Google project precheck (GoogleCloudPlatform#3145)

* project: check for billing account perms as pre-requisite * outdent * typo * rm type from error message * simplify perms check * simplify bool check * simplify bool check Co-authored-by: Umair Idris <[email protected]>
nathkn · May 18, 2020 · 4c0ba73 · 4c0ba73
1 parent 9663229
commit 4c0ba73
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/third_party/terraform/resources/resource_google_project.go b/third_party/terraform/resources/resource_google_project.go
@@ -94,6 +94,10 @@ func resourceGoogleProject() *schema.Resource {
 func resourceGoogleProjectCreate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
+	if err := resourceGoogleProjectCheckPreRequisites(config, d); err != nil {
+		return fmt.Errorf("failed pre-requisites: %v", err)
+	}
+
 	var pid string
 	var err error
 	pid = d.Get("project_id").(string)
@@ -173,6 +177,26 @@ func resourceGoogleProjectCreate(d *schema.ResourceData, meta interface{}) error
 	return nil
 }
 
+func resourceGoogleProjectCheckPreRequisites(config *Config, d *schema.ResourceData) error {
+	ib, ok := d.GetOk("billing_account")
+	if !ok {
+		return nil
+	}
+	ba := "billingAccounts/" + ib.(string)
+	const perm = "billing.resourceAssociations.create"
+	req := &cloudbilling.TestIamPermissionsRequest{
+		Permissions: []string{perm},
+	}
+	resp, err := config.clientBilling.BillingAccounts.TestIamPermissions(ba, req).Do()
+	if err != nil {
+		return fmt.Errorf("failed to check permissions on billing account %q: %v", ba, err)
+	}
+	if !stringInSlice(resp.Permissions, perm) {
+		return fmt.Errorf("missing permission on %q: %v", ba, perm)
+	}
+	return nil
+}
+
 func resourceGoogleProjectRead(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 	parts := strings.Split(d.Id(), "/")