From 4914784207669fe7cc7229dfc6a4e3c9fdd3a747 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Wed, 5 Feb 2020 14:56:53 -0800
Subject: [PATCH 01/23] Adds hmac key

---
 products/storage/api.yaml       | 56 +++++++++++++++++++++++++++++++++
 products/storage/terraform.yaml |  6 ++++
 2 files changed, 62 insertions(+)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index 39cab56414f1..7ccbef9551ab 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -780,4 +780,60 @@ objects:
         name: timeUpdated
         api_name: updated
         description: The modification time of the object metadata.
+  - !ruby/object:Api::Resource
+    name: 'HmacKey'
+    kind: 'storage#hmacKey'
+    base_url: projects/{{project}}/hmacKeys
+    create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{serviceAccountEmail}}
+    self_link: projects/{{project}}/hmacKeys/{{accessId}}
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Official Documentation': 'hhttps://cloud.google.com/storage/docs/authentication/managing-hmackeys'
+      api: 'https://cloud.google.com/storage/docs/json_api/v1/projects/hmacKeys'
+    description: |
+      The hmacKeys resource represents an HMAC key within Cloud Storage. The resource 
+      consists of a secret and HMAC key metadata. HMAC keys can be used as credentials 
+      for service accounts. For more information, see HMAC Keys.
 
+      Note that the hmacKeys resource is only returned when you use hCREATE. Other methods, 
+      such as GET, return the metadata portion of the HMAC key resource.
+    parameters:
+      - !ruby/object:Api::Type::String
+        name: 'serviceAccountEmail'
+        description: The email address of the key's associated service account.
+        input: true
+        required: true
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'secret'
+        output: true
+        description: 'HMAC secret key material.'
+      - !ruby/object:Api::Type::NestedObject
+        name: 'metadata'
+        description: |
+          HMAC key metadata.
+        properties:
+          - !ruby/object:Api::Type::String
+            name: 'access_id'
+            output: true 
+            description: 'The access ID of the HMAC Key.'
+          - !ruby/object:Api::Type::String
+            name: 'etag'
+            description: 'HTTP 1.1 Entity tag for the HMAC key.'
+          - !ruby/object:Api::Type::String
+            name: 'id'
+            output: true
+            description: 'The ID of the HMAC key, including the Project ID and the Access ID.'
+          - !ruby/object:Api::Type::Enum
+            name: 'state'
+            description: 'The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.'
+            values:
+              - 'ACTIVE'
+              - 'INACTIVE'
+              - 'DELETED'
+          - !ruby/object:Api::Type::Time
+            name: 'timeCreated'
+            description: 'The creation time of the HMAC key in RFC 3339 format. '
+          - !ruby/object:Api::Type::Time
+            name: 'updated'
+            description: 'The last modification time of the HMAC key metadata in RFC 3339 format.'
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 1d1eec976ee9..ea6e89ca3ec1 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -102,6 +102,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         ignore_read: true
   Object: !ruby/object:Overrides::Terraform::ResourceOverride
     exclude: true
+  HmacKey: !ruby/object:Overrides::Terraform::ResourceOverride
+    create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}
+    properties:
+      serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride
+        name: 'service_account_email'
+        ignore_read: true
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.

From ebcdb1be64fb40f83a8f37438d3e1bd32092169b Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Thu, 6 Feb 2020 19:50:03 -0800
Subject: [PATCH 02/23] Fixes up hmacKey resource properties in terraform

---
 products/storage/ansible.yaml                     |  2 ++
 products/storage/api.yaml                         |  6 ++++--
 products/storage/inspec.yaml                      |  4 +++-
 products/storage/terraform.yaml                   | 10 ++++++++++
 .../terraform/post_create/hmac_secret.go.erb      | 15 +++++++++++++++
 5 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 templates/terraform/post_create/hmac_secret.go.erb

diff --git a/products/storage/ansible.yaml b/products/storage/ansible.yaml
index b451eea1b415..2621b32e9ea1 100644
--- a/products/storage/ansible.yaml
+++ b/products/storage/ansible.yaml
@@ -31,6 +31,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   Object: !ruby/object:Overrides::Ansible::ResourceOverride
     exclude: true
+  HmacKey: !ruby/object:Overrides::Ansible::ResourceOverride
+    exclude: true
 files: !ruby/object:Provider::Config::Files
   resource:
 <%= lines(indent(compile('provider/ansible/resource~compile.yaml'), 4)) -%>
diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index 7ccbef9551ab..1efd24826be3 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -814,8 +814,8 @@ objects:
           HMAC key metadata.
         properties:
           - !ruby/object:Api::Type::String
-            name: 'access_id'
-            output: true 
+            name: 'accessId'
+            output: true
             description: 'The access ID of the HMAC Key.'
           - !ruby/object:Api::Type::String
             name: 'etag'
@@ -833,7 +833,9 @@ objects:
               - 'DELETED'
           - !ruby/object:Api::Type::Time
             name: 'timeCreated'
+            output: true
             description: 'The creation time of the HMAC key in RFC 3339 format. '
           - !ruby/object:Api::Type::Time
             name: 'updated'
+            output: true
             description: 'The last modification time of the HMAC key metadata in RFC 3339 format.'
diff --git a/products/storage/inspec.yaml b/products/storage/inspec.yaml
index 7afffda68508..6ab54d42bebf 100644
--- a/products/storage/inspec.yaml
+++ b/products/storage/inspec.yaml
@@ -60,4 +60,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       timeCreated: !ruby/object:Overrides::Inspec::PropertyOverride
         override_name: object_created_times
       bucket: !ruby/object:Overrides::Inspec::PropertyOverride
-        override_name: object_bucket
\ No newline at end of file
+        override_name: object_bucket
+  HmacKey: !ruby/object:Overrides::Inspec::ResourceOverride
+    exclude: true
\ No newline at end of file
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index ea6e89ca3ec1..0a236b879e93 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -104,7 +104,17 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   HmacKey: !ruby/object:Overrides::Terraform::ResourceOverride
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}
+    custom_code: !ruby/object:Provider::Terraform::CustomCode
+      post_create: templates/terraform/post_create/hmac_secret.go.erb
+    id_format: '{{project}}/{{metadata.accessId}}'
     properties:
+      metadata.id: !ruby/object:Overrides::Terraform::PropertyOverride
+        exclude: true
+      metadata: !ruby/object:Overrides::Terraform::PropertyOverride
+        flatten_object: true
+      secret: !ruby/object:Overrides::Terraform::PropertyOverride
+        ignore_read: true
+        sensitive: true
       serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride
         name: 'service_account_email'
         ignore_read: true
diff --git a/templates/terraform/post_create/hmac_secret.go.erb b/templates/terraform/post_create/hmac_secret.go.erb
new file mode 100644
index 000000000000..c4d74359146f
--- /dev/null
+++ b/templates/terraform/post_create/hmac_secret.go.erb
@@ -0,0 +1,15 @@
+// `secret` and `accessId` are generated by the API upon successful CREATE. The following
+// ensures terraform has the correct values based on the Projects.hmacKeys response object.
+secret, ok := res["secret"].(string)
+if !ok {
+	return fmt.Errorf("The response to CREATE was missing an expected field. Your create did not work.")
+}
+d.Set("secret", secret)
+
+metadata := res["metadata"].(map[string]interface{})
+accessId, ok := metadata["accessId"].(string)
+if !ok {
+	return fmt.Errorf("The response to CREATE was missing an expected field. Your create did not work.")
+}
+d.Set("accessId", accessId)
+d.SetId(accessId)

From 1b097c81718c2e2ba612dcd441d397885e7a50d4 Mon Sep 17 00:00:00 2001
From: Eric Hole <eric.hole@gmail.com>
Date: Sat, 8 Feb 2020 08:36:22 -0800
Subject: [PATCH 03/23] Update products/storage/terraform.yaml

Co-Authored-By: Riley Karson <rileykarson@google.com>
---
 products/storage/terraform.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 0a236b879e93..217e7ab804e3 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -106,7 +106,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       post_create: templates/terraform/post_create/hmac_secret.go.erb
-    id_format: '{{project}}/{{metadata.accessId}}'
+    id_format: 'projects/{{project}}/accessId/{{access_id}}'
     properties:
       metadata.id: !ruby/object:Overrides::Terraform::PropertyOverride
         exclude: true

From 46d004fab3701d210f49b62a9ae6acd4dd9f3282 Mon Sep 17 00:00:00 2001
From: Eric Hole <eric.hole@gmail.com>
Date: Sat, 8 Feb 2020 08:41:43 -0800
Subject: [PATCH 04/23] Update products/storage/api.yaml

Co-Authored-By: Riley Karson <rileykarson@google.com>
---
 products/storage/api.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index 1efd24826be3..89c57557752a 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -788,7 +788,7 @@ objects:
     self_link: projects/{{project}}/hmacKeys/{{accessId}}
     references: !ruby/object:Api::Resource::ReferenceLinks
       guides:
-        'Official Documentation': 'hhttps://cloud.google.com/storage/docs/authentication/managing-hmackeys'
+        'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys'
       api: 'https://cloud.google.com/storage/docs/json_api/v1/projects/hmacKeys'
     description: |
       The hmacKeys resource represents an HMAC key within Cloud Storage. The resource 

From c3b4c4e9f4c0297b72fe208a99b71fd22436cac6 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 09:17:08 -0800
Subject: [PATCH 05/23] Adds an example, website links, and several fixes from
 review

---
 products/storage/api.yaml                            | 11 ++++-------
 products/storage/terraform.yaml                      |  6 ++++++
 templates/terraform/examples/storage_hmac_key.tf.erb |  3 +++
 templates/terraform/post_create/hmac_secret.go.erb   |  3 ++-
 third_party/terraform/website-compiled/google.erb    |  4 ++++
 5 files changed, 19 insertions(+), 8 deletions(-)
 create mode 100644 templates/terraform/examples/storage_hmac_key.tf.erb

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index 89c57557752a..abb11ba354f8 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -788,15 +788,12 @@ objects:
     self_link: projects/{{project}}/hmacKeys/{{accessId}}
     references: !ruby/object:Api::Resource::ReferenceLinks
       guides:
-        'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys'
+        'Official Documentation': 'hhttps://cloud.google.com/storage/docs/authentication/managing-hmackeys'
       api: 'https://cloud.google.com/storage/docs/json_api/v1/projects/hmacKeys'
     description: |
-      The hmacKeys resource represents an HMAC key within Cloud Storage. The resource 
-      consists of a secret and HMAC key metadata. HMAC keys can be used as credentials 
-      for service accounts. For more information, see HMAC Keys.
-
-      Note that the hmacKeys resource is only returned when you use hCREATE. Other methods, 
-      such as GET, return the metadata portion of the HMAC key resource.
+      The hmacKeys resource represents an HMAC key within Cloud Storage. The resource
+      consists of a secret and HMAC key metadata. HMAC keys can be used as credentials
+      for service accounts.
     parameters:
       - !ruby/object:Api::Type::String
         name: 'serviceAccountEmail'
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 217e7ab804e3..42d8d358a010 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -106,6 +106,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       post_create: templates/terraform/post_create/hmac_secret.go.erb
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "storage_hmac_key"
+        primary_resource_id: "special_key"
+        vars:
+          service_account_email: "my-special-sea@my-project.iam.gserviceaccount.com"
     id_format: 'projects/{{project}}/accessId/{{access_id}}'
     properties:
       metadata.id: !ruby/object:Overrides::Terraform::PropertyOverride
diff --git a/templates/terraform/examples/storage_hmac_key.tf.erb b/templates/terraform/examples/storage_hmac_key.tf.erb
new file mode 100644
index 000000000000..d3208f239592
--- /dev/null
+++ b/templates/terraform/examples/storage_hmac_key.tf.erb
@@ -0,0 +1,3 @@
+resource "google_storage_hmac_key" "<%= ctx[:primary_resource_id] %>" {
+  service_account_email = "<%= ctx[:vars]['name'] %>"
+}
diff --git a/templates/terraform/post_create/hmac_secret.go.erb b/templates/terraform/post_create/hmac_secret.go.erb
index c4d74359146f..182ac9284acd 100644
--- a/templates/terraform/post_create/hmac_secret.go.erb
+++ b/templates/terraform/post_create/hmac_secret.go.erb
@@ -12,4 +12,5 @@ if !ok {
 	return fmt.Errorf("The response to CREATE was missing an expected field. Your create did not work.")
 }
 d.Set("accessId", accessId)
-d.SetId(accessId)
+id = "projects/{{project}}/accessId/{{access_id}}"
+d.SetId(id)
diff --git a/third_party/terraform/website-compiled/google.erb b/third_party/terraform/website-compiled/google.erb
index 281a8e370999..bff5bb82cca8 100644
--- a/third_party/terraform/website-compiled/google.erb
+++ b/third_party/terraform/website-compiled/google.erb
@@ -1440,6 +1440,10 @@
       <a href="/docs/providers/google/r/storage_default_object_acl.html">google_storage_default_object_acl</a>
       </li>
 
+      <li<%%= sidebar_current("docs-google-storage-hmac-key") %>>
+      <a href="/docs/providers/google/r/storage_hmac-key.html">google_storage_hmac_key</a>
+      </li>
+
       <li<%%= sidebar_current("docs-google-storage-notification") %>>
       <a href="/docs/providers/google/r/storage_notification.html">google_storage_notification</a>
       </li>

From f54b5cb70582f3ac9892388272208f8a6825f622 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 11:14:25 -0800
Subject: [PATCH 06/23] Adds test and fixes hmac_key id

---
 .../terraform/post_create/hmac_secret.go.erb  |  6 +-
 .../tests/resource_storage_hmac_key_test.go   | 68 +++++++++++++++++++
 2 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 third_party/terraform/tests/resource_storage_hmac_key_test.go

diff --git a/templates/terraform/post_create/hmac_secret.go.erb b/templates/terraform/post_create/hmac_secret.go.erb
index 182ac9284acd..c0cbc45fef3a 100644
--- a/templates/terraform/post_create/hmac_secret.go.erb
+++ b/templates/terraform/post_create/hmac_secret.go.erb
@@ -12,5 +12,9 @@ if !ok {
 	return fmt.Errorf("The response to CREATE was missing an expected field. Your create did not work.")
 }
 d.Set("accessId", accessId)
-id = "projects/{{project}}/accessId/{{access_id}}"
+
+id, err = replaceVars(d, config, "projects/{{project}}/accessId/{{access_id}}")
+if err != nil {
+	return fmt.Errorf("Error constructing id: %s", err)
+}
 d.SetId(id)
diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
new file mode 100644
index 000000000000..302e72d99b65
--- /dev/null
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -0,0 +1,68 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestStorageHmacKey_update(t *testing.T) {
+	t.Parallel()
+
+	saName := saName()
+	bucketName := testBucketName()
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckStorageHmacKeyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testGoogleStorageHmacKeyBasic(saName, bucketName),
+			},
+			{
+				ResourceName:      "google_storage_hmac_key.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func saName() string {
+	return fmt.Sprintf("", "tf-test-bucket", acctest.RandInt())
+}
+
+func testAccStorageHmacKeyDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_storage_hmac_key" {
+			continue
+		}
+		accessId := rs.Primary.Attributes["accessId"]
+
+		_, err := config.clientStorage.HmacKeys.Get(accessId).Do()
+		if err == nil {
+			return fmt.Errorf("Hmac key still exists.")
+		}
+	}
+
+	return nil
+}
+
+func testGoogleStorageHmacKeyBasic(saName, bucketName) string {
+	return fmt.Sprintf(`
+resource "google_service_account" "service_account" {
+  name = "%s"
+}
+
+resource "google_storage_bucket" "bucket" {
+  name = "%s"
+}
+
+resource "google_storage_hmac_key" "key" {
+	service_account_email = google_service_account.service_account.email
+}
+`, saName, bucketName)
+}

From cc28775c6e09d3a578bc244e19c540270beb1711 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 11:33:28 -0800
Subject: [PATCH 07/23] tweaking hmac_key example

---
 products/storage/api.yaml       |  1 +
 products/storage/terraform.yaml | 10 +++++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index abb11ba354f8..bc74b69b50ff 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -816,6 +816,7 @@ objects:
             description: 'The access ID of the HMAC Key.'
           - !ruby/object:Api::Type::String
             name: 'etag'
+            output: true
             description: 'HTTP 1.1 Entity tag for the HMAC key.'
           - !ruby/object:Api::Type::String
             name: 'id'
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 42d8d358a010..961c466c5887 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -109,15 +109,15 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     examples:
       - !ruby/object:Provider::Terraform::Examples
         name: "storage_hmac_key"
-        primary_resource_id: "special_key"
+        primary_resource_id: "key"
         vars:
-          service_account_email: "my-special-sea@my-project.iam.gserviceaccount.com"
-    id_format: 'projects/{{project}}/accessId/{{access_id}}'
+          service_account_email: "my-service-account@my-project.iam.gserviceaccount.com"
+    id_format: "projects/{{project}}/accessId/{{access_id}}"
     properties:
-      metadata.id: !ruby/object:Overrides::Terraform::PropertyOverride
-        exclude: true
       metadata: !ruby/object:Overrides::Terraform::PropertyOverride
         flatten_object: true
+      metadata.id: !ruby/object:Overrides::Terraform::PropertyOverride
+        exclude: true
       secret: !ruby/object:Overrides::Terraform::PropertyOverride
         ignore_read: true
         sensitive: true

From bd1d42df44e468310b357bbc38e6cfb93cfc9231 Mon Sep 17 00:00:00 2001
From: Eric Hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 12:45:50 -0800
Subject: [PATCH 08/23] Update
 third_party/terraform/tests/resource_storage_hmac_key_test.go

Co-Authored-By: Riley Karson <rileykarson@google.com>
---
 third_party/terraform/tests/resource_storage_hmac_key_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index 302e72d99b65..1c7640575e16 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -23,7 +23,7 @@ func TestStorageHmacKey_update(t *testing.T) {
 			{
 				ResourceName:      "google_storage_hmac_key.default",
 				ImportState:       true,
-				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{"secret"},
 			},
 		},
 	})

From bee0e278604210fc24b3906d2b1041d975b8b7fb Mon Sep 17 00:00:00 2001
From: Eric Hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 12:46:07 -0800
Subject: [PATCH 09/23] Update products/storage/api.yaml

Co-Authored-By: Riley Karson <rileykarson@google.com>
---
 products/storage/api.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index bc74b69b50ff..cc7703fe2768 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -825,6 +825,7 @@ objects:
           - !ruby/object:Api::Type::Enum
             name: 'state'
             description: 'The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.'
+            default_value: 'ACTIVE'
             values:
               - 'ACTIVE'
               - 'INACTIVE'

From b786218855bda5ad02a267a4b43321e867250f55 Mon Sep 17 00:00:00 2001
From: Eric Hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 12:46:22 -0800
Subject: [PATCH 10/23] Update
 third_party/terraform/tests/resource_storage_hmac_key_test.go

Co-Authored-By: Riley Karson <rileykarson@google.com>
---
 third_party/terraform/tests/resource_storage_hmac_key_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index 1c7640575e16..d9ca2c27f364 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -7,7 +7,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 )
 
-func TestStorageHmacKey_update(t *testing.T) {
+func TestAccStorageHmacKey_update(t *testing.T) {
 	t.Parallel()
 
 	saName := saName()

From 76daab9a359a6cc00393a34c83be79a965f2103d Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 13:00:24 -0800
Subject: [PATCH 11/23] hmac_key: adds doc warning about secrets, fixes yaml
 formatting, and improves test

---
 products/storage/api.yaml                     | 25 ++++++++++++-------
 products/storage/terraform.yaml               |  4 +++
 .../tests/resource_storage_hmac_key_test.go   | 18 ++++++++++---
 3 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index cc7703fe2768..32b98431bea8 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -797,14 +797,16 @@ objects:
     parameters:
       - !ruby/object:Api::Type::String
         name: 'serviceAccountEmail'
-        description: The email address of the key's associated service account.
+        description: |
+          The email address of the key's associated service account.
         input: true
         required: true
     properties:
       - !ruby/object:Api::Type::String
         name: 'secret'
         output: true
-        description: 'HMAC secret key material.'
+        description: |
+          'HMAC secret key material.'
       - !ruby/object:Api::Type::NestedObject
         name: 'metadata'
         description: |
@@ -813,19 +815,22 @@ objects:
           - !ruby/object:Api::Type::String
             name: 'accessId'
             output: true
-            description: 'The access ID of the HMAC Key.'
+            description: |
+              'The access ID of the HMAC Key.'
           - !ruby/object:Api::Type::String
             name: 'etag'
             output: true
-            description: 'HTTP 1.1 Entity tag for the HMAC key.'
+            description: |
+              'HTTP 1.1 Entity tag for the HMAC key.'
           - !ruby/object:Api::Type::String
             name: 'id'
             output: true
-            description: 'The ID of the HMAC key, including the Project ID and the Access ID.'
+            description: |
+              'The ID of the HMAC key, including the Project ID and the Access ID.'
           - !ruby/object:Api::Type::Enum
             name: 'state'
-            description: 'The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.'
-            default_value: 'ACTIVE'
+            description: |
+              'The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.'
             values:
               - 'ACTIVE'
               - 'INACTIVE'
@@ -833,8 +838,10 @@ objects:
           - !ruby/object:Api::Type::Time
             name: 'timeCreated'
             output: true
-            description: 'The creation time of the HMAC key in RFC 3339 format. '
+            description: |
+              'The creation time of the HMAC key in RFC 3339 format. '
           - !ruby/object:Api::Type::Time
             name: 'updated'
             output: true
-            description: 'The last modification time of the HMAC key metadata in RFC 3339 format.'
+            description: |
+              'The last modification time of the HMAC key metadata in RFC 3339 format.'
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 961c466c5887..ac8e793ffa12 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -124,6 +124,10 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride
         name: 'service_account_email'
         ignore_read: true
+    docs: !ruby/object:Provider::Terraform::Docs
+      warning: |
+        All arguments including the secret value will be stored in the raw
+        state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index d9ca2c27f364..d4d17c322799 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -18,13 +18,22 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 		CheckDestroy: testAccCheckStorageHmacKeyDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testGoogleStorageHmacKeyBasic(saName, bucketName),
+				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "ACTIVE"),
 			},
 			{
 				ResourceName:      "google_storage_hmac_key.default",
 				ImportState:       true,
-				ImportStateVerifyIgnore: []string{"secret"},
+				ImportStateVerify: true,
 			},
+			{
+				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "INACTIVE"),
+			},
+			{
+				ResourceName:      "google_storage_hmac_key.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+
 		},
 	})
 }
@@ -51,7 +60,7 @@ func testAccStorageHmacKeyDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testGoogleStorageHmacKeyBasic(saName, bucketName) string {
+func testAccGoogleStorageHmacKeyBasic(saName, bucketName, state) string {
 	return fmt.Sprintf(`
 resource "google_service_account" "service_account" {
   name = "%s"
@@ -63,6 +72,7 @@ resource "google_storage_bucket" "bucket" {
 
 resource "google_storage_hmac_key" "key" {
 	service_account_email = google_service_account.service_account.email
+	state = "%s"
 }
-`, saName, bucketName)
+`, saName, bucketName, state)
 }

From 9fc366f362d776feca90f2fde8df4c62e68c2cc3 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 13:12:33 -0800
Subject: [PATCH 12/23] More fixes for review

---
 products/storage/api.yaml                             |  6 +++---
 templates/terraform/post_create/hmac_secret.go.erb    |  2 +-
 .../terraform/tests/resource_storage_hmac_key_test.go | 11 ++++-------
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index 32b98431bea8..b0e5bc5f09a1 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -832,9 +832,9 @@ objects:
             description: |
               'The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.'
             values:
-              - 'ACTIVE'
-              - 'INACTIVE'
-              - 'DELETED'
+              - :ACTIVE
+              - :INACTIVE
+              - :DELETED
           - !ruby/object:Api::Type::Time
             name: 'timeCreated'
             output: true
diff --git a/templates/terraform/post_create/hmac_secret.go.erb b/templates/terraform/post_create/hmac_secret.go.erb
index c0cbc45fef3a..74889d4fb8a0 100644
--- a/templates/terraform/post_create/hmac_secret.go.erb
+++ b/templates/terraform/post_create/hmac_secret.go.erb
@@ -11,7 +11,7 @@ accessId, ok := metadata["accessId"].(string)
 if !ok {
 	return fmt.Errorf("The response to CREATE was missing an expected field. Your create did not work.")
 }
-d.Set("accessId", accessId)
+d.Set("access_id", accessId)
 
 id, err = replaceVars(d, config, "projects/{{project}}/accessId/{{access_id}}")
 if err != nil {
diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index d4d17c322799..8de1c1cd4779 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -5,12 +5,13 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
 )
 
 func TestAccStorageHmacKey_update(t *testing.T) {
 	t.Parallel()
 
-	saName := saName()
+	saName :=  fmt.Sprintf("%v%v", "service-account", acctest.RandString(10))
 	bucketName := testBucketName()
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -38,10 +39,6 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 	})
 }
 
-func saName() string {
-	return fmt.Sprintf("", "tf-test-bucket", acctest.RandInt())
-}
-
 func testAccStorageHmacKeyDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 
@@ -60,10 +57,10 @@ func testAccStorageHmacKeyDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccGoogleStorageHmacKeyBasic(saName, bucketName, state) string {
+func testAccGoogleStorageHmacKeyBasic(saName, bucketName, state string) string {
 	return fmt.Sprintf(`
 resource "google_service_account" "service_account" {
-  name = "%s"
+  account_id = "%s"
 }
 
 resource "google_storage_bucket" "bucket" {

From cb69003958f9cd0f3a96a4e0dd93637e8b5c86fa Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 13:43:35 -0800
Subject: [PATCH 13/23] Fixing gofmt

---
 third_party/terraform/tests/resource_storage_hmac_key_test.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index 8de1c1cd4779..b6ed4c61453a 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -11,7 +11,7 @@ import (
 func TestAccStorageHmacKey_update(t *testing.T) {
 	t.Parallel()
 
-	saName :=  fmt.Sprintf("%v%v", "service-account", acctest.RandString(10))
+	saName := fmt.Sprintf("%v%v", "service-account", acctest.RandString(10))
 	bucketName := testBucketName()
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -34,7 +34,6 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
-
 		},
 	})
 }

From 4406dbb0c249b65c580488685dfe886d7e50a0d5 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 14:28:24 -0800
Subject: [PATCH 14/23] fix resource name

---
 .../tests/resource_storage_hmac_key_test.go   | 24 +++----------------
 1 file changed, 3 insertions(+), 21 deletions(-)

diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index b6ed4c61453a..d8827907061a 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 )
 
 func TestAccStorageHmacKey_update(t *testing.T) {
@@ -22,7 +22,7 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "ACTIVE"),
 			},
 			{
-				ResourceName:      "google_storage_hmac_key.default",
+				ResourceName:      "google_storage_hmac_key.key",
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
@@ -30,7 +30,7 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "INACTIVE"),
 			},
 			{
-				ResourceName:      "google_storage_hmac_key.default",
+				ResourceName:      "google_storage_hmac_key.key",
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
@@ -38,24 +38,6 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 	})
 }
 
-func testAccStorageHmacKeyDestroy(s *terraform.State) error {
-	config := testAccProvider.Meta().(*Config)
-
-	for _, rs := range s.RootModule().Resources {
-		if rs.Type != "google_storage_hmac_key" {
-			continue
-		}
-		accessId := rs.Primary.Attributes["accessId"]
-
-		_, err := config.clientStorage.HmacKeys.Get(accessId).Do()
-		if err == nil {
-			return fmt.Errorf("Hmac key still exists.")
-		}
-	}
-
-	return nil
-}
-
 func testAccGoogleStorageHmacKeyBasic(saName, bucketName, state string) string {
 	return fmt.Sprintf(`
 resource "google_service_account" "service_account" {

From d8e3ebfdfd545f543f51cd62c0239f3b70a918e8 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Mon, 10 Feb 2020 15:57:26 -0800
Subject: [PATCH 15/23] more iteration

---
 products/storage/api.yaml                              |  2 ++
 products/storage/terraform.yaml                        | 10 ++++++----
 .../terraform/tests/resource_storage_hmac_key_test.go  |  7 ++++---
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index b0e5bc5f09a1..5d419fafe1ef 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -794,6 +794,8 @@ objects:
       The hmacKeys resource represents an HMAC key within Cloud Storage. The resource
       consists of a secret and HMAC key metadata. HMAC keys can be used as credentials
       for service accounts.
+    identity:
+      - accessId
     parameters:
       - !ruby/object:Api::Type::String
         name: 'serviceAccountEmail'
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index ac8e793ffa12..75a4f3132dc2 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -106,6 +106,10 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       post_create: templates/terraform/post_create/hmac_secret.go.erb
+    docs: !ruby/object:Provider::Terraform::Docs
+      warning: |
+        All arguments including the secret value will be stored in the raw
+        state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
     examples:
       - !ruby/object:Provider::Terraform::Examples
         name: "storage_hmac_key"
@@ -124,10 +128,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride
         name: 'service_account_email'
         ignore_read: true
-    docs: !ruby/object:Provider::Terraform::Docs
-      warning: |
-        All arguments including the secret value will be stored in the raw
-        state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
+    # This resource does not have a name field
+    skip_sweeper: true 
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index d8827907061a..70fabde7c6f9 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -30,9 +30,10 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "INACTIVE"),
 			},
 			{
-				ResourceName:      "google_storage_hmac_key.key",
-				ImportState:       true,
-				ImportStateVerify: true,
+				ResourceName:            "google_storage_hmac_key.key",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"secret"},
 			},
 		},
 	})

From a9c0b81407291503e81369fee24e5b9ee6eb5471 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Tue, 11 Feb 2020 09:51:01 -0800
Subject: [PATCH 16/23] More fixes

---
 products/storage/api.yaml                           |  2 --
 products/storage/terraform.yaml                     |  5 +++--
 .../terraform/examples/storage_hmac_key.tf.erb      |  6 +++++-
 .../tests/resource_storage_hmac_key_test.go         | 13 +++++--------
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index 5d419fafe1ef..b0e5bc5f09a1 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -794,8 +794,6 @@ objects:
       The hmacKeys resource represents an HMAC key within Cloud Storage. The resource
       consists of a secret and HMAC key metadata. HMAC keys can be used as credentials
       for service accounts.
-    identity:
-      - accessId
     parameters:
       - !ruby/object:Api::Type::String
         name: 'serviceAccountEmail'
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 75a4f3132dc2..6923d5199ce7 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -115,8 +115,9 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         name: "storage_hmac_key"
         primary_resource_id: "key"
         vars:
-          service_account_email: "my-service-account@my-project.iam.gserviceaccount.com"
+          service_account: "my-service-account"
     id_format: "projects/{{project}}/accessId/{{access_id}}"
+    import_format: ['projects/{{project}}/hmacKeys/{{access_id}}']
     properties:
       metadata: !ruby/object:Overrides::Terraform::PropertyOverride
         flatten_object: true
@@ -129,7 +130,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         name: 'service_account_email'
         ignore_read: true
     # This resource does not have a name field
-    skip_sweeper: true 
+    skip_sweeper: true
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
diff --git a/templates/terraform/examples/storage_hmac_key.tf.erb b/templates/terraform/examples/storage_hmac_key.tf.erb
index d3208f239592..243ad9ce2ac5 100644
--- a/templates/terraform/examples/storage_hmac_key.tf.erb
+++ b/templates/terraform/examples/storage_hmac_key.tf.erb
@@ -1,3 +1,7 @@
+resource "google_service_account" "service_account" {
+  account_id = "<%= ctx[:vars]['account_id'] %>"
+}
+
 resource "google_storage_hmac_key" "<%= ctx[:primary_resource_id] %>" {
-  service_account_email = "<%= ctx[:vars]['name'] %>"
+  service_account_email = google_service_account.service_account.email
 }
diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index 70fabde7c6f9..7347974d2967 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -22,9 +22,10 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "ACTIVE"),
 			},
 			{
-				ResourceName:      "google_storage_hmac_key.key",
-				ImportState:       true,
-				ImportStateVerify: true,
+				ResourceName:            "google_storage_hmac_key.key",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"secret"},
 			},
 			{
 				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "INACTIVE"),
@@ -45,13 +46,9 @@ resource "google_service_account" "service_account" {
   account_id = "%s"
 }
 
-resource "google_storage_bucket" "bucket" {
-  name = "%s"
-}
-
 resource "google_storage_hmac_key" "key" {
 	service_account_email = google_service_account.service_account.email
 	state = "%s"
 }
-`, saName, bucketName, state)
+`, saName, state)
 }

From ce60da23fbb9b621c7118928c0d08eeaa3bd251c Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Tue, 11 Feb 2020 10:26:51 -0800
Subject: [PATCH 17/23] RM unused var in hmac_key_test

---
 .../terraform/tests/resource_storage_hmac_key_test.go        | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index 7347974d2967..4d81d58faa24 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -12,14 +12,13 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 	t.Parallel()
 
 	saName := fmt.Sprintf("%v%v", "service-account", acctest.RandString(10))
-	bucketName := testBucketName()
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckStorageHmacKeyDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "ACTIVE"),
+				Config: testAccGoogleStorageHmacKeyBasic(saName, "ACTIVE"),
 			},
 			{
 				ResourceName:            "google_storage_hmac_key.key",
@@ -28,7 +27,7 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"secret"},
 			},
 			{
-				Config: testAccGoogleStorageHmacKeyBasic(saName, bucketName, "INACTIVE"),
+				Config: testAccGoogleStorageHmacKeyBasic(saName, "INACTIVE"),
 			},
 			{
 				ResourceName:            "google_storage_hmac_key.key",

From b6e13a314d136acf6604460a88e3f002c3602565 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Tue, 11 Feb 2020 16:01:43 -0800
Subject: [PATCH 18/23] hmac_key: Pre-delete and more fixes

---
 products/storage/terraform.yaml               |  6 ++++--
 ..._secret.go.erb => storage_hmac_key.go.erb} |  0
 .../pre_delete/storage_hmac_key.go.erb        | 20 +++++++++++++++++++
 .../tests/resource_storage_hmac_key_test.go   |  2 +-
 4 files changed, 25 insertions(+), 3 deletions(-)
 rename templates/terraform/post_create/{hmac_secret.go.erb => storage_hmac_key.go.erb} (100%)
 create mode 100644 templates/terraform/pre_delete/storage_hmac_key.go.erb

diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 6923d5199ce7..7ac47f5e5eaf 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -104,8 +104,10 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   HmacKey: !ruby/object:Overrides::Terraform::ResourceOverride
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}
+    self_link: projects/{{project}}/hmacKeys/{{access_id}}
     custom_code: !ruby/object:Provider::Terraform::CustomCode
-      post_create: templates/terraform/post_create/hmac_secret.go.erb
+      post_create: templates/terraform/post_create/storage_hmac_key.go.erb
+      pre_delete: templates/terraform/pre_delete/storage_hmac_key.go.erb
     docs: !ruby/object:Provider::Terraform::Docs
       warning: |
         All arguments including the secret value will be stored in the raw
@@ -116,7 +118,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         primary_resource_id: "key"
         vars:
           service_account: "my-service-account"
-    id_format: "projects/{{project}}/accessId/{{access_id}}"
+    id_format: "projects/{{project}}/hmacKeys/{{access_id}}"
     import_format: ['projects/{{project}}/hmacKeys/{{access_id}}']
     properties:
       metadata: !ruby/object:Overrides::Terraform::PropertyOverride
diff --git a/templates/terraform/post_create/hmac_secret.go.erb b/templates/terraform/post_create/storage_hmac_key.go.erb
similarity index 100%
rename from templates/terraform/post_create/hmac_secret.go.erb
rename to templates/terraform/post_create/storage_hmac_key.go.erb
diff --git a/templates/terraform/pre_delete/storage_hmac_key.go.erb b/templates/terraform/pre_delete/storage_hmac_key.go.erb
new file mode 100644
index 000000000000..6d387ce1b6e9
--- /dev/null
+++ b/templates/terraform/pre_delete/storage_hmac_key.go.erb
@@ -0,0 +1,20 @@
+obj := make(map[string]interface{})
+metadataProp, err := expandStorageHmacKeyMetadata(nil, d, config)
+if err != nil {
+	return err
+} else if v, ok := d.GetOkExists("metadata"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, metadataProp)) {
+	obj["metadata"] = metadataProp
+}
+
+obj["metadata"]["state"] = "INACTIVE"
+
+url, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{accessId}}")
+if err != nil {
+	return err
+}
+
+log.Printf("[DEBUG] Deactivating HmacKey %q: %#v", d.Id(), obj)
+_, err = sendRequestWithTimeout(config, "PUT", project, url, obj, d.Timeout(schema.TimeoutUpdate))
+if err != nil {
+		return fmt.Errorf("Error deactivating HmacKey %q: %s", d.Id(), err)
+}
diff --git a/third_party/terraform/tests/resource_storage_hmac_key_test.go b/third_party/terraform/tests/resource_storage_hmac_key_test.go
index 4d81d58faa24..7e28c8965797 100644
--- a/third_party/terraform/tests/resource_storage_hmac_key_test.go
+++ b/third_party/terraform/tests/resource_storage_hmac_key_test.go
@@ -39,7 +39,7 @@ func TestAccStorageHmacKey_update(t *testing.T) {
 	})
 }
 
-func testAccGoogleStorageHmacKeyBasic(saName, bucketName, state string) string {
+func testAccGoogleStorageHmacKeyBasic(saName, state string) string {
 	return fmt.Sprintf(`
 resource "google_service_account" "service_account" {
   account_id = "%s"

From 61abe9a92b4f6eca2d4fd7aaca09ac8683bbad99 Mon Sep 17 00:00:00 2001
From: eric-hole <eric.hole@gmail.com>
Date: Tue, 11 Feb 2020 16:17:30 -0800
Subject: [PATCH 19/23] Fixing wrong assumptions

---
 templates/terraform/pre_delete/storage_hmac_key.go.erb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/templates/terraform/pre_delete/storage_hmac_key.go.erb b/templates/terraform/pre_delete/storage_hmac_key.go.erb
index 6d387ce1b6e9..47a861e0223a 100644
--- a/templates/terraform/pre_delete/storage_hmac_key.go.erb
+++ b/templates/terraform/pre_delete/storage_hmac_key.go.erb
@@ -1,4 +1,3 @@
-obj := make(map[string]interface{})
 metadataProp, err := expandStorageHmacKeyMetadata(nil, d, config)
 if err != nil {
 	return err
@@ -6,7 +5,12 @@ if err != nil {
 	obj["metadata"] = metadataProp
 }
 
-obj["metadata"]["state"] = "INACTIVE"
+state, err := expandStorageHmacKeyMetadataState(d.Get("state"), d, config)
+if err != nil {
+	return nil, err
+} else if v, ok := d.GetOkExists("state"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, state)) {
+	obj["metadata"]["state"] = "INACTIVE"
+}
 
 url, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{accessId}}")
 if err != nil {

From 8059dfe2fe4148213dcbea07f8c2d1d8e4b4fdd1 Mon Sep 17 00:00:00 2001
From: Riley Karson <rileykarson@google.com>
Date: Wed, 12 Feb 2020 10:18:54 -0800
Subject: [PATCH 20/23] Edits to support read schema

---
 products/storage/api.yaml                     | 73 +++++++++----------
 products/storage/terraform.yaml               | 28 ++++---
 .../post_create/storage_hmac_key.go.erb       |  7 +-
 .../pre_delete/storage_hmac_key.go.erb        | 19 +++--
 .../update_encoder/storage_hmac_key.go.erb    | 17 +++++
 5 files changed, 78 insertions(+), 66 deletions(-)
 create mode 100644 templates/terraform/update_encoder/storage_hmac_key.go.erb

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index b0e5bc5f09a1..87abdcb7c03a 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -788,7 +788,7 @@ objects:
     self_link: projects/{{project}}/hmacKeys/{{accessId}}
     references: !ruby/object:Api::Resource::ReferenceLinks
       guides:
-        'Official Documentation': 'hhttps://cloud.google.com/storage/docs/authentication/managing-hmackeys'
+        'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys'
       api: 'https://cloud.google.com/storage/docs/json_api/v1/projects/hmacKeys'
     description: |
       The hmacKeys resource represents an HMAC key within Cloud Storage. The resource
@@ -802,46 +802,41 @@ objects:
         input: true
         required: true
     properties:
+      - !ruby/object:Api::Type::Enum
+        name: 'state'
+        description: |
+          The state of the key. Can be set to one of ACTIVE, INACTIVE.
+        values:
+          - :ACTIVE
+          - :INACTIVE
+          # - :DELETED (not directly settable)
       - !ruby/object:Api::Type::String
         name: 'secret'
         output: true
         description: |
-          'HMAC secret key material.'
-      - !ruby/object:Api::Type::NestedObject
-        name: 'metadata'
+          HMAC secret key material.
+      - !ruby/object:Api::Type::String
+        name: 'accessId'
+        output: true
         description: |
-          HMAC key metadata.
-        properties:
-          - !ruby/object:Api::Type::String
-            name: 'accessId'
-            output: true
-            description: |
-              'The access ID of the HMAC Key.'
-          - !ruby/object:Api::Type::String
-            name: 'etag'
-            output: true
-            description: |
-              'HTTP 1.1 Entity tag for the HMAC key.'
-          - !ruby/object:Api::Type::String
-            name: 'id'
-            output: true
-            description: |
-              'The ID of the HMAC key, including the Project ID and the Access ID.'
-          - !ruby/object:Api::Type::Enum
-            name: 'state'
-            description: |
-              'The state of the key. Can be one of ACTIVE, INACTIVE, or DELETED.'
-            values:
-              - :ACTIVE
-              - :INACTIVE
-              - :DELETED
-          - !ruby/object:Api::Type::Time
-            name: 'timeCreated'
-            output: true
-            description: |
-              'The creation time of the HMAC key in RFC 3339 format. '
-          - !ruby/object:Api::Type::Time
-            name: 'updated'
-            output: true
-            description: |
-              'The last modification time of the HMAC key metadata in RFC 3339 format.'
+          The access ID of the HMAC Key.
+      - !ruby/object:Api::Type::String
+        name: 'etag'
+        output: true
+        description: |
+          HTTP 1.1 Entity tag for the HMAC key.
+      - !ruby/object:Api::Type::String
+        name: 'id'
+        output: true
+        description: |
+          The ID of the HMAC key, including the Project ID and the Access ID.
+      - !ruby/object:Api::Type::Time
+        name: 'timeCreated'
+        output: true
+        description: |
+          'The creation time of the HMAC key in RFC 3339 format. '
+      - !ruby/object:Api::Type::Time
+        name: 'updated'
+        output: true
+        description: |
+          'The last modification time of the HMAC key metadata in RFC 3339 format.'
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 7ac47f5e5eaf..39df824bae19 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -105,34 +105,32 @@ overrides: !ruby/object:Overrides::ResourceOverrides
   HmacKey: !ruby/object:Overrides::Terraform::ResourceOverride
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}
     self_link: projects/{{project}}/hmacKeys/{{access_id}}
-    custom_code: !ruby/object:Provider::Terraform::CustomCode
-      post_create: templates/terraform/post_create/storage_hmac_key.go.erb
-      pre_delete: templates/terraform/pre_delete/storage_hmac_key.go.erb
-    docs: !ruby/object:Provider::Terraform::Docs
-      warning: |
-        All arguments including the secret value will be stored in the raw
-        state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
+    id_format: "projects/{{project}}/hmacKeys/{{access_id}}"
+    import_format: ['projects/{{project}}/hmacKeys/{{access_id}}']
+    # This resource does not have a name field
+    skip_sweeper: true
     examples:
       - !ruby/object:Provider::Terraform::Examples
         name: "storage_hmac_key"
         primary_resource_id: "key"
         vars:
           service_account: "my-service-account"
-    id_format: "projects/{{project}}/hmacKeys/{{access_id}}"
-    import_format: ['projects/{{project}}/hmacKeys/{{access_id}}']
+    docs: !ruby/object:Provider::Terraform::Docs
+      warning: |
+        All arguments including the secret value will be stored in the raw
+        state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
     properties:
-      metadata: !ruby/object:Overrides::Terraform::PropertyOverride
-        flatten_object: true
-      metadata.id: !ruby/object:Overrides::Terraform::PropertyOverride
+      id: !ruby/object:Overrides::Terraform::PropertyOverride
         exclude: true
       secret: !ruby/object:Overrides::Terraform::PropertyOverride
         ignore_read: true
         sensitive: true
       serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride
-        name: 'service_account_email'
         ignore_read: true
-    # This resource does not have a name field
-    skip_sweeper: true
+    custom_code: !ruby/object:Provider::Terraform::CustomCode
+      post_create: templates/terraform/post_create/storage_hmac_key.go.erb
+      pre_delete: templates/terraform/pre_delete/storage_hmac_key.go.erb
+      update_encoder: templates/terraform/update_encoders/storage_hmac_key.go.erb
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
diff --git a/templates/terraform/post_create/storage_hmac_key.go.erb b/templates/terraform/post_create/storage_hmac_key.go.erb
index 74889d4fb8a0..1304036f6636 100644
--- a/templates/terraform/post_create/storage_hmac_key.go.erb
+++ b/templates/terraform/post_create/storage_hmac_key.go.erb
@@ -1,9 +1,10 @@
-// `secret` and `accessId` are generated by the API upon successful CREATE. The following
+// `secret` and `access_id` are generated by the API upon successful CREATE. The following
 // ensures terraform has the correct values based on the Projects.hmacKeys response object.
 secret, ok := res["secret"].(string)
 if !ok {
 	return fmt.Errorf("The response to CREATE was missing an expected field. Your create did not work.")
 }
+
 d.Set("secret", secret)
 
 metadata := res["metadata"].(map[string]interface{})
@@ -11,10 +12,12 @@ accessId, ok := metadata["accessId"].(string)
 if !ok {
 	return fmt.Errorf("The response to CREATE was missing an expected field. Your create did not work.")
 }
+
 d.Set("access_id", accessId)
 
-id, err = replaceVars(d, config, "projects/{{project}}/accessId/{{access_id}}")
+id, err = replaceVars(d, config, "projects/{{project}}/hmacKeys/{{access_id}}")
 if err != nil {
 	return fmt.Errorf("Error constructing id: %s", err)
 }
+
 d.SetId(id)
diff --git a/templates/terraform/pre_delete/storage_hmac_key.go.erb b/templates/terraform/pre_delete/storage_hmac_key.go.erb
index 47a861e0223a..5f79ce536e60 100644
--- a/templates/terraform/pre_delete/storage_hmac_key.go.erb
+++ b/templates/terraform/pre_delete/storage_hmac_key.go.erb
@@ -1,24 +1,23 @@
-metadataProp, err := expandStorageHmacKeyMetadata(nil, d, config)
+getUrl, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{access_id}}")
 if err != nil {
 	return err
-} else if v, ok := d.GetOkExists("metadata"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, metadataProp)) {
-	obj["metadata"] = metadataProp
 }
 
-state, err := expandStorageHmacKeyMetadataState(d.Get("state"), d, config)
+getRes, err := sendRequest(config, "GET", project, getUrl, nil)
 if err != nil {
-	return nil, err
-} else if v, ok := d.GetOkExists("state"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, state)) {
-	obj["metadata"]["state"] = "INACTIVE"
+	return handleNotFoundError(err, d, fmt.Sprintf("StorageHmacKey %q", d.Id()))
 }
 
-url, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{accessId}}")
+getRes["metadata"].(map[string]interface{})["state"] = "INACTIVE"
+
+
+updateUrl, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{accessId}}")
 if err != nil {
 	return err
 }
 
-log.Printf("[DEBUG] Deactivating HmacKey %q: %#v", d.Id(), obj)
-_, err = sendRequestWithTimeout(config, "PUT", project, url, obj, d.Timeout(schema.TimeoutUpdate))
+log.Printf("[DEBUG] Deactivating HmacKey %q: %#v", d.Id(), getRes)
+_, err = sendRequestWithTimeout(config, "PUT", project, updateUrl, getRes, d.Timeout(schema.TimeoutUpdate))
 if err != nil {
 		return fmt.Errorf("Error deactivating HmacKey %q: %s", d.Id(), err)
 }
diff --git a/templates/terraform/update_encoder/storage_hmac_key.go.erb b/templates/terraform/update_encoder/storage_hmac_key.go.erb
new file mode 100644
index 000000000000..bcc42e77b465
--- /dev/null
+++ b/templates/terraform/update_encoder/storage_hmac_key.go.erb
@@ -0,0 +1,17 @@
+<%# The license inside this block applies to this file.
+	# Copyright 2019 Google Inc.
+	# Licensed under the Apache License, Version 2.0 (the "License");
+	# you may not use this file except in compliance with the License.
+	# You may obtain a copy of the License at
+	#
+	#     http://www.apache.org/licenses/LICENSE-2.0
+	#
+	# Unless required by applicable law or agreed to in writing, software
+	# distributed under the License is distributed on an "AS IS" BASIS,
+	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	# See the License for the specific language governing permissions and
+	# limitations under the License.
+-%>
+newObj := make(map[string]interface{})
+newObj["metadata"] = obj
+return newObj, nil

From 5a5466192bab038a31a2009e53067725e9e52d80 Mon Sep 17 00:00:00 2001
From: Riley Karson <rileykarson@google.com>
Date: Wed, 12 Feb 2020 17:19:16 -0800
Subject: [PATCH 21/23] Get tests passing, handle deleted items properly

---
 products/storage/api.yaml                     | 16 ++++++-------
 products/storage/terraform.yaml               | 15 +++++++-----
 .../storage_hmac_key.go.erb                   | 17 ++++++++++++++
 .../decoders/storage_hmac_key.go.erb          |  5 ++++
 .../pre_delete/storage_hmac_key.go.erb        | 23 +++++++++++--------
 5 files changed, 52 insertions(+), 24 deletions(-)
 create mode 100644 templates/terraform/custom_check_destroy/storage_hmac_key.go.erb
 create mode 100644 templates/terraform/decoders/storage_hmac_key.go.erb

diff --git a/products/storage/api.yaml b/products/storage/api.yaml
index 87abdcb7c03a..41843ed822b3 100644
--- a/products/storage/api.yaml
+++ b/products/storage/api.yaml
@@ -786,6 +786,8 @@ objects:
     base_url: projects/{{project}}/hmacKeys
     create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{serviceAccountEmail}}
     self_link: projects/{{project}}/hmacKeys/{{accessId}}
+    # technically updatable, but implemented as custom update for new fingerprint support
+    input: true
     references: !ruby/object:Api::Resource::ReferenceLinks
       guides:
         'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys'
@@ -794,22 +796,25 @@ objects:
       The hmacKeys resource represents an HMAC key within Cloud Storage. The resource
       consists of a secret and HMAC key metadata. HMAC keys can be used as credentials
       for service accounts.
-    parameters:
+    properties:
       - !ruby/object:Api::Type::String
         name: 'serviceAccountEmail'
         description: |
           The email address of the key's associated service account.
-        input: true
         required: true
-    properties:
       - !ruby/object:Api::Type::Enum
         name: 'state'
         description: |
           The state of the key. Can be set to one of ACTIVE, INACTIVE.
+        default_value: :ACTIVE
         values:
           - :ACTIVE
           - :INACTIVE
           # - :DELETED (not directly settable)
+        update_verb: :PUT
+        update_url: projects/{{project}}/hmacKeys/{{accessId}}
+        update_id: 'state'
+        fingerprint_name: 'etag'
       - !ruby/object:Api::Type::String
         name: 'secret'
         output: true
@@ -820,11 +825,6 @@ objects:
         output: true
         description: |
           The access ID of the HMAC Key.
-      - !ruby/object:Api::Type::String
-        name: 'etag'
-        output: true
-        description: |
-          HTTP 1.1 Entity tag for the HMAC key.
       - !ruby/object:Api::Type::String
         name: 'id'
         output: true
diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 39df824bae19..4e5d627a01d8 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -114,23 +114,26 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         name: "storage_hmac_key"
         primary_resource_id: "key"
         vars:
-          service_account: "my-service-account"
+          account_id: "my-svc-acc"
     docs: !ruby/object:Provider::Terraform::Docs
       warning: |
-        All arguments including the secret value will be stored in the raw
+        All arguments including the `secret` value will be stored in the raw
         state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html).
+        On import, the `secret` value will not be retrieved.
     properties:
       id: !ruby/object:Overrides::Terraform::PropertyOverride
         exclude: true
       secret: !ruby/object:Overrides::Terraform::PropertyOverride
         ignore_read: true
         sensitive: true
-      serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride
-        ignore_read: true
+      state: !ruby/object:Overrides::Terraform::PropertyOverride
+        update_url: projects/{{project}}/hmacKeys/{{access_id}}
     custom_code: !ruby/object:Provider::Terraform::CustomCode
-      post_create: templates/terraform/post_create/storage_hmac_key.go.erb
+      decoder: templates/terraform/decoders/storage_hmac_key.go.erb
       pre_delete: templates/terraform/pre_delete/storage_hmac_key.go.erb
-      update_encoder: templates/terraform/update_encoders/storage_hmac_key.go.erb
+      post_create: templates/terraform/post_create/storage_hmac_key.go.erb
+      test_check_destroy: templates/terraform/custom_check_destroy/storage_hmac_key.go.erb
+      update_encoder: templates/terraform/update_encoder/storage_hmac_key.go.erb
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
diff --git a/templates/terraform/custom_check_destroy/storage_hmac_key.go.erb b/templates/terraform/custom_check_destroy/storage_hmac_key.go.erb
new file mode 100644
index 000000000000..c7208fbdd1fc
--- /dev/null
+++ b/templates/terraform/custom_check_destroy/storage_hmac_key.go.erb
@@ -0,0 +1,17 @@
+config := testAccProvider.Meta().(*Config)
+
+url, err := replaceVarsForTest(config, rs, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{access_id}}")
+if err != nil {
+  return err
+}
+
+res, err := sendRequest(config, "GET", "", url, nil)
+if err != nil {
+  return nil
+}
+
+if v := res["state"]; v == "DELETED" {
+	return nil
+}
+
+return fmt.Errorf("StorageHmacKey still exists at %s", url)
diff --git a/templates/terraform/decoders/storage_hmac_key.go.erb b/templates/terraform/decoders/storage_hmac_key.go.erb
new file mode 100644
index 000000000000..85855239db2d
--- /dev/null
+++ b/templates/terraform/decoders/storage_hmac_key.go.erb
@@ -0,0 +1,5 @@
+if v := res["state"]; v == "DELETED" {
+	return nil, nil
+}
+
+return res, nil
diff --git a/templates/terraform/pre_delete/storage_hmac_key.go.erb b/templates/terraform/pre_delete/storage_hmac_key.go.erb
index 5f79ce536e60..a8a299a116f5 100644
--- a/templates/terraform/pre_delete/storage_hmac_key.go.erb
+++ b/templates/terraform/pre_delete/storage_hmac_key.go.erb
@@ -8,16 +8,19 @@ if err != nil {
 	return handleNotFoundError(err, d, fmt.Sprintf("StorageHmacKey %q", d.Id()))
 }
 
-getRes["metadata"].(map[string]interface{})["state"] = "INACTIVE"
+// HmacKeys need to be INACTIVE to be deleted and the API doesn't accept noop
+// updates
+if v := getRes["state"]; v == "ACTIVE" {
+	getRes["state"] = "INACTIVE"
+	updateUrl, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{access_id}}")
+	if err != nil {
+		return err
+	}
 
-
-updateUrl, err := replaceVars(d, config, "{{StorageBasePath}}projects/{{project}}/hmacKeys/{{accessId}}")
-if err != nil {
-	return err
+	log.Printf("[DEBUG] Deactivating HmacKey %q: %#v", d.Id(), getRes)
+	_, err = sendRequestWithTimeout(config, "PUT", project, updateUrl, getRes, d.Timeout(schema.TimeoutUpdate))
+	if err != nil {
+			return fmt.Errorf("Error deactivating HmacKey %q: %s", d.Id(), err)
+	}
 }
 
-log.Printf("[DEBUG] Deactivating HmacKey %q: %#v", d.Id(), getRes)
-_, err = sendRequestWithTimeout(config, "PUT", project, updateUrl, getRes, d.Timeout(schema.TimeoutUpdate))
-if err != nil {
-		return fmt.Errorf("Error deactivating HmacKey %q: %s", d.Id(), err)
-}

From 6bd81435492682ebd13afa19bb6ebcfbbd242c86 Mon Sep 17 00:00:00 2001
From: Riley Karson <rileykarson@google.com>
Date: Wed, 12 Feb 2020 17:23:31 -0800
Subject: [PATCH 22/23] Sidebar - to _

---
 third_party/terraform/website-compiled/google.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/terraform/website-compiled/google.erb b/third_party/terraform/website-compiled/google.erb
index bff5bb82cca8..a7cdeffe7137 100644
--- a/third_party/terraform/website-compiled/google.erb
+++ b/third_party/terraform/website-compiled/google.erb
@@ -1441,7 +1441,7 @@
       </li>
 
       <li<%%= sidebar_current("docs-google-storage-hmac-key") %>>
-      <a href="/docs/providers/google/r/storage_hmac-key.html">google_storage_hmac_key</a>
+      <a href="/docs/providers/google/r/storage_hmac_key.html">google_storage_hmac_key</a>
       </li>
 
       <li<%%= sidebar_current("docs-google-storage-notification") %>>

From 912ee8d0791c589f88648155dc7b33a241bc4b02 Mon Sep 17 00:00:00 2001
From: Riley Karson <rileykarson@google.com>
Date: Wed, 12 Feb 2020 18:11:04 -0800
Subject: [PATCH 23/23] Remove the update encoder because the docs are wrong on
 update format anyways

---
 products/storage/terraform.yaml                 |  1 -
 .../update_encoder/storage_hmac_key.go.erb      | 17 -----------------
 2 files changed, 18 deletions(-)
 delete mode 100644 templates/terraform/update_encoder/storage_hmac_key.go.erb

diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
index 4e5d627a01d8..28d4d940e8c5 100644
--- a/products/storage/terraform.yaml
+++ b/products/storage/terraform.yaml
@@ -133,7 +133,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       pre_delete: templates/terraform/pre_delete/storage_hmac_key.go.erb
       post_create: templates/terraform/post_create/storage_hmac_key.go.erb
       test_check_destroy: templates/terraform/custom_check_destroy/storage_hmac_key.go.erb
-      update_encoder: templates/terraform/update_encoder/storage_hmac_key.go.erb
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
diff --git a/templates/terraform/update_encoder/storage_hmac_key.go.erb b/templates/terraform/update_encoder/storage_hmac_key.go.erb
deleted file mode 100644
index bcc42e77b465..000000000000
--- a/templates/terraform/update_encoder/storage_hmac_key.go.erb
+++ /dev/null
@@ -1,17 +0,0 @@
-<%# The license inside this block applies to this file.
-	# Copyright 2019 Google Inc.
-	# Licensed under the Apache License, Version 2.0 (the "License");
-	# you may not use this file except in compliance with the License.
-	# You may obtain a copy of the License at
-	#
-	#     http://www.apache.org/licenses/LICENSE-2.0
-	#
-	# Unless required by applicable law or agreed to in writing, software
-	# distributed under the License is distributed on an "AS IS" BASIS,
-	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-	# See the License for the specific language governing permissions and
-	# limitations under the License.
--%>
-newObj := make(map[string]interface{})
-newObj["metadata"] = obj
-return newObj, nil