Add provider for SaaS Runtime Tenant resource (#15277)

Author: g-dreva

mmv1/products/saasservicemgmt/Tenant.yaml

@@ -0,0 +1,111 @@
+# Copyright 2025 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: Tenant
+description: The Tenant resource represents the service producer's view of a service instance created for a consumer. It enables the association between the service producer's managed resources and the end consumer.
+base_url: projects/{{project}}/locations/{{location}}/tenants
+update_mask: true
+self_link: projects/{{project}}/locations/{{location}}/tenants/{{tenant_id}}
+create_url: projects/{{project}}/locations/{{location}}/tenants?tenantId={{tenant_id}}
+update_verb: PATCH
+id_format: projects/{{project}}/locations/{{location}}/tenants/{{tenant_id}}
+import_format:
+  - projects/{{project}}/locations/{{location}}/tenants/{{tenant_id}}
+min_version: beta
+examples:
+  - name: saas_runtime_tenant_basic
+    primary_resource_id: "example"
+    min_version: "beta"
+    vars:
+      saas_name: example-saas
+      tenant_name: example-tenant
+    test_env_vars:
+      project: "PROJECT_NAME"
+    bootstrap_iam:
+      - member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com"
+        role: "roles/saasservicemgmt.serviceAgent"
+autogen_async: false
+autogen_status: VGVuYW50
+parameters:
+  - name: location
+    type: String
+    description: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
+    immutable: true
+    url_param_only: true
+    required: true
+  - name: tenantId
+    type: String
+    description: The ID value for the new tenant.
+    immutable: true
+    url_param_only: true
+    required: true
+properties:
+  - name: annotations
+    type: KeyValueAnnotations
+    description: |-
+      Annotations is an unstructured key-value map stored with a resource that
+      may be set by external tools to store and retrieve arbitrary metadata.
+      They are not queryable and should be preserved when modifying objects.
+
+      More info: https://kubernetes.io/docs/user-guide/annotations
+  - name: consumerResource
+    type: String
+    description: |-
+      A reference to the consumer resource this SaaS Tenant is representing.
+
+      The relationship with a consumer resource can be used by SaaS Runtime for
+      retrieving consumer-defined settings and policies such as maintenance
+      policies (using Unified Maintenance Policy API).
+    immutable: true
+  - name: createTime
+    type: String
+    description: The timestamp when the resource was created.
+    output: true
+  - name: labels
+    type: KeyValueLabels
+    description: |-
+      The labels on the resource, which can be used for categorization.
+      similar to Kubernetes resource labels.
+  - name: name
+    type: String
+    description: |-
+      Identifier. The resource name (full URI of the resource) following the standard naming
+      scheme:
+
+      "projects/{project}/locations/{location}/tenants/{tenant}"
+    output: true
+  - name: saas
+    type: String
+    description: |-
+      A reference to the Saas that defines the product (managed service) that
+      the producer wants to manage with SaaS Runtime. Part of the
+      SaaS Runtime common data model.
+    immutable: true
+    required: true
+  - name: uid
+    type: String
+    description: |-
+      The unique identifier of the resource. UID is unique in the time
+      and space for this resource within the scope of the service. It is
+      typically generated by the server on successful creation of a resource
+      and must not be changed. UID is used to uniquely identify resources
+      with resource name reuses. This should be a UUID4.
+    output: true
+  - name: updateTime
+    type: String
+    description: |-
+      The timestamp when the resource was last updated. Any
+      change to the resource made by users must refresh this value.
+      Changes to a resource made by the service should refresh this value.
+    output: true

mmv1/templates/terraform/examples/saas_runtime_tenant_basic.tf.tmpl

@@ -0,0 +1,17 @@
+resource "google_saas_runtime_saas" "example_saas" {
+  provider = google-beta
+  saas_id  = "{{index $.Vars "saas_name"}}"
+  location = "global"
+
+  locations {
+    name = "us-central1"
+  }
+}
+
+resource "google_saas_runtime_tenant" "{{$.PrimaryResourceId}}" {
+  provider = google-beta
+  location = "global"
+  tenant_id = "{{index $.Vars "tenant_name"}}"
+  saas = google_saas_runtime_saas.example_saas.id
+  consumer_resource = "//compute.googleapis.com/projects/example-project/zones/us-central1-a/instances/example-instance"
+}

mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_tenant_test.go.tmpl

@@ -0,0 +1,109 @@
+package saasruntime_test
+
+{{ if ne $.TargetVersionName `ga` -}}
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+func TestAccSaasRuntimeTenant_update(t *testing.T) {
+	t.Parallel()
+	acctest.BootstrapIamMembers(t, []acctest.IamMember{
+		{
+			Member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com",
+			Role:   "roles/saasservicemgmt.serviceAgent",
+		},
+	})
+
+	context := map[string]interface{}{
+		"project":       envvar.GetTestProjectFromEnv(),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSaasRuntimeTenant_basic(context),
+			},
+			{
+				ResourceName:            "google_saas_runtime_tenant.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "tenant_id", "terraform_labels"},
+			},
+			{
+				Config: testAccSaasRuntimeTenant_update(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("google_saas_runtime_tenant.example", plancheck.ResourceActionUpdate),
+					},
+				},
+			},
+			{
+				ResourceName:            "google_saas_runtime_tenant.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "tenant_id", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccSaasRuntimeTenant_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_saas_runtime_saas" "example_saas" {
+  provider = google-beta
+  saas_id  = "tf-test-example-saas%{random_suffix}"
+  location = "global"
+
+  locations {
+    name = "us-central1"
+  }
+}
+
+resource "google_saas_runtime_tenant" "example" {
+  provider = google-beta
+  location = "global"
+  tenant_id = "tf-test-example-tenant%{random_suffix}"
+  saas = google_saas_runtime_saas.example_saas.id
+  consumer_resource = "//compute.googleapis.com/projects/example-project/zones/us-central1-a/instances/example-instance"
+}
+`, context)
+}
+
+func testAccSaasRuntimeTenant_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_saas_runtime_saas" "example_saas" {
+  provider = google-beta
+  saas_id  = "tf-test-example-saas%{random_suffix}"
+  location = "global"
+
+  locations {
+    name = "us-central1"
+  }
+}
+
+resource "google_saas_runtime_tenant" "example" {
+  provider = google-beta
+  location = "global"
+  tenant_id = "tf-test-example-tenant%{random_suffix}"
+  saas = google_saas_runtime_saas.example_saas.id
+  consumer_resource = "//compute.googleapis.com/projects/example-project/zones/us-central1-a/instances/example-instance"
+  labels = {
+    "label-one": "foo"
+  }
+  annotations = {
+    "annotation-one": "bar"
+  }
+}
+`, context)
+}
+{{- end }}