From cd72c2caf278fb384a9ff93910b829bd3e139860 Mon Sep 17 00:00:00 2001
From: Sam Levenick <slevenick@google.com>
Date: Wed, 29 May 2019 17:19:27 +0000
Subject: [PATCH] Add pubsub subscription and topic iam policies, update
 example docs

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 .../google_compute_subnetwork_iam_policy.md   |  7 ++-
 .../google_pubsub_subscription_iam_policy.md  | 42 +++++++++++++
 .../google_pubsub_topic_iam_policy.md         | 42 +++++++++++++
 .../google_pubsub_subscription_iam_policy.rb  | 59 +++++++++++++++++++
 libraries/google_pubsub_topic_iam_policy.rb   | 59 +++++++++++++++++++
 5 files changed, 207 insertions(+), 2 deletions(-)
 create mode 100644 docs/resources/google_pubsub_subscription_iam_policy.md
 create mode 100644 docs/resources/google_pubsub_topic_iam_policy.md
 create mode 100644 libraries/google_pubsub_subscription_iam_policy.rb
 create mode 100644 libraries/google_pubsub_topic_iam_policy.rb

diff --git a/docs/resources/google_compute_subnetwork_iam_policy.md b/docs/resources/google_compute_subnetwork_iam_policy.md
index 21b421837..38aba9d0c 100644
--- a/docs/resources/google_compute_subnetwork_iam_policy.md
+++ b/docs/resources/google_compute_subnetwork_iam_policy.md
@@ -12,8 +12,11 @@ describe google_compute_subnetwork_iam_policy(project: "project", region: "regio
   it { should exist }
 end
 
-describe google_compute_subnetwork_iam_policy(project: "project", region: "region", name: "name").bindings do |binding|
-  its('role') { should_not eq 'roles/owner' }
+google_compute_subnetwork_iam_policy(project: "project", region: "region", name: "name").bindings.each do |binding|
+  describe binding do
+    its('role') { should eq 'roles/editor'}
+    its('members') { should include 'user:testuser@example.com'}
+  end
 end
 ```
 
diff --git a/docs/resources/google_pubsub_subscription_iam_policy.md b/docs/resources/google_pubsub_subscription_iam_policy.md
new file mode 100644
index 000000000..35a192094
--- /dev/null
+++ b/docs/resources/google_pubsub_subscription_iam_policy.md
@@ -0,0 +1,42 @@
+---
+title: About the google_pubsub_subscription_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_pubsub_subscription_iam_policy` is used to test a Google Subscription Iam Policy resource
+
+## Examples
+```
+describe google_pubsub_subscription_iam_policy(project: "project", name: "name") do
+  it { should exist }
+end
+
+google_pubsub_subscription_iam_policy(project: "project", name: "name").bindings.each do |binding|
+  describe binding do
+    its('role') { should eq 'roles/editor'}
+    its('members') { should include 'user:testuser@example.com'}
+  end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_subscription_iam_policy` resource:
+
+  * `bindings`: Associates a list of members to a role.
+
+    * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+    * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+  * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+    * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices`  is a special value that covers all services.
+
+    * `audit_log_configs`: The configuration for logging of each type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_pubsub_topic_iam_policy.md b/docs/resources/google_pubsub_topic_iam_policy.md
new file mode 100644
index 000000000..1b9d839c8
--- /dev/null
+++ b/docs/resources/google_pubsub_topic_iam_policy.md
@@ -0,0 +1,42 @@
+---
+title: About the google_pubsub_topic_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_pubsub_topic_iam_policy` is used to test a Google Topic Iam Policy resource
+
+## Examples
+```
+describe google_pubsub_topic_iam_policy(project: "project", name: "name") do
+  it { should exist }
+end
+
+google_pubsub_topic_iam_policy(project: "project", name: "name").bindings.each do |binding|
+  describe binding do
+    its('role') { should eq 'roles/editor'}
+    its('members') { should include 'user:testuser@example.com'}
+  end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_topic_iam_policy` resource:
+
+  * `bindings`: Associates a list of members to a role.
+
+    * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+    * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+  * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+    * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices`  is a special value that covers all services.
+
+    * `audit_log_configs`: The configuration for logging of each type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project.
diff --git a/libraries/google_pubsub_subscription_iam_policy.rb b/libraries/google_pubsub_subscription_iam_policy.rb
new file mode 100644
index 000000000..0b69b262a
--- /dev/null
+++ b/libraries/google_pubsub_subscription_iam_policy.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Pub/Sub IAM Policy resources.
+class SubscriptionIamPolicy < GcpResourceBase
+  name 'google_pubsub_subscription_iam_policy'
+  desc 'Subscription Iam Policy'
+  supports platform: 'gcp'
+
+  attr_reader :params
+  attr_reader :bindings
+  attr_reader :audit_configs
+
+  def initialize(params)
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    @fetched = @connection.fetch(product_url, resource_base_url, params)
+    parse unless @fetched.nil?
+  end
+
+  def parse
+    @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+    @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+  end
+
+  def exists?
+    !@fetched.nil?
+  end
+
+  def to_s
+    "Subscription IamPolicy #{@params[:name]}"
+  end
+
+  private
+
+  def product_url
+    'https://pubsub.googleapis.com/v1/'
+  end
+
+  def resource_base_url
+    'projects/{{project}}/subscriptions/{{name}}:getIamPolicy'
+  end
+end
diff --git a/libraries/google_pubsub_topic_iam_policy.rb b/libraries/google_pubsub_topic_iam_policy.rb
new file mode 100644
index 000000000..14571848f
--- /dev/null
+++ b/libraries/google_pubsub_topic_iam_policy.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Pub/Sub IAM Policy resources.
+class TopicIamPolicy < GcpResourceBase
+  name 'google_pubsub_topic_iam_policy'
+  desc 'Topic Iam Policy'
+  supports platform: 'gcp'
+
+  attr_reader :params
+  attr_reader :bindings
+  attr_reader :audit_configs
+
+  def initialize(params)
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    @fetched = @connection.fetch(product_url, resource_base_url, params)
+    parse unless @fetched.nil?
+  end
+
+  def parse
+    @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+    @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+  end
+
+  def exists?
+    !@fetched.nil?
+  end
+
+  def to_s
+    "Topic IamPolicy #{@params[:name]}"
+  end
+
+  private
+
+  def product_url
+    'https://pubsub.googleapis.com/v1/'
+  end
+
+  def resource_base_url
+    'projects/{{project}}/topics/{{name}}:getIamPolicy'
+  end
+end