Added tests and docs

third_party/terraform/tests/data_source_google_iam_testable_permissions_test.go

@@ -0,0 +1,104 @@
+package google
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+func TestAccDataSourceGoogleIamTestablePermissions_basic(t *testing.T) {
+	t.Parallel()
+
+	project := getTestProjectFromEnv()
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+			 data "google_iam_testable_permissions" "perms" {
+				full_resource_name = "//cloudresourcemanager.googleapis.com/projects/%s"
+			}
+		`, project),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGoogleIamTestablePermissionsMeta(
+						project,
+						"data.google_iam_testable_permissions.perms",
+						"GA",
+						"",
+					),
+				),
+			},
+			{
+				Config: fmt.Sprintf(`
+			 data "google_iam_testable_permissions" "perms" {
+				full_resource_name   = "//cloudresourcemanager.googleapis.com/projects/%s"
+				custom_support_level = "NOT_SUPPORTED"
+				stage                = "BETA"
+			}
+		`, project),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGoogleIamTestablePermissionsMeta(
+						project,
+						"data.google_iam_testable_permissions.perms",
+						"BETA",
+						"NOT_SUPPORTED",
+					),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckGoogleIamTestablePermissionsMeta(project string, n string, expectedStage string, expectedSupportLevel string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Can't find perms data source: %s", n)
+		}
+		expectedId := fmt.Sprintf("//cloudresourcemanager.googleapis.com/projects/%s", project)
+		if rs.Primary.ID != expectedId {
+			return errors.New("perms data source ID not set.")
+		}
+		attrs := rs.Primary.Attributes
+		count, ok := attrs["permissions.#"]
+		if !ok {
+			return errors.New("can't find 'permsissions' attribute")
+		}
+		permCount, err := strconv.Atoi(count)
+		if err != nil {
+			return err
+		}
+		if permCount < 2 {
+			return errors.New("count should be greater than 2")
+		}
+		foundStage := false
+		foundSupport := false
+
+		for i := 0; i < permCount; i++ {
+			stageKey := "permissions." + strconv.Itoa(i) + ".stage"
+			supportKey := "permissions." + strconv.Itoa(i) + ".custom_support_level"
+			if attrs[stageKey] == expectedStage {
+				foundStage = true
+			}
+			if attrs[supportKey] == expectedSupportLevel {
+				foundSupport = true
+			}
+			if foundSupport && foundStage {
+				return nil
+			}
+		}
+
+		if foundSupport {
+			return errors.New(fmt.Sprintf("Could not find stage %s in output", expectedStage))
+		}
+		if foundStage {
+			return errors.New(fmt.Sprintf("Could not find custom_support_level %s in output", expectedSupportLevel))
+		}
+		return errors.New("Unable to find customeSupportLevel or stage")
+	}
+}

third_party/terraform/website/docs/d/datasource_iam_testable_permissions.html.markdown

@@ -0,0 +1,43 @@
+---
+subcategory: "Cloud Platform"
+layout: "google"
+page_title: "Google: google_projects"
+sidebar_current: "docs-google-datasource-iam-testable-permissions"
+description: |-
+  Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
+---
+
+# google\_iam\_testable\_permissions
+
+Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
+
+## Example Usage - searching for projects about to be deleted in an org
+
+```hcl
+data "google_iam_testable_permissions" "perms" {
+	full_resource_name = "//cloudresourcemanager.googleapis.com/projects/my-project"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `full_resource_name` - (Required) See [full resource name documentation](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more detail.
+* `stage` - (Optional) The release stage of the permission in the output. Can be one of `"ALPHA"`, `"BETA"`, `"GA"`, `"DEPRECATED"`. Default is `"GA"`.
+* `custom_support_level` - (Optional) The level of support for custom roles. Can be one of `"NOT_SUPPORTED"`, `"SUPPORTED"`, `"TESTING"`. Default is `"SUPPORTED"`
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `permissions` - A list of permissions matching the provided input. Structure is defined below.
+
+The `permissions` block supports:
+
+* `name` - Name of the permission.
+* `title` - Human readable title of the permission.
+* `stage` - Release stage of the permission.
+* `custom_support_level` - The the support level of this permission for custom roles.
+* `api_disabled` - Whether the corresponding API has been enabled for the resource.
+