Get tests passing, handle deleted items properly

products/storage/api.yaml

@@ -786,6 +786,8 @@ objects:
     base_url: projects/{{project}}/hmacKeys
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{serviceAccountEmail}}
     self_link: projects/{{project}}/hmacKeys/{{accessId}}
+    # technically updatable, but implemented as custom update for new fingerprint support
+    input: true
     references: !ruby/object:Api::Resource::ReferenceLinks
       guides:
         'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys'
@@ -794,22 +796,25 @@ objects:
       The hmacKeys resource represents an HMAC key within Cloud Storage. The resource
       consists of a secret and HMAC key metadata. HMAC keys can be used as credentials
       for service accounts.
-    parameters:
+    properties:
       - !ruby/object:Api::Type::String
         name: 'serviceAccountEmail'
         description: |
           The email address of the key's associated service account.
-        input: true
         required: true
-    properties:
       - !ruby/object:Api::Type::Enum
         name: 'state'
         description: |
           The state of the key. Can be set to one of ACTIVE, INACTIVE.
+        default_value: :ACTIVE
         values:
           - :ACTIVE
           - :INACTIVE
           # - :DELETED (not directly settable)
+        update_verb: :PUT
+        update_url: projects/{{project}}/hmacKeys/{{accessId}}
+        update_id: 'state'
+        fingerprint_name: 'etag'
       - !ruby/object:Api::Type::String
         name: 'secret'
         output: true
@@ -820,11 +825,6 @@ objects:
         output: true
         description: |
           The access ID of the HMAC Key.
-      - !ruby/object:Api::Type::String
-        name: 'etag'
-        output: true
-        description: |
-          HTTP 1.1 Entity tag for the HMAC key.
       - !ruby/object:Api::Type::String
         name: 'id'
         output: true

products/storage/terraform.yaml

@@ -114,23 +114,26 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         name: "storage_hmac_key"
         primary_resource_id: "key"
         vars:
-          service_account: "my-service-account"
+          account_id: "my-svc-acc"
     docs: !ruby/object:Provider::Terraform::Docs
       warning: |
-        All arguments including the secret value will be stored in the raw
+        All arguments including the `secret` value will be stored in the raw
         state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
+        On import, the `secret` value will not be retrieved.
     properties:
       id: !ruby/object:Overrides::Terraform::PropertyOverride
         exclude: true
       secret: !ruby/object:Overrides::Terraform::PropertyOverride
         ignore_read: true
         sensitive: true
-      serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride
-        ignore_read: true
+      state: !ruby/object:Overrides::Terraform::PropertyOverride
+        update_url: projects/{{project}}/hmacKeys/{{access_id}}
     custom_code: !ruby/object:Provider::Terraform::CustomCode
-      post_create: templates/terraform/post_create/storage_hmac_key.go.erb
+      decoder: templates/terraform/decoders/storage_hmac_key.go.erb
       pre_delete: templates/terraform/pre_delete/storage_hmac_key.go.erb
-      update_encoder: templates/terraform/update_encoders/storage_hmac_key.go.erb
+      post_create: templates/terraform/post_create/storage_hmac_key.go.erb
+      test_check_destroy: templates/terraform/custom_check_destroy/storage_hmac_key.go.erb
+      update_encoder: templates/terraform/update_encoder/storage_hmac_key.go.erb
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.

templates/terraform/custom_check_destroy/storage_hmac_key.go.erb

@@ -0,0 +1,17 @@
+config := testAccProvider.Meta().(*Config)
+
+url, err := replaceVarsForTest(config, rs, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{access_id}}")
+if err != nil {
+  return err
+}
+
+res, err := sendRequest(config, "GET", "", url, nil)
+if err != nil {
+  return nil
+}
+
+if v := res["state"]; v == "DELETED" {
+	return nil
+}
+
+return fmt.Errorf("StorageHmacKey still exists at %s", url)

templates/terraform/decoders/storage_hmac_key.go.erb

@@ -0,0 +1,5 @@
+if v := res["state"]; v == "DELETED" {
+	return nil, nil
+}
+
+return res, nil

templates/terraform/pre_delete/storage_hmac_key.go.erb

@@ -8,16 +8,19 @@ if err != nil {
 	return handleNotFoundError(err, d, fmt.Sprintf("StorageHmacKey %q", d.Id()))
 }
 
-getRes["metadata"].(map[string]interface{})["state"] = "INACTIVE"
+// HmacKeys need to be INACTIVE to be deleted and the API doesn't accept noop
+// updates
+if v := getRes["state"]; v == "ACTIVE" {
+	getRes["state"] = "INACTIVE"
+	updateUrl, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{access_id}}")
+	if err != nil {
+		return err
+	}
 
-
-updateUrl, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{accessId}}")
-if err != nil {
-	return err
+	log.Printf("[DEBUG] Deactivating HmacKey %q: %#v", d.Id(), getRes)
+	_, err = sendRequestWithTimeout(config, "PUT", project, updateUrl, getRes, d.Timeout(schema.TimeoutUpdate))
+	if err != nil {
+			return fmt.Errorf("Error deactivating HmacKey %q: %s", d.Id(), err)
+	}
 }
 
-log.Printf("[DEBUG] Deactivating HmacKey %q: %#v", d.Id(), getRes)
-_, err = sendRequestWithTimeout(config, "PUT", project, updateUrl, getRes, d.Timeout(schema.TimeoutUpdate))
-if err != nil {
-		return fmt.Errorf("Error deactivating HmacKey %q: %s", d.Id(), err)
-}