acctest.RandInt(t))
+	mapEntryName := fmt.Sprintf("tf-test-certificate-map-entry-%d", acctest.RandInt(t))
+	mapName := fmt.Sprintf("tf-test-certificate-map-%d", acctest.RandInt(t))
+	id := fmt.Sprintf("projects/%s/locations/global/certificateMaps/%s", project, mapName)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceGoogleCertificateManagerCertificateMap_certificateMapEntryUsingMapDatasource(mapName, mapEntryName, certName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.google_certificate_manager_certificate_map.cert_map_data", "id", id),
+					resource.TestCheckResourceAttr("data.google_certificate_manager_certificate_map.cert_map_data", "name", mapName),
+					resource.TestCheckResourceAttr("google_certificate_manager_certificate_map_entry.cert_map_entry", "map", mapName), // check that the certificate map entry is referencing the data source
+
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceGoogleCertificateManagerCertificateMap_certificateMapEntryUsingMapDatasource(certificateMapName, certificateMapEntryName, certificateName string) string {
+	return fmt.Sprintf(`
+resource "google_certificate_manager_certificate_map" "cert_map" {
+	name        = "%s"
+	description = "certificate map example created for testing data sources in TF"
+	labels      = {
+		"terraform" : true,
+		"acc-test"  : true,
+	}
+}
+data "google_certificate_manager_certificate_map" "cert_map_data" {
+	name = google_certificate_manager_certificate_map.cert_map.name
+}
+resource "google_certificate_manager_certificate" "certificate" {
+	name        = "%s"
+	description = "Global cert"
+	self_managed {
+	  pem_certificate = file("test-fixtures/cert.pem")
+	  pem_private_key = file("test-fixtures/private-key.pem")
+	}
+}
+resource "google_certificate_manager_certificate_map_entry" "cert_map_entry" {
+	name        = "%s"
+	description = "certificate map entry that reference a data source of certificate map and a self managed certificate"
+	map = data.google_certificate_manager_certificate_map.cert_map_data.name
+	certificates = [google_certificate_manager_certificate.certificate.id]
+	matcher = "PRIMARY"
+}
+`, certificateMapName, certificateName, certificateMapEntryName)
+}
diff --git a/google-beta/services/identityplatform/resource_identity_platform_config.go b/google-beta/services/identityplatform/resource_identity_platform_config.go
@@ -162,6 +162,7 @@ func ResourceIdentityPlatformConfig() *schema.Resource {
 			},
 			"sign_in": {
 				Type:        schema.TypeList,
+				Computed:    true,
 				Optional:    true,
 				Description: `Configuration related to local sign in methods.`,
 				MaxItems:    1,

diff --git a/google-beta/services/identityplatform/resource_identity_platform_config_generated_test.go b/google-beta/services/identityplatform/resource_identity_platform_config_generated_test.go
@@ -119,7 +119,6 @@ resource "google_identity_platform_config" "default" {
 }
 
 func TestAccIdentityPlatformConfig_identityPlatformConfigMinimalExample(t *testing.T) {
-	acctest.SkipIfVcr(t)
 	t.Parallel()
 
 	context := map[string]interface{}{
@@ -164,6 +163,10 @@ resource "google_project_service" "identitytoolkit" {
 
 resource "google_identity_platform_config" "default" {
   project = google_project.default.project_id
+  
+  depends_on = [
+    google_project_service.identitytoolkit
+  ]
 }
 `, context)
 }
diff --git a/google-beta/services/osconfig/resource_os_config_patch_deployment.go b/google-beta/services/osconfig/resource_os_config_patch_deployment.go
@@ -552,7 +552,8 @@ be executed directly, which will likely only succeed for scripts with shebang li
 											Type:         schema.TypeString,
 											ValidateFunc: verify.ValidateEnum([]string{"CRITICAL", "SECURITY", "DEFINITION", "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", "UPDATE"}),
 										},
-										ExactlyOneOf: []string{"patch_config.0.windows_update.0.classifications", "patch_config.0.windows_update.0.excludes", "patch_config.0.windows_update.0.exclusive_patches"},
+										ConflictsWith: []string{"patch_config.0.windows_update.0.exclusive_patches"},
+										AtLeastOneOf:  []string{"patch_config.0.windows_update.0.classifications", "patch_config.0.windows_update.0.excludes", "patch_config.0.windows_update.0.exclusive_patches"},
 									},
 									"excludes": {
 										Type:        schema.TypeList,
@@ -562,7 +563,8 @@ be executed directly, which will likely only succeed for scripts with shebang li
 										Elem: &schema.Schema{
 											Type: schema.TypeString,
 										},
-										ExactlyOneOf: []string{"patch_config.0.windows_update.0.classifications", "patch_config.0.windows_update.0.excludes", "patch_config.0.windows_update.0.exclusive_patches"},
+										ConflictsWith: []string{"patch_config.0.windows_update.0.exclusive_patches"},
+										AtLeastOneOf:  []string{"patch_config.0.windows_update.0.classifications", "patch_config.0.windows_update.0.excludes", "patch_config.0.windows_update.0.exclusive_patches"},
 									},
 									"exclusive_patches": {
 										Type:     schema.TypeList,
@@ -573,7 +575,8 @@ This field must not be used with other patch configurations.`,
 										Elem: &schema.Schema{
 											Type: schema.TypeString,
 										},
-										ExactlyOneOf: []string{"patch_config.0.windows_update.0.classifications", "patch_config.0.windows_update.0.excludes", "patch_config.0.windows_update.0.exclusive_patches"},
+										ConflictsWith: []string{"patch_config.0.windows_update.0.classifications", "patch_config.0.windows_update.0.excludes"},
+										AtLeastOneOf:  []string{"patch_config.0.windows_update.0.classifications", "patch_config.0.windows_update.0.excludes", "patch_config.0.windows_update.0.exclusive_patches"},
 									},
 								},
 							},

diff --git a/google-beta/services/osconfig/resource_os_config_patch_deployment_generated_test.go b/google-beta/services/osconfig/resource_os_config_patch_deployment_generated_test.go
@@ -305,7 +305,7 @@ resource "google_os_config_patch_deployment" "patch" {
 
   patch_config {
     mig_instances_allowed = true
-    
+
     reboot_config = "ALWAYS"
 
     apt {
@@ -329,6 +329,7 @@ resource "google_os_config_patch_deployment" "patch" {
 
     windows_update {
       classifications = ["CRITICAL", "SECURITY", "UPDATE"]
+      excludes = ["5012170"]
     }
 
     pre_step {