Promoted (most of) the supported cloud identity resources to GA (#4211)

* Promoted supported cloud identity APIs to GA * Removed trailing references to cloudidentity v1beta1 api * cloud identity group membership member_key is still in beta * Use v1beta1 cloudidentity sdk in beta * Skip tests relying on cust_id and identity_user if not set * Removed trailing references to beta provider in data source tests * Corrected trailing references to google-beta provider in cloud identity test code * Moved tests involving member_key to beta-only * Removed duplicate func in beta: testAccCheckCloudIdentityGroupMembershipDestroyProducer * Enabled / marked remaining beta fields * Removed dynamic groups because they require a premium SKU * Removed references to additionalGroupKeys * Fixed test file imports * Corrected Cloud Identity GA version to use GA api
GoogleCloudPlatform · Nov 11, 2020 · 4639b3d · 4639b3d
1 parent 7445f74
commit 4639b3d
Show file tree

Hide file tree

Showing 15 changed files with 183 additions and 158 deletions.
diff --git a/products/cloudidentity/api.yaml b/products/cloudidentity/api.yaml
@@ -15,6 +15,9 @@
 name: CloudIdentity
 display_name: Cloud Identity
 versions:
+  - !ruby/object:Api::Product::Version
+    name: ga
+    base_url: https://cloudidentity.googleapis.com/v1/
   - !ruby/object:Api::Product::Version
     name: beta
     base_url: https://cloudidentity.googleapis.com/v1beta1/
@@ -113,88 +116,6 @@ objects:
           Must not contain more than one entry. Must contain the entry
           'cloudidentity.googleapis.com/groups.discussion_forum': '' if the Group is a Google Group or
           'system/groups/external': '' if the Group is an external-identity-mapped group.
-      # TODO (mbang): The full API doesn't seem to be implemented yet
-      # - !ruby/object:Api::Type::Array
-      #   name: 'additionalGroupKeys'
-      #   input: true
-      #   description: |
-      #     Additional entity key aliases for a Group.
-      #   item_type: !ruby/object:Api::Type::NestedObject
-      #     properties:
-      #       - !ruby/object:Api::Type::String
-      #         name: 'id'
-      #         required: true
-      #         description: |
-      #           The ID of the entity.
-
-      #           For Google-managed entities, the id must be the email address of an existing
-      #           group or user.
-
-      #           For external-identity-mapped entities, the id must be a string conforming
-      #           to the Identity Source's requirements.
-
-      #           Must be unique within a namespace.
-      #       - !ruby/object:Api::Type::String
-      #         name: 'namespace'
-      #         description: |
-      #           The namespace in which the entity exists.
-
-      #           If not specified, the EntityKey represents a Google-managed entity
-      #           such as a Google user or a Google Group.
-
-      #           If specified, the EntityKey represents an external-identity-mapped group.
-      #           The namespace must correspond to an identity source created in Admin Console
-      #           and must be in the form of `identitysources/{identity_source_id}.
-      # - !ruby/object:Api::Type::NestedObject
-      #   name: 'dynamicGroupMetadata'
-      #   input: true
-      #   description: |
-      #     Dynamic group metadata like queries and status.
-      #   properties:
-      #     - !ruby/object:Api::Type::Array
-      #       name: 'queries'
-      #       required: true
-      #       description: |
-      #         Memberships will be the union of all queries. Only one entry with USER resource is currently supported.
-      #       item_type: !ruby/object:Api::Type::NestedObject
-      #         properties:
-      #           - !ruby/object:Api::Type::Enum
-      #             name: 'resourceType'
-      #             description: |
-      #               Resources supported for dynamic groups.
-      #             default_value: :USER
-      #             values:
-      #               - :USER
-      #           - !ruby/object:Api::Type::String
-      #             name: 'query'
-      #             description: |
-      #               Query that determines the memberships of the dynamic group.
-
-      #               Examples: All users with at least one organizations.department of engineering.
-
-      #               user.organizations.exists(org, org.department=='engineering')
-
-      #               All users with at least one location that has area of foo and building_id of bar.
-
-      #               user.locations.exists(loc, loc.area=='foo' && loc.building_id=='bar')
-      #     - !ruby/object:Api::Type::NestedObject
-      #       name: 'DynamicGroupStatus'
-      #       output: true
-      #       description: |
-      #         Status of the dynamic group.
-      #       properties:
-      #         - !ruby/object:Api::Type::String
-      #           name: 'status'
-      #           description: |
-      #             Status of the dynamic group.
-      #         - !ruby/object:Api::Type::String
-      #           name: 'statusTime'
-      #           description: |
-      #             The latest time at which the dynamic group is guaranteed to be in the given status.
-      #             For example, if status is: UP_TO_DATE - The latest time at which this dynamic group
-      #             was confirmed to be up to date. UPDATING_MEMBERSHIPS - The time at which dynamic group was created.
-
-      #             A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
   - !ruby/object:Api::Resource
     name: 'GroupMembership'
     base_url: '{{group}}/memberships'
@@ -222,6 +143,7 @@ objects:
         input: true
         description: |
           EntityKey of the member.
+        min_version: beta
         exactly_one_of:
           - member_key
           - preferred_member_key

diff --git a/products/cloudidentity/terraform.yaml b/products/cloudidentity/terraform.yaml
@@ -28,22 +28,11 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       - !ruby/object:Provider::Terraform::Examples
         name: "cloud_identity_groups_basic"
         primary_resource_id: "cloud_identity_group_basic"
-        min_version: beta
         vars:
           id_group: "my-identity-group"
         test_env_vars:
           org_domain: :ORG_DOMAIN
           cust_id: :CUST_ID
-      ### The full API doesn't seem to be implemented yet
-      # - !ruby/object:Provider::Terraform::Examples
-      #   name: "cloud_identity_groups_full"
-      #   primary_resource_id: "cloud_identity_group_full"
-      #   min_version: beta
-      #   vars:
-      #     id_group: "my-identity-group"
-      #   test_env_vars:
-      #     org_domain: :ORG_DOMAIN
-      #     cust_id: :CUST_ID
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       post_create: templates/terraform/post_create/set_computed_name.erb
       custom_import: templates/terraform/custom_import/set_id_name_with_slashes.go.erb
@@ -62,7 +51,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       - !ruby/object:Provider::Terraform::Examples
         name: "cloud_identity_group_membership"
         primary_resource_id: "cloud_identity_group_membership_basic"
-        min_version: beta
         vars:
           id_group: "my-identity-group"
         test_env_vars:
@@ -71,7 +59,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       - !ruby/object:Provider::Terraform::Examples
         name: "cloud_identity_group_membership_user"
         primary_resource_id: "cloud_identity_group_membership_basic"
-        min_version: beta
         vars:
           id_group: "my-identity-group"
         test_env_vars:

diff --git a/templates/terraform/examples/cloud_identity_group_membership.tf.erb b/templates/terraform/examples/cloud_identity_group_membership.tf.erb
@@ -1,5 +1,4 @@
 resource "google_cloud_identity_group" "group" {
-  provider = google-beta
   display_name = "<%= ctx[:vars]['id_group'] %>"
 
   parent = "customers/<%= ctx[:test_env_vars]['cust_id'] %>"
@@ -14,7 +13,6 @@ resource "google_cloud_identity_group" "group" {
 }
 
 resource "google_cloud_identity_group" "child-group" {
-  provider = google-beta
   display_name = "<%= ctx[:vars]['id_group'] %>-child"
 
   parent = "customers/<%= ctx[:test_env_vars]['cust_id'] %>"
@@ -29,10 +27,9 @@ resource "google_cloud_identity_group" "child-group" {
 }
 
 resource "google_cloud_identity_group_membership" "<%= ctx[:primary_resource_id] %>" {
-  provider = google-beta
   group    = google_cloud_identity_group.group.id
 
-  member_key {
+  preferred_member_key {
     id = google_cloud_identity_group.child-group.group_key[0].id
   }
 

diff --git a/templates/terraform/examples/cloud_identity_group_membership_user.tf.erb b/templates/terraform/examples/cloud_identity_group_membership_user.tf.erb
@@ -1,5 +1,4 @@
 resource "google_cloud_identity_group" "group" {
-  provider = google-beta
   display_name = "<%= ctx[:vars]['id_group'] %>"
 
   parent = "customers/<%= ctx[:test_env_vars]['cust_id'] %>"
@@ -14,10 +13,9 @@ resource "google_cloud_identity_group" "group" {
 }
 
 resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
-  provider = google-beta
   group    = google_cloud_identity_group.group.id
 
-  member_key {
+  preferred_member_key {
     id = "<%= ctx[:test_env_vars]['identity_user'] %>@<%= ctx[:test_env_vars]['org_domain'] %>"
   }
 

diff --git a/templates/terraform/examples/cloud_identity_groups_basic.tf.erb b/templates/terraform/examples/cloud_identity_groups_basic.tf.erb
@@ -1,5 +1,4 @@
 resource "google_cloud_identity_group" "<%= ctx[:primary_resource_id] %>" {
-  provider = google-beta
   display_name = "<%= ctx[:vars]['id_group'] %>"
 
   parent = "customers/<%= ctx[:test_env_vars]['cust_id'] %>"

diff --git a/templates/terraform/examples/cloud_identity_groups_full.tf.erb b/templates/terraform/examples/cloud_identity_groups_full.tf.erb
diff --git a/third_party/terraform/data_sources/data_source_cloud_identity_group_memberships.go.erb b/third_party/terraform/data_sources/data_source_cloud_identity_group_memberships.go.erb
@@ -1,13 +1,16 @@
 <% autogen_exception -%>
 package google
 
-<% unless version == 'ga' -%>
 import (
 	"fmt"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+<% unless version == 'ga' -%>
 	cloudidentity "google.golang.org/api/cloudidentity/v1beta1"
+<% else -%>
+	"google.golang.org/api/cloudidentity/v1"
+<% end -%>
 )
 
 func dataSourceGoogleCloudIdentityGroupMemberships() *schema.Resource {
@@ -51,7 +54,9 @@ func dataSourceGoogleCloudIdentityGroupMembershipsRead(d *schema.ResourceData, m
 			result = append(result, map[string]interface{}{
 				"name":                 member.Name,
 				"roles":                flattenCloudIdentityGroupMembershipsRoles(member.Roles),
+<% unless version == 'ga' -%>
 				"member_key":           flattenCloudIdentityGroupsEntityKey(member.MemberKey),
+<% end -%>
 				"preferred_member_key": flattenCloudIdentityGroupsEntityKey(member.PreferredMemberKey),
 			})
 		}
@@ -79,4 +84,3 @@ func flattenCloudIdentityGroupMembershipsRoles(roles []*cloudidentity.Membership
 	}
 	return transformed
 }
-<% end -%>
diff --git a/third_party/terraform/data_sources/data_source_cloud_identity_groups.go.erb b/third_party/terraform/data_sources/data_source_cloud_identity_groups.go.erb
@@ -1,13 +1,16 @@
 <% autogen_exception -%>
 package google
 
-<% unless version == 'ga' -%>
 import (
 	"fmt"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+<% unless version == 'ga' -%>
 	cloudidentity "google.golang.org/api/cloudidentity/v1beta1"
+<% else -%>
+	"google.golang.org/api/cloudidentity/v1"
+<% end -%>
 )
 
 func dataSourceGoogleCloudIdentityGroups() *schema.Resource {
@@ -79,4 +82,3 @@ func flattenCloudIdentityGroupsEntityKey(entityKey *cloudidentity.EntityKey) []i
 	}
 	return []interface{}{transformed}
 }
-<% end -%>
diff --git a/third_party/terraform/resources/resource_cloud_identity_group_sweeper_test.go.erb b/third_party/terraform/resources/resource_cloud_identity_group_sweeper_test.go.erb
@@ -1,7 +1,6 @@
 <% autogen_exception -%>
 package google
 
-<% unless version == 'ga' -%>
 import (
 	"context"
 	"fmt"
@@ -50,7 +49,11 @@ func testSweepCloudIdentityGroup(region string) error {
 		},
 	}
 
+<% unless version == 'ga' -%>
 	listTemplate := "https://cloudidentity.googleapis.com/v1beta1/groups?parent={{parent}}"
+<% else -%>
+	listTemplate := "https://cloudidentity.googleapis.com/v1/groups?parent={{parent}}"
+<% end -%>
 	listUrl, err := replaceVars(d, config, listTemplate)
 	if err != nil {
 		log.Printf("[INFO][SWEEPER_LOG] error preparing sweeper list url: %s", err)
@@ -88,7 +91,11 @@ func testSweepCloudIdentityGroup(region string) error {
 			continue
 		}
 
+<% unless version == 'ga' -%>
 		deleteTemplate := "https://cloudidentity.googleapis.com/v1beta1/{{name}}"
+<% else -%>
+		deleteTemplate := "https://cloudidentity.googleapis.com/v1/{{name}}"
+<% end -%>
 		deleteUrl, err := replaceVars(d, config, deleteTemplate)
 		if err != nil {
 			log.Printf("[INFO][SWEEPER_LOG] error preparing delete url: %s", err)
@@ -111,4 +118,3 @@ func testSweepCloudIdentityGroup(region string) error {
 
 	return nil
 }
-<% end -%>
diff --git a/...ud_identity_group_memberships_test.go.erb → ..._cloud_identity_group_memberships_test.go b/...ud_identity_group_memberships_test.go.erb → ..._cloud_identity_group_memberships_test.go
@@ -1,7 +1,5 @@
-<% autogen_exception -%>
 package google
 
-<% unless version == 'ga' -%>
 import (
 	"testing"
 
@@ -21,7 +19,7 @@ func TestAccDataSourceCloudIdentityGroupMemberships_basic(t *testing.T) {
 
 	vcrTest(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProvidersOiCS,
+		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccCloudIdentityGroupMembershipConfig(context),
@@ -42,10 +40,7 @@ func testAccCloudIdentityGroupMembershipConfig(context map[string]interface{}) s
 	return testAccCloudIdentityGroupMembership_cloudIdentityGroupMembershipUserExample(context) + Nprintf(`
 
 data "google_cloud_identity_group_memberships" "members" {
-  provider = google-beta
-
   group = google_cloud_identity_group_membership.cloud_identity_group_membership_basic.group
 }
 `, context)
 }
-<% end -%>
diff --git a/..._source_cloud_identity_groups_test.go.erb → ...data_source_cloud_identity_groups_test.go b/..._source_cloud_identity_groups_test.go.erb → ...data_source_cloud_identity_groups_test.go
@@ -1,7 +1,5 @@
-<% autogen_exception -%>
 package google
 
-<% unless version == 'ga' -%>
 import (
 	"regexp"
 	"testing"
@@ -19,7 +17,7 @@ func TestAccDataSourceCloudIdentityGroups_basic(t *testing.T) {
 
 	vcrTest(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProvidersOiCS,
+		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{
 				Config: testAccCloudIdentityGroupConfig(context),
@@ -38,10 +36,7 @@ func testAccCloudIdentityGroupConfig(context map[string]interface{}) string {
 	return testAccCloudIdentityGroup_cloudIdentityGroupsBasicExample(context) + Nprintf(`
 
 data "google_cloud_identity_groups" "groups" {
-  provider = google-beta
-
   parent = google_cloud_identity_group.cloud_identity_group_basic.parent
 }
 `, context)
 }
-<% end -%>