diff --git a/google/resource_google_organization_iam_custom_role.go b/google/resource_google_organization_iam_custom_role.go index 203f7995870..cd8e42a4a0e 100644 --- a/google/resource_google_organization_iam_custom_role.go +++ b/google/resource_google_organization_iam_custom_role.go @@ -52,10 +52,8 @@ func resourceGoogleOrganizationIamCustomRole() *schema.Resource { Optional: true, }, "deleted": { - Type: schema.TypeBool, - Optional: true, - Default: false, - Deprecated: `deleted will be converted to a computed-only field soon - if you want to delete this role, please use destroy`, + Type: schema.TypeBool, + Computed: true, }, }, } @@ -64,10 +62,6 @@ func resourceGoogleOrganizationIamCustomRole() *schema.Resource { func resourceGoogleOrganizationIamCustomRoleCreate(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) - if d.Get("deleted").(bool) { - return fmt.Errorf("cannot create a custom organization role with a deleted state. `deleted` field should be false.") - } - org := d.Get("org_id").(string) roleId := fmt.Sprintf("organizations/%s/roles/%s", org, d.Get("role_id").(string)) orgId := fmt.Sprintf("organizations/%s", org) @@ -141,50 +135,21 @@ func resourceGoogleOrganizationIamCustomRoleUpdate(d *schema.ResourceData, meta d.Partial(true) - if d.Get("deleted").(bool) { - if d.HasChange("deleted") { - // If other fields were changed, we need to update those first and then delete. - // If we don't update, we will get diffs from re-apply - // If we delete and then try to update, we will get an error. - if err := resourceGoogleOrganizationIamCustomRoleUpdateNonDeletedFields(d, meta); err != nil { - return err - } - - if err := resourceGoogleOrganizationIamCustomRoleDelete(d, meta); err != nil { - return err - } - - d.SetPartial("deleted") - d.Partial(false) - return nil - } else { - return fmt.Errorf("cannot make changes to deleted custom organization role %s", d.Id()) - } - } - // We want to update the role to some undeleted state. // Make sure the role with given ID exists and is un-deleted before patching. r, err := config.clientIAM.Organizations.Roles.Get(d.Id()).Do() if err != nil { return fmt.Errorf("unable to find custom project role %s to update: %v", d.Id(), err) } + if r.Deleted { - if err := resourceGoogleOrganizationIamCustomRoleUndelete(d, meta); err != nil { - return err + _, err := config.clientIAM.Organizations.Roles.Undelete(d.Id(), &iam.UndeleteRoleRequest{}).Do() + if err != nil { + return fmt.Errorf("Error undeleting the custom organization role %s: %s", d.Get("title").(string), err) } - d.SetPartial("deleted") - } - if err := resourceGoogleOrganizationIamCustomRoleUpdateNonDeletedFields(d, meta); err != nil { - return err + d.SetPartial("deleted") } - d.Partial(false) - - return nil -} - -func resourceGoogleOrganizationIamCustomRoleUpdateNonDeletedFields(d *schema.ResourceData, meta interface{}) error { - config := meta.(*Config) if d.HasChange("title") || d.HasChange("description") || d.HasChange("stage") || d.HasChange("permissions") { _, err := config.clientIAM.Organizations.Roles.Patch(d.Id(), &iam.Role{ @@ -197,12 +162,14 @@ func resourceGoogleOrganizationIamCustomRoleUpdateNonDeletedFields(d *schema.Res if err != nil { return fmt.Errorf("Error updating the custom organization role %s: %s", d.Get("title").(string), err) } + d.SetPartial("title") d.SetPartial("description") d.SetPartial("stage") d.SetPartial("permissions") } + d.Partial(false) return nil } @@ -222,14 +189,3 @@ func resourceGoogleOrganizationIamCustomRoleDelete(d *schema.ResourceData, meta return nil } - -func resourceGoogleOrganizationIamCustomRoleUndelete(d *schema.ResourceData, meta interface{}) error { - config := meta.(*Config) - - _, err := config.clientIAM.Organizations.Roles.Undelete(d.Id(), &iam.UndeleteRoleRequest{}).Do() - if err != nil { - return fmt.Errorf("Error undeleting the custom organization role %s: %s", d.Get("title").(string), err) - } - - return nil -} diff --git a/google/resource_google_organization_iam_custom_role_test.go b/google/resource_google_organization_iam_custom_role_test.go index 6d7fef64851..8073aea56d5 100644 --- a/google/resource_google_organization_iam_custom_role_test.go +++ b/google/resource_google_organization_iam_custom_role_test.go @@ -66,8 +66,9 @@ func TestAccOrganizationIamCustomRole_undelete(t *testing.T) { }, // Soft-delete { - Config: testAccCheckGoogleOrganizationIamCustomRole_deleted(org, roleId), - Check: testAccCheckGoogleOrganizationIamCustomRoleDeletionStatus("google_organization_iam_custom_role.foo", true), + Config: testAccCheckGoogleOrganizationIamCustomRole_basic(org, roleId), + Check: testAccCheckGoogleOrganizationIamCustomRoleDeletionStatus("google_organization_iam_custom_role.foo", true), + Destroy: true, }, // Undelete { @@ -218,19 +219,6 @@ resource "google_organization_iam_custom_role" "foo" { `, roleId, orgId) } -func testAccCheckGoogleOrganizationIamCustomRole_deleted(orgId, roleId string) string { - return fmt.Sprintf(` -resource "google_organization_iam_custom_role" "foo" { - role_id = "%s" - org_id = "%s" - title = "My Custom Role" - description = "foo" - permissions = ["resourcemanager.projects.list"] - deleted = true -} -`, roleId, orgId) -} - func testAccCheckGoogleOrganizationIamCustomRole_update(orgId, roleId string) string { return fmt.Sprintf(` resource "google_organization_iam_custom_role" "foo" { diff --git a/website/docs/r/google_organization_iam_custom_role.html.markdown b/website/docs/r/google_organization_iam_custom_role.html.markdown index 9b3aa33d2d5..2593e0481f7 100644 --- a/website/docs/r/google_organization_iam_custom_role.html.markdown +++ b/website/docs/r/google_organization_iam_custom_role.html.markdown @@ -52,7 +52,12 @@ The following arguments are supported: * `description` - (Optional) A human-readable description for the role. -* `deleted` - (Optional) The current deleted state of the role. Defaults to `false`. +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `deleted` - (Optional) The current deleted state of the role. ## Import