Add IAM policy to SecurityGateway.yaml (#12782)

[upstream:a64fc0727be1931d3b9d83a1b802452efa0b6907] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Jan 28, 2025 · fdc2369 · fdc2369
1 parent 65db8c7
commit fdc2369
Show file tree

Hide file tree

Showing 6 changed files with 1,160 additions and 2 deletions.
diff --git a/.changelog/12782.txt b/.changelog/12782.txt
@@ -0,0 +1,9 @@
+```release-note:new-resource
+`google_beyondcorp_security_gateway_iam_binding`
+```
+```release-note:new-resource
+`google_beyondcorp_security_gateway_iam_member`
+```
+```release-note:new-resource
+`google_beyondcorp_security_gateway_iam_policy`
+```
diff --git a/google-beta/provider/provider_mmv1_resources.go b/google-beta/provider/provider_mmv1_resources.go
@@ -404,6 +404,7 @@ var generatedIAMDatasources = map[string]*schema.Resource{
 	"google_api_gateway_gateway_iam_policy":                  tpgiamresource.DataSourceIamPolicy(apigateway.ApiGatewayGatewayIamSchema, apigateway.ApiGatewayGatewayIamUpdaterProducer),
 	"google_apigee_environment_iam_policy":                   tpgiamresource.DataSourceIamPolicy(apigee.ApigeeEnvironmentIamSchema, apigee.ApigeeEnvironmentIamUpdaterProducer),
 	"google_artifact_registry_repository_iam_policy":         tpgiamresource.DataSourceIamPolicy(artifactregistry.ArtifactRegistryRepositoryIamSchema, artifactregistry.ArtifactRegistryRepositoryIamUpdaterProducer),
+	"google_beyondcorp_security_gateway_iam_policy":          tpgiamresource.DataSourceIamPolicy(beyondcorp.BeyondcorpSecurityGatewayIamSchema, beyondcorp.BeyondcorpSecurityGatewayIamUpdaterProducer),
 	"google_bigquery_table_iam_policy":                       tpgiamresource.DataSourceIamPolicy(bigquery.BigQueryTableIamSchema, bigquery.BigQueryTableIamUpdaterProducer),
 	"google_bigquery_analytics_hub_data_exchange_iam_policy": tpgiamresource.DataSourceIamPolicy(bigqueryanalyticshub.BigqueryAnalyticsHubDataExchangeIamSchema, bigqueryanalyticshub.BigqueryAnalyticsHubDataExchangeIamUpdaterProducer),
 	"google_bigquery_analytics_hub_listing_iam_policy":       tpgiamresource.DataSourceIamPolicy(bigqueryanalyticshub.BigqueryAnalyticsHubListingIamSchema, bigqueryanalyticshub.BigqueryAnalyticsHubListingIamUpdaterProducer),
@@ -528,8 +529,8 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 
 // Resources
 // Generated resources: 592
-// Generated IAM resources: 300
-// Total generated resources: 892
+// Generated IAM resources: 303
+// Total generated resources: 895
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                                     accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                               accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -619,6 +620,9 @@ var generatedResources = map[string]*schema.Resource{
 	"google_beyondcorp_app_connector":                                            beyondcorp.ResourceBeyondcorpAppConnector(),
 	"google_beyondcorp_app_gateway":                                              beyondcorp.ResourceBeyondcorpAppGateway(),
 	"google_beyondcorp_security_gateway":                                         beyondcorp.ResourceBeyondcorpSecurityGateway(),
+	"google_beyondcorp_security_gateway_iam_binding":                             tpgiamresource.ResourceIamBinding(beyondcorp.BeyondcorpSecurityGatewayIamSchema, beyondcorp.BeyondcorpSecurityGatewayIamUpdaterProducer, beyondcorp.BeyondcorpSecurityGatewayIdParseFunc),
+	"google_beyondcorp_security_gateway_iam_member":                              tpgiamresource.ResourceIamMember(beyondcorp.BeyondcorpSecurityGatewayIamSchema, beyondcorp.BeyondcorpSecurityGatewayIamUpdaterProducer, beyondcorp.BeyondcorpSecurityGatewayIdParseFunc),
+	"google_beyondcorp_security_gateway_iam_policy":                              tpgiamresource.ResourceIamPolicy(beyondcorp.BeyondcorpSecurityGatewayIamSchema, beyondcorp.BeyondcorpSecurityGatewayIamUpdaterProducer, beyondcorp.BeyondcorpSecurityGatewayIdParseFunc),
 	"google_biglake_catalog":                                                     biglake.ResourceBiglakeCatalog(),
 	"google_biglake_database":                                                    biglake.ResourceBiglakeDatabase(),
 	"google_biglake_table":                                                       biglake.ResourceBiglakeTable(),

diff --git a/google-beta/services/beyondcorp/iam_beyondcorp_security_gateway.go b/google-beta/services/beyondcorp/iam_beyondcorp_security_gateway.go
@@ -0,0 +1,249 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package beyondcorp
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"google.golang.org/api/cloudresourcemanager/v1"
+
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgiamresource"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+var BeyondcorpSecurityGatewayIamSchema = map[string]*schema.Schema{
+	"project": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"location": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"security_gateway_id": {
+		Type:             schema.TypeString,
+		Required:         true,
+		ForceNew:         true,
+		DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+	},
+}
+
+type BeyondcorpSecurityGatewayIamUpdater struct {
+	project           string
+	location          string
+	securityGatewayId string
+	d                 tpgresource.TerraformResourceData
+	Config            *transport_tpg.Config
+}
+
+func BeyondcorpSecurityGatewayIamUpdaterProducer(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (tpgiamresource.ResourceIamUpdater, error) {
+	values := make(map[string]string)
+
+	project, _ := tpgresource.GetProject(d, config)
+	if project != "" {
+		if err := d.Set("project", project); err != nil {
+			return nil, fmt.Errorf("Error setting project: %s", err)
+		}
+	}
+	values["project"] = project
+	location, _ := tpgresource.GetLocation(d, config)
+	if location != "" {
+		if err := d.Set("location", location); err != nil {
+			return nil, fmt.Errorf("Error setting location: %s", err)
+		}
+	}
+	values["location"] = location
+	if v, ok := d.GetOk("security_gateway_id"); ok {
+		values["security_gateway_id"] = v.(string)
+	}
+
+	// We may have gotten either a long or short name, so attempt to parse long name if possible
+	m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/securityGateways/(?P<security_gateway_id>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<security_gateway_id>[^/]+)", "(?P<location>[^/]+)/(?P<security_gateway_id>[^/]+)", "(?P<security_gateway_id>[^/]+)"}, d, config, d.Get("security_gateway_id").(string))
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &BeyondcorpSecurityGatewayIamUpdater{
+		project:           values["project"],
+		location:          values["location"],
+		securityGatewayId: values["security_gateway_id"],
+		d:                 d,
+		Config:            config,
+	}
+
+	if err := d.Set("project", u.project); err != nil {
+		return nil, fmt.Errorf("Error setting project: %s", err)
+	}
+	if err := d.Set("location", u.location); err != nil {
+		return nil, fmt.Errorf("Error setting location: %s", err)
+	}
+	if err := d.Set("security_gateway_id", u.GetResourceId()); err != nil {
+		return nil, fmt.Errorf("Error setting security_gateway_id: %s", err)
+	}
+
+	return u, nil
+}
+
+func BeyondcorpSecurityGatewayIdParseFunc(d *schema.ResourceData, config *transport_tpg.Config) error {
+	values := make(map[string]string)
+
+	project, _ := tpgresource.GetProject(d, config)
+	if project != "" {
+		values["project"] = project
+	}
+
+	location, _ := tpgresource.GetLocation(d, config)
+	if location != "" {
+		values["location"] = location
+	}
+
+	m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/securityGateways/(?P<security_gateway_id>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<security_gateway_id>[^/]+)", "(?P<location>[^/]+)/(?P<security_gateway_id>[^/]+)", "(?P<security_gateway_id>[^/]+)"}, d, config, d.Id())
+	if err != nil {
+		return err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &BeyondcorpSecurityGatewayIamUpdater{
+		project:           values["project"],
+		location:          values["location"],
+		securityGatewayId: values["security_gateway_id"],
+		d:                 d,
+		Config:            config,
+	}
+	if err := d.Set("security_gateway_id", u.GetResourceId()); err != nil {
+		return fmt.Errorf("Error setting security_gateway_id: %s", err)
+	}
+	d.SetId(u.GetResourceId())
+	return nil
+}
+
+func (u *BeyondcorpSecurityGatewayIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
+	url, err := u.qualifySecurityGatewayUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
+
+	project, err := tpgresource.GetProject(u.d, u.Config)
+	if err != nil {
+		return nil, err
+	}
+	var obj map[string]interface{}
+	url, err = transport_tpg.AddQueryParams(url, map[string]string{"options.requestedPolicyVersion": fmt.Sprintf("%d", tpgiamresource.IamPolicyVersion)})
+	if err != nil {
+		return nil, err
+	}
+
+	userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent)
+	if err != nil {
+		return nil, err
+	}
+
+	policy, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    u.Config,
+		Method:    "GET",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+	})
+	if err != nil {
+		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	out := &cloudresourcemanager.Policy{}
+	err = tpgresource.Convert(policy, out)
+	if err != nil {
+		return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err)
+	}
+
+	return out, nil
+}
+
+func (u *BeyondcorpSecurityGatewayIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
+	json, err := tpgresource.ConvertToMap(policy)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	obj["policy"] = json
+
+	url, err := u.qualifySecurityGatewayUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
+	project, err := tpgresource.GetProject(u.d, u.Config)
+	if err != nil {
+		return err
+	}
+
+	userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    u.Config,
+		Method:    "POST",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   u.d.Timeout(schema.TimeoutCreate),
+	})
+	if err != nil {
+		return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	return nil
+}
+
+func (u *BeyondcorpSecurityGatewayIamUpdater) qualifySecurityGatewayUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{BeyondcorpBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/%s/securityGateways/%s", u.project, u.location, u.securityGatewayId), methodIdentifier)
+	url, err := tpgresource.ReplaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
+}
+
+func (u *BeyondcorpSecurityGatewayIamUpdater) GetResourceId() string {
+	return fmt.Sprintf("projects/%s/locations/%s/securityGateways/%s", u.project, u.location, u.securityGatewayId)
+}
+
+func (u *BeyondcorpSecurityGatewayIamUpdater) GetMutexKey() string {
+	return fmt.Sprintf("iam-beyondcorp-securitygateway-%s", u.GetResourceId())
+}
+
+func (u *BeyondcorpSecurityGatewayIamUpdater) DescribeResource() string {
+	return fmt.Sprintf("beyondcorp securitygateway %q", u.GetResourceId())
+}