Refactored to make Resources not specific to IAM

- Also fixed exception with locations/global in tests

Makefile

@@ -51,5 +51,12 @@ fmtcheck:
 fmt:
 	gofmt -w $(GOFMT_FILES)
 
-
-.PHONY: bin default generate test vet bootstrap fmt fmtcheck
+update-resources:
+	pushd $(CURDIR)/plugin/iamutil && \
+	go build -o generate ./internal && \
+	./generate && \
+	rm generate && \
+	popd
+
+
+.PHONY: bin default generate test vet bootstrap fmt fmtcheck update-resources

go.sum

@@ -228,6 +228,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90Pveol
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480 h1:O5YqonU5IWby+w98jVUG9h7zlCWCcH4RHyPVReBmhzk=
 golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -251,6 +253,7 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -283,6 +286,8 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qd
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5 h1:LfCXLvNmTYH9kEmVgqbnsWfruoXZIrh4YBgqVHtDvw0=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db h1:6/JqlYfC1CCaLnGceQTI+sDGhC9UBSPAsBqI0Gun6kU=

plugin/backend.go

@@ -33,7 +33,7 @@ type backend struct {
 	// cache directly.
 	cache *cache.Cache
 
-	iamResources iamutil.IamResourceParser
+	resources iamutil.ResourceParser
 
 	rolesetLock sync.Mutex
 }
@@ -49,8 +49,8 @@ func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend,
 
 func Backend() *backend {
 	var b = &backend{
-		cache:        cache.New(),
-		iamResources: iamutil.GetEnabledIamResources(),
+		cache:     cache.New(),
+		resources: iamutil.GetEnabledResources(),
 	}
 
 	b.Backend = &framework.Backend{

plugin/iamutil/api_handle.go

@@ -0,0 +1,117 @@
+package iamutil
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/hashicorp/errwrap"
+	"google.golang.org/api/googleapi"
+	"io"
+	"net/http"
+	"strings"
+)
+
+type ApiHandle struct {
+	c         *http.Client
+	userAgent string
+}
+
+func GetApiHandle(client *http.Client, userAgent string) *ApiHandle {
+	return &ApiHandle{
+		c:         client,
+		userAgent: userAgent,
+	}
+}
+
+func (h *ApiHandle) DoGetRequest(ctx context.Context, r Resource, out interface{}) (err error) {
+	config := r.GetConfig()
+	req, err := constructRequest(r, &config.GetMethod, nil)
+	if err != nil {
+		return errwrap.Wrapf("Unable to construct Get request: {{err}}", err)
+	}
+	return h.doRequest(ctx, req, out)
+}
+
+func (h *ApiHandle) DoSetRequest(ctx context.Context, r Resource, data io.Reader, out interface{}) error {
+	config := r.GetConfig()
+	req, err := constructRequest(r, &config.SetMethod, data)
+	if err != nil {
+		return errwrap.Wrapf("Unable to construct Set request: {{err}}", err)
+	}
+	return h.doRequest(ctx, req, out)
+}
+
+func (h *ApiHandle) doRequest(ctx context.Context, req *http.Request, out interface{}) error {
+	if req.Header == nil {
+		req.Header = make(http.Header)
+	}
+	if h.userAgent != "" {
+		req.Header.Set("User-Agent", h.userAgent)
+	}
+
+	resp, err := h.c.Do(req.WithContext(ctx))
+	if err != nil {
+		return err
+	}
+	defer googleapi.CloseBody(resp)
+
+	if err := googleapi.CheckResponse(resp); err != nil {
+		return err
+	}
+
+	if err := json.NewDecoder(resp.Body).Decode(out); err != nil {
+		return errwrap.Wrapf("unable to decode JSON resp to output interface: {{err}}", err)
+	}
+	return nil
+}
+
+func constructRequest(r Resource, restMethod *RestMethod, data io.Reader) (*http.Request, error) {
+	config := r.GetConfig()
+	if data == nil && config != nil && config.Service == "cloudresourcemanager" {
+		// In order to support Resource Manager policies with conditional bindings,
+		// we need to request the policy version of 3. This request parameter is backwards compatible
+		// and will return version 1 policies if they are not yet updated to version 3.
+		requestPolicyVersion3 := `{"options": {"requestedPolicyVersion": 3}}`
+		data = strings.NewReader(requestPolicyVersion3)
+	}
+	req, err := http.NewRequest(
+		restMethod.HttpMethod,
+		googleapi.ResolveRelative(restMethod.BaseURL, restMethod.Path),
+		data)
+	if err != nil {
+		return nil, err
+	}
+
+	if req.Header == nil {
+		req.Header = make(http.Header)
+	}
+	if data != nil {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	relId := r.GetRelativeId()
+	replacementMap := make(map[string]string)
+
+	if strings.Contains(restMethod.Path, "{+resource}") {
+		// +resource is used to represent full relative resource name
+		if len(config.Parameters) == 1 && config.Parameters[0] == "resource" {
+			relName := ""
+			tkns := strings.Split(config.TypeKey, "/")
+			for _, colId := range tkns {
+				relName += fmt.Sprintf("%s/%s/", colId, relId.IdTuples[colId])
+			}
+			replacementMap["resource"] = strings.Trim(relName, "/")
+		}
+	} else {
+		for colId, resId := range relId.IdTuples {
+			rId, ok := config.CollectionReplacementKeys[colId]
+			if !ok {
+				return nil, fmt.Errorf("expected value for collection id %s", colId)
+			}
+			replacementMap[rId] = resId
+		}
+	}
+
+	googleapi.Expand(req.URL, replacementMap)
+	return req, nil
+}

plugin/iamutil/iam_handle_test.go → plugin/iamutil/api_handle_test.go

@@ -14,8 +14,8 @@ import (
 	"google.golang.org/api/option"
 )
 
-func TestIamHandle_ServiceAccount(t *testing.T) {
-	createServiceAccount := func(t *testing.T, httpC *http.Client) *parsedIamResource {
+func TestIamResource_ServiceAccount(t *testing.T) {
+	createServiceAccount := func(t *testing.T, httpC *http.Client) *IamResource {
 		iamAdmin, err := iam.NewService(context.Background(), option.WithHTTPClient(httpC))
 		if err != nil {
 			t.Fatal(err)
@@ -38,15 +38,15 @@ func TestIamHandle_ServiceAccount(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		rConfig := generatedIamResources["projects/serviceAccounts"]["iam"]["v1"]
+		rConfig := generatedResources["projects/serviceAccounts"]["iam"]["v1"]
 
-		return &parsedIamResource{
+		return &IamResource{
 			relativeId: relId,
 			config:     &rConfig,
 		}
 	}
 
-	deleteServiceAccount := func(t *testing.T, httpC *http.Client, r *parsedIamResource) {
+	deleteServiceAccount := func(t *testing.T, httpC *http.Client, r *IamResource) {
 		saName := fmt.Sprintf("projects/%s/serviceAccounts/%s",
 			r.relativeId.IdTuples["projects"],
 			r.relativeId.IdTuples["serviceAccounts"])
@@ -64,8 +64,8 @@ func TestIamHandle_ServiceAccount(t *testing.T) {
 }
 
 func verifyIamResource_GetSetPolicy(t *testing.T, resourceType string,
-	getF func(*testing.T, *http.Client) *parsedIamResource,
-	cleanupF func(*testing.T, *http.Client, *parsedIamResource)) {
+	getF func(*testing.T, *http.Client) *IamResource,
+	cleanupF func(*testing.T, *http.Client, *IamResource)) {
 
 	_, creds := util.GetTestCredentials(t)
 	httpC, err := gcputil.GetHttpClient(creds, iam.CloudPlatformScope)
@@ -76,9 +76,9 @@ func verifyIamResource_GetSetPolicy(t *testing.T, resourceType string,
 	r := getF(t, httpC)
 	defer cleanupF(t, httpC, r)
 
-	h := GetIamHandle(httpC, "")
+	h := GetApiHandle(httpC, "")
 
-	p, err := h.GetIamPolicy(context.Background(), r)
+	p, err := r.GetIamPolicy(context.Background(), h)
 	if err != nil {
 		t.Fatalf("could not get IAM Policy for resource type '%s': %v", resourceType, err)
 	}
@@ -92,12 +92,12 @@ func verifyIamResource_GetSetPolicy(t *testing.T, resourceType string,
 		t.Fatalf("could not get IAM Policy for resource type '%s': %v", resourceType, err)
 	}
 
-	changedP, err := h.SetIamPolicy(context.Background(), r, newP)
+	changedP, err := r.SetIamPolicy(context.Background(), h, newP)
 	if err != nil {
 		t.Fatalf("could not set IAM Policy for resource type '%s': %v", resourceType, err)
 	}
 
-	actualP, err := h.GetIamPolicy(context.Background(), r)
+	actualP, err := r.GetIamPolicy(context.Background(), h)
 	if err != nil {
 		t.Fatalf("could not get updated IAM Policy for resource type '%s': %v", resourceType, err)
 	}