From b88f60a6ca04121898c478e917219e9110ca4339 Mon Sep 17 00:00:00 2001
From: Sam Levenick <slevenick@google.com>
Date: Fri, 22 Nov 2019 18:04:07 +0000
Subject: [PATCH] Validate on deleted IAM members

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 google-beta/data_source_google_iam_policy.go        |  9 +++++++--
 ...ce_dataproc_autoscaling_policy_generated_test.go | 12 ++++++------
 google-beta/resource_iam_binding.go                 |  3 +++
 google-beta/resource_iam_member.go                  |  3 +++
 .../resource_monitoring_group_generated_test.go     |  2 +-
 .../r/dataproc_autoscaling_policy.html.markdown     | 13 ++++++++++---
 website/docs/r/monitoring_group.html.markdown       |  2 +-
 website/google.erb                                  |  1 +
 8 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/google-beta/data_source_google_iam_policy.go b/google-beta/data_source_google_iam_policy.go
index ad141d7e51..97a840a33a 100644
--- a/google-beta/data_source_google_iam_policy.go
+++ b/google-beta/data_source_google_iam_policy.go
@@ -2,11 +2,13 @@ package google
 
 import (
 	"encoding/json"
+	"regexp"
 	"sort"
 	"strconv"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"google.golang.org/api/cloudresourcemanager/v1"
 )
 
@@ -38,8 +40,11 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
 						"members": {
 							Type:     schema.TypeSet,
 							Required: true,
-							Elem:     &schema.Schema{Type: schema.TypeString},
-							Set:      schema.HashString,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM policies for deleted principals"),
+							},
+							Set: schema.HashString,
 						},
 						"condition": {
 							Type:     schema.TypeList,
diff --git a/google-beta/resource_dataproc_autoscaling_policy_generated_test.go b/google-beta/resource_dataproc_autoscaling_policy_generated_test.go
index 2931e9b61e..e95c97a6b9 100644
--- a/google-beta/resource_dataproc_autoscaling_policy_generated_test.go
+++ b/google-beta/resource_dataproc_autoscaling_policy_generated_test.go
@@ -33,24 +33,23 @@ func TestAccDataprocAutoscalingPolicy_dataprocAutoscalingPolicyExample(t *testin
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProviders,
+		Providers:    testAccProvidersOiCS,
 		CheckDestroy: testAccCheckDataprocAutoscalingPolicyDestroy,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccDataprocAutoscalingPolicy_dataprocAutoscalingPolicyExample(context),
 			},
-			{
-				ResourceName:      "google_dataproc_autoscaling_policy.asp",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
 		},
 	})
 }
 
 func testAccDataprocAutoscalingPolicy_dataprocAutoscalingPolicyExample(context map[string]interface{}) string {
 	return Nprintf(`
+provider "google-beta" {
+}
+
 resource "google_dataproc_cluster" "basic" {
+  provider = google-beta
   name     = "tf-dataproc-test-%{random_suffix}"
   region   = "us-central1"
 
@@ -62,6 +61,7 @@ resource "google_dataproc_cluster" "basic" {
 }
 
 resource "google_dataproc_autoscaling_policy" "asp" {
+  provider  = google-beta
   policy_id = "tf-dataproc-test-%{random_suffix}"
   location  = "us-central1"
 
diff --git a/google-beta/resource_iam_binding.go b/google-beta/resource_iam_binding.go
index 7b26f8ee64..a9058323eb 100644
--- a/google-beta/resource_iam_binding.go
+++ b/google-beta/resource_iam_binding.go
@@ -4,9 +4,11 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"regexp"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"google.golang.org/api/cloudresourcemanager/v1"
 )
 
@@ -22,6 +24,7 @@ var iamBindingSchema = map[string]*schema.Schema{
 		Elem: &schema.Schema{
 			Type:             schema.TypeString,
 			DiffSuppressFunc: caseDiffSuppress,
+			ValidateFunc:     validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM bindings for deleted principals"),
 		},
 		Set: func(v interface{}) int {
 			return schema.HashString(strings.ToLower(v.(string)))
diff --git a/google-beta/resource_iam_member.go b/google-beta/resource_iam_member.go
index 31b3f19a0a..33c36b93cf 100644
--- a/google-beta/resource_iam_member.go
+++ b/google-beta/resource_iam_member.go
@@ -4,9 +4,11 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"regexp"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"google.golang.org/api/cloudresourcemanager/v1"
 )
 
@@ -21,6 +23,7 @@ var IamMemberBaseSchema = map[string]*schema.Schema{
 		Required:         true,
 		ForceNew:         true,
 		DiffSuppressFunc: caseDiffSuppress,
+		ValidateFunc:     validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM members for deleted principals"),
 	},
 	"condition": {
 		Type:     schema.TypeList,
diff --git a/google-beta/resource_monitoring_group_generated_test.go b/google-beta/resource_monitoring_group_generated_test.go
index 47a850fd72..d5174a947f 100644
--- a/google-beta/resource_monitoring_group_generated_test.go
+++ b/google-beta/resource_monitoring_group_generated_test.go
@@ -85,7 +85,7 @@ func TestAccMonitoringGroup_monitoringGroupSubgroupExample(t *testing.T) {
 func testAccMonitoringGroup_monitoringGroupSubgroupExample(context map[string]interface{}) string {
 	return Nprintf(`
 resource "google_monitoring_group" "parent" {
-  display_name = "tf-test MonitoringParentGroup%{random_suffix}"
+  display_name = "tf-test MonitoringSubGroup%{random_suffix}"
   filter       = "resource.metadata.region=\"europe-west2\""
 }
 
diff --git a/website/docs/r/dataproc_autoscaling_policy.html.markdown b/website/docs/r/dataproc_autoscaling_policy.html.markdown
index 396efa9738..a096c07076 100644
--- a/website/docs/r/dataproc_autoscaling_policy.html.markdown
+++ b/website/docs/r/dataproc_autoscaling_policy.html.markdown
@@ -24,6 +24,8 @@ description: |-
 
 Describes an autoscaling policy for Dataproc cluster autoscaler.
 
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
 
 
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
@@ -35,7 +37,11 @@ Describes an autoscaling policy for Dataproc cluster autoscaler.
 
 
 ```hcl
+provider "google-beta" {
+}
+
 resource "google_dataproc_cluster" "basic" {
+  provider = google-beta
   name     = "tf-dataproc-test-"
   region   = "us-central1"
 
@@ -47,6 +53,7 @@ resource "google_dataproc_cluster" "basic" {
 }
 
 resource "google_dataproc_autoscaling_policy" "asp" {
+  provider  = google-beta
   policy_id = "tf-dataproc-test-"
   location  = "us-central1"
 
@@ -232,9 +239,9 @@ This resource provides the following
 AutoscalingPolicy can be imported using any of these accepted formats:
 
 ```
-$ terraform import google_dataproc_autoscaling_policy.default projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}
-$ terraform import google_dataproc_autoscaling_policy.default {{project}}/{{location}}/{{policy_id}}
-$ terraform import google_dataproc_autoscaling_policy.default {{location}}/{{policy_id}}
+$ terraform import -provider=google-beta google_dataproc_autoscaling_policy.default projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}
+$ terraform import -provider=google-beta google_dataproc_autoscaling_policy.default {{project}}/{{location}}/{{policy_id}}
+$ terraform import -provider=google-beta google_dataproc_autoscaling_policy.default {{location}}/{{policy_id}}
 ```
 
 -> If you're importing a resource with beta features, make sure to include `-provider=google-beta`
diff --git a/website/docs/r/monitoring_group.html.markdown b/website/docs/r/monitoring_group.html.markdown
index f3a96ae49a..85ec126958 100644
--- a/website/docs/r/monitoring_group.html.markdown
+++ b/website/docs/r/monitoring_group.html.markdown
@@ -59,7 +59,7 @@ resource "google_monitoring_group" "basic" {
 
 ```hcl
 resource "google_monitoring_group" "parent" {
-  display_name = "tf-test MonitoringParentGroup"
+  display_name = "tf-test MonitoringSubGroup"
   filter       = "resource.metadata.region=\"europe-west2\""
 }
 
diff --git a/website/google.erb b/website/google.erb
index f10e0bb5e9..5af9642239 100644
--- a/website/google.erb
+++ b/website/google.erb
@@ -824,6 +824,7 @@
     <li<%= sidebar_current("docs-google-dataproc") %>>
         <a href="#">Google Dataproc Resources</a>
         <ul class="nav nav-visible">
+
           <li<%= sidebar_current("docs-google-dataproc-autoscaling-policy") %>>
           <a href="/docs/providers/google/r/dataproc_autoscaling_policy.html">google_dataproc_autoscaling_policy</a>
           </li>