From e1694376f735ab3c6c587baff0551b51a28a0904 Mon Sep 17 00:00:00 2001
From: Liyun Huang <liyunhuang@google.com>
Date: Fri, 30 Aug 2024 15:50:27 -0400
Subject: [PATCH] Added backupvault resource to Terraform backupdr product
 (beta) (#11317)

---
 mmv1/products/backupdr/BackupVault.yaml       | 143 ++++++++++++++++++
 mmv1/products/backupdr/product.yaml           |   2 +-
 .../backup_dr_backup_vault_full.tf.erb        |  18 +++
 ...esource_backup_dr_backup_vault_test.go.erb |  98 ++++++++++++
 4 files changed, 260 insertions(+), 1 deletion(-)
 create mode 100644 mmv1/products/backupdr/BackupVault.yaml
 create mode 100644 mmv1/templates/terraform/examples/backup_dr_backup_vault_full.tf.erb
 create mode 100644 mmv1/third_party/terraform/services/backupdr/resource_backup_dr_backup_vault_test.go.erb

diff --git a/mmv1/products/backupdr/BackupVault.yaml b/mmv1/products/backupdr/BackupVault.yaml
new file mode 100644
index 000000000000..253d6a3dfc6b
--- /dev/null
+++ b/mmv1/products/backupdr/BackupVault.yaml
@@ -0,0 +1,143 @@
+--- !ruby/object:Api::Resource
+base_url: projects/{{project}}/locations/{{location}}/backupVaults
+create_url: projects/{{project}}/locations/{{location}}/backupVaults?backupVaultId={{backup_vault_id}}
+update_url: projects/{{project}}/locations/{{location}}/backupVaults/{{backup_vault_id}}?force={{force_update}}
+delete_url: projects/{{project}}/locations/{{location}}/backupVaults/{{backup_vault_id}}?force={{force_delete}}&allowMissing={{allow_missing}}
+self_link: projects/{{project}}/locations/{{location}}/backupVaults/{{backup_vault_id}}
+id_format: projects/{{project}}/locations/{{location}}/backupVaults/{{backup_vault_id}}
+import_format:
+  - projects/{{project}}/locations/{{location}}/backupVaults/{{backup_vault_id}}
+name: BackupVault
+description: Container to store and organize immutable and indelible backups.
+autogen_async: true
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    min_version: beta
+    name: 'backup_dr_backup_vault_full'
+    primary_resource_id: 'backup-vault-test'
+    vars:
+      backup_vault_id: 'backup-vault-test'
+    test_env_vars:
+      project: :PROJECT_NAME
+properties:
+  - !ruby/object:Api::Type::String
+    name: name
+    description: 'Output only. Identifier. The resource name. '
+    output: true
+  - !ruby/object:Api::Type::String
+    name: description
+    description: 'Optional. The description of the BackupVault instance (2048 characters
+      or less). '
+  - !ruby/object:Api::Type::KeyValueLabels
+    name: labels
+    description: "Optional. Resource labels to represent user provided metadata. "
+  - !ruby/object:Api::Type::String
+    name: createTime
+    description: 'Output only. The time when the instance was created. '
+    output: true
+  - !ruby/object:Api::Type::String
+    name: updateTime
+    description: 'Output only. The time when the instance was updated. '
+    output: true
+  - !ruby/object:Api::Type::String
+    name: backupMinimumEnforcedRetentionDuration
+    description: "Required. The default and minimum enforced retention for each backup
+      within the backup vault. The enforced retention for each backup can be extended. "
+    required: true
+  - !ruby/object:Api::Type::Boolean
+    name: deletable
+    description: 'Output only. Set to true when there are no backups nested under this
+      resource. '
+    output: true
+  - !ruby/object:Api::Type::String
+    name: etag
+    output: true
+    description: "Optional. Server specified ETag for the backup vault resource to prevent
+      simultaneous updates from overwiting each other. "
+  - !ruby/object:Api::Type::String
+    name: state
+    description: "Output only. The BackupVault resource instance state. \n Possible
+      values:\n STATE_UNSPECIFIED\n CREATING\n ACTIVE\n DELETING\n ERROR"
+    output: true
+  - !ruby/object:Api::Type::String
+    name: effectiveTime
+    description: 'Optional. Time after which the BackupVault resource is locked. '
+  - !ruby/object:Api::Type::String
+    name: backupCount
+    description: 'Output only. The number of backups in this backup vault. '
+    output: true
+  - !ruby/object:Api::Type::String
+    name: serviceAccount
+    description: "Output only. Service account used by the BackupVault Service for this
+      BackupVault.  The user should grant this account permissions in their workload
+      project to enable the service to run backups and restores there. "
+    output: true
+  - !ruby/object:Api::Type::String
+    name: totalStoredBytes
+    description: 'Output only. Total size of the storage used by all backup resources. '
+    output: true
+  - !ruby/object:Api::Type::String
+    name: uid
+    description: "Output only. Output only Immutable after resource creation until
+      resource deletion. "
+    output: true
+  - !ruby/object:Api::Type::KeyValueAnnotations
+    name: annotations
+    description: "Optional. User annotations. See https://google.aip.dev/128#annotations\nStores
+      small amounts of arbitrary data. "
+parameters:
+  - !ruby/object:Api::Type::String
+    name: location
+    description: "The GCP location for the backup vault. "
+    url_param_only: true
+    required: true
+    immutable: true
+  - !ruby/object:Api::Type::String
+    name: backupVaultId
+    description: "Required. ID of the requesting object."
+    url_param_only: true
+    required: true
+    immutable: true
+  - !ruby/object:Api::Type::Boolean
+    name: 'force_update'
+    default_value: false
+    url_param_only: true
+    description: |
+       If set, allow update to extend the minimum enforced retention for backup vault. This overrides
+        the restriction against conflicting retention periods. This conflict may occur when the
+        expiration schedule defined by the associated backup plan is shorter than the minimum
+        retention set by the backup vault.
+  - !ruby/object:Api::Type::Boolean
+    name: 'force_delete'
+    default_value: false
+    url_param_only: true
+    description: |
+       If set, the following restrictions against deletion of the backup vault instance can be overridden:
+          * deletion of a backup vault instance containing no backups, but still containing empty datasources.
+          * deletion of a backup vault instance that is being referenced by an active backup plan.
+  - !ruby/object:Api::Type::Boolean
+    name: 'allow_missing'
+    default_value: false
+    url_param_only: true
+    description: |
+       Allow idempotent deletion of backup vault. The request will still succeed in case the backup vault does not exist.
+async: !ruby/object:Api::OpAsync
+  operation: !ruby/object:Api::OpAsync::Operation
+    path: name
+    base_url: "{{op_id}}"
+    wait_ms: 1000
+    timeouts:
+  result: !ruby/object:Api::OpAsync::Result
+    path: response
+    resource_inside_response: true
+  status: !ruby/object:Api::OpAsync::Status
+    path: done
+    complete: true
+    allowed:
+      - true
+      - false
+  error: !ruby/object:Api::OpAsync::Error
+    path: error
+    message: message
+update_verb: :PATCH
+update_mask: true
diff --git a/mmv1/products/backupdr/product.yaml b/mmv1/products/backupdr/product.yaml
index 2156cac27c3b..5c1c9d13da02 100644
--- a/mmv1/products/backupdr/product.yaml
+++ b/mmv1/products/backupdr/product.yaml
@@ -13,7 +13,7 @@
 
 --- !ruby/object:Api::Product
 name: BackupDR
-display_name: Backup and DR
+display_name: Backup and DR Service
 scopes:
   - https://www.googleapis.com/auth/cloud-platform
 versions:
diff --git a/mmv1/templates/terraform/examples/backup_dr_backup_vault_full.tf.erb b/mmv1/templates/terraform/examples/backup_dr_backup_vault_full.tf.erb
new file mode 100644
index 000000000000..58e1aaff5519
--- /dev/null
+++ b/mmv1/templates/terraform/examples/backup_dr_backup_vault_full.tf.erb
@@ -0,0 +1,18 @@
+resource "google_backup_dr_backup_vault" "<%= ctx[:primary_resource_id] %>" {
+  provider = google-beta
+  location = "us-central1"
+  backup_vault_id    = "<%= ctx[:vars]['backup_vault_id'] %>"
+  description = "This is a second backup vault built by Terraform."
+  backup_minimum_enforced_retention_duration = "100000s"
+  labels = {
+    foo = "bar1"
+    bar = "baz1"
+  }
+  annotations = {
+    annotations1 = "bar1"
+    annotations2 = "baz1"
+  }
+  force_update = "true"
+  force_delete = "true"
+  allow_missing = "true"
+}
\ No newline at end of file
diff --git a/mmv1/third_party/terraform/services/backupdr/resource_backup_dr_backup_vault_test.go.erb b/mmv1/third_party/terraform/services/backupdr/resource_backup_dr_backup_vault_test.go.erb
new file mode 100644
index 000000000000..b6975f2de37a
--- /dev/null
+++ b/mmv1/third_party/terraform/services/backupdr/resource_backup_dr_backup_vault_test.go.erb
@@ -0,0 +1,98 @@
+<% autogen_exception -%>
+package backupdr_test
+<% unless version == 'ga' -%>
+
+import (
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+	"testing"
+	"time"
+)
+
+func TestAccBackupDRBackupVault_fullUpdate(t *testing.T) {
+	t.Parallel()
+
+	timeNow := time.Now().UTC()
+	referenceTime := time.Date(timeNow.Year(), timeNow.Month(), timeNow.Day(), 0, 0, 0, 0, time.UTC)
+
+	context := map[string]interface{}{
+		"project":                   envvar.GetTestProjectFromEnv(),
+		"effective_time": referenceTime.Add(24 * time.Hour).Format(time.RFC3339),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBackupDRBackupVault_fullCreate(context),
+			},
+			{
+				ResourceName:            "google_backup_dr_backup_vault.backup-vault-test",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"allow_missing", "annotations", "backup_vault_id", "force_delete", "force_update", "labels", "location", "terraform_labels"},
+			},
+			{
+				Config: testAccBackupDRBackupVault_fullUpdate(context),
+			},
+			{
+				ResourceName:            "google_backup_dr_backup_vault.backup-vault-test",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"allow_missing", "annotations", "backup_vault_id", "force_delete", "force_update", "labels", "location", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccBackupDRBackupVault_fullCreate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_backup_dr_backup_vault" "backup-vault-test" {
+  provider = google-beta
+  location = "us-central1"
+  backup_vault_id    = "tf-test-backup-vault-test%{random_suffix}"
+  description = "This is a backup vault built by Terraform."
+  backup_minimum_enforced_retention_duration = "100000s"
+  effective_time = "%{effective_time}" 
+  labels = {
+    foo = "bar"
+	bar = "baz"
+  }
+  annotations = {
+    annotations1 = "bar"
+	annotations2 = "baz"
+  }
+  force_update = "true"
+  force_delete = "true"
+  allow_missing = "true"
+}
+`, context)
+}
+
+func testAccBackupDRBackupVault_fullUpdate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_backup_dr_backup_vault" "backup-vault-test" {
+  provider = google-beta
+  location = "us-central1"
+  backup_vault_id    = "tf-test-backup-vault-test%{random_suffix}"
+  description = "This is a second backup vault built by Terraform."
+  backup_minimum_enforced_retention_duration = "200000s"
+  effective_time = "%{effective_time}" 
+  labels = {
+	foo = "bar1"
+	bar = "baz1"
+  }
+  annotations = {
+    annotations1 = "bar1"
+	annotations2 = "baz1"
+  }
+  force_update = "true"
+  force_delete = "true"
+  allow_missing = "true"
+}
+`, context)
+}
+<% end -%>
\ No newline at end of file