Add support for cloud run service IAM. Use base paths via replaceVars

Signed-off-by: Modular Magician <[email protected]>
hashicorp · Dec 3, 2019 · c9aa18d · c9aa18d
1 parent 1c9f5e6
commit c9aa18d
Show file tree

Hide file tree

Showing 23 changed files with 802 additions and 172 deletions.
diff --git a/google/config.go b/google/config.go
@@ -207,7 +207,7 @@ var BigtableDefaultBasePath = "https://bigtableadmin.googleapis.com/v2/"
 var BinaryAuthorizationDefaultBasePath = "https://binaryauthorization.googleapis.com/v1/"
 var CloudBuildDefaultBasePath = "https://cloudbuild.googleapis.com/v1/"
 var CloudFunctionsDefaultBasePath = "https://cloudfunctions.googleapis.com/v1/"
-var CloudRunDefaultBasePath = "https://{{location}}-run.googleapis.com/apis/"
+var CloudRunDefaultBasePath = "https://{{location}}-run.googleapis.com/"
 var CloudSchedulerDefaultBasePath = "https://cloudscheduler.googleapis.com/v1/"
 var CloudTasksDefaultBasePath = "https://cloudtasks.googleapis.com/v2/"
 var ComputeDefaultBasePath = "https://www.googleapis.com/compute/v1/"

diff --git a/google/iam_binary_authorization_attestor.go b/google/iam_binary_authorization_attestor.go
@@ -108,7 +108,10 @@ func BinaryAuthorizationAttestorIdParseFunc(d *schema.ResourceData, config *Conf
 }
 
 func (u *BinaryAuthorizationAttestorIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-	url := u.qualifyAttestorUrl("getIamPolicy")
+	url, err := u.qualifyAttestorUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -139,7 +142,10 @@ func (u *BinaryAuthorizationAttestorIamUpdater) SetResourceIamPolicy(policy *clo
 	obj := make(map[string]interface{})
 	obj["policy"] = json
 
-	url := u.qualifyAttestorUrl("setIamPolicy")
+	url, err := u.qualifyAttestorUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -154,8 +160,13 @@ func (u *BinaryAuthorizationAttestorIamUpdater) SetResourceIamPolicy(policy *clo
 	return nil
 }
 
-func (u *BinaryAuthorizationAttestorIamUpdater) qualifyAttestorUrl(methodIdentifier string) string {
-	return fmt.Sprintf("https://binaryauthorization.googleapis.com/v1/%s:%s", fmt.Sprintf("projects/%s/attestors/%s", u.project, u.attestor), methodIdentifier)
+func (u *BinaryAuthorizationAttestorIamUpdater) qualifyAttestorUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{BinaryAuthorizationBasePath}}%s:%s", fmt.Sprintf("projects/%s/attestors/%s", u.project, u.attestor), methodIdentifier)
+	url, err := replaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
 }
 
 func (u *BinaryAuthorizationAttestorIamUpdater) GetResourceId() string {

diff --git a/google/iam_cloud_functions_cloud_function.go b/google/iam_cloud_functions_cloud_function.go
@@ -128,7 +128,10 @@ func CloudFunctionsCloudFunctionIdParseFunc(d *schema.ResourceData, config *Conf
 }
 
 func (u *CloudFunctionsCloudFunctionIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-	url := u.qualifyCloudFunctionUrl("getIamPolicy")
+	url, err := u.qualifyCloudFunctionUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -159,7 +162,10 @@ func (u *CloudFunctionsCloudFunctionIamUpdater) SetResourceIamPolicy(policy *clo
 	obj := make(map[string]interface{})
 	obj["policy"] = json
 
-	url := u.qualifyCloudFunctionUrl("setIamPolicy")
+	url, err := u.qualifyCloudFunctionUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -174,8 +180,13 @@ func (u *CloudFunctionsCloudFunctionIamUpdater) SetResourceIamPolicy(policy *clo
 	return nil
 }
 
-func (u *CloudFunctionsCloudFunctionIamUpdater) qualifyCloudFunctionUrl(methodIdentifier string) string {
-	return fmt.Sprintf("https://cloudfunctions.googleapis.com/v1/%s:%s", fmt.Sprintf("projects/%s/locations/%s/functions/%s", u.project, u.region, u.cloudFunction), methodIdentifier)
+func (u *CloudFunctionsCloudFunctionIamUpdater) qualifyCloudFunctionUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{CloudFunctionsBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/%s/functions/%s", u.project, u.region, u.cloudFunction), methodIdentifier)
+	url, err := replaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
 }
 
 func (u *CloudFunctionsCloudFunctionIamUpdater) GetResourceId() string {

diff --git a/google/iam_cloud_run_service.go b/google/iam_cloud_run_service.go
@@ -0,0 +1,202 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+package google
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"google.golang.org/api/cloudresourcemanager/v1"
+)
+
+var CloudRunServiceIamSchema = map[string]*schema.Schema{
+	"project": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"location": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"service": {
+		Type:             schema.TypeString,
+		Required:         true,
+		ForceNew:         true,
+		DiffSuppressFunc: compareSelfLinkOrResourceName,
+	},
+}
+
+type CloudRunServiceIamUpdater struct {
+	project  string
+	location string
+	service  string
+	d        *schema.ResourceData
+	Config   *Config
+}
+
+func CloudRunServiceIamUpdaterProducer(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) {
+	values := make(map[string]string)
+
+	project, err := getProject(d, config)
+	if err != nil {
+		return nil, err
+	}
+	values["project"] = project
+	location, err := getLocation(d, config)
+	if err != nil {
+		return nil, err
+	}
+	values["location"] = location
+	if v, ok := d.GetOk("service"); ok {
+		values["service"] = v.(string)
+	}
+
+	// We may have gotten either a long or short name, so attempt to parse long name if possible
+	m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/services/(?P<service>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<service>[^/]+)", "(?P<location>[^/]+)/(?P<service>[^/]+)", "(?P<service>[^/]+)"}, d, config, d.Get("service").(string))
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &CloudRunServiceIamUpdater{
+		project:  values["project"],
+		location: values["location"],
+		service:  values["service"],
+		d:        d,
+		Config:   config,
+	}
+
+	d.Set("project", u.project)
+	d.Set("location", u.location)
+	d.Set("service", u.GetResourceId())
+
+	return u, nil
+}
+
+func CloudRunServiceIdParseFunc(d *schema.ResourceData, config *Config) error {
+	values := make(map[string]string)
+
+	project, err := getProject(d, config)
+	if err != nil {
+		return err
+	}
+	values["project"] = project
+	location, err := getLocation(d, config)
+	if err != nil {
+		return err
+	}
+	values["location"] = location
+
+	m, err := getImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/services/(?P<service>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<service>[^/]+)", "(?P<location>[^/]+)/(?P<service>[^/]+)", "(?P<service>[^/]+)"}, d, config, d.Id())
+	if err != nil {
+		return err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &CloudRunServiceIamUpdater{
+		project:  values["project"],
+		location: values["location"],
+		service:  values["service"],
+		d:        d,
+		Config:   config,
+	}
+	d.Set("service", u.GetResourceId())
+	d.SetId(u.GetResourceId())
+	return nil
+}
+
+func (u *CloudRunServiceIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
+	url, err := u.qualifyServiceUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
+
+	project, err := getProject(u.d, u.Config)
+	if err != nil {
+		return nil, err
+	}
+	var obj map[string]interface{}
+
+	policy, err := sendRequest(u.Config, "GET", project, url, obj)
+	if err != nil {
+		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	out := &cloudresourcemanager.Policy{}
+	err = Convert(policy, out)
+	if err != nil {
+		return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err)
+	}
+
+	return out, nil
+}
+
+func (u *CloudRunServiceIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
+	json, err := ConvertToMap(policy)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	obj["policy"] = json
+
+	url, err := u.qualifyServiceUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
+
+	project, err := getProject(u.d, u.Config)
+	if err != nil {
+		return err
+	}
+
+	_, err = sendRequestWithTimeout(u.Config, "POST", project, url, obj, u.d.Timeout(schema.TimeoutCreate))
+	if err != nil {
+		return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	return nil
+}
+
+func (u *CloudRunServiceIamUpdater) qualifyServiceUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{CloudRunBasePath}}%s:%s", fmt.Sprintf("v1/projects/%s/locations/%s/services/%s", u.project, u.location, u.service), methodIdentifier)
+	url, err := replaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
+}
+
+func (u *CloudRunServiceIamUpdater) GetResourceId() string {
+	return fmt.Sprintf("v1/projects/%s/locations/%s/services/%s", u.project, u.location, u.service)
+}
+
+func (u *CloudRunServiceIamUpdater) GetMutexKey() string {
+	return fmt.Sprintf("iam-cloudrun-service-%s", u.GetResourceId())
+}
+
+func (u *CloudRunServiceIamUpdater) DescribeResource() string {
+	return fmt.Sprintf("cloudrun service %q", u.GetResourceId())
+}
diff --git a/google/iam_compute_instance.go b/google/iam_compute_instance.go
@@ -128,7 +128,10 @@ func ComputeInstanceIdParseFunc(d *schema.ResourceData, config *Config) error {
 }
 
 func (u *ComputeInstanceIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-	url := u.qualifyInstanceUrl("getIamPolicy")
+	url, err := u.qualifyInstanceUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -159,7 +162,10 @@ func (u *ComputeInstanceIamUpdater) SetResourceIamPolicy(policy *cloudresourcema
 	obj := make(map[string]interface{})
 	obj["policy"] = json
 
-	url := u.qualifyInstanceUrl("setIamPolicy")
+	url, err := u.qualifyInstanceUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -174,8 +180,13 @@ func (u *ComputeInstanceIamUpdater) SetResourceIamPolicy(policy *cloudresourcema
 	return nil
 }
 
-func (u *ComputeInstanceIamUpdater) qualifyInstanceUrl(methodIdentifier string) string {
-	return fmt.Sprintf("https://www.googleapis.com/compute/v1/%s/%s", fmt.Sprintf("projects/%s/zones/%s/instances/%s", u.project, u.zone, u.instanceName), methodIdentifier)
+func (u *ComputeInstanceIamUpdater) qualifyInstanceUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{ComputeBasePath}}%s/%s", fmt.Sprintf("projects/%s/zones/%s/instances/%s", u.project, u.zone, u.instanceName), methodIdentifier)
+	url, err := replaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
 }
 
 func (u *ComputeInstanceIamUpdater) GetResourceId() string {

diff --git a/google/iam_compute_subnetwork.go b/google/iam_compute_subnetwork.go
@@ -128,7 +128,10 @@ func ComputeSubnetworkIdParseFunc(d *schema.ResourceData, config *Config) error
 }
 
 func (u *ComputeSubnetworkIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
-	url := u.qualifySubnetworkUrl("getIamPolicy")
+	url, err := u.qualifySubnetworkUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -159,7 +162,10 @@ func (u *ComputeSubnetworkIamUpdater) SetResourceIamPolicy(policy *cloudresource
 	obj := make(map[string]interface{})
 	obj["policy"] = json
 
-	url := u.qualifySubnetworkUrl("setIamPolicy")
+	url, err := u.qualifySubnetworkUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
 
 	project, err := getProject(u.d, u.Config)
 	if err != nil {
@@ -174,8 +180,13 @@ func (u *ComputeSubnetworkIamUpdater) SetResourceIamPolicy(policy *cloudresource
 	return nil
 }
 
-func (u *ComputeSubnetworkIamUpdater) qualifySubnetworkUrl(methodIdentifier string) string {
-	return fmt.Sprintf("https://www.googleapis.com/compute/v1/%s/%s", fmt.Sprintf("projects/%s/regions/%s/subnetworks/%s", u.project, u.region, u.subnetwork), methodIdentifier)
+func (u *ComputeSubnetworkIamUpdater) qualifySubnetworkUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{ComputeBasePath}}%s/%s", fmt.Sprintf("projects/%s/regions/%s/subnetworks/%s", u.project, u.region, u.subnetwork), methodIdentifier)
+	url, err := replaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
 }
 
 func (u *ComputeSubnetworkIamUpdater) GetResourceId() string {