Add warnings about custom role format for IAM bindings (#2937)

Merged PR #2937.

templates/terraform/resource_iam.html.markdown.erb

@@ -277,6 +277,9 @@ $ terraform import <% if object.min_version.name == 'beta' %>-provider=google-be
 -> If you're importing a resource with beta features, make sure to include `-provider=google-beta`
 as an argument so that Terraform uses the correct provider to import your resource.
 
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+
 <% if object.base_url.include?("{{project}}")-%>
 ## User Project Overrides
 

third_party/terraform/resources/resource_iam_binding.go.erb

@@ -146,6 +146,7 @@ func resourceIamBindingRead(newUpdaterFunc newResourceIamUpdaterFunc) schema.Rea
 		}
 
 		if binding == nil {
+			log.Printf("[WARNING] Binding for role %q not found, assuming it has no members. If you expected existing members bound for this role, make sure your role is correctly formatted.", eBinding.Role)
 			log.Printf("[DEBUG] Binding for role %q and condition %+v not found in policy for %s, assuming it has no members.", eBinding.Role, eCondition, updater.DescribeResource())
 			d.Set("role", eBinding.Role)
 			d.Set("members", nil)

third_party/terraform/website/docs/r/bigtable_instance_iam.html.markdown

@@ -107,3 +107,6 @@ $ terraform import google_bigtable_instance_iam_binding.editor "projects/{projec
 
 $ terraform import google_bigtable_instance_iam_member.editor "projects/{project}/instances/{instance} roles/editor user:[email protected]"
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/dataproc_cluster_iam.html.markdown

@@ -111,3 +111,6 @@ $ terraform import google_dataproc_cluster_iam_binding.editor "projects/{project
 
 $ terraform import google_dataproc_cluster_iam_member.editor "projects/{project}/regions/{region}/clusters/{cluster} roles/editor user:[email protected]"
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/dataproc_job_iam.html.markdown

@@ -111,3 +111,6 @@ $ terraform import google_dataproc_job_iam_binding.editor "projects/{project}/re
 
 $ terraform import google_dataproc_job_iam_member.editor "projects/{project}/regions/{region}/jobs/{job_id} roles/editor user:[email protected]"
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/google_billing_account_iam_member.html.markdown

@@ -50,3 +50,6 @@ IAM member imports use space-delimited identifiers; the resource in question, th
 ```
 $ terraform import google_billing_account_iam_member.binding "your-billing-account-id roles/viewer user:[email protected]"
 ```
+
+-> **Custom Roles**: If you're importing a IAM member with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/google_folder_iam_binding.html.markdown

@@ -70,3 +70,6 @@ IAM binding imports use space-delimited identifiers; first the resource in quest
 ```
 $ terraform import google_folder_iam_binding.viewer "folder-name roles/viewer"
 ```
+
+-> **Custom Roles**: If you're importing a IAM binding with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/google_folder_iam_member.html.markdown

@@ -62,3 +62,6 @@ IAM member imports use space-delimited identifiers; the resource in question, th
 ```
 $ terraform import google_folder_iam_member.my_project "folder-name roles/viewer user:[email protected]"
 ```
+
+-> **Custom Roles**: If you're importing a IAM member with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/google_organization_iam_binding.md

@@ -59,3 +59,6 @@ IAM binding imports use space-delimited identifiers; first the resource in quest
 ```
 $ terraform import google_organization_iam_binding.my_org "your-org-id roles/viewer"
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/google_organization_iam_member.html.markdown

@@ -51,3 +51,6 @@ IAM member imports use space-delimited identifiers; the resource in question, th
 ```
 $ terraform import google_organization_iam_member.my_org "your-org-id roles/viewer user:[email protected]"
 ```
+
+-> **Custom Roles**: If you're importing a IAM member with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/google_project_iam.html.markdown

@@ -235,3 +235,7 @@ IAM audit config imports use the identifier of the resource in question and the
 ```
 terraform import google_project_iam_audit_config.my_project "your-project-id foo.googleapis.com"
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+

third_party/terraform/website/docs/r/google_service_account_iam.html.markdown

@@ -189,6 +189,9 @@ $ terraform import google_service_account_iam_binding.admin-account-iam "project
 $ terraform import google_service_account_iam_member.admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/editor user:[email protected]"
 ```
 
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+
 With conditions:
 ```
 $ terraform import -provider=google-beta google_service_account_iam_binding.admin-account-iam "projects/{your-project-id}/serviceAccounts/{your-service-account-email} iam.serviceAccountUser expires_after_2019_12_31"

third_party/terraform/website/docs/r/healthcare_dataset_iam.html.markdown

@@ -115,3 +115,6 @@ IAM policy imports use the identifier of the resource in question.  This policy
 ```
 $ terraform import google_healthcare_dataset_iam_policy.dataset_iam your-project-id/location-name/dataset-name
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/pubsub_subscription_iam.html.markdown

@@ -104,3 +104,6 @@ $ terraform import google_pubsub_subscription_iam_binding.editor "projects/{your
 
 $ terraform import google_pubsub_subscription_iam_member.editor "projects/{your-project-id}/subscriptions/{your-subscription-name} roles/editor [email protected]"
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

third_party/terraform/website/docs/r/spanner_database_iam.html.markdown

@@ -125,3 +125,7 @@ IAM policy imports use the identifier of the resource in question, e.g.
 ```
 $ terraform import google_spanner_database_iam_policy.database project-name/instance-name/database-name
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+

third_party/terraform/website/docs/r/spanner_instance_iam.html.markdown

@@ -120,3 +120,6 @@ IAM policy imports use the identifier of the resource in question, e.g.
 ```
 $ terraform import google_spanner_instance_iam_policy.instance project-name/instance-name
 ```
+
+-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+ full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.