From 6376cda36da7164bcf2dfef256c67b5306f19981 Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Wed, 19 Oct 2022 08:37:09 +0000 Subject: [PATCH 1/8] added workforce pool --- mmv1/products/iamworkforce/api.yaml | 123 ++++++++++++++++++ mmv1/products/iamworkforce/terraform.yaml | 48 +++++++ .../constants/iam_workforce_pool.go.erb | 37 ++++++ .../iam_workforce_pool.go.erb | 17 +++ .../examples/iam_workforce_pool_basic.tf.erb | 5 + .../examples/iam_workforce_pool_full.tf.erb | 9 ++ ...ce_iam_workforce_workforce_pool_id_test.go | 32 +++++ ...ource_iam_workforce_workforce_pool_test.go | 110 ++++++++++++++++ 8 files changed, 381 insertions(+) create mode 100644 mmv1/products/iamworkforce/api.yaml create mode 100644 mmv1/products/iamworkforce/terraform.yaml create mode 100644 mmv1/templates/terraform/constants/iam_workforce_pool.go.erb create mode 100644 mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb create mode 100644 mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb create mode 100644 mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb create mode 100644 mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go create mode 100644 mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go diff --git a/mmv1/products/iamworkforce/api.yaml b/mmv1/products/iamworkforce/api.yaml new file mode 100644 index 000000000000..c532baa270ff --- /dev/null +++ b/mmv1/products/iamworkforce/api.yaml @@ -0,0 +1,123 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: IAMWorkforce +display_name: Cloud IAM +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://iam.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/iam +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Identity and Access Management (IAM) API + url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +objects: + - !ruby/object:Api::Resource + name: 'WorkforcePool' + base_url: locations/{{location}}/workforcePools + self_link: locations/{{location}}/workforcePools/{{workforce_pool_id}} + create_url: locations/{{location}}/workforcePools?workforcePoolId={{workforce_pool_id}} + update_verb: :PATCH + update_mask: true + description: | + Represents a collection of external workforces. Provides namespaces for + federated users that can be referenced in IAM policies. + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Manage pools': + 'https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#manage_pools' + api: 'https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools' + properties: + - !ruby/object:Api::Type::String + name: 'location' + description: The location for the resource. + required: true + input: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'workforcePoolId' + description: | + The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, + digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. + The prefix `gcp-` is reserved for use by Google, and may not be specified. + required: true + input: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Output only. The resource name of the pool. + Format: `locations/{location}/workforcePools/{workforcePoolId}` + output: true + - !ruby/object:Api::Type::String + name: 'parent' + description: | + Immutable. The resource name of the parent. Format: `organizations/{org-id}`. + required: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. + - !ruby/object:Api::Type::String + name: 'description' + description: A user-specified description of the pool. Cannot exceed 256 characters. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + Output only. The state of the pool. + * STATE_UNSPECIFIED: State unspecified. + * ACTIVE: The pool is active, and may be used in Google Cloud policies. + * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted + after approximately 30 days. You can restore a soft-deleted pool using + [UndeleteWorkforcePool][WorkforcePools.UndeleteWorkforcePool]. + You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. + While a pool is deleted, you cannot use it to exchange tokens, or use + existing tokens to access resources. If the pool is undeleted, existing + tokens grant access again. + output: true + values: + - :STATE_UNSPECIFIED + - :ACTIVE + - :DELETED + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, + or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. + - !ruby/object:Api::Type::String + name: 'sessionDuration' + description: | + Duration that the Google Cloud access tokens, console sign-in sessions, + and `gcloud` sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). + A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`". + default_value: '3600s' \ No newline at end of file diff --git a/mmv1/products/iamworkforce/terraform.yaml b/mmv1/products/iamworkforce/terraform.yaml new file mode 100644 index 000000000000..ef3c5c2f99f2 --- /dev/null +++ b/mmv1/products/iamworkforce/terraform.yaml @@ -0,0 +1,48 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Provider::Terraform::Config +legacy_name: iam +overrides: !ruby/object:Overrides::ResourceOverrides + WorkforcePool: !ruby/object:Overrides::Terraform::ResourceOverride + autogen_async: true + import_format: [ "locations/{{location}}/workforcePools/{{workforce_pool_id}}" ] + examples: + - !ruby/object:Provider::Terraform::Examples + name: "iam_workforce_pool_basic" + primary_resource_id: "example" + vars: + workforce_pool_id: "example-pool" + test_env_vars: + org_id: :ORG_ID + - !ruby/object:Provider::Terraform::Examples + name: "iam_workforce_pool_full" + primary_resource_id: "example" + vars: + workforce_pool_id: "example-pool" + test_env_vars: + org_id: :ORG_ID + custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: templates/terraform/constants/iam_workforce_pool.go.erb + decoder: templates/terraform/decoders/treat_deleted_state_as_gone.go.erb + test_check_destroy: templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb + properties: + workforcePoolId: !ruby/object:Overrides::Terraform::PropertyOverride + validation: !ruby/object:Provider::Terraform::Validation + function: 'validateWorkforcePoolId' +# This is for copying files over +files: !ruby/object:Provider::Config::Files + # These files have templating (ERB) code that will be run. + # This is usually to add licensing info, autogeneration notices, etc. + compile: + <%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%> \ No newline at end of file diff --git a/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb new file mode 100644 index 000000000000..65bf41ec9fc4 --- /dev/null +++ b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb @@ -0,0 +1,37 @@ +const workforcePoolIdRegexp = `^[0-9a-z-]+$` + +func validateWorkforcePoolId(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + + if strings.HasPrefix(value, "gcp-") { + errors = append(errors, fmt.Errorf( + "%q (%q) can not start with \"gcp-\"", k, value)) + } + + if strings.HasSuffix(value, "-") { + errors = append(errors, fmt.Errorf( + "%q (%q) can not end with \"-\"", k, value)) + } + + if !regexp.MustCompile(workforcePoolIdRegexp).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q must contain only lowercase letters (a-z), numbers (0-9), or dashes (-)", k)) + } + + if len(value) < 6 { + errors = append(errors, fmt.Errorf( + "%q cannot be smaller than 6 characters", k)) + } + + if len(value) > 63 { + errors = append(errors, fmt.Errorf( + "%q cannot be greater than 63 characters", k)) + } + + if value[0] < 'a' || 'z' < value[0] { + errors = append(errors, fmt.Errorf( + "%q must start with a lowercase letter", k)) + } + + return +} \ No newline at end of file diff --git a/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb b/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb new file mode 100644 index 000000000000..e8938e015cd9 --- /dev/null +++ b/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb @@ -0,0 +1,17 @@ +config := googleProviderConfig(t) + +url, err := replaceVarsForTest(config, rs, "{{IAMBetaBasePath}}locations/{{location}}/workforcePools/{{workforce_pool_id}}") +if err != nil { + return err +} + +res, err := sendRequest(config, "GET", "", url, config.userAgent, nil) +if err != nil { + return nil +} + +if v := res["state"]; v == "DELETED" { + return nil +} + +return fmt.Errorf("IAMBetaWorkforcePool still exists at %s", url) \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb new file mode 100644 index 000000000000..60b16b02a7bb --- /dev/null +++ b/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb @@ -0,0 +1,5 @@ +resource "google_iam_workforce_pool" "<%= ctx[:primary_resource_id] %>" { + workforce_pool_id = "<%= ctx[:vars]["workforce_pool_id"] %>" + parent = "organizations/<%= ctx[:test_env_vars]["org_id"] %>" + location = "global" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb new file mode 100644 index 000000000000..f1899a8066ed --- /dev/null +++ b/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb @@ -0,0 +1,9 @@ +resource "google_iam_workforce_pool" "<%= ctx[:primary_resource_id] %>" { + workforce_pool_id = "<%= ctx[:vars]["workforce_pool_id"] %>" + parent = "organizations/<%= ctx[:test_env_vars]["org_id"] %>" + location = "global" + display_name = "Display name" + description = "A sample workforce pool." + disabled = false + session_duration = "7200s" +} \ No newline at end of file diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go new file mode 100644 index 000000000000..d58a7b05d5fb --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go @@ -0,0 +1,32 @@ +package google + +import ( + "testing" + "strings" +) + +func TestValidateIAMWorkforceWorkforcePoolId(t *testing.T) { + x := []StringValidationTestCase{ + // No errors + {TestName: "with numbers", Value: "foobar123"}, + {TestName: "short", Value: "foobar"}, + {TestName: "long", Value: strings.Repeat("f", 63)}, + {TestName: "has a hyphen", Value: "foo-bar"}, + + // With errors + {TestName: "empty", Value: "", ExpectError: true}, + {TestName: "starts with a gcp-", Value: "gcp-foobar", ExpectError: true}, + {TestName: "with uppercase", Value: "fooBar", ExpectError: true}, + {TestName: "has an slash", Value: "foo/bar", ExpectError: true}, + {TestName: "has an backslash", Value: "foo\bar", ExpectError: true}, + {TestName: "too short", Value: "foooo", ExpectError: true}, + {TestName: "too long", Value: strings.Repeat("f", 64), ExpectError: true}, + {TestName: "doesn't start with a lowercase letter", Value: "123foo", ExpectError: true}, + {TestName: "ends with a hyphen", Value: "foobar-", ExpectError: true}, + } + + es := testStringValidationCases(x, validateWorkforcePoolId) + if len(es) > 0 { + t.Errorf("Failed to validate WorkforcePool names: %v", es) + } +} \ No newline at end of file diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go new file mode 100644 index 000000000000..372ab7af53c2 --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go @@ -0,0 +1,110 @@ +package google + +import ( + "testing" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccIAMWorkforceWorkforcePool_full(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "org_id": getTestOrgFromEnv(t), + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckIAMWorkforceWorkforcePoolDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccIAMWorkforceWorkforcePool_full(context), + }, + { + ResourceName: "google_iam_workforce_pool.my_pool", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccIAMWorkforceWorkforcePool_update(context), + }, + { + ResourceName: "google_iam_workforce_pool.my_pool", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccIAMWorkforceWorkforcePool_minimal(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "org_id": getTestOrgFromEnv(t), + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckIAMWorkforceWorkforcePoolDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccIAMWorkforceWorkforcePool_minimal(context), + }, + { + ResourceName: "google_iam_workforce_pool.my_pool", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccIAMWorkforceWorkforcePool_update(context), + }, + { + ResourceName: "google_iam_workforce_pool.my_pool", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccIAMWorkforceWorkforcePool_full(context map[string]interface{}) string { + return Nprintf(` +resource "google_iam_workforce_pool" "my_pool" { + workforce_pool_id = "my-pool-%{random_suffix}" + parent = "organizations/%{org_id}" + location = "global" + display_name = "Display name" + description = "A sample workforce pool." + disabled = false + session_duration = "7200s" +} +`, context) +} + +func testAccIAMWorkforceWorkforcePool_minimal(context map[string]interface{}) string { + return Nprintf(` +resource "google_iam_workforce_pool" "my_pool" { + workforce_pool_id = "my-pool-%{random_suffix}" + parent = "organizations/%{org_id}" + location = "global" +} +`, context) +} + +func testAccIAMWorkforceWorkforcePool_update(context map[string]interface{}) string { + return Nprintf(` +resource "google_iam_workforce_pool" "my_pool" { + workforce_pool_id = "my-pool-%{random_suffix}" + parent = "organizations/%{org_id}" + location = "global" + display_name = "New display name" + description = "A sample workforce pool with updated description." + disabled = true + session_duration = "3600s" +} +`, context) +} From 1f9d7a86315f139997da4b49e51c64d67f6065cb Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Wed, 19 Oct 2022 09:46:28 +0000 Subject: [PATCH 2/8] fixed bugs --- .../constants/iam_workforce_pool.go.erb | 2 +- ...ce_iam_workforce_workforce_pool_id_test.go | 4 ++-- ...ource_iam_workforce_workforce_pool_test.go | 22 +++++++++---------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb index 65bf41ec9fc4..540ee0aa115e 100644 --- a/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb +++ b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb @@ -28,7 +28,7 @@ func validateWorkforcePoolId(v interface{}, k string) (ws []string, errors []err "%q cannot be greater than 63 characters", k)) } - if value[0] < 'a' || 'z' < value[0] { + if len(value) > 0 && (value[0] < 'a' || 'z' < value[0]) { errors = append(errors, fmt.Errorf( "%q must start with a lowercase letter", k)) } diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go index d58a7b05d5fb..67faaacccf1b 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go @@ -1,8 +1,8 @@ package google import ( - "testing" "strings" + "testing" ) func TestValidateIAMWorkforceWorkforcePoolId(t *testing.T) { @@ -29,4 +29,4 @@ func TestValidateIAMWorkforceWorkforcePoolId(t *testing.T) { if len(es) > 0 { t.Errorf("Failed to validate WorkforcePool names: %v", es) } -} \ No newline at end of file +} diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go index 372ab7af53c2..01e3ca005240 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go @@ -1,21 +1,21 @@ package google import ( - "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "testing" ) func TestAccIAMWorkforceWorkforcePool_full(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "org_id": getTestOrgFromEnv(t), - "random_suffix": randString(t, 10), - } + "org_id": getTestOrgFromEnv(t), + "random_suffix": randString(t, 10), + } vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, CheckDestroy: testAccCheckIAMWorkforceWorkforcePoolDestroyProducer(t), Steps: []resource.TestStep{ { @@ -42,13 +42,13 @@ func TestAccIAMWorkforceWorkforcePool_minimal(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "org_id": getTestOrgFromEnv(t), - "random_suffix": randString(t, 10), - } + "org_id": getTestOrgFromEnv(t), + "random_suffix": randString(t, 10), + } vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, CheckDestroy: testAccCheckIAMWorkforceWorkforcePoolDestroyProducer(t), Steps: []resource.TestStep{ { From 2f60a33e20c3579c8d64062f67b3da696d92317d Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Wed, 19 Oct 2022 20:45:12 +0000 Subject: [PATCH 3/8] renamed the product and fixed an error message --- .../api.yaml | 2 +- .../terraform.yaml | 0 .../iam_workforce_pool.go.erb | 2 +- ..._workforce_pool_workforce_pool_id_test.go} | 2 +- ...iam_workforce_pool_workforce_pool_test.go} | 22 +++++++++---------- 5 files changed, 14 insertions(+), 14 deletions(-) rename mmv1/products/{iamworkforce => iamworkforcepool}/api.yaml (99%) rename mmv1/products/{iamworkforce => iamworkforcepool}/terraform.yaml (100%) rename mmv1/third_party/terraform/tests/{resource_iam_workforce_workforce_pool_id_test.go => resource_iam_workforce_pool_workforce_pool_id_test.go} (94%) rename mmv1/third_party/terraform/tests/{resource_iam_workforce_workforce_pool_test.go => resource_iam_workforce_pool_workforce_pool_test.go} (72%) diff --git a/mmv1/products/iamworkforce/api.yaml b/mmv1/products/iamworkforcepool/api.yaml similarity index 99% rename from mmv1/products/iamworkforce/api.yaml rename to mmv1/products/iamworkforcepool/api.yaml index c532baa270ff..f503d1e395c0 100644 --- a/mmv1/products/iamworkforce/api.yaml +++ b/mmv1/products/iamworkforcepool/api.yaml @@ -12,7 +12,7 @@ # limitations under the License. --- !ruby/object:Api::Product -name: IAMWorkforce +name: IAMWorkforcePool display_name: Cloud IAM versions: - !ruby/object:Api::Product::Version diff --git a/mmv1/products/iamworkforce/terraform.yaml b/mmv1/products/iamworkforcepool/terraform.yaml similarity index 100% rename from mmv1/products/iamworkforce/terraform.yaml rename to mmv1/products/iamworkforcepool/terraform.yaml diff --git a/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb b/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb index e8938e015cd9..1be7b9d077b0 100644 --- a/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb +++ b/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb @@ -14,4 +14,4 @@ if v := res["state"]; v == "DELETED" { return nil } -return fmt.Errorf("IAMBetaWorkforcePool still exists at %s", url) \ No newline at end of file +return fmt.Errorf("IAMWorkforcePool still exists at %s", url) \ No newline at end of file diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go similarity index 94% rename from mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go rename to mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go index 67faaacccf1b..e3f961fc74e0 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_id_test.go +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go @@ -5,7 +5,7 @@ import ( "testing" ) -func TestValidateIAMWorkforceWorkforcePoolId(t *testing.T) { +func TestValidateIAMWorkforcePoolWorkforcePoolId(t *testing.T) { x := []StringValidationTestCase{ // No errors {TestName: "with numbers", Value: "foobar123"}, diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go similarity index 72% rename from mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go rename to mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go index 01e3ca005240..3ceb62478b96 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_workforce_pool_test.go +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go @@ -5,7 +5,7 @@ import ( "testing" ) -func TestAccIAMWorkforceWorkforcePool_full(t *testing.T) { +func TestAccIAMWorkforcePoolWorkforcePool_full(t *testing.T) { t.Parallel() context := map[string]interface{}{ @@ -16,10 +16,10 @@ func TestAccIAMWorkforceWorkforcePool_full(t *testing.T) { vcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckIAMWorkforceWorkforcePoolDestroyProducer(t), + CheckDestroy: testAccCheckIAMWorkforcePoolWorkforcePoolDestroyProducer(t), Steps: []resource.TestStep{ { - Config: testAccIAMWorkforceWorkforcePool_full(context), + Config: testAccIAMWorkforcePoolWorkforcePool_full(context), }, { ResourceName: "google_iam_workforce_pool.my_pool", @@ -27,7 +27,7 @@ func TestAccIAMWorkforceWorkforcePool_full(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMWorkforceWorkforcePool_update(context), + Config: testAccIAMWorkforcePoolWorkforcePool_update(context), }, { ResourceName: "google_iam_workforce_pool.my_pool", @@ -38,7 +38,7 @@ func TestAccIAMWorkforceWorkforcePool_full(t *testing.T) { }) } -func TestAccIAMWorkforceWorkforcePool_minimal(t *testing.T) { +func TestAccIAMWorkforcePoolWorkforcePool_minimal(t *testing.T) { t.Parallel() context := map[string]interface{}{ @@ -49,10 +49,10 @@ func TestAccIAMWorkforceWorkforcePool_minimal(t *testing.T) { vcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckIAMWorkforceWorkforcePoolDestroyProducer(t), + CheckDestroy: testAccCheckIAMWorkforcePoolWorkforcePoolDestroyProducer(t), Steps: []resource.TestStep{ { - Config: testAccIAMWorkforceWorkforcePool_minimal(context), + Config: testAccIAMWorkforcePoolWorkforcePool_minimal(context), }, { ResourceName: "google_iam_workforce_pool.my_pool", @@ -60,7 +60,7 @@ func TestAccIAMWorkforceWorkforcePool_minimal(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMWorkforceWorkforcePool_update(context), + Config: testAccIAMWorkforcePoolWorkforcePool_update(context), }, { ResourceName: "google_iam_workforce_pool.my_pool", @@ -71,7 +71,7 @@ func TestAccIAMWorkforceWorkforcePool_minimal(t *testing.T) { }) } -func testAccIAMWorkforceWorkforcePool_full(context map[string]interface{}) string { +func testAccIAMWorkforcePoolWorkforcePool_full(context map[string]interface{}) string { return Nprintf(` resource "google_iam_workforce_pool" "my_pool" { workforce_pool_id = "my-pool-%{random_suffix}" @@ -85,7 +85,7 @@ resource "google_iam_workforce_pool" "my_pool" { `, context) } -func testAccIAMWorkforceWorkforcePool_minimal(context map[string]interface{}) string { +func testAccIAMWorkforcePoolWorkforcePool_minimal(context map[string]interface{}) string { return Nprintf(` resource "google_iam_workforce_pool" "my_pool" { workforce_pool_id = "my-pool-%{random_suffix}" @@ -95,7 +95,7 @@ resource "google_iam_workforce_pool" "my_pool" { `, context) } -func testAccIAMWorkforceWorkforcePool_update(context map[string]interface{}) string { +func testAccIAMWorkforcePoolWorkforcePool_update(context map[string]interface{}) string { return Nprintf(` resource "google_iam_workforce_pool" "my_pool" { workforce_pool_id = "my-pool-%{random_suffix}" From 74f7f0e65e28c507e606ab45d3015e76fb586c32 Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Thu, 20 Oct 2022 00:29:50 +0000 Subject: [PATCH 4/8] updated version setting --- mmv1/products/iamworkforcepool/api.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/iamworkforcepool/api.yaml b/mmv1/products/iamworkforcepool/api.yaml index f503d1e395c0..735e44742d87 100644 --- a/mmv1/products/iamworkforcepool/api.yaml +++ b/mmv1/products/iamworkforcepool/api.yaml @@ -16,7 +16,7 @@ name: IAMWorkforcePool display_name: Cloud IAM versions: - !ruby/object:Api::Product::Version - name: ga + name: beta base_url: https://iam.googleapis.com/v1/ scopes: - https://www.googleapis.com/auth/iam From 7b495fcbe5fae259045df994a7a0633548429569 Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Thu, 20 Oct 2022 15:28:07 +0000 Subject: [PATCH 5/8] changed to provider-beta --- mmv1/products/iamworkforcepool/api.yaml | 1 + mmv1/products/iamworkforcepool/terraform.yaml | 2 ++ .../terraform/examples/iam_workforce_pool_basic.tf.erb | 2 ++ .../terraform/examples/iam_workforce_pool_full.tf.erb | 2 ++ ...esource_iam_workforce_pool_workforce_pool_id_test.go.erb} | 5 +++++ ...> resource_iam_workforce_pool_workforce_pool_test.go.erb} | 4 ++++ 6 files changed, 16 insertions(+) rename mmv1/third_party/terraform/tests/{resource_iam_workforce_pool_workforce_pool_id_test.go => resource_iam_workforce_pool_workforce_pool_id_test.go.erb} (94%) rename mmv1/third_party/terraform/tests/{resource_iam_workforce_pool_workforce_pool_test.go => resource_iam_workforce_pool_workforce_pool_test.go.erb} (97%) diff --git a/mmv1/products/iamworkforcepool/api.yaml b/mmv1/products/iamworkforcepool/api.yaml index 735e44742d87..5472bcb514c5 100644 --- a/mmv1/products/iamworkforcepool/api.yaml +++ b/mmv1/products/iamworkforcepool/api.yaml @@ -48,6 +48,7 @@ objects: create_url: locations/{{location}}/workforcePools?workforcePoolId={{workforce_pool_id}} update_verb: :PATCH update_mask: true + min_version: beta description: | Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies. diff --git a/mmv1/products/iamworkforcepool/terraform.yaml b/mmv1/products/iamworkforcepool/terraform.yaml index ef3c5c2f99f2..c46ab65001ee 100644 --- a/mmv1/products/iamworkforcepool/terraform.yaml +++ b/mmv1/products/iamworkforcepool/terraform.yaml @@ -20,6 +20,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides examples: - !ruby/object:Provider::Terraform::Examples name: "iam_workforce_pool_basic" + min_version: beta primary_resource_id: "example" vars: workforce_pool_id: "example-pool" @@ -27,6 +28,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides org_id: :ORG_ID - !ruby/object:Provider::Terraform::Examples name: "iam_workforce_pool_full" + min_version: beta primary_resource_id: "example" vars: workforce_pool_id: "example-pool" diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb index 60b16b02a7bb..19d20f2014a7 100644 --- a/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb +++ b/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb @@ -1,4 +1,6 @@ resource "google_iam_workforce_pool" "<%= ctx[:primary_resource_id] %>" { + provider = google-beta + workforce_pool_id = "<%= ctx[:vars]["workforce_pool_id"] %>" parent = "organizations/<%= ctx[:test_env_vars]["org_id"] %>" location = "global" diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb index f1899a8066ed..c9d76f90b300 100644 --- a/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb +++ b/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb @@ -1,4 +1,6 @@ resource "google_iam_workforce_pool" "<%= ctx[:primary_resource_id] %>" { + provider = google-beta + workforce_pool_id = "<%= ctx[:vars]["workforce_pool_id"] %>" parent = "organizations/<%= ctx[:test_env_vars]["org_id"] %>" location = "global" diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go.erb similarity index 94% rename from mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go rename to mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go.erb index e3f961fc74e0..7a624e825355 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go.erb @@ -1,5 +1,8 @@ +<% autogen_exception -%> package google +<% unless version == 'ga' -%> + import ( "strings" "testing" @@ -30,3 +33,5 @@ func TestValidateIAMWorkforcePoolWorkforcePoolId(t *testing.T) { t.Errorf("Failed to validate WorkforcePool names: %v", es) } } + +<% end -%> \ No newline at end of file diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go.erb similarity index 97% rename from mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go rename to mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go.erb index 3ceb62478b96..061abfb7ac58 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go.erb @@ -1,5 +1,8 @@ +<% autogen_exception -%> package google +<% unless version == 'ga' -%> + import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "testing" @@ -108,3 +111,4 @@ resource "google_iam_workforce_pool" "my_pool" { } `, context) } +<% end -%> \ No newline at end of file From 554baa9d907d9304520e6a834b5767f32b15a662 Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Thu, 20 Oct 2022 17:41:49 +0000 Subject: [PATCH 6/8] updated id validator --- .../constants/iam_workforce_pool.go.erb | 29 ++++--------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb index 540ee0aa115e..481304f753d3 100644 --- a/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb +++ b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb @@ -1,36 +1,19 @@ -const workforcePoolIdRegexp = `^[0-9a-z-]+$` +const workforcePoolIdRegexp = `^[a-z][a-z0-9-]{4,61}[a-z0-9]$` func validateWorkforcePoolId(v interface{}, k string) (ws []string, errors []error) { value := v.(string) if strings.HasPrefix(value, "gcp-") { errors = append(errors, fmt.Errorf( - "%q (%q) can not start with \"gcp-\"", k, value)) - } - - if strings.HasSuffix(value, "-") { - errors = append(errors, fmt.Errorf( - "%q (%q) can not end with \"-\"", k, value)) + "%q (%q) can not start with \"gcp-\". " + + "The prefix `gcp-` is reserved for use by Google, and may not be specified.", k, value)) } if !regexp.MustCompile(workforcePoolIdRegexp).MatchString(value) { errors = append(errors, fmt.Errorf( - "%q must contain only lowercase letters (a-z), numbers (0-9), or dashes (-)", k)) - } - - if len(value) < 6 { - errors = append(errors, fmt.Errorf( - "%q cannot be smaller than 6 characters", k)) - } - - if len(value) > 63 { - errors = append(errors, fmt.Errorf( - "%q cannot be greater than 63 characters", k)) - } - - if len(value) > 0 && (value[0] < 'a' || 'z' < value[0]) { - errors = append(errors, fmt.Errorf( - "%q must start with a lowercase letter", k)) + "Workforce Pool Id \"%q\" must contain only lowercase letters [a-z], digits [0-9], and hyphens " + + "[-]. The WorkforcePool ID must be between 6 and 63 characters, begin " + + "with a letter, and cannot have a trailing hyphen.", k)) } return From 11b87bf227f0f49aca7cb49e26307b9f8e995f6e Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Thu, 20 Oct 2022 18:38:34 +0000 Subject: [PATCH 7/8] updated parent field --- mmv1/products/iamworkforcepool/api.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/mmv1/products/iamworkforcepool/api.yaml b/mmv1/products/iamworkforcepool/api.yaml index 5472bcb514c5..6f597204547c 100644 --- a/mmv1/products/iamworkforcepool/api.yaml +++ b/mmv1/products/iamworkforcepool/api.yaml @@ -84,6 +84,7 @@ objects: description: | Immutable. The resource name of the parent. Format: `organizations/{org-id}`. required: true + input: true - !ruby/object:Api::Type::String name: 'displayName' description: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. From a0ecea4bc672dde0a89ab8d97a734ff2946b727a Mon Sep 17 00:00:00 2001 From: Boheng Yang Date: Thu, 20 Oct 2022 23:57:15 +0000 Subject: [PATCH 8/8] fixed bugs --- mmv1/products/iamworkforcepool/api.yaml | 7 +++++-- mmv1/products/iamworkforcepool/terraform.yaml | 4 ++-- .../terraform/constants/iam_workforce_pool.go.erb | 2 +- .../custom_check_destroy/iam_workforce_pool.go.erb | 2 +- .../terraform/examples/iam_workforce_pool_basic.tf.erb | 2 +- .../terraform/examples/iam_workforce_pool_full.tf.erb | 2 +- ...source_iam_workforce_pool_workforce_pool_id_test.go.erb | 2 +- .../resource_iam_workforce_pool_workforce_pool_test.go.erb | 2 +- 8 files changed, 13 insertions(+), 10 deletions(-) diff --git a/mmv1/products/iamworkforcepool/api.yaml b/mmv1/products/iamworkforcepool/api.yaml index 6f597204547c..a278c7a5c487 100644 --- a/mmv1/products/iamworkforcepool/api.yaml +++ b/mmv1/products/iamworkforcepool/api.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 Google Inc. +# Copyright 2022 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -52,6 +52,9 @@ objects: description: | Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies. + Note: Ask your Google Cloud account team to request access to workforce identity + federation for your billing/quota project. The account team notifies you when the project is + granted access. references: !ruby/object:Api::Resource::ReferenceLinks guides: 'Manage pools': @@ -122,4 +125,4 @@ objects: Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`". - default_value: '3600s' \ No newline at end of file + default_value: '3600s' diff --git a/mmv1/products/iamworkforcepool/terraform.yaml b/mmv1/products/iamworkforcepool/terraform.yaml index c46ab65001ee..6a1abb8d71b3 100644 --- a/mmv1/products/iamworkforcepool/terraform.yaml +++ b/mmv1/products/iamworkforcepool/terraform.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 Google Inc. +# Copyright 2022 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -47,4 +47,4 @@ files: !ruby/object:Provider::Config::Files # These files have templating (ERB) code that will be run. # This is usually to add licensing info, autogeneration notices, etc. compile: - <%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%> \ No newline at end of file + <%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%> diff --git a/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb index 481304f753d3..04c5f07d4c1e 100644 --- a/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb +++ b/mmv1/templates/terraform/constants/iam_workforce_pool.go.erb @@ -17,4 +17,4 @@ func validateWorkforcePoolId(v interface{}, k string) (ws []string, errors []err } return -} \ No newline at end of file +} diff --git a/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb b/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb index 1be7b9d077b0..bd8df83df5b2 100644 --- a/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb +++ b/mmv1/templates/terraform/custom_check_destroy/iam_workforce_pool.go.erb @@ -14,4 +14,4 @@ if v := res["state"]; v == "DELETED" { return nil } -return fmt.Errorf("IAMWorkforcePool still exists at %s", url) \ No newline at end of file +return fmt.Errorf("IAMWorkforcePool still exists at %s", url) diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb index 19d20f2014a7..08bef8ab378c 100644 --- a/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb +++ b/mmv1/templates/terraform/examples/iam_workforce_pool_basic.tf.erb @@ -4,4 +4,4 @@ resource "google_iam_workforce_pool" "<%= ctx[:primary_resource_id] %>" { workforce_pool_id = "<%= ctx[:vars]["workforce_pool_id"] %>" parent = "organizations/<%= ctx[:test_env_vars]["org_id"] %>" location = "global" -} \ No newline at end of file +} diff --git a/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb b/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb index c9d76f90b300..29c45a360f3d 100644 --- a/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb +++ b/mmv1/templates/terraform/examples/iam_workforce_pool_full.tf.erb @@ -8,4 +8,4 @@ resource "google_iam_workforce_pool" "<%= ctx[:primary_resource_id] %>" { description = "A sample workforce pool." disabled = false session_duration = "7200s" -} \ No newline at end of file +} diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go.erb b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go.erb index 7a624e825355..6a086494cda4 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_id_test.go.erb @@ -34,4 +34,4 @@ func TestValidateIAMWorkforcePoolWorkforcePoolId(t *testing.T) { } } -<% end -%> \ No newline at end of file +<% end -%> diff --git a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go.erb b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go.erb index 061abfb7ac58..4bc4a77fd210 100644 --- a/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_iam_workforce_pool_workforce_pool_test.go.erb @@ -111,4 +111,4 @@ resource "google_iam_workforce_pool" "my_pool" { } `, context) } -<% end -%> \ No newline at end of file +<% end -%>