From 306f002c18b872f9bd0e81bdc3fe1d64b774f90a Mon Sep 17 00:00:00 2001
From: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Date: Fri, 24 Jul 2020 11:50:35 -0700
Subject: [PATCH] fix: set policy version appropriately after roleset bindings
 have changed (#93)

---
 plugin/iamutil/api_handle_test.go | 4 ++++
 plugin/iamutil/iam_policy.go      | 1 +
 2 files changed, 5 insertions(+)

diff --git a/plugin/iamutil/api_handle_test.go b/plugin/iamutil/api_handle_test.go
index 41170fce..cc1bd88b 100644
--- a/plugin/iamutil/api_handle_test.go
+++ b/plugin/iamutil/api_handle_test.go
@@ -88,6 +88,10 @@ func verifyIamResource_GetSetPolicy(t *testing.T, resourceType string,
 		Email: creds.ClientEmail,
 	})
 
+	if p.Version != newP.Version {
+		t.Fatalf("expected policy version %d after adding bindings, got %d", p.Version, newP.Version)
+	}
+
 	if err != nil {
 		t.Fatalf("could not get IAM Policy for resource type '%s': %v", resourceType, err)
 	}
diff --git a/plugin/iamutil/iam_policy.go b/plugin/iamutil/iam_policy.go
index 7d806609..73c9299c 100644
--- a/plugin/iamutil/iam_policy.go
+++ b/plugin/iamutil/iam_policy.go
@@ -103,6 +103,7 @@ func (p *Policy) ChangedBindings(toAdd *PolicyDelta, toRemove *PolicyDelta) (cha
 		return true, &Policy{
 			Bindings: newBindings,
 			Etag:     p.Etag,
+			Version:  p.Version,
 		}
 	}
 	return false, p