make iam condition ga (#3729)

* move iam condition block to ga * add docs for condition and update docs for ga
GoogleCloudPlatform · Jul 7, 2020 · c0015b6 · c0015b6
1 parent 31f5d30
commit c0015b6
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 75 deletions.
diff --git a/third_party/terraform/data_sources/data_source_google_iam_policy.go.erb b/third_party/terraform/data_sources/data_source_google_iam_policy.go.erb
@@ -49,7 +49,6 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
 							},
 							Set:      schema.HashString,
 						},
-<% unless version == 'ga' -%>
 						"condition": {
 							Type:     schema.TypeList,
 							Optional: true,
@@ -71,7 +70,6 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
 								},
 							},
 						},
-<% end -%>
 					},
 				},
 			},
@@ -130,19 +128,15 @@ func dataSourceGoogleIamPolicyRead(d *schema.ResourceData, meta interface{}) err
 	for i, v := range bset.List() {
 		binding := v.(map[string]interface{})
 		members := convertStringSet(binding["members"].(*schema.Set))
-<% unless version == 'ga' -%>
 		condition := expandIamCondition(binding["condition"])
-<% end -%>
 
 		// Sort members to get simpler diffs as it's what the API does
 		sort.Strings(members)
 
 		policy.Bindings[i] = &cloudresourcemanager.Binding{
 			Role:      binding["role"].(string),
 			Members:   members,
-<% unless version == 'ga' -%>
 			Condition: condition,
-<% end -%>
 		}
 	}
 

diff --git a/third_party/terraform/resources/resource_iam_binding.go.erb b/third_party/terraform/resources/resource_iam_binding.go.erb
@@ -31,7 +31,6 @@ var iamBindingSchema = map[string]*schema.Schema{
 			return schema.HashString(strings.ToLower(v.(string)))
 		},
 	},
-<% unless version == 'ga' -%>
 	"condition": {
 		Type:     schema.TypeList,
 		Optional: true,
@@ -57,7 +56,6 @@ var iamBindingSchema = map[string]*schema.Schema{
 			},
 		},
 	},
-<% end -%>
 	"etag": {
 		Type:     schema.TypeString,
 		Computed: true,
@@ -109,11 +107,9 @@ func resourceIamBindingCreateUpdate(newUpdaterFunc newResourceIamUpdaterFunc, en
 		}
 
 		d.SetId(updater.GetResourceId() + "/" + binding.Role)
-<% unless version == 'ga' -%>
 		if k := conditionKeyFromCondition(binding.Condition); !k.Empty() {
 			d.SetId(d.Id() + "/" + k.String())
 		}
-<% end -%>
 		return resourceIamBindingRead(newUpdaterFunc)(d, meta)
 	}
 }
@@ -152,9 +148,7 @@ func resourceIamBindingRead(newUpdaterFunc newResourceIamUpdaterFunc) schema.Rea
 		} else {
 			d.Set("role", binding.Role)
 			d.Set("members", binding.Members)
-<% unless version == 'ga' -%>
 			d.Set("condition", flattenIamCondition(binding.Condition))
-<% end -%>
 		}
 		d.Set("etag", p.Etag)
 		return nil
@@ -169,13 +163,6 @@ func iamBindingImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 		config := m.(*Config)
 		s := strings.Fields(d.Id())
 		var id, role string
-<% if version == 'ga' -%>
-		if len(s) != 2 {
-			d.SetId("")
-			return nil, fmt.Errorf("Wrong number of parts to Binding id %s; expected 'resource_name role'.", s)
-		}
-		id, role = s[0], s[1]
-<% else -%>
 		if len(s) < 2 {
 			d.SetId("")
 			return nil, fmt.Errorf("Wrong number of parts to Binding id %s; expected 'resource_name role [condition_title]'.", s)
@@ -188,7 +175,6 @@ func iamBindingImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 			// condition titles can have any characters in them, so re-join the split string
 			id, role, conditionTitle = s[0], s[1], strings.Join(s[2:], " ")
 		}
-<% end -%>
 
 		// Set the ID only to the first part so all IAM types can share the same resourceIdParserFunc.
 		d.SetId(id)
@@ -202,7 +188,6 @@ func iamBindingImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 		// Use the current ID in case it changed in the resourceIdParserFunc.
 		d.SetId(d.Id() + "/" + role)
 
-<% unless version == 'ga' -%>
 		// Since condition titles can have any character in them, we can't separate them from any other
 		// field the user might set in import (like the condition description and expression). So, we
 		// have the user just specify the title and then read the upstream policy to set the full
@@ -231,7 +216,6 @@ func iamBindingImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 				d.SetId(d.Id() + "/" + k.String())
 			}
 		}
-<% end -%>
 
 		// It is possible to return multiple bindings, since we can learn about all the bindings
 		// for this resource here.  Unfortunately, `terraform import` has some messy behavior here -
@@ -281,15 +265,12 @@ func getResourceIamBinding(d *schema.ResourceData) *cloudresourcemanager.Binding
 		Members:   convertStringArr(members),
 		Role:      d.Get("role").(string),
 	}
-<% unless version == 'ga' -%>
 	if c := expandIamCondition(d.Get("condition")); c != nil {
 		b.Condition = c
 	}
-<% end -%>
 	return b
 }
 
-<% unless version == 'ga' -%>
 func expandIamCondition(v interface{}) *cloudresourcemanager.Expr {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {
@@ -316,4 +297,3 @@ func flattenIamCondition(condition *cloudresourcemanager.Expr) []map[string]inte
 		},
 	}
 }
-<% end -%>
diff --git a/third_party/terraform/resources/resource_iam_member.go.erb b/third_party/terraform/resources/resource_iam_member.go.erb
@@ -25,7 +25,6 @@ var IamMemberBaseSchema = map[string]*schema.Schema{
 		DiffSuppressFunc: caseDiffSuppress,
 		ValidateFunc:     validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM members for deleted principals"),
 	},
-<% unless version == 'ga' -%>
 	"condition": {
 		Type:     schema.TypeList,
 		Optional: true,
@@ -51,7 +50,6 @@ var IamMemberBaseSchema = map[string]*schema.Schema{
 			},
 		},
 	},
-<% end -%>
 	"etag": {
 		Type:     schema.TypeString,
 		Computed: true,
@@ -66,13 +64,6 @@ func iamMemberImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 		config := m.(*Config)
 		s := strings.Fields(d.Id())
 		var id, role, member string
-<% if version == 'ga' -%>
-		if len(s) != 3 {
-			d.SetId("")
-			return nil, fmt.Errorf("Wrong number of parts to Member id %s; expected 'resource_name role member'.", s)
-		}
-		id, role, member = s[0], s[1], s[2]
-<% else -%>
 		if len(s) < 3 {
 			d.SetId("")
 			return nil, fmt.Errorf("Wrong number of parts to Member id %s; expected 'resource_name role member [condition_title]'.", s)
@@ -85,7 +76,6 @@ func iamMemberImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 			// condition titles can have any characters in them, so re-join the split string
 			id, role, member, conditionTitle = s[0], s[1], s[2], strings.Join(s[3:], " ")
 		}
-<% end -%>
 
 		// Set the ID only to the first part so all IAM types can share the same resourceIdParserFunc.
 		d.SetId(id)
@@ -101,7 +91,6 @@ func iamMemberImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 		// Use the current ID in case it changed in the resourceIdParserFunc.
 		d.SetId(d.Id() + "/" + role + "/" + strings.ToLower(member))
 
-<% unless version == 'ga' -%>
 		// Read the upstream policy so we can set the full condition.
 		updater, err := newUpdaterFunc(d, config)
 		if err != nil {
@@ -138,7 +127,6 @@ func iamMemberImport(newUpdaterFunc newResourceIamUpdaterFunc, resourceIdParser
 		if k := conditionKeyFromCondition(binding.Condition); !k.Empty() {
 			d.SetId(d.Id() + "/" + k.String())
 		}
-<% end -%>
 
 		return []*schema.ResourceData{d}, nil
 	}
@@ -165,11 +153,9 @@ func getResourceIamMember(d *schema.ResourceData) *cloudresourcemanager.Binding
 		Members:   []string{d.Get("member").(string)},
 		Role:      d.Get("role").(string),
 	}
-<% unless version == 'ga' -%>
 	if c := expandIamCondition(d.Get("condition")); c != nil {
 		b.Condition = c
 	}
-<% end -%>
 	return b
 }
 
@@ -198,11 +184,9 @@ func resourceIamMemberCreate(newUpdaterFunc newResourceIamUpdaterFunc, enableBat
 			return err
 		}
 		d.SetId(updater.GetResourceId() + "/" + memberBind.Role + "/" + strings.ToLower(memberBind.Members[0]))
-<% unless version == 'ga' -%>
 		if k := conditionKeyFromCondition(memberBind.Condition); !k.Empty() {
 			d.SetId(d.Id() + "/" + k.String())
 		}
-<% end -%>
 		return resourceIamMemberRead(newUpdaterFunc)(d, meta)
 	}
 }
@@ -255,9 +239,7 @@ func resourceIamMemberRead(newUpdaterFunc newResourceIamUpdaterFunc) schema.Read
 		d.Set("etag", p.Etag)
 		d.Set("member", member)
 		d.Set("role", binding.Role)
-<% unless version == 'ga' -%>
 		d.Set("condition", flattenIamCondition(binding.Condition))
-<% end -%>
 		return nil
 	}
 }

diff --git a/third_party/terraform/tests/resource_google_project_iam_binding_test.go.erb b/third_party/terraform/tests/resource_google_project_iam_binding_test.go.erb
@@ -217,7 +217,6 @@ func TestAccProjectIamBinding_noMembers(t *testing.T) {
 	})
 }
 
-<% unless version == 'ga' -%>
 func TestAccProjectIamBinding_withCondition(t *testing.T) {
 	t.Parallel()
 
@@ -249,7 +248,6 @@ func TestAccProjectIamBinding_withCondition(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
 func testAccProjectAssociateBindingBasic(pid, name, org, role string) string {
 	return fmt.Sprintf(`
@@ -337,7 +335,6 @@ resource "google_project_iam_binding" "acceptance" {
 `, pid, name, org, role)
 }
 
-<% unless version == 'ga' -%>
 func testAccProjectAssociateBinding_withCondition(pid, name, org, role, conditionTitle string) string {
 	return fmt.Sprintf(`
 resource "google_project" "acceptance" {
@@ -358,4 +355,3 @@ resource "google_project_iam_binding" "acceptance" {
 }
 `, pid, name, org, role, conditionTitle)
 }
-<% end -%>
diff --git a/third_party/terraform/tests/resource_google_project_iam_member_test.go.erb b/third_party/terraform/tests/resource_google_project_iam_member_test.go.erb
@@ -134,7 +134,6 @@ func TestAccProjectIamMember_remove(t *testing.T) {
 	})
 }
 
-<% unless version == 'ga' -%>
 func TestAccProjectIamMember_withCondition(t *testing.T) {
 	t.Parallel()
 
@@ -168,7 +167,6 @@ func TestAccProjectIamMember_withCondition(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
 func testAccProjectAssociateMemberBasic(pid, name, org, role, member string) string {
 	return fmt.Sprintf(`
@@ -208,7 +206,6 @@ resource "google_project_iam_member" "multiple" {
 `, pid, name, org, role, member, role2, member2)
 }
 
-<% unless version == 'ga' -%>
 func testAccProjectAssociateMember_withCondition(pid, name, org, role, member, conditionTitle string) string {
 	return fmt.Sprintf(`
 resource "google_project" "acceptance" {
@@ -229,4 +226,3 @@ resource "google_project_iam_member" "acceptance" {
 }
 `, pid, name, org, role, member, conditionTitle)
 }
-<% end -%>
diff --git a/third_party/terraform/tests/resource_google_project_iam_policy_test.go.erb b/third_party/terraform/tests/resource_google_project_iam_policy_test.go.erb
@@ -128,7 +128,6 @@ func TestAccProjectIamPolicy_expandedAuditConfig(t *testing.T) {
 	})
 }
 
-<% unless version == 'ga' -%>
 func TestAccProjectIamPolicy_withCondition(t *testing.T) {
 	t.Parallel()
 
@@ -157,7 +156,6 @@ func TestAccProjectIamPolicy_withCondition(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
 func getStatePrimaryResource(s *terraform.State, res, expectedID string) (*terraform.InstanceState, error) {
 	// Get the project resource
@@ -431,7 +429,6 @@ data "google_iam_policy" "expanded" {
 `, pid, name, org)
 }
 
-<% unless version == 'ga' -%>
 func testAccProjectAssociatePolicy_withCondition(pid, name, org string) string {
 	return fmt.Sprintf(`
 resource "google_project" "acceptance" {
@@ -467,4 +464,3 @@ data "google_iam_policy" "admin" {
 }
 `, pid, name, org)
 }
-<% end -%>