Fix principal casing in a Access Context Manager Perimeter Policy causing a provider crash (#15429)

dominikmueller · web-flow · commit 08d1f0594e2e · 2025-10-30T00:35:38.000Z
diff --git a/mmv1/templates/terraform/constants/access_context_manager.go.tmpl b/mmv1/templates/terraform/constants/access_context_manager.go.tmpl
@@ -43,43 +43,63 @@ func {{$.ResourceName}}IngressToResourcesDiffSuppressFunc(_, _, _ string, d *sch
 func {{$.ResourceName}}EgressFromIdentitiesDiffSuppressFunc(_, _, _ string, d *schema.ResourceData) bool {
     old, new := d.GetChange("egress_from.0.identities")
 
-    oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
+    oldIdentities, err := tpgresource.InterfaceSliceToStringSlice(old)
     if err != nil {
         log.Printf("[ERROR] Failed to convert egress from identities config value: %s", err)
         return false
     }
 
-    newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
+    // Normalize IAM principal casing
+    for i, val := range oldIdentities {
+        oldIdentities[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
+
+    newIdentities, err := tpgresource.InterfaceSliceToStringSlice(new)
     if err != nil {
         log.Printf("[ERROR] Failed to convert egress from identities api value: %s", err)
         return false
     }
 
-    sort.Strings(oldResources)
-    sort.Strings(newResources)
+    // Normalize IAM principal casing
+    for i, val := range newIdentities {
+        newIdentities[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
 
-    return slices.Equal(oldResources, newResources)
+    sort.Strings(oldIdentities)
+    sort.Strings(newIdentities)
+
+    return slices.Equal(oldIdentities, newIdentities)
 }
 
 func {{$.ResourceName}}IngressFromIdentitiesDiffSuppressFunc(_, _, _ string, d *schema.ResourceData) bool {
     old, new := d.GetChange("ingress_from.0.identities")
 
-    oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
+    oldIdentities, err := tpgresource.InterfaceSliceToStringSlice(old)
     if err != nil {
         log.Printf("[ERROR] Failed to convert ingress from identities config value: %s", err)
         return false
     }
 
-    newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
+    // Normalize IAM principal casing
+    for i, val := range oldIdentities {
+        oldIdentities[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
+
+    newIdentities, err := tpgresource.InterfaceSliceToStringSlice(new)
     if err != nil {
         log.Printf("[ERROR] Failed to convert ingress from identities api value: %s", err)
         return false
     }
 
-    sort.Strings(oldResources)
-    sort.Strings(newResources)
+    // Normalize IAM principal casing
+    for i, val := range newIdentities {
+        newIdentities[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
 
-    return slices.Equal(oldResources, newResources)
+    sort.Strings(oldIdentities)
+    sort.Strings(newIdentities)
+
+    return slices.Equal(oldIdentities, newIdentities)
 }
 
 func {{$.ResourceName}}IdentityTypeDiffSuppressFunc(_, old, new string, _ *schema.ResourceData) bool {
diff --git a/mmv1/templates/terraform/custom_flatten/accesscontextmanager_egress_policy_from_identities_custom_flatten.go.tmpl b/mmv1/templates/terraform/custom_flatten/accesscontextmanager_egress_policy_from_identities_custom_flatten.go.tmpl
@@ -6,6 +6,12 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso
         log.Printf("[ERROR] Failed to convert egress from identities config value: %s", err)
         return v
     }
+
+    // Normalize IAM principal casing
+    for i, val := range configValue {
+        configValue[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
+
     sortedConfigValue := append([]string{}, configValue...)
     sort.Strings(sortedConfigValue)
 
@@ -15,6 +21,12 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso
         log.Printf("[ERROR] Failed to convert egress from identities API value: %s", err)
         return v
     }
+
+    // Normalize IAM principal casing
+    for i, val := range apiValue {
+        apiValue[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
+
     sortedApiValue := append([]string{}, apiValue...)
     sort.Strings(sortedApiValue)
 
@@ -23,4 +35,4 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso
     }
 
     return apiValue
-}
+}
diff --git a/mmv1/templates/terraform/custom_flatten/accesscontextmanager_ingress_policy_from_identities_custom_flatten.go.tmpl b/mmv1/templates/terraform/custom_flatten/accesscontextmanager_ingress_policy_from_identities_custom_flatten.go.tmpl
@@ -6,6 +6,12 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso
         log.Printf("[ERROR] Failed to convert ingress from identities config value: %s", err)
         return v
     }
+
+    // Normalize IAM principal casing
+    for i, val := range configValue {
+        configValue[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
+
     sortedConfigValue := append([]string{}, configValue...)
     sort.Strings(sortedConfigValue)
 
@@ -15,6 +21,12 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso
         log.Printf("[ERROR] Failed to convert ingress from identities API value: %s", err)
         return v
     }
+
+    // Normalize IAM principal casing
+    for i, val := range apiValue {
+        apiValue[i] = tpgresource.NormalizeIamPrincipalCasing(val)
+    }
+
     sortedApiValue := append([]string{}, apiValue...)
     sort.Strings(sortedApiValue)
 
@@ -23,4 +35,4 @@ func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.Reso
     }
 
     return apiValue
-}
+}
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_egress_policy.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_egress_policy.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   spec {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_egress_policy_granular_controls.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_egress_policy_granular_controls.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   spec {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_ingress_policy.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_ingress_policy.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   status {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_ingress_policy_granular_controls.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_dry_run_ingress_policy_granular_controls.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   status {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_egress_policy.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_egress_policy.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   status {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_egress_policy_granular_controls.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_egress_policy_granular_controls.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   status {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_ingress_policy.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_ingress_policy.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   status {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_ingress_policy_granular_controls.tf.tmpl b/mmv1/templates/terraform/examples/access_context_manager_service_perimeter_ingress_policy_granular_controls.tf.tmpl
@@ -1,6 +1,6 @@
 resource "google_access_context_manager_service_perimeter" "storage-perimeter" {
-  parent = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}"
-  name   = "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter"
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/storage_perimeter"
   title  = "Storage Perimeter"
   status {
     restricted_services = ["storage.googleapis.com"]
diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy_test.go
@@ -2,6 +2,7 @@ package accesscontextmanager_test
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -18,6 +19,11 @@ import (
 func testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_basicTest(t *testing.T) {
 	org := envvar.GetTestOrgFromEnv(t)
 	//projects := acctest.BootstrapServicePerimeterProjects(t, 1)
+
+	// Bootstrap a service account to use as egress from identity
+	initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t)
+	serviceAccount := acctest.BootstrapServiceAccount(t, "acm-egress-1", initialServiceAccount)
+
 	policyTitle := acctest.RandString(t, 10)
 	perimeterTitle := "perimeter"
 	projectNumber := envvar.GetTestProjectNumberFromEnv()
@@ -27,7 +33,7 @@ func testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_basicTest(t *
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_basic(org, policyTitle, perimeterTitle, projectNumber),
+				Config: testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_basic(org, policyTitle, perimeterTitle, projectNumber, serviceAccount),
 			},
 			{
 				Config: testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_destroy(org, policyTitle, perimeterTitle),
@@ -84,7 +90,7 @@ func testAccCheckAccessContextManagerServicePerimeterDryRunEgressPolicyDestroyPr
 	}
 }
 
-func testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_basic(org, policyTitle, perimeterTitleName, projectNumber string) string {
+func testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_basic(org, policyTitle, perimeterTitleName, projectNumber, serviceAccount string) string {
 	return fmt.Sprintf(`
 %s
 
@@ -144,7 +150,23 @@ resource "google_access_context_manager_service_perimeter_dry_run_egress_policy"
 	}
 }
 
-`, testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_destroy(org, policyTitle, perimeterTitleName), projectNumber)
+resource "google_access_context_manager_service_perimeter_dry_run_egress_policy" "test-identity1" {
+  perimeter = google_access_context_manager_service_perimeter.test-access.name
+	egress_from {
+		identities = ["serviceAccount:%s"]
+	}
+	egress_to {
+	  operations {
+			service_name = "storage.googleapis.com"
+			method_selectors {
+				method = "*"
+			}
+		}
+	}
+}
+
+`, testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_destroy(org, policyTitle, perimeterTitleName), projectNumber, strings.ToUpper(serviceAccount))
+	// Using an uppercase service account to test normalization of IAM principal casing
 }
 
 func testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_destroy(org, policyTitle, perimeterTitleName string) string {
diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy_test.go
@@ -2,6 +2,7 @@ package accesscontextmanager_test
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -18,6 +19,11 @@ import (
 func testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_basicTest(t *testing.T) {
 	org := envvar.GetTestOrgFromEnv(t)
 	//projects := acctest.BootstrapServicePerimeterProjects(t, 1)
+
+	// Bootstrap a service account to use as ingress from identity
+	initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t)
+	serviceAccount := acctest.BootstrapServiceAccount(t, "acm-ingress-1", initialServiceAccount)
+
 	policyTitle := acctest.RandString(t, 10)
 	perimeterTitle := "perimeter"
 
@@ -26,7 +32,7 @@ func testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_basicTest(t
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_basic(org, policyTitle, perimeterTitle),
+				Config: testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_basic(org, policyTitle, perimeterTitle, serviceAccount),
 			},
 			{
 				Config: testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_destroy(org, policyTitle, perimeterTitle),
@@ -83,7 +89,7 @@ func testAccCheckAccessContextManagerServicePerimeterDryRunIngressPolicyDestroyP
 	}
 }
 
-func testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_basic(org, policyTitle, perimeterTitleName string) string {
+func testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_basic(org, policyTitle, perimeterTitleName, serviceAccount string) string {
 	return fmt.Sprintf(`
 %s
 
@@ -134,7 +140,22 @@ resource "google_access_context_manager_service_perimeter_dry_run_ingress_policy
   depends_on = [google_access_context_manager_service_perimeter_dry_run_ingress_policy.test-access1]
 }
 
-`, testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_destroy(org, policyTitle, perimeterTitleName))
+resource "google_access_context_manager_service_perimeter_dry_run_ingress_policy" "test-identity1" {
+	perimeter = google_access_context_manager_service_perimeter.test-access.name
+	ingress_from {
+		identities = ["serviceAccount:%s"]
+		sources {
+			access_level = google_access_context_manager_access_level.test-access.name
+		}
+	}
+	ingress_to {
+		resources = ["*"]
+		roles = ["roles/bigquery.admin"]
+	}
+}
+
+`, testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_destroy(org, policyTitle, perimeterTitleName), strings.ToUpper(serviceAccount))
+	// Using an uppercase service account to test normalization of IAM principal casing
 }
 
 func testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_destroy(org, policyTitle, perimeterTitleName string) string {
diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy_test.go
@@ -2,6 +2,7 @@ package accesscontextmanager_test
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -19,6 +20,11 @@ func testAccAccessContextManagerServicePerimeterEgressPolicy_basicTest(t *testin
 	// Multiple fine-grained resources
 	acctest.SkipIfVcr(t)
 	org := envvar.GetTestOrgFromEnv(t)
+
+	// Bootstrap a service account to use as egress from identity
+	initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t)
+	serviceAccount := acctest.BootstrapServiceAccount(t, "acm-egress-2", initialServiceAccount)
+
 	//projects := acctest.BootstrapServicePerimeterProjects(t, 1)
 	policyTitle := acctest.RandString(t, 10)
 	perimeterTitle := "perimeter"
@@ -29,7 +35,7 @@ func testAccAccessContextManagerServicePerimeterEgressPolicy_basicTest(t *testin
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAccessContextManagerServicePerimeterEgressPolicy_basic(org, policyTitle, perimeterTitle, projectNumber),
+				Config: testAccAccessContextManagerServicePerimeterEgressPolicy_basic(org, policyTitle, perimeterTitle, projectNumber, serviceAccount),
 			},
 			{
 				Config: testAccAccessContextManagerServicePerimeterEgressPolicy_destroy(org, policyTitle, perimeterTitle),
@@ -86,7 +92,7 @@ func testAccCheckAccessContextManagerServicePerimeterEgressPolicyDestroyProducer
 	}
 }
 
-func testAccAccessContextManagerServicePerimeterEgressPolicy_basic(org, policyTitle, perimeterTitleName, projectNumber string) string {
+func testAccAccessContextManagerServicePerimeterEgressPolicy_basic(org, policyTitle, perimeterTitleName, projectNumber, serviceAccount string) string {
 	return fmt.Sprintf(`
 %s
 
@@ -144,7 +150,23 @@ resource "google_access_context_manager_service_perimeter_egress_policy" "test-a
 	}
 }
 
-`, testAccAccessContextManagerServicePerimeterEgressPolicy_destroy(org, policyTitle, perimeterTitleName), projectNumber)
+resource "google_access_context_manager_service_perimeter_egress_policy" "test-identity1" {
+  perimeter = google_access_context_manager_service_perimeter.test-access.name
+	egress_from {
+		identities = ["serviceAccount:%s"]
+	}
+	egress_to {
+	  operations {
+			service_name = "storage.googleapis.com"
+			method_selectors {
+				method = "*"
+			}
+		}
+	}
+}
+
+`, testAccAccessContextManagerServicePerimeterEgressPolicy_destroy(org, policyTitle, perimeterTitleName), projectNumber, strings.ToUpper(serviceAccount))
+	// Using an uppercase service account to test normalization of IAM principal casing
 }
 
 func testAccAccessContextManagerServicePerimeterEgressPolicy_destroy(org, policyTitle, perimeterTitleName string) string {
diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go
diff --git a/mmv1/third_party/terraform/tpgiamresource/iam.go.tmpl b/mmv1/third_party/terraform/tpgiamresource/iam.go.tmpl
diff --git a/mmv1/third_party/terraform/tpgiamresource/resource_iam_member.go b/mmv1/third_party/terraform/tpgiamresource/resource_iam_member.go
diff --git a/mmv1/third_party/terraform/tpgresource/utils.go b/mmv1/third_party/terraform/tpgresource/utils.go
diff --git a/mmv1/third_party/terraform/tpgresource/utils_test.go b/mmv1/third_party/terraform/tpgresource/utils_test.go
