read/write iam policies at version 3 in GA provider (#3003)

Merged PR #3003.
GoogleCloudPlatform · Jan 23, 2020 · 3ea7fe8 · 3ea7fe8
1 parent bbb63c9
commit 3ea7fe8
Show file tree

Hide file tree

Showing 12 changed files with 3 additions and 45 deletions.
diff --git a/build/terraform b/build/terraform
diff --git a/templates/terraform/iam_policy.go.erb b/templates/terraform/iam_policy.go.erb
@@ -178,19 +178,17 @@ func (u *<%= resource_name -%>IamUpdater) GetResourceIamPolicy() (*cloudresource
 	}
 <% end -%>
 	var obj map[string]interface{}
-<% unless version == 'ga' -%>
-<%   if object.iam_policy.iam_conditions_request_type == :QUERY_PARAM -%>
+<% if object.iam_policy.iam_conditions_request_type == :QUERY_PARAM -%>
 	url, err = addQueryParams(url, map[string]string{"optionsRequestedPolicyVersion": fmt.Sprintf("%d", iamPolicyVersion)})
 	if err != nil {
 		return nil, err
 	}
-<%   elsif object.iam_policy.iam_conditions_request_type == :REQUEST_BODY -%>
+<% elsif object.iam_policy.iam_conditions_request_type == :REQUEST_BODY -%>
 	obj = map[string]interface{}{
 		"options": map[string]interface{}{
 			"requestedPolicyVersion": iamPolicyVersion,
 		},
 	}
-<%    end  -%>
 <%  end -%>
 
 	policy, err := sendRequest(u.Config, "<%= object.iam_policy.fetch_iam_policy_verb.to_s.upcase -%>", <% if resource_params.include?('project')  %>project<% else %>""<% end %>, url, obj<%= object.error_retry_predicates ? ", " + object.error_retry_predicates.join(',') : "" -%>)

diff --git a/third_party/terraform/resources/resource_google_project_iam_policy.go.erb b/third_party/terraform/resources/resource_google_project_iam_policy.go.erb
@@ -142,10 +142,8 @@ func resourceGoogleProjectIamPolicyImport(d *schema.ResourceData, meta interface
 }
 
 func setProjectIamPolicy(policy *cloudresourcemanager.Policy, config *Config, pid string) error {
-<% unless version == 'ga' -%>
 	policy.Version = iamPolicyVersion
 
-<% end -%>
 	// Apply the policy
 	pbytes, _ := json.Marshal(policy)
 	log.Printf("[DEBUG] Setting policy %#v for project: %s", string(pbytes), pid)
@@ -171,17 +169,12 @@ func getResourceIamPolicy(d *schema.ResourceData) (*cloudresourcemanager.Policy,
 
 // Retrieve the existing IAM Policy for a Project
 func getProjectIamPolicy(project string, config *Config) (*cloudresourcemanager.Policy, error) {
-<% if version == 'ga' -%>
-	p, err := config.clientResourceManager.Projects.GetIamPolicy(project,
-		&cloudresourcemanager.GetIamPolicyRequest{}).Do()
-<% else -%>
 	p, err := config.clientResourceManager.Projects.GetIamPolicy(project,
 		&cloudresourcemanager.GetIamPolicyRequest{
 			Options: &cloudresourcemanager.GetPolicyOptions{
 				RequestedPolicyVersion: iamPolicyVersion,
 			},
 		}).Do()
-<% end -%>
 
 	if err != nil {
 		return nil, fmt.Errorf("Error retrieving IAM policy for project %q: %s", project, err)

diff --git a/third_party/terraform/resources/resource_iam_binding.go.erb b/third_party/terraform/resources/resource_iam_binding.go.erb
@@ -94,9 +94,7 @@ func resourceIamBindingCreateUpdate(newUpdaterFunc newResourceIamUpdaterFunc, en
 		modifyF := func(ep *cloudresourcemanager.Policy) error {
 			cleaned := filterBindingsWithRoleAndCondition(ep.Bindings, binding.Role, binding.Condition)
 			ep.Bindings = append(cleaned, binding)
-<% unless version == 'ga' -%>
 			ep.Version = iamPolicyVersion
-<% end -%>
 			return nil
 		}
 

diff --git a/third_party/terraform/resources/resource_iam_member.go.erb b/third_party/terraform/resources/resource_iam_member.go.erb
@@ -185,9 +185,7 @@ func resourceIamMemberCreate(newUpdaterFunc newResourceIamUpdaterFunc, enableBat
 		modifyF := func(ep *cloudresourcemanager.Policy) error {
 			// Merge the bindings together
 			ep.Bindings = mergeBindings(append(ep.Bindings, memberBind))
-<% unless version == 'ga' -%>
 			ep.Version = iamPolicyVersion
-<% end -%>
 			return nil
 		}
 		if enableBatching {

diff --git a/third_party/terraform/resources/resource_iam_policy.go.erb b/third_party/terraform/resources/resource_iam_policy.go.erb
@@ -120,9 +120,7 @@ func ResourceIamPolicyDelete(newUpdaterFunc newResourceIamUpdaterFunc) schema.De
 		if v, ok := d.GetOk("etag"); ok {
 			pol.Etag = v.(string)
 		}
-<% unless version == 'ga' -%>
 		pol.Version = iamPolicyVersion
-<% end -%>
 		err = updater.SetResourceIamPolicy(pol)
 		if err != nil {
 			return err
@@ -137,9 +135,7 @@ func setIamPolicyData(d *schema.ResourceData, updater ResourceIamUpdater) error
 	if err != nil {
 		return fmt.Errorf("'policy_data' is not valid for %s: %s", updater.DescribeResource(), err)
 	}
-<% unless version == 'ga' -%>
 	policy.Version = iamPolicyVersion
-<% end -%>
 
 	err = updater.SetResourceIamPolicy(policy)
 	if err != nil {

diff --git a/third_party/terraform/tests/resource_google_service_account_iam_test.go.erb b/third_party/terraform/tests/resource_google_service_account_iam_test.go.erb
@@ -224,11 +224,7 @@ func TestAccServiceAccountIamPolicy_withCondition(t *testing.T) {
 func testAccCheckGoogleServiceAccountIam(account string, numBindings int) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		config := testAccProvider.Meta().(*Config)
-<% if version == 'ga' -%>
-		p, err := config.clientIAM.Projects.ServiceAccounts.GetIamPolicy(serviceAccountCanonicalId(account)).Do()
-<% else -%>
 		p, err := config.clientIAM.Projects.ServiceAccounts.GetIamPolicy(serviceAccountCanonicalId(account)).OptionsRequestedPolicyVersion(iamPolicyVersion).Do()
-<% end -%>
 		if err != nil {
 			return err
 		}

diff --git a/third_party/terraform/utils/iam.go.erb b/third_party/terraform/utils/iam.go.erb
@@ -16,9 +16,7 @@ import (
 )
 
 const maxBackoffSeconds = 30
-<% unless version == 'ga' -%>
 const iamPolicyVersion = 3
-<% end -%>
 
 // These types are implemented per GCP resource type and specify how to do per-resource IAM operations.
 // They are used in the generic Terraform IAM resource definitions
@@ -276,15 +274,13 @@ func listFromIamBindingMap(bm map[iamBindingKey]map[string]struct{}) []*cloudres
 			Role:    key.Role,
 			Members: stringSliceFromGolangSet(members),
 		}
-<% unless version == 'ga' -%>
 		if !key.Condition.Empty() {
 			b.Condition = &cloudresourcemanager.Expr{
 				Description: key.Condition.Description,
 				Expression:  key.Condition.Expression,
 				Title:       key.Condition.Title,
 			}
 		}
-<% end -%>
 		rb = append(rb, b)
 	}
 	return rb

diff --git a/third_party/terraform/utils/iam_kms_crypto_key.go.erb b/third_party/terraform/utils/iam_kms_crypto_key.go.erb
@@ -48,11 +48,7 @@ func CryptoIdParseFunc(d *schema.ResourceData, config *Config) error {
 }
 
 func (u *KmsCryptoKeyIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-<% if version == 'ga' -%>
-	p, err := u.Config.clientKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(u.resourceId).Do()
-<% else -%>
 	p, err := u.Config.clientKms.Projects.Locations.KeyRings.CryptoKeys.GetIamPolicy(u.resourceId).OptionsRequestedPolicyVersion(iamPolicyVersion).Do()
-<% end -%>
 
 	if err != nil {
 		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)

diff --git a/third_party/terraform/utils/iam_kms_key_ring.go.erb b/third_party/terraform/utils/iam_kms_key_ring.go.erb
@@ -49,11 +49,7 @@ func KeyRingIdParseFunc(d *schema.ResourceData, config *Config) error {
 }
 
 func (u *KmsKeyRingIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-<% if version == 'ga' -%>
-	p, err := u.Config.clientKms.Projects.Locations.KeyRings.GetIamPolicy(u.resourceId).Do()
-<% else -%>
 	p, err := u.Config.clientKms.Projects.Locations.KeyRings.GetIamPolicy(u.resourceId).OptionsRequestedPolicyVersion(iamPolicyVersion).Do()
-<% end -%>
 
 	if err != nil {
 		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)

diff --git a/third_party/terraform/utils/iam_project.go.erb b/third_party/terraform/utils/iam_project.go.erb
@@ -43,17 +43,12 @@ func ProjectIdParseFunc(d *schema.ResourceData, _ *Config) error {
 }
 
 func (u *ProjectIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-<% if version == 'ga' -%>
-	p, err := u.Config.clientResourceManager.Projects.GetIamPolicy(u.resourceId,
-		&cloudresourcemanager.GetIamPolicyRequest{}).Do()
-<% else -%>
 	p, err := u.Config.clientResourceManager.Projects.GetIamPolicy(u.resourceId,
 		&cloudresourcemanager.GetIamPolicyRequest{
 			Options: &cloudresourcemanager.GetPolicyOptions{
 				RequestedPolicyVersion: iamPolicyVersion,
 			},
 		}).Do()
-<% end -%>
 
 	if err != nil {
 		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)

diff --git a/third_party/terraform/utils/iam_service_account.go.erb b/third_party/terraform/utils/iam_service_account.go.erb
@@ -37,11 +37,7 @@ func ServiceAccountIdParseFunc(d *schema.ResourceData, _ *Config) error {
 }
 
 func (u *ServiceAccountIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-<% if version == 'ga' -%>
-	p, err := u.Config.clientIAM.Projects.ServiceAccounts.GetIamPolicy(u.serviceAccountId).Do()
-<% else -%>
 	p, err := u.Config.clientIAM.Projects.ServiceAccounts.GetIamPolicy(u.serviceAccountId).OptionsRequestedPolicyVersion(iamPolicyVersion).Do()
-<% end -%>
 
 	if err != nil {
 		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)