Make binding optional for iam_policy data source (#2359)

Merged PR #2359.

templates/terraform/examples/base_configs/iam_test_file.go.erb

@@ -125,6 +125,15 @@ func TestAcc<%= resource_name -%>IamPolicyGenerated(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
+			{
+				Config: testAcc<%= resource_name -%>IamPolicy_emptyBinding(context),
+			},
+			{
+				ResourceName:      "<%= resource_ns_iam -%>_policy.foo",
+				ImportStateId:     fmt.Sprintf("<%= import_url -%>"<% unless import_qualifiers.empty? -%>, <% end -%><%= import_qualifiers.join(', ') -%>, <%= example.primary_resource_name -%>),
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -292,6 +301,20 @@ resource "<%= resource_ns_iam -%>_policy" "foo" {
 `, context)
 }
 
+func testAcc<%= resource_name -%>IamPolicy_emptyBinding(context map[string]interface{}) string {
+	return Nprintf(`
+<%= example.config_test_body -%>
+
+data "google_iam_policy" "foo" {
+}
+
+resource "<%= resource_ns_iam -%>_policy" "foo" {
+<%= lines(compile(object.iam_policy.example_config_body)) -%>
+  policy_data = "${data.google_iam_policy.foo.policy_data}"
+}
+`, context)
+}
+
 func testAcc<%= resource_name -%>IamBinding_basicGenerated(context map[string]interface{}) string {
 	return Nprintf(`
 <%= example.config_test_body -%>

third_party/terraform/data_sources/data_source_google_iam_policy.go.erb

@@ -31,7 +31,9 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"binding": {
 				Type:     schema.TypeSet,
-				Required: true,
+				// Binding is optional because a user may want to set an IAM policy with no bindings
+				// This allows users to ensure that no bindings were created outside of terraform
+				Optional: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"role": {