Add IAM support for pubsub topic

google/iam_kms_key_ring.go

@@ -39,22 +39,6 @@ func KeyRingIdParseFunc(d *schema.ResourceData, _ *Config) error {
 	return nil
 }
 
-func resourceManagerToKmsPolicy(p *cloudresourcemanager.Policy) (policy *cloudkms.Policy, err error) {
-	policy = &cloudkms.Policy{}
-
-	err = Convert(p, policy)
-
-	return
-}
-
-func kmsToResourceManagerPolicy(p *cloudkms.Policy) (policy *cloudresourcemanager.Policy, err error) {
-	policy = &cloudresourcemanager.Policy{}
-
-	err = Convert(p, policy)
-
-	return
-}
-
 func (u *KmsKeyRingIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
 	p, err := u.Config.clientKms.Projects.Locations.KeyRings.GetIamPolicy(u.resourceId).Do()
 
@@ -100,3 +84,21 @@ func (u *KmsKeyRingIamUpdater) GetMutexKey() string {
 func (u *KmsKeyRingIamUpdater) DescribeResource() string {
 	return fmt.Sprintf("KMS KeyRing %q", u.resourceId)
 }
+
+func resourceManagerToKmsPolicy(p *cloudresourcemanager.Policy) (*cloudkms.Policy, error) {
+	out := &cloudkms.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a v1 policy to a kms policy: %s", err)
+	}
+	return out, nil
+}
+
+func kmsToResourceManagerPolicy(p *cloudkms.Policy) (*cloudresourcemanager.Policy, error) {
+	out := &cloudresourcemanager.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a kms policy to a v1 policy: %s", err)
+	}
+	return out, nil
+}

google/iam_pubsub_topic.go

@@ -0,0 +1,104 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform/helper/schema"
+	"google.golang.org/api/cloudresourcemanager/v1"
+	"google.golang.org/api/pubsub/v1"
+)
+
+var IamPubsubTopicSchema = map[string]*schema.Schema{
+	"topic": &schema.Schema{
+		Type:             schema.TypeString,
+		Required:         true,
+		ForceNew:         true,
+		DiffSuppressFunc: compareSelfLinkOrResourceName,
+	},
+}
+
+type PubsubTopicIamUpdater struct {
+	topic  string
+	Config *Config
+}
+
+func NewPubsubTopicIamUpdater(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) {
+	project, err := getProject(d, config)
+	if err != nil {
+		return nil, err
+	}
+
+	topic := getComputedTopicName(project, d.Get("topic").(string))
+
+	return &PubsubTopicIamUpdater{
+		topic:  topic,
+		Config: config,
+	}, nil
+}
+
+func PubsubTopicIdParseFunc(d *schema.ResourceData, _ *Config) error {
+	d.Set("topic", d.Id())
+	return nil
+}
+
+func (u *PubsubTopicIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
+	p, err := u.Config.clientPubsub.Projects.Topics.GetIamPolicy(u.topic).Do()
+
+	if err != nil {
+		return nil, fmt.Errorf("Error retrieving IAM policy for %s: %s", u.DescribeResource(), err)
+	}
+
+	v1Policy, err := pubsubToResourceManagerPolicy(p)
+	if err != nil {
+		return nil, err
+	}
+
+	return v1Policy, nil
+}
+
+func (u *PubsubTopicIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
+	pubsubPolicy, err := resourceManagerToPubsubPolicy(policy)
+	if err != nil {
+		return err
+	}
+
+	_, err = u.Config.clientPubsub.Projects.Topics.SetIamPolicy(u.topic, &pubsub.SetIamPolicyRequest{
+		Policy: pubsubPolicy,
+	}).Do()
+
+	if err != nil {
+		return fmt.Errorf("Error setting IAM policy for %s: %s", u.DescribeResource(), err)
+	}
+
+	return nil
+}
+
+func (u *PubsubTopicIamUpdater) GetResourceId() string {
+	return u.topic
+}
+
+func (u *PubsubTopicIamUpdater) GetMutexKey() string {
+	return fmt.Sprintf("iam-pubsub-topic-%s", u.topic)
+}
+
+func (u *PubsubTopicIamUpdater) DescribeResource() string {
+	return fmt.Sprintf("pubsub topic %q", u.topic)
+}
+
+// v1 and v2beta policy are identical
+func resourceManagerToPubsubPolicy(in *cloudresourcemanager.Policy) (*pubsub.Policy, error) {
+	out := &pubsub.Policy{}
+	err := Convert(in, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a v1 policy to a pubsub policy: %s", err)
+	}
+	return out, nil
+}
+
+func pubsubToResourceManagerPolicy(in *pubsub.Policy) (*cloudresourcemanager.Policy, error) {
+	out := &cloudresourcemanager.Policy{}
+	err := Convert(in, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a pubsub policy to a v1 policy: %s", err)
+	}
+	return out, nil
+}

google/iam_service_account.go

@@ -77,18 +77,20 @@ func (u *ServiceAccountIamUpdater) DescribeResource() string {
 	return fmt.Sprintf("service account '%s'", u.serviceAccountId)
 }
 
-func resourceManagerToIamPolicy(p *cloudresourcemanager.Policy) (policy *iam.Policy, err error) {
-	policy = &iam.Policy{}
-
-	err = Convert(p, policy)
-
-	return
+func resourceManagerToIamPolicy(p *cloudresourcemanager.Policy) (*iam.Policy, error) {
+	out := &iam.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a v1 policy to a iam policy: %s", err)
+	}
+	return out, nil
 }
 
-func iamToResourceManagerPolicy(p *iam.Policy) (policy *cloudresourcemanager.Policy, err error) {
-	policy = &cloudresourcemanager.Policy{}
-
-	err = Convert(p, policy)
-
-	return
+func iamToResourceManagerPolicy(p *iam.Policy) (*cloudresourcemanager.Policy, error) {
+	out := &cloudresourcemanager.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a iam policy to a v1 policy: %s", err)
+	}
+	return out, nil
 }

google/iam_storage_bucket.go

@@ -71,14 +71,20 @@ func (u *StorageBucketIamUpdater) DescribeResource() string {
 	return fmt.Sprintf("Storage Bucket %q", u.bucket)
 }
 
-func resourceManagerToStoragePolicy(p *cloudresourcemanager.Policy) (policy *storage.Policy, err error) {
-	policy = &storage.Policy{}
-	err = Convert(p, policy)
-	return
+func resourceManagerToStoragePolicy(p *cloudresourcemanager.Policy) (*storage.Policy, error) {
+	out := &storage.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a v1 policy to a storage policy: %s", err)
+	}
+	return out, nil
 }
 
-func storageToResourceManagerPolicy(p *storage.Policy) (policy *cloudresourcemanager.Policy, err error) {
-	policy = &cloudresourcemanager.Policy{}
-	err = Convert(p, policy)
-	return
+func storageToResourceManagerPolicy(p *storage.Policy) (*cloudresourcemanager.Policy, error) {
+	out := &cloudresourcemanager.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, fmt.Errorf("Cannot convert a storage policy to a v1 policy: %s", err)
+	}
+	return out, nil
 }

google/provider.go

@@ -160,6 +160,9 @@ func Provider() terraform.ResourceProvider {
 			"google_project_iam_custom_role":               resourceGoogleProjectIamCustomRole(),
 			"google_project_services":                      resourceGoogleProjectServices(),
 			"google_pubsub_topic":                          resourcePubsubTopic(),
+			"google_pubsub_topic_iam_binding":              ResourceIamBindingWithImport(IamPubsubTopicSchema, NewPubsubTopicIamUpdater, PubsubTopicIdParseFunc),
+			"google_pubsub_topic_iam_member":               ResourceIamMemberWithImport(IamPubsubTopicSchema, NewPubsubTopicIamUpdater, PubsubTopicIdParseFunc),
+			"google_pubsub_topic_iam_policy":               ResourceIamPolicyWithImport(IamPubsubTopicSchema, NewPubsubTopicIamUpdater, PubsubTopicIdParseFunc),
 			"google_pubsub_subscription":                   resourcePubsubSubscription(),
 			"google_runtimeconfig_config":                  resourceRuntimeconfigConfig(),
 			"google_runtimeconfig_variable":                resourceRuntimeconfigVariable(),