Finish converting ACM resources to use policy mutex lock (#12735) (#9055

) [upstream:c389029c67698d34a46bc388404d5c3e322db613] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Jan 14, 2025 · 3492116 · 3492116
1 parent b164e69
commit 3492116
Show file tree

Hide file tree

Showing 23 changed files with 343 additions and 15 deletions.
diff --git a/.changelog/12735.txt b/.changelog/12735.txt
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level.go
@@ -375,6 +375,13 @@ func resourceAccessContextManagerAccessLevelCreate(d *schema.ResourceData, meta
 		return err
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/accessLevels")
 	if err != nil {
 		return err
@@ -530,6 +537,13 @@ func resourceAccessContextManagerAccessLevelUpdate(d *schema.ResourceData, meta
 		return err
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}")
 	if err != nil {
 		return err
@@ -606,6 +620,13 @@ func resourceAccessContextManagerAccessLevelDelete(d *schema.ResourceData, meta
 
 	billingProject := ""
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}")
 	if err != nil {
 		return err

diff --git a/...a/services/accesscontextmanager/resource_access_context_manager_access_level_condition.go b/...a/services/accesscontextmanager/resource_access_context_manager_access_level_condition.go
@@ -22,6 +22,7 @@ import (
 	"log"
 	"net/http"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -232,6 +233,11 @@ Format: accessPolicies/{policy_id}/accessLevels/{short_name}`,
 					},
 				},
 			},
+			"access_policy_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `The name of the Access Policy this resource belongs to.`,
+			},
 		},
 		UseJSONNumber: true,
 	}
@@ -288,7 +294,12 @@ func resourceAccessContextManagerAccessLevelConditionCreate(d *schema.ResourceDa
 		obj["vpcNetworkSources"] = vpcNetworkSourcesProp
 	}
 
-	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_level}}")
+	obj, err = resourceAccessContextManagerAccessLevelConditionEncoder(d, meta, obj)
+	if err != nil {
+		return err
+	}
+
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
 	if err != nil {
 		return err
 	}
@@ -472,7 +483,7 @@ func resourceAccessContextManagerAccessLevelConditionDelete(d *schema.ResourceDa
 
 	billingProject := ""
 
-	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_level}}")
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
 	if err != nil {
 		return err
 	}
@@ -839,6 +850,17 @@ func expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSub
 	return v, nil
 }
 
+func resourceAccessContextManagerAccessLevelConditionEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
+	// Set the access_policy_id field from part of the access_level parameter.
+
+	// The is logic is inside the encoder since the access_policy_id field is part of
+	// the mutex lock and encoders run before the lock is set.
+	parts := strings.Split(d.Get("access_level").(string), "/")
+	d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1]))
+
+	return obj, nil
+}
+
 func flattenNestedAccessContextManagerAccessLevelCondition(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) {
 	var v interface{}
 	var ok bool

diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_levels.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_levels.go
@@ -346,6 +346,13 @@ func resourceAccessContextManagerAccessLevelsCreate(d *schema.ResourceData, meta
 		obj["accessLevels"] = accessLevelsProp
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/accessLevels:replaceAll")
 	if err != nil {
 		return err
@@ -452,6 +459,13 @@ func resourceAccessContextManagerAccessLevelsUpdate(d *schema.ResourceData, meta
 		obj["accessLevels"] = accessLevelsProp
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/accessLevels:replaceAll")
 	if err != nil {
 		return err

diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_policy.go
@@ -118,6 +118,13 @@ func resourceAccessContextManagerAccessPolicyCreate(d *schema.ResourceData, meta
 		obj["scopes"] = scopesProp
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "accessPolicies/{{name}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}accessPolicies")
 	if err != nil {
 		return err
@@ -271,6 +278,13 @@ func resourceAccessContextManagerAccessPolicyUpdate(d *schema.ResourceData, meta
 		obj["scopes"] = scopesProp
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "accessPolicies/{{name}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}accessPolicies/{{name}}")
 	if err != nil {
 		return err
@@ -339,6 +353,13 @@ func resourceAccessContextManagerAccessPolicyDelete(d *schema.ResourceData, meta
 
 	billingProject := ""
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "accessPolicies/{{name}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}accessPolicies/{{name}}")
 	if err != nil {
 		return err

diff --git a/...eta/services/accesscontextmanager/resource_access_context_manager_authorized_orgs_desc.go b/...eta/services/accesscontextmanager/resource_access_context_manager_authorized_orgs_desc.go
@@ -180,6 +180,13 @@ func resourceAccessContextManagerAuthorizedOrgsDescCreate(d *schema.ResourceData
 		return err
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/authorizedOrgsDescs")
 	if err != nil {
 		return err
@@ -328,6 +335,13 @@ func resourceAccessContextManagerAuthorizedOrgsDescUpdate(d *schema.ResourceData
 		return err
 	}
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}")
 	if err != nil {
 		return err
@@ -389,6 +403,13 @@ func resourceAccessContextManagerAuthorizedOrgsDescDelete(d *schema.ResourceData
 
 	billingProject := ""
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}")
 	if err != nil {
 		return err

diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_egress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_egress_policy.go
@@ -22,6 +22,7 @@ import (
 	"log"
 	"net/http"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -59,6 +60,11 @@ func ResourceAccessContextManagerEgressPolicy() *schema.Resource {
 				ForceNew:    true,
 				Description: `A GCP resource that is inside of the service perimeter.`,
 			},
+			"access_policy_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `The name of the Access Policy this resource belongs to.`,
+			},
 		},
 		UseJSONNumber: true,
 	}
@@ -79,6 +85,18 @@ func resourceAccessContextManagerEgressPolicyCreate(d *schema.ResourceData, meta
 		obj["resource"] = resourceProp
 	}
 
+	obj, err = resourceAccessContextManagerEgressPolicyEncoder(d, meta, obj)
+	if err != nil {
+		return err
+	}
+
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{egress_policy_name}}")
 	if err != nil {
 		return err
@@ -222,6 +240,13 @@ func resourceAccessContextManagerEgressPolicyDelete(d *schema.ResourceData, meta
 
 	billingProject := ""
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{egress_policy_name}}")
 	if err != nil {
 		return err
@@ -281,6 +306,9 @@ func resourceAccessContextManagerEgressPolicyImport(d *schema.ResourceData, meta
 		return nil, err
 	}
 
+	if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil {
+		return nil, fmt.Errorf("Error setting access_policy_id: %s", err)
+	}
 	if err := d.Set("perimeter", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil {
 		return nil, fmt.Errorf("Error setting perimeter: %s", err)
 	}
@@ -295,6 +323,17 @@ func expandNestedAccessContextManagerEgressPolicyResource(v interface{}, d tpgre
 	return v, nil
 }
 
+func resourceAccessContextManagerEgressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
+	// Set the access_policy_id field from part of the egress_policy_name parameter.
+
+	// The is logic is inside the encoder since the access_policy_id field is part of
+	// the mutex lock and encoders run before the lock is set.
+	parts := strings.Split(d.Get("egress_policy_name").(string), "/")
+	d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1]))
+
+	return obj, nil
+}
+
 func flattenNestedAccessContextManagerEgressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) {
 	var v interface{}
 	var ok bool

diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_ingress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_ingress_policy.go
@@ -22,6 +22,7 @@ import (
 	"log"
 	"net/http"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -59,6 +60,11 @@ func ResourceAccessContextManagerIngressPolicy() *schema.Resource {
 				ForceNew:    true,
 				Description: `A GCP resource that is inside of the service perimeter.`,
 			},
+			"access_policy_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `The name of the Access Policy this resource belongs to.`,
+			},
 		},
 		UseJSONNumber: true,
 	}
@@ -79,6 +85,18 @@ func resourceAccessContextManagerIngressPolicyCreate(d *schema.ResourceData, met
 		obj["resource"] = resourceProp
 	}
 
+	obj, err = resourceAccessContextManagerIngressPolicyEncoder(d, meta, obj)
+	if err != nil {
+		return err
+	}
+
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{ingress_policy_name}}")
 	if err != nil {
 		return err
@@ -222,6 +240,13 @@ func resourceAccessContextManagerIngressPolicyDelete(d *schema.ResourceData, met
 
 	billingProject := ""
 
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
+	if err != nil {
+		return err
+	}
+	transport_tpg.MutexStore.Lock(lockName)
+	defer transport_tpg.MutexStore.Unlock(lockName)
+
 	url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{ingress_policy_name}}")
 	if err != nil {
 		return err
@@ -281,6 +306,9 @@ func resourceAccessContextManagerIngressPolicyImport(d *schema.ResourceData, met
 		return nil, err
 	}
 
+	if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil {
+		return nil, fmt.Errorf("Error setting access_policy_id: %s", err)
+	}
 	if err := d.Set("perimeter", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil {
 		return nil, fmt.Errorf("Error setting perimeter: %s", err)
 	}
@@ -295,6 +323,17 @@ func expandNestedAccessContextManagerIngressPolicyResource(v interface{}, d tpgr
 	return v, nil
 }
 
+func resourceAccessContextManagerIngressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
+	// Set the access_policy_id field from part of the ingress_policy_name parameter.
+
+	// The is logic is inside the encoder since the access_policy_id field is part of
+	// the mutex lock and encoders run before the lock is set.
+	parts := strings.Split(d.Get("ingress_policy_name").(string), "/")
+	d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1]))
+
+	return obj, nil
+}
+
 func flattenNestedAccessContextManagerIngressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) {
 	var v interface{}
 	var ok bool