Skip to content

Commit

Permalink
Autogenerate IAM resources for IAP Tunnel Instance
Browse files Browse the repository at this point in the history 
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
@emilymye @modular-magician
emilymye authored and modular-magician committed Jan 17, 2020
1 parent 6bc1b8c commit f11df06
Show file tree
Hide file tree
Showing 6 changed files with 964 additions and 458 deletions.
233 changes: 125 additions & 108 deletions google-beta/iam_iap_tunnel_instance.go
View file
Original file line number Diff line number Diff line change
@@ -1,189 +1,206 @@
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Magic Modules and manual
// changes will be clobbered when the file is regenerated.
//
// Please read more about how to change this file in
// .github/CONTRIBUTING.md.
//
// ----------------------------------------------------------------------------
package google

import (
"fmt"
"strconv"
"strings"

"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"google.golang.org/api/cloudresourcemanager/v1"
iap "google.golang.org/api/iap/v1beta1"
)

var IamIapTunnelInstanceSchema = map[string]*schema.Schema{
"instance": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},

var IapTunnelInstanceIamSchema = map[string]*schema.Schema{
"project": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Optional: true,
ForceNew: true,
},

"zone": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Optional: true,
ForceNew: true,
},
"instance": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
DiffSuppressFunc: compareSelfLinkOrResourceName,
},
}

type IapTunnelInstanceIamUpdater struct {
project string
zone string
instance string
projectNumber string
Config *Config
project string
zone string
instance string
d *schema.ResourceData
Config *Config
}

func NewIapTunnelInstanceIamUpdater(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) {
func IapTunnelInstanceIamUpdaterProducer(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) {
values := make(map[string]string)

project, err := getProject(d, config)
if err != nil {
return nil, err
}

res, err := config.clientResourceManager.Projects.Get(project).Do()
values["project"] = project
zone, err := getZone(d, config)
if err != nil {
return nil, err
}
values["zone"] = zone
if v, ok := d.GetOk("instance"); ok {
values["instance"] = v.(string)
}

//The IAP API currently doesn't work when using a projectId. When hitting the endpoint with a projectId instead
//of a projectNumber, the backend returns a 400 error, saying that it is an invalid argument. We abstract away
//this implementation detail from the consumer, and allow consumers to work with projectIds, which is consistent
//with other resources. However, that means we have to maintain/lookup the projectNumber from the projectID
//inside this provider plugin.
projectNumber := strconv.FormatInt(res.ProjectNumber, 10)

zone, err := getZone(d, config)
// We may have gotten either a long or short name, so attempt to parse long name if possible
m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/iap_tunnel/zones/(?P<zone>[^/]+)/instances/(?P<instance>[^/]+)", "projects/(?P<project>[^/]+)/zones/(?P<zone>[^/]+)/instances/(?P<instance>[^/]+)", "(?P<project>[^/]+)/(?P<zone>[^/]+)/(?P<instance>[^/]+)", "(?P<zone>[^/]+)/(?P<instance>[^/]+)", "(?P<instance>[^/]+)"}, d, config, d.Get("instance").(string))
if err != nil {
return nil, err
}

return &IapTunnelInstanceIamUpdater{
project: project,
projectNumber: projectNumber,
zone: zone,
instance: d.Get("instance").(string),
Config: config,
}, nil
for k, v := range m {
values[k] = v
}

u := &IapTunnelInstanceIamUpdater{
project: values["project"],
zone: values["zone"],
instance: values["instance"],
d: d,
Config: config,
}

d.Set("project", u.project)
d.Set("zone", u.zone)
d.Set("instance", u.GetResourceId())

return u, nil
}

func IapTunnelInstanceIdParseFunc(d *schema.ResourceData, config *Config) error {
parts := strings.Split(d.Id(), "/")
var fv *ZonalFieldValue
if len(parts) == 3 {
// {project}/{zone}/{name} syntax
fv = &ZonalFieldValue{
Project: parts[0],
Zone: parts[1],
Name: parts[2],
resourceType: "instances",
}
} else if len(parts) == 2 {
// /{zone}/{name} syntax
project, err := getProject(d, config)
if err != nil {
return err
}
fv = &ZonalFieldValue{
Project: project,
Zone: parts[0],
Name: parts[1],
resourceType: "instances",
}
} else {
// We either have a name or a full self link, so use the field helper
var err error
fv, err = ParseInstanceFieldValue(d.Id(), d, config)
if err != nil {
return err
}
}

d.Set("project", fv.Project)
d.Set("zone", fv.Zone)
d.Set("instance", fv.Name)

res, err := config.clientResourceManager.Projects.Get(fv.Project).Do()
values := make(map[string]string)

project, err := getProject(d, config)
if err != nil {
return err
}
values["project"] = project
zone, err := getZone(d, config)
if err != nil {
return err
}
values["zone"] = zone

m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/iap_tunnel/zones/(?P<zone>[^/]+)/instances/(?P<instance>[^/]+)", "projects/(?P<project>[^/]+)/zones/(?P<zone>[^/]+)/instances/(?P<instance>[^/]+)", "(?P<project>[^/]+)/(?P<zone>[^/]+)/(?P<instance>[^/]+)", "(?P<zone>[^/]+)/(?P<instance>[^/]+)", "(?P<instance>[^/]+)"}, d, config, d.Id())
if err != nil {
return err
}

projectNumber := strconv.FormatInt(res.ProjectNumber, 10)
for k, v := range m {
values[k] = v
}

// Explicitly set the id so imported resources have the same ID format as non-imported ones.
d.SetId(fmt.Sprintf("projects/%s/iap_tunnel/zones/%s/instances/%s", projectNumber, fv.Zone, fv.Name))
u := &IapTunnelInstanceIamUpdater{
project: values["project"],
zone: values["zone"],
instance: values["instance"],
d: d,
Config: config,
}
d.Set("instance", u.GetResourceId())
d.SetId(u.GetResourceId())
return nil
}

func (u *IapTunnelInstanceIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
req := &iap.GetIamPolicyRequest{}
url, err := u.qualifyTunnelInstanceUrl("getIamPolicy")
if err != nil {
return nil, err
}

p, err := u.Config.clientIAP.V1beta1.GetIamPolicy(fmt.Sprintf("projects/%s/iap_tunnel/zones/%s/instances/%s", u.projectNumber, u.zone, u.instance), req).Do()
project, err := getProject(u.d, u.Config)
if err != nil {
return nil, err
}
var obj map[string]interface{}
obj = map[string]interface{}{
"options": map[string]interface{}{
"requestedPolicyVersion": iamPolicyVersion,
},
}

policy, err := sendRequest(u.Config, "POST", project, url, obj)
if err != nil {
return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)
}

cloudResourcePolicy, err := iapToResourceManagerPolicy(p)

out := &cloudresourcemanager.Policy{}
err = Convert(policy, out)
if err != nil {
return nil, errwrap.Wrapf(fmt.Sprintf("Invalid IAM policy for %s: {{err}}", u.DescribeResource()), err)
return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err)
}

return cloudResourcePolicy, nil
return out, nil
}

func (u *IapTunnelInstanceIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
iapPolicy, err := resourceManagerToIapPolicy(policy)

json, err := ConvertToMap(policy)
if err != nil {
return errwrap.Wrapf(fmt.Sprintf("Invalid IAM policy for %s: {{err}}", u.DescribeResource()), err)
return err
}

req := &iap.SetIamPolicyRequest{
Policy: iapPolicy,
obj := make(map[string]interface{})
obj["policy"] = json

url, err := u.qualifyTunnelInstanceUrl("setIamPolicy")
if err != nil {
return err
}
project, err := getProject(u.d, u.Config)
if err != nil {
return err
}
_, err = u.Config.clientIAP.V1beta1.SetIamPolicy(fmt.Sprintf("projects/%s/iap_tunnel/zones/%s/instances/%s", u.projectNumber, u.zone, u.instance), req).Do()

_, err = sendRequestWithTimeout(u.Config, "POST", project, url, obj, u.d.Timeout(schema.TimeoutCreate))
if err != nil {
return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
}

return nil
}

func (u *IapTunnelInstanceIamUpdater) qualifyTunnelInstanceUrl(methodIdentifier string) (string, error) {
urlTemplate := fmt.Sprintf("{{IapBasePath}}%s:%s", fmt.Sprintf("projects/%s/iap_tunnel/zones/%s/instances/%s", u.project, u.zone, u.instance), methodIdentifier)
url, err := replaceVars(u.d, u.Config, urlTemplate)
if err != nil {
return "", err
}
return url, nil
}

func (u *IapTunnelInstanceIamUpdater) GetResourceId() string {
return fmt.Sprintf("projects/%s/iap_tunnel/zones/%s/instances/%s", u.projectNumber, u.zone, u.instance)
return fmt.Sprintf("projects/%s/iap_tunnel/zones/%s/instances/%s", u.project, u.zone, u.instance)
}

func (u *IapTunnelInstanceIamUpdater) GetMutexKey() string {
return fmt.Sprintf("iap-tunnel-instance-%s-%s-%s", u.projectNumber, u.zone, u.instance)
return fmt.Sprintf("iam-iap-tunnelinstance-%s", u.GetResourceId())
}

func (u *IapTunnelInstanceIamUpdater) DescribeResource() string {
return fmt.Sprintf("IAP Tunnel Instance %s/%s/%s", u.projectNumber, u.zone, u.instance)
}

func resourceManagerToIapPolicy(p *cloudresourcemanager.Policy) (*iap.Policy, error) {
out := &iap.Policy{}
err := Convert(p, out)
if err != nil {
return nil, errwrap.Wrapf("Cannot convert a resourcemanager policy to am IAP policy: {{err}}", err)
}
return out, nil
}

func iapToResourceManagerPolicy(p *iap.Policy) (*cloudresourcemanager.Policy, error) {
out := &cloudresourcemanager.Policy{}
err := Convert(p, out)
if err != nil {
return nil, errwrap.Wrapf("Cannot convert an IAP policy to a resourcemanager policy: {{err}}", err)
}
return out, nil
return fmt.Sprintf("iap tunnelinstance %q", u.GetResourceId())
}
Loading

0 comments on commit f11df06

Please sign in to comment.