Add min_version to IAM, mark backend service as beta only (GoogleClou…

…dPlatform#5716) * Add min_version to IAM, mark backend service as beta only * Correct docs * Wrong version compare * Remove IAM from provider.go based on version * Fix version comparison * Rake test * Fmting * Fix rake * Fix versioning
betsy-lichtenberg · Apr 25, 2022 · f0dd567 · f0dd567
1 parent bd57794
commit f0dd567
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 3 deletions.
diff --git a/mmv1/api/resource/iam_policy.rb b/mmv1/api/resource/iam_policy.rb
@@ -101,6 +101,10 @@ class IamPolicy < Api::Object
       # if set, it overrides the default iamPolicyVersion
       attr_reader :iam_policy_version
 
+      # [Optional] Min version to make IAM resources available at
+      # If unset, defaults to 'ga'
+      attr_reader :min_version
+
       def validate
         super
 
@@ -126,6 +130,7 @@ def validate
           type: String, default: 'templates/terraform/iam/iam_attributes.tf.erb'
         )
         check :iam_policy_version, type: String
+        check :min_version, type: String
       end
     end
   end

diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml
@@ -260,6 +260,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     iam_policy: !ruby/object:Api::Resource::IamPolicy
       method_name_separator: '/'
       fetch_iam_policy_verb: :GET
+      min_version: beta
       iam_conditions_request_type: :QUERY_PARAM
       parent_resource_attribute: 'name'
       allowed_iam_role: 'roles/compute.admin'

diff --git a/mmv1/provider/terraform.rb b/mmv1/provider/terraform.rb
@@ -264,7 +264,9 @@ def generate_operation(pwd, output_folder, _types)
     # Generate the IAM policy for this object. This is used to query and test
     # IAM policies separately from the resource itself
     def generate_iam_policy(pwd, data, generate_code, generate_docs)
-      if generate_code
+      if generate_code \
+        && (!data.object.iam_policy.min_version \
+        || data.object.iam_policy.min_version >= data.version)
         FileUtils.mkpath folder_name(data.version) unless Dir.exist?(folder_name(data.version))
         data.generate(pwd,
                       'templates/terraform/iam_policy.go.erb',

diff --git a/mmv1/templates/terraform/resource_iam.html.markdown.erb b/mmv1/templates/terraform/resource_iam.html.markdown.erb
@@ -74,7 +74,7 @@ Three different resources help you manage your IAM policy for <%= product.displa
 ~> **Note:**  This resource supports IAM Conditions ([beta](https://terraform.io/docs/providers/google/provider_versions.html)) but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
 <% end -%>
 
-<% if object.min_version.name == 'beta' -%>
+<% if object.min_version.name == 'beta' || object.iam_policy&.min_version == 'beta' -%>
 ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
 See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
 <% end -%>

diff --git a/mmv1/third_party/terraform/utils/provider.go.erb b/mmv1/third_party/terraform/utils/provider.go.erb
@@ -363,7 +363,8 @@ products.each do |product|
 <%  end -%>
 <%
 	iam_policy = object&.iam_policy
-	unless iam_policy.nil? || iam_policy.exclude
+	unless iam_policy.nil? || iam_policy.exclude ||
+		(iam_policy.min_version && iam_policy.min_version < version)
 	  iam_class_name = product_definition.name + object.name
 -%>
 	"<%= terraform_name -%>_iam_binding":              ResourceIamBinding(<%= iam_class_name -%>IamSchema, <%= iam_class_name -%>IamUpdaterProducer, <%= iam_class_name -%>IdParseFunc),