Validate on deleted members

third_party/terraform/data_sources/data_source_google_iam_policy.go.erb

@@ -3,11 +3,13 @@ package google
 
 import (
 	"encoding/json"
+	"regexp"
 	"sort"
 	"strconv"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"google.golang.org/api/cloudresourcemanager/v1"
 )
 
@@ -39,7 +41,10 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
 						"members": {
 							Type:     schema.TypeSet,
 							Required: true,
-							Elem:     &schema.Schema{Type: schema.TypeString},
+							Elem:     &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support deleted IAM members"),
+							},
 							Set:      schema.HashString,
 						},
 <% unless version == 'ga' -%>