Add sweeper that covers org-scope resources for dlp. (#15321)

patrickmoy · web-flow · commit 3b7746baaa71 · 2025-10-06T22:48:31.000Z
diff --git a/mmv1/third_party/terraform/services/datalossprevention/resource_data_loss_prevention_discovery_config_sweeper.go b/mmv1/third_party/terraform/services/datalossprevention/resource_data_loss_prevention_discovery_config_sweeper.go
@@ -5,13 +5,15 @@ import (
 	"log"
 	"strings"
 
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
 	"github.com/hashicorp/terraform-provider-google/google/sweeper"
 	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
 )
 
 func init() {
 	sweeper.AddTestSweepersLegacy("DataLossPreventionDiscoveryConfig", testSweepDataLossPreventionDiscoveryConfig)
+	sweeper.AddTestSweepersLegacy("DataLossPreventionDiscoveryConfigOrgScope", testSweepDataLossPreventionDiscoveryConfigOrgScope)
 }
 
 // At the time of writing, the CI only passes us-central1 as the region
@@ -104,3 +106,97 @@ func testSweepDataLossPreventionDiscoveryConfig(region string) error {
 	}
 	return nil
 }
+
+// At the time of writing, the CI only passes us-central1 as the region
+func testSweepDataLossPreventionDiscoveryConfigOrgScope(region string) error {
+	resourceName := "DataLossPreventionDiscoveryConfig"
+	log.Printf("[INFO][SWEEPER_LOG] Starting sweeper for org-scope %s", resourceName)
+
+	config, err := sweeper.SharedConfigForRegion(region)
+	if err != nil {
+		log.Printf("[INFO][SWEEPER_LOG] error getting shared config for region: %s", err)
+		return err
+	}
+
+	err = config.LoadAndValidate(context.Background())
+	if err != nil {
+		log.Printf("[INFO][SWEEPER_LOG] error loading: %s", err)
+		return err
+	}
+
+	// Setup variables to replace in list template
+	testOrg := envvar.GetTestOrgFromEnv(nil)
+	if testOrg == "" {
+		log.Printf("test org not set for test environment, skip sweep")
+		return nil
+	}
+	d := &tpgresource.ResourceDataMock{
+		FieldsInSchema: map[string]interface{}{
+			"org":      testOrg,
+			"region":   region,
+			"location": region,
+			"zone":     "-",
+		},
+	}
+
+	listTemplate := strings.Split("https://dlp.googleapis.com/v2/organizations/{{org}}/locations/{{location}}/discoveryConfigs", "?")[0]
+	listUrl, err := tpgresource.ReplaceVars(d, config, listTemplate)
+	if err != nil {
+		log.Printf("[INFO][SWEEPER_LOG] error preparing sweeper list url: %s", err)
+		return nil
+	}
+
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "GET",
+		RawURL:    listUrl,
+		UserAgent: config.UserAgent,
+	})
+	if err != nil {
+		log.Printf("[INFO][SWEEPER_LOG] Error in response from request %s: %s", listUrl, err)
+		return nil
+	}
+
+	resourceList, ok := res["discoveryConfigs"]
+	if !ok {
+		log.Printf("[INFO][SWEEPER_LOG] Nothing found in response.")
+		return nil
+	}
+
+	rl := resourceList.([]interface{})
+
+	log.Printf("[INFO][SWEEPER_LOG] Found %d items in %s list response.", len(rl), resourceName)
+	for _, ri := range rl {
+		obj := ri.(map[string]interface{})
+		if obj["name"] == nil {
+			log.Printf("[INFO][SWEEPER_LOG] %s resource name was nil", resourceName)
+			return nil
+		}
+
+		// Note that we do not check for a sweepable prefix here.
+		// We can have at most 1 DiscoveryConfig for a storage type in the same project/location, so ensure we delete everything.
+		name := tpgresource.GetResourceNameFromSelfLink(obj["name"].(string))
+
+		deleteTemplate := "https://dlp.googleapis.com/v2/organizations/{{org}}/locations/{{location}}/discoveryConfigs/{{name}}"
+		deleteUrl, err := tpgresource.ReplaceVars(d, config, deleteTemplate)
+		if err != nil {
+			log.Printf("[INFO][SWEEPER_LOG] error preparing delete url: %s", err)
+			return nil
+		}
+		deleteUrl = deleteUrl + name
+
+		// Don't wait on operations as we may have a lot to delete
+		_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+			Config:    config,
+			Method:    "DELETE",
+			RawURL:    deleteUrl,
+			UserAgent: config.UserAgent,
+		})
+		if err != nil {
+			log.Printf("[INFO][SWEEPER_LOG] Error deleting for url %s : %s", deleteUrl, err)
+		} else {
+			log.Printf("[INFO][SWEEPER_LOG] Sent delete request for %s resource: %s", resourceName, name)
+		}
+	}
+	return nil
+}
