From 349211639e15eac300a7811e96fbfeb9988dd63c Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 14 Jan 2025 09:36:38 -0800 Subject: [PATCH] Finish converting ACM resources to use policy mutex lock (#12735) (#9055) [upstream:c389029c67698d34a46bc388404d5c3e322db613] Signed-off-by: Modular Magician --- .changelog/12735.txt | 3 ++ ...rce_access_context_manager_access_level.go | 21 ++++++++++ ..._context_manager_access_level_condition.go | 26 ++++++++++++- ...ce_access_context_manager_access_levels.go | 14 +++++++ ...ce_access_context_manager_access_policy.go | 21 ++++++++++ ...ss_context_manager_authorized_orgs_desc.go | 21 ++++++++++ ...ce_access_context_manager_egress_policy.go | 39 +++++++++++++++++++ ...e_access_context_manager_ingress_policy.go | 39 +++++++++++++++++++ ...ccess_context_manager_service_perimeter.go | 6 +-- ...service_perimeter_dry_run_egress_policy.go | 26 ++++++++++++- ...ervice_perimeter_dry_run_ingress_policy.go | 26 ++++++++++++- ...ager_service_perimeter_dry_run_resource.go | 26 ++++++++++++- ...manager_service_perimeter_egress_policy.go | 26 ++++++++++++- ...anager_service_perimeter_ingress_policy.go | 26 ++++++++++++- ...cess_context_manager_service_perimeters.go | 14 +++++++ ...nager_access_level_condition.html.markdown | 3 ++ ...ontext_manager_egress_policy.html.markdown | 3 ++ ...ntext_manager_ingress_policy.html.markdown | 3 ++ ...imeter_dry_run_egress_policy.html.markdown | 3 ++ ...meter_dry_run_ingress_policy.html.markdown | 3 ++ ...e_perimeter_dry_run_resource.html.markdown | 3 ++ ...vice_perimeter_egress_policy.html.markdown | 3 ++ ...ice_perimeter_ingress_policy.html.markdown | 3 ++ 23 files changed, 343 insertions(+), 15 deletions(-) create mode 100644 .changelog/12735.txt diff --git a/.changelog/12735.txt b/.changelog/12735.txt new file mode 100644 index 0000000000..42b910df15 --- /dev/null +++ b/.changelog/12735.txt @@ -0,0 +1,3 @@ +```release-note:none + +``` \ No newline at end of file diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level.go index 8f93853d6b..3b19dc88e7 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level.go @@ -375,6 +375,13 @@ func resourceAccessContextManagerAccessLevelCreate(d *schema.ResourceData, meta return err } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/accessLevels") if err != nil { return err @@ -530,6 +537,13 @@ func resourceAccessContextManagerAccessLevelUpdate(d *schema.ResourceData, meta return err } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}") if err != nil { return err @@ -606,6 +620,13 @@ func resourceAccessContextManagerAccessLevelDelete(d *schema.ResourceData, meta billingProject := "" + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}") if err != nil { return err diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level_condition.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level_condition.go index ecc5918887..11381cfe15 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level_condition.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_level_condition.go @@ -22,6 +22,7 @@ import ( "log" "net/http" "reflect" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -232,6 +233,11 @@ Format: accessPolicies/{policy_id}/accessLevels/{short_name}`, }, }, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -288,7 +294,12 @@ func resourceAccessContextManagerAccessLevelConditionCreate(d *schema.ResourceDa obj["vpcNetworkSources"] = vpcNetworkSourcesProp } - lockName, err := tpgresource.ReplaceVars(d, config, "{{access_level}}") + obj, err = resourceAccessContextManagerAccessLevelConditionEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -472,7 +483,7 @@ func resourceAccessContextManagerAccessLevelConditionDelete(d *schema.ResourceDa billingProject := "" - lockName, err := tpgresource.ReplaceVars(d, config, "{{access_level}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -839,6 +850,17 @@ func expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSub return v, nil } +func resourceAccessContextManagerAccessLevelConditionEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the access_level parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("access_level").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerAccessLevelCondition(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_levels.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_levels.go index 1aaef512b4..e53612b94e 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_levels.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_levels.go @@ -346,6 +346,13 @@ func resourceAccessContextManagerAccessLevelsCreate(d *schema.ResourceData, meta obj["accessLevels"] = accessLevelsProp } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/accessLevels:replaceAll") if err != nil { return err @@ -452,6 +459,13 @@ func resourceAccessContextManagerAccessLevelsUpdate(d *schema.ResourceData, meta obj["accessLevels"] = accessLevelsProp } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/accessLevels:replaceAll") if err != nil { return err diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_policy.go index 2e170cade9..4db4ff229b 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_access_policy.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_access_policy.go @@ -118,6 +118,13 @@ func resourceAccessContextManagerAccessPolicyCreate(d *schema.ResourceData, meta obj["scopes"] = scopesProp } + lockName, err := tpgresource.ReplaceVars(d, config, "accessPolicies/{{name}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}accessPolicies") if err != nil { return err @@ -271,6 +278,13 @@ func resourceAccessContextManagerAccessPolicyUpdate(d *schema.ResourceData, meta obj["scopes"] = scopesProp } + lockName, err := tpgresource.ReplaceVars(d, config, "accessPolicies/{{name}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}accessPolicies/{{name}}") if err != nil { return err @@ -339,6 +353,13 @@ func resourceAccessContextManagerAccessPolicyDelete(d *schema.ResourceData, meta billingProject := "" + lockName, err := tpgresource.ReplaceVars(d, config, "accessPolicies/{{name}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}accessPolicies/{{name}}") if err != nil { return err diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_authorized_orgs_desc.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_authorized_orgs_desc.go index 39efca8276..c01fb7bf6e 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_authorized_orgs_desc.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_authorized_orgs_desc.go @@ -180,6 +180,13 @@ func resourceAccessContextManagerAuthorizedOrgsDescCreate(d *schema.ResourceData return err } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/authorizedOrgsDescs") if err != nil { return err @@ -328,6 +335,13 @@ func resourceAccessContextManagerAuthorizedOrgsDescUpdate(d *schema.ResourceData return err } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}") if err != nil { return err @@ -389,6 +403,13 @@ func resourceAccessContextManagerAuthorizedOrgsDescDelete(d *schema.ResourceData billingProject := "" + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}") if err != nil { return err diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_egress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_egress_policy.go index 8c05ab1856..b80bbce5f3 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_egress_policy.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_egress_policy.go @@ -22,6 +22,7 @@ import ( "log" "net/http" "reflect" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -59,6 +60,11 @@ func ResourceAccessContextManagerEgressPolicy() *schema.Resource { ForceNew: true, Description: `A GCP resource that is inside of the service perimeter.`, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -79,6 +85,18 @@ func resourceAccessContextManagerEgressPolicyCreate(d *schema.ResourceData, meta obj["resource"] = resourceProp } + obj, err = resourceAccessContextManagerEgressPolicyEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{egress_policy_name}}") if err != nil { return err @@ -222,6 +240,13 @@ func resourceAccessContextManagerEgressPolicyDelete(d *schema.ResourceData, meta billingProject := "" + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{egress_policy_name}}") if err != nil { return err @@ -281,6 +306,9 @@ func resourceAccessContextManagerEgressPolicyImport(d *schema.ResourceData, meta return nil, err } + if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil { + return nil, fmt.Errorf("Error setting access_policy_id: %s", err) + } if err := d.Set("perimeter", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil { return nil, fmt.Errorf("Error setting perimeter: %s", err) } @@ -295,6 +323,17 @@ func expandNestedAccessContextManagerEgressPolicyResource(v interface{}, d tpgre return v, nil } +func resourceAccessContextManagerEgressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the egress_policy_name parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("egress_policy_name").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerEgressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_ingress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_ingress_policy.go index 59d4615913..5b25eb750a 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_ingress_policy.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_ingress_policy.go @@ -22,6 +22,7 @@ import ( "log" "net/http" "reflect" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -59,6 +60,11 @@ func ResourceAccessContextManagerIngressPolicy() *schema.Resource { ForceNew: true, Description: `A GCP resource that is inside of the service perimeter.`, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -79,6 +85,18 @@ func resourceAccessContextManagerIngressPolicyCreate(d *schema.ResourceData, met obj["resource"] = resourceProp } + obj, err = resourceAccessContextManagerIngressPolicyEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{ingress_policy_name}}") if err != nil { return err @@ -222,6 +240,13 @@ func resourceAccessContextManagerIngressPolicyDelete(d *schema.ResourceData, met billingProject := "" + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{ingress_policy_name}}") if err != nil { return err @@ -281,6 +306,9 @@ func resourceAccessContextManagerIngressPolicyImport(d *schema.ResourceData, met return nil, err } + if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil { + return nil, fmt.Errorf("Error setting access_policy_id: %s", err) + } if err := d.Set("perimeter", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil { return nil, fmt.Errorf("Error setting perimeter: %s", err) } @@ -295,6 +323,17 @@ func expandNestedAccessContextManagerIngressPolicyResource(v interface{}, d tpgr return v, nil } +func resourceAccessContextManagerIngressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the ingress_policy_name parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("ingress_policy_name").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerIngressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter.go index 33965f60f1..d5f9ac98a8 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter.go @@ -1023,7 +1023,7 @@ func resourceAccessContextManagerServicePerimeterCreate(d *schema.ResourceData, return err } - lockName, err := tpgresource.ReplaceVars(d, config, "{{name}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") if err != nil { return err } @@ -1203,7 +1203,7 @@ func resourceAccessContextManagerServicePerimeterUpdate(d *schema.ResourceData, return err } - lockName, err := tpgresource.ReplaceVars(d, config, "{{name}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") if err != nil { return err } @@ -1290,7 +1290,7 @@ func resourceAccessContextManagerServicePerimeterDelete(d *schema.ResourceData, billingProject := "" - lockName, err := tpgresource.ReplaceVars(d, config, "{{name}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") if err != nil { return err } diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy.go index d1d76a33b9..cbd55d1d7f 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy.go @@ -24,6 +24,7 @@ import ( "reflect" "slices" "sort" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -286,6 +287,11 @@ the perimeter.`, }, }, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -312,7 +318,12 @@ func resourceAccessContextManagerServicePerimeterDryRunEgressPolicyCreate(d *sch obj["egressTo"] = egressToProp } - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + obj, err = resourceAccessContextManagerServicePerimeterDryRunEgressPolicyEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -469,7 +480,7 @@ func resourceAccessContextManagerServicePerimeterDryRunEgressPolicyDelete(d *sch billingProject := "" - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -890,6 +901,17 @@ func expandNestedAccessContextManagerServicePerimeterDryRunEgressPolicyEgressToO return v, nil } +func resourceAccessContextManagerServicePerimeterDryRunEgressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the perimeter parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("perimeter").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerServicePerimeterDryRunEgressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy.go index 73c37e19dd..fa04fce842 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy.go @@ -24,6 +24,7 @@ import ( "reflect" "slices" "sort" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -290,6 +291,11 @@ also matches the 'operations' field.`, }, }, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -316,7 +322,12 @@ func resourceAccessContextManagerServicePerimeterDryRunIngressPolicyCreate(d *sc obj["ingressTo"] = ingressToProp } - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + obj, err = resourceAccessContextManagerServicePerimeterDryRunIngressPolicyEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -473,7 +484,7 @@ func resourceAccessContextManagerServicePerimeterDryRunIngressPolicyDelete(d *sc billingProject := "" - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -876,6 +887,17 @@ func expandNestedAccessContextManagerServicePerimeterDryRunIngressPolicyIngressT return v, nil } +func resourceAccessContextManagerServicePerimeterDryRunIngressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the perimeter parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("perimeter").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerServicePerimeterDryRunIngressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource.go index cc860f4ab3..b207d6a080 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource.go @@ -22,6 +22,7 @@ import ( "log" "net/http" "reflect" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -61,6 +62,11 @@ func ResourceAccessContextManagerServicePerimeterDryRunResource() *schema.Resour Currently only projects are allowed. Format: projects/{project_number}`, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -81,7 +87,12 @@ func resourceAccessContextManagerServicePerimeterDryRunResourceCreate(d *schema. obj["resource"] = resourceProp } - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter_name}}") + obj, err = resourceAccessContextManagerServicePerimeterDryRunResourceEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -232,7 +243,7 @@ func resourceAccessContextManagerServicePerimeterDryRunResourceDelete(d *schema. billingProject := "" - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter_name}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -319,6 +330,17 @@ func expandNestedAccessContextManagerServicePerimeterDryRunResourceResource(v in return v, nil } +func resourceAccessContextManagerServicePerimeterDryRunResourceEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the perimeter_name parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("perimeter_name").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerServicePerimeterDryRunResource(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy.go index dd072f50e5..0f5c267a31 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy.go @@ -24,6 +24,7 @@ import ( "reflect" "slices" "sort" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -286,6 +287,11 @@ the perimeter.`, }, }, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -312,7 +318,12 @@ func resourceAccessContextManagerServicePerimeterEgressPolicyCreate(d *schema.Re obj["egressTo"] = egressToProp } - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + obj, err = resourceAccessContextManagerServicePerimeterEgressPolicyEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -468,7 +479,7 @@ func resourceAccessContextManagerServicePerimeterEgressPolicyDelete(d *schema.Re billingProject := "" - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -888,6 +899,17 @@ func expandNestedAccessContextManagerServicePerimeterEgressPolicyEgressToOperati return v, nil } +func resourceAccessContextManagerServicePerimeterEgressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the perimeter parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("perimeter").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerServicePerimeterEgressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy.go index 0a1716c0d0..b0624c8a25 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy.go @@ -24,6 +24,7 @@ import ( "reflect" "slices" "sort" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -293,6 +294,11 @@ also matches the 'operations' field.`, }, }, }, + "access_policy_id": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the Access Policy this resource belongs to.`, + }, }, UseJSONNumber: true, } @@ -319,7 +325,12 @@ func resourceAccessContextManagerServicePerimeterIngressPolicyCreate(d *schema.R obj["ingressTo"] = ingressToProp } - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + obj, err = resourceAccessContextManagerServicePerimeterIngressPolicyEncoder(d, meta, obj) + if err != nil { + return err + } + + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -475,7 +486,7 @@ func resourceAccessContextManagerServicePerimeterIngressPolicyDelete(d *schema.R billingProject := "" - lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter}}") + lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}") if err != nil { return err } @@ -877,6 +888,17 @@ func expandNestedAccessContextManagerServicePerimeterIngressPolicyIngressToOpera return v, nil } +func resourceAccessContextManagerServicePerimeterIngressPolicyEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Set the access_policy_id field from part of the perimeter parameter. + + // The is logic is inside the encoder since the access_policy_id field is part of + // the mutex lock and encoders run before the lock is set. + parts := strings.Split(d.Get("perimeter").(string), "/") + d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1])) + + return obj, nil +} + func flattenNestedAccessContextManagerServicePerimeterIngressPolicy(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { var v interface{} var ok bool diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeters.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeters.go index 6284f9b2dc..68698e69d4 100644 --- a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeters.go +++ b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeters.go @@ -886,6 +886,13 @@ func resourceAccessContextManagerServicePerimetersCreate(d *schema.ResourceData, obj["parent"] = parentProp } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/servicePerimeters:replaceAll") if err != nil { return err @@ -998,6 +1005,13 @@ func resourceAccessContextManagerServicePerimetersUpdate(d *schema.ResourceData, obj["parent"] = parentProp } + lockName, err := tpgresource.ReplaceVars(d, config, "{{parent}}") + if err != nil { + return err + } + transport_tpg.MutexStore.Lock(lockName) + defer transport_tpg.MutexStore.Unlock(lockName) + url, err := tpgresource.ReplaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/servicePerimeters:replaceAll") if err != nil { return err diff --git a/website/docs/r/access_context_manager_access_level_condition.html.markdown b/website/docs/r/access_context_manager_access_level_condition.html.markdown index 208f9cf6a5..2c07fdef79 100644 --- a/website/docs/r/access_context_manager_access_level_condition.html.markdown +++ b/website/docs/r/access_context_manager_access_level_condition.html.markdown @@ -239,6 +239,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{access_level}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts diff --git a/website/docs/r/access_context_manager_egress_policy.html.markdown b/website/docs/r/access_context_manager_egress_policy.html.markdown index 512ac8254e..7ea4deb4ef 100644 --- a/website/docs/r/access_context_manager_egress_policy.html.markdown +++ b/website/docs/r/access_context_manager_egress_policy.html.markdown @@ -50,6 +50,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{egress_policy_name}}/{{resource}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts diff --git a/website/docs/r/access_context_manager_ingress_policy.html.markdown b/website/docs/r/access_context_manager_ingress_policy.html.markdown index e1b4ff6145..e40fd93ee6 100644 --- a/website/docs/r/access_context_manager_ingress_policy.html.markdown +++ b/website/docs/r/access_context_manager_ingress_policy.html.markdown @@ -50,6 +50,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{ingress_policy_name}}/{{resource}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts diff --git a/website/docs/r/access_context_manager_service_perimeter_dry_run_egress_policy.html.markdown b/website/docs/r/access_context_manager_service_perimeter_dry_run_egress_policy.html.markdown index 973cbce79a..18938e73ae 100644 --- a/website/docs/r/access_context_manager_service_perimeter_dry_run_egress_policy.html.markdown +++ b/website/docs/r/access_context_manager_service_perimeter_dry_run_egress_policy.html.markdown @@ -202,6 +202,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{perimeter}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts diff --git a/website/docs/r/access_context_manager_service_perimeter_dry_run_ingress_policy.html.markdown b/website/docs/r/access_context_manager_service_perimeter_dry_run_ingress_policy.html.markdown index db0616d039..b944d4a08b 100644 --- a/website/docs/r/access_context_manager_service_perimeter_dry_run_ingress_policy.html.markdown +++ b/website/docs/r/access_context_manager_service_perimeter_dry_run_ingress_policy.html.markdown @@ -215,6 +215,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{perimeter}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts diff --git a/website/docs/r/access_context_manager_service_perimeter_dry_run_resource.html.markdown b/website/docs/r/access_context_manager_service_perimeter_dry_run_resource.html.markdown index 427ed3d04d..2ad5a4a2a8 100644 --- a/website/docs/r/access_context_manager_service_perimeter_dry_run_resource.html.markdown +++ b/website/docs/r/access_context_manager_service_perimeter_dry_run_resource.html.markdown @@ -96,6 +96,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{perimeter_name}}/{{resource}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts diff --git a/website/docs/r/access_context_manager_service_perimeter_egress_policy.html.markdown b/website/docs/r/access_context_manager_service_perimeter_egress_policy.html.markdown index 3de901d78b..400be86a21 100644 --- a/website/docs/r/access_context_manager_service_perimeter_egress_policy.html.markdown +++ b/website/docs/r/access_context_manager_service_perimeter_egress_policy.html.markdown @@ -202,6 +202,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{perimeter}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts diff --git a/website/docs/r/access_context_manager_service_perimeter_ingress_policy.html.markdown b/website/docs/r/access_context_manager_service_perimeter_ingress_policy.html.markdown index 2d6cb51abb..aefa1679bd 100644 --- a/website/docs/r/access_context_manager_service_perimeter_ingress_policy.html.markdown +++ b/website/docs/r/access_context_manager_service_perimeter_ingress_policy.html.markdown @@ -218,6 +218,9 @@ In addition to the arguments listed above, the following computed attributes are * `id` - an identifier for the resource with format `{{perimeter}}` +* `access_policy_id` - + The name of the Access Policy this resource belongs to. + ## Timeouts