Add support for Access Context Manager product, AccessPolicy resource (…

…#96)  /cc @rileykarson
hashicorp · Nov 7, 2018 · f705d93 · f705d93
1 parent f068263
commit f705d93
Show file tree

Hide file tree

Showing 7 changed files with 586 additions and 0 deletions.
diff --git a/google-beta/access_context_manager_operation.go b/google-beta/access_context_manager_operation.go
@@ -0,0 +1,71 @@
+package google
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"google.golang.org/api/accesscontextmanager/v1beta"
+)
+
+type AccessContextManagerOperationWaiter struct {
+	Service *accesscontextmanager.OperationsService
+	Op      *accesscontextmanager.Operation
+}
+
+func (w *AccessContextManagerOperationWaiter) RefreshFunc() resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		op, err := w.Service.Get(w.Op.Name).Do()
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		log.Printf("[DEBUG] Got %v while polling for operation %s's 'done' status", op.Done, w.Op.Name)
+
+		return op, fmt.Sprint(op.Done), nil
+	}
+}
+
+func (w *AccessContextManagerOperationWaiter) Conf() *resource.StateChangeConf {
+	return &resource.StateChangeConf{
+		Pending: []string{"false"},
+		Target:  []string{"true"},
+		Refresh: w.RefreshFunc(),
+	}
+}
+
+func accessContextManagerOperationWait(service *accesscontextmanager.Service, op *accesscontextmanager.Operation, activity string) error {
+	return accessContextManagerOperationWaitTime(service, op, activity, 4)
+}
+
+func accessContextManagerOperationWaitTime(service *accesscontextmanager.Service, op *accesscontextmanager.Operation, activity string, timeoutMin int) error {
+	if op.Done {
+		if op.Error != nil {
+			return fmt.Errorf("Error code %v, message: %s", op.Error.Code, op.Error.Message)
+		}
+		return nil
+	}
+
+	w := &AccessContextManagerOperationWaiter{
+		Service: service.Operations,
+		Op:      op,
+	}
+
+	state := w.Conf()
+	state.Delay = 10 * time.Second
+	state.Timeout = time.Duration(timeoutMin) * time.Minute
+	state.MinTimeout = 2 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for %s: %s", activity, err)
+	}
+
+	op = opRaw.(*accesscontextmanager.Operation)
+	if op.Error != nil {
+		return fmt.Errorf("Error code %v, message: %s", op.Error.Code, op.Error.Message)
+	}
+
+	return nil
+}
diff --git a/google-beta/config.go b/google-beta/config.go
@@ -15,6 +15,7 @@ import (
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	"golang.org/x/oauth2/jwt"
+	"google.golang.org/api/accesscontextmanager/v1beta"
 	appengine "google.golang.org/api/appengine/v1"
 	"google.golang.org/api/bigquery/v2"
 	"google.golang.org/api/cloudbilling/v1"
@@ -60,6 +61,7 @@ type Config struct {
 
 	tokenSource oauth2.TokenSource
 
+	clientAccessContextManager   *accesscontextmanager.Service
 	clientBilling                *cloudbilling.APIService
 	clientBuild                  *cloudbuild.Service
 	clientComposer               *composer.Service
@@ -324,6 +326,13 @@ func (c *Config) loadAndValidate() error {
 	}
 	c.clientCloudFunctions.UserAgent = userAgent
 
+	log.Printf("[INFO] Instantiating Google Cloud AccessContextManager Client...")
+	c.clientAccessContextManager, err = accesscontextmanager.New(client)
+	if err != nil {
+		return err
+	}
+	c.clientAccessContextManager.UserAgent = userAgent
+
 	c.bigtableClientFactory = &BigtableClientFactory{
 		UserAgent:   userAgent,
 		TokenSource: tokenSource,

diff --git a/google-beta/provider.go b/google-beta/provider.go
@@ -104,6 +104,7 @@ func Provider() terraform.ResourceProvider {
 			GeneratedBinaryAuthorizationResourcesMap,
 			GeneratedContainerAnalysisResourcesMap,
 			GeneratedFilestoreResourcesMap,
+			GeneratedAccessContextManagerResourcesMap,
 			// end beta-only products
 			GeneratedComputeResourcesMap,
 			GeneratedRedisResourcesMap,

diff --git a/google-beta/provider_accesscontextmanager_gen.go b/google-beta/provider_accesscontextmanager_gen.go
@@ -0,0 +1,21 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package google
+
+import "github.com/hashicorp/terraform/helper/schema"
+
+var GeneratedAccessContextManagerResourcesMap = map[string]*schema.Resource{
+	"google_access_context_manager_access_policy": resourceAccessContextManagerAccessPolicy(),
+}
diff --git a/google-beta/resource_access_context_manager_access_policy_test.go b/google-beta/resource_access_context_manager_access_policy_test.go
@@ -0,0 +1,71 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// We can only have a single test as long as we are using a single organization
+func TestAccAccessContextManagerAccessPolicy_basic(t *testing.T) {
+	t.Parallel()
+
+	org := getTestOrgFromEnv(t)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAccessContextManagerAccessPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAccessContextManagerAccessPolicy_basic(org, "my policy"),
+			},
+			{
+				ResourceName:      "google_access_context_manager_access_policy.test-access",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAccessContextManagerAccessPolicy_basic(org, "my new policy"),
+			},
+			{
+				ResourceName:      "google_access_context_manager_access_policy.test-access",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccCheckAccessContextManagerAccessPolicyDestroy(s *terraform.State) error {
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_access_context_manager_access_policy" {
+			continue
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		url, err := replaceVarsForTest(rs, "https://accesscontextmanager.googleapis.com/v1beta/accessPolicies/{{name}}")
+		if err != nil {
+			return err
+		}
+
+		_, err = sendRequest(config, "GET", url, nil)
+		if err == nil {
+			return fmt.Errorf("AccessPolicy still exists at %s", url)
+		}
+	}
+
+	return nil
+}
+
+func testAccAccessContextManagerAccessPolicy_basic(org, title string) string {
+	return fmt.Sprintf(`
+resource "google_access_context_manager_access_policy" "test-access" {
+  parent = "organizations/%s"
+  title  = "%s"
+}
+`, org, title)
+}