Update Test Generation: IAM (#15657)

Co-authored-by: Stephen Lewis (Burrows) <[email protected]>

Author: shuyama1

mmv1/api/resource.go

@@ -1696,6 +1696,22 @@ func (r Resource) ExamplePrimaryResourceId() string {
 	return examples[0].PrimaryResourceId
 }
 
+func (r Resource) SamplePrimaryResourceId() string {
+	samples := google.Reject(r.Samples, func(s *resource.Sample) bool {
+		return s.ExcludeTest
+	})
+	samples = google.Reject(samples, func(s *resource.Sample) bool {
+		return (r.ProductMetadata.VersionObjOrClosest(r.TargetVersionName).CompareTo(r.ProductMetadata.VersionObjOrClosest(s.MinVersion)) < 0)
+	})
+
+	if len(samples) == 0 {
+		samples = google.Reject(r.Samples, func(s *resource.Sample) bool {
+			return (r.ProductMetadata.VersionObjOrClosest(r.TargetVersionName).CompareTo(r.ProductMetadata.VersionObjOrClosest(s.MinVersion)) < 0)
+		})
+	}
+	return samples[0].PrimaryResourceId
+}
+
 func (r Resource) IamParentSourceType() string {
 	t := r.IamPolicy.ParentResourceType
 	if t == "" {
@@ -1765,6 +1781,53 @@ func (r Resource) IamImportQualifiersForTest() string {
 	return strings.Join(importQualifiers, ", ")
 }
 
+func (r Resource) IamImportQualifiersForTestSample() string {
+	var importFormat string
+	if len(r.IamPolicy.ImportFormat) > 0 {
+		importFormat = r.IamPolicy.ImportFormat[0]
+	} else {
+		importFormat = r.IamPolicy.SelfLink
+		if importFormat == "" {
+			importFormat = r.SelfLinkUrl()
+		}
+	}
+
+	params := r.ExtractIdentifiers(importFormat)
+	var importQualifiers []string
+	for i, param := range params {
+		if param == "project" {
+			if i != len(params)-1 {
+				// If the last parameter is project then we want to create a new project to use for the test, so don't default from the environment
+				if r.IamPolicy.TestProjectName == "" {
+					importQualifiers = append(importQualifiers, "envvar.GetTestProjectFromEnv()")
+				} else {
+					importQualifiers = append(importQualifiers, `context["project_id"]`)
+				}
+			}
+		} else if param == "zone" && r.IamPolicy.SubstituteZoneValue {
+			importQualifiers = append(importQualifiers, "envvar.GetTestZoneFromEnv()")
+		} else if param == "region" || param == "location" {
+			testConfig := r.FirstTestConfig()
+			sample := testConfig.Sample
+			if sample.RegionOverride == "" {
+				importQualifiers = append(importQualifiers, "envvar.GetTestRegionFromEnv()")
+			} else {
+				importQualifiers = append(importQualifiers, fmt.Sprintf("\"%s\"", sample.RegionOverride))
+			}
+		} else if param == "universe_domain" {
+			importQualifiers = append(importQualifiers, "envvar.GetTestUniverseDomainFromEnv()")
+		} else {
+			break
+		}
+	}
+
+	if len(importQualifiers) == 0 {
+		return ""
+	}
+
+	return strings.Join(importQualifiers, ", ")
+}
+
 func (r Resource) OrderProperties(props []*Type) []*Type {
 	req := google.Select(props, func(p *Type) bool {
 		return p.Required

mmv1/api/resource/iam_policy.go

@@ -90,6 +90,8 @@ type IamPolicy struct {
 	// config with the test/example attributes of the IAM resource.
 	ExampleConfigBody string `yaml:"example_config_body,omitempty"`
 
+	SampleConfigBody string `yaml:"sample_config_body"`
+
 	// How the API supports IAM conditions
 	IamConditionsRequestType string `yaml:"iam_conditions_request_type,omitempty"`
 
@@ -130,7 +132,6 @@ func (p *IamPolicy) UnmarshalYAML(value *yaml.Node) error {
 	p.WrappedPolicyObj = true
 	p.AllowedIamRole = "roles/viewer"
 	p.ParentResourceAttribute = "id"
-	p.ExampleConfigBody = "templates/terraform/iam/iam_attributes.go.tmpl"
 	p.SubstituteZoneValue = true
 
 	type iamPolicyAlias IamPolicy

mmv1/provider/template_data.go

@@ -254,8 +254,18 @@ func (td *TemplateData) GenerateIamDatasourceDocumentationFile(filePath string,
 	td.GenerateFile(filePath, templatePath, resource, false, templates...)
 }
 
-func (td *TemplateData) GenerateIamPolicyTestFile(filePath string, resource api.Resource) {
+func (td *TemplateData) GenerateIamPolicyTestFileLegacy(filePath string, resource api.Resource) {
 	templatePath := "templates/terraform/examples/base_configs/iam_test_file.go.tmpl"
+	templates := []string{
+		templatePath,
+		"templates/terraform/env_var_context.go.tmpl",
+		"templates/terraform/iam/iam_test_setup_legacy.go.tmpl",
+	}
+	td.GenerateFile(filePath, templatePath, resource, true, templates...)
+}
+
+func (td *TemplateData) GenerateIamPolicyTestFile(filePath string, resource api.Resource) {
+	templatePath := "templates/terraform/samples/base_configs/iam_test_file.go.tmpl"
 	templates := []string{
 		templatePath,
 		"templates/terraform/env_var_context.go.tmpl",

mmv1/provider/terraform.go

@@ -326,7 +326,10 @@ func (t *Terraform) GenerateOperation(outputFolder string) {
 
 // Generate the IAM policy for this object. This is used to query and test
 // IAM policies separately from the resource itself
-func (t *Terraform) GenerateIamPolicy(object api.Resource, templateData TemplateData, outputFolder string, generateCode, generateDocs bool) {
+func (t *Terraform) GenerateIamPolicyLegacy(object api.Resource, templateData TemplateData, outputFolder string, generateCode, generateDocs bool) {
+	if object.IamPolicy.ExampleConfigBody == "" {
+		object.IamPolicy.ExampleConfigBody = "templates/terraform/iam/iam_attributes_legacy.go.tmpl"
+	}
 	if generateCode && object.IamPolicy != nil && (object.IamPolicy.MinVersion == "" || slices.Index(product.ORDER, object.IamPolicy.MinVersion) <= slices.Index(product.ORDER, t.TargetVersionName)) {
 		productName := t.Product.ApiName
 		targetFolder := path.Join(outputFolder, t.FolderName(), "services", productName)
@@ -341,6 +344,42 @@ func (t *Terraform) GenerateIamPolicy(object api.Resource, templateData Template
 			return e.ExcludeTest
 		})
 		if len(examples) != 0 {
+			targetFilePath := path.Join(targetFolder, fmt.Sprintf("iam_%s_generated_test.go", t.ResourceGoFilename(object)))
+			templateData.GenerateIamPolicyTestFileLegacy(targetFilePath, object)
+		}
+	}
+	if generateDocs {
+		t.GenerateIamDocumentation(object, templateData, outputFolder, generateCode, generateDocs)
+	}
+}
+
+func (t *Terraform) GenerateIamPolicy(object api.Resource, templateData TemplateData, outputFolder string, generateCode, generateDocs bool) {
+	if object.Samples != nil && object.Examples != nil {
+		log.Fatalf("Both Samples and Examples block exist in %v", object.Name)
+	}
+	if object.Examples != nil {
+		t.GenerateIamPolicyLegacy(object, templateData, outputFolder, generateCode, generateDocs)
+		return
+	}
+
+	if object.IamPolicy.SampleConfigBody == "" {
+		object.IamPolicy.SampleConfigBody = "templates/terraform/iam/iam_attributes.go.tmpl"
+	}
+
+	if generateCode && object.IamPolicy != nil && (object.IamPolicy.MinVersion == "" || slices.Index(product.ORDER, object.IamPolicy.MinVersion) <= slices.Index(product.ORDER, t.TargetVersionName)) {
+		productName := t.Product.ApiName
+		targetFolder := path.Join(outputFolder, t.FolderName(), "services", productName)
+		if err := os.MkdirAll(targetFolder, os.ModePerm); err != nil {
+			log.Println(fmt.Errorf("error creating parent directory %v: %v", targetFolder, err))
+		}
+		targetFilePath := path.Join(targetFolder, fmt.Sprintf("iam_%s.go", t.ResourceGoFilename(object)))
+		templateData.GenerateIamPolicyFile(targetFilePath, object)
+
+		// Only generate test if testable example configs exist.
+		samples := google.Reject(object.Samples, func(s *resource.Sample) bool {
+			return s.ExcludeTest
+		})
+		if len(samples) != 0 {
 			targetFilePath := path.Join(targetFolder, fmt.Sprintf("iam_%s_generated_test.go", t.ResourceGoFilename(object)))
 			templateData.GenerateIamPolicyTestFile(targetFilePath, object)
 		}

mmv1/templates/terraform/datasource_iam.html.markdown.tmpl

@@ -62,7 +62,13 @@ data "{{ $.IamTerraformName }}_policy" "policy" {
 {{- if eq $.MinVersionObj.Name "beta" }}
   provider = google-beta
 {{- end }}
+{{- if $.IamPolicy.ExampleConfigBody}}
 {{- $.CustomTemplate $.IamPolicy.ExampleConfigBody false }}
+{{- end }}
+
+{{- if $.IamPolicy.SampleConfigBody}}
+{{- $.CustomTemplate $.IamPolicy.SampleConfigBody false }}
+{{- end }}
 }
 ```
 

mmv1/templates/terraform/iam/iam_attributes.go.tmpl

@@ -1,5 +1,5 @@
-{{- $primaryResourceId := $.ExamplePrimaryResourceId }}
+{{- $primaryResourceId := $.SamplePrimaryResourceId }}
 {{- $ids := $.IamSelfLinkIdentifiers }}
 {{- range $i, $attribute := $.IamAttributes}}
   {{ $attribute }} = {{ $.IamParentSourceType }}.{{ $primaryResourceId }}.{{ underscore (index $ids $i)}}
-{{- end }}
+{{- end }}

mmv1/templates/terraform/iam/iam_attributes_legacy.go.tmpl

@@ -0,0 +1,5 @@
+{{- $primaryResourceId := $.ExamplePrimaryResourceId }}
+{{- $ids := $.IamSelfLinkIdentifiers }}
+{{- range $i, $attribute := $.IamAttributes}}
+  {{ $attribute }} = {{ $.IamParentSourceType }}.{{ $primaryResourceId }}.{{ underscore (index $ids $i)}}
+{{- end }}

mmv1/templates/terraform/iam/iam_test_setup.go.tmpl

@@ -1,7 +1,10 @@
-{{- define "IamTestSetup" }}
-{{- if $.FirstTestExample.BootstrapIam }}
+{{- define "IamTestSetupSample" }}
+{{ $config := $.FirstTestConfig }}
+{{ $sample := $config.Sample }}
+{{ $step := $config.Step }}
+{{- if $sample.BootstrapIam }}
 	acctest.BootstrapIamMembers(t, []acctest.IamMember{
-{{- range $iam := $.FirstTestExample.BootstrapIam }}
+{{- range $iam := $sample.BootstrapIam }}
 		{
 			Member: "{{$iam.Member}}",
 			Role:   "{{$iam.Role}}",
@@ -18,9 +21,9 @@
 {{- if $.IamPolicy.TestProjectName }}
 		"project_id" :   fmt.Sprintf("{{ $.IamPolicy.TestProjectName }}%s", acctest.RandString(t, 10)),
 {{- end }}
-{{- template "EnvVarContext" dict "TestEnvVars" $.FirstTestExample.TestEnvVars "HasNewLine" true}}
-{{- if $.FirstTestExample.TestVarsOverrides }}
-{{-    range $varName, $override := $.FirstTestExample.TestVarsOverrides }}
+{{- template "EnvVarContext" dict "TestEnvVars" $step.TestEnvVars "HasNewLine" true}}
+{{- if $step.TestVarsOverrides }}
+{{-    range $varName, $override := $step.TestVarsOverrides }}
 		"{{ $varName }}": {{ $override }},
 {{-   end }}
 {{- end }}

mmv1/templates/terraform/iam/iam_test_setup_legacy.go.tmpl

@@ -0,0 +1,35 @@
+{{- define "IamTestSetup" }}
+{{- if $.FirstTestExample.BootstrapIam }}
+	acctest.BootstrapIamMembers(t, []acctest.IamMember{
+{{- range $iam := $.FirstTestExample.BootstrapIam }}
+		{
+			Member: "{{$iam.Member}}",
+			Role:   "{{$iam.Role}}",
+		},
+{{- end}}
+	})
+{{- end }}
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+		"role":          "{{ $.IamPolicy.AllowedIamRole }}",
+{{- if $.IamPolicy.AdminIamRole }}
+		"admin_role":    "{{ $.IamPolicy.AdminIamRole }}",
+{{- end }}
+{{- if $.IamPolicy.TestProjectName }}
+		"project_id" :   fmt.Sprintf("{{ $.IamPolicy.TestProjectName }}%s", acctest.RandString(t, 10)),
+{{- end }}
+{{- template "EnvVarContext" dict "TestEnvVars" $.FirstTestExample.TestEnvVars "HasNewLine" true}}
+{{- if $.FirstTestExample.TestVarsOverrides }}
+{{-    range $varName, $override := $.FirstTestExample.TestVarsOverrides }}
+		"{{ $varName }}": {{ $override }},
+{{-   end }}
+{{- end }}
+{{- if $.IamPolicy.IamConditionsRequestType }}
+		"condition_title": "expires_after_2019_12_31",
+		"condition_expr": `request.time < timestamp(\"2020-01-01T00:00:00Z\")`,
+		"condition_desc":  "Expiring at midnight of 2019-12-31",
+		"condition_title_no_desc": "expires_after_2019_12_31-no-description",
+		"condition_expr_no_desc": `request.time < timestamp(\"2020-01-01T00:00:00Z\")`,
+{{- end }}
+	}
+{{- end }}

mmv1/templates/terraform/resource_iam.html.markdown.tmpl

@@ -86,7 +86,13 @@ resource "{{ $.IamTerraformName }}_policy" "policy" {
 {{- if eq $.MinVersionObj.Name "beta" }}
   provider = google-beta
 {{- end }}
+{{- if $.IamPolicy.ExampleConfigBody}}
 {{- $.CustomTemplate $.IamPolicy.ExampleConfigBody false }}
+{{- end }}
+
+{{- if $.IamPolicy.SampleConfigBody}}
+{{- $.CustomTemplate $.IamPolicy.SampleConfigBody false }}
+{{- end }}
   policy_data = data.google_iam_policy.admin.policy_data
 }
 ```
@@ -116,7 +122,13 @@ resource "{{ $.IamTerraformName }}_policy" "policy" {
 {{- if eq $.MinVersionObj.Name "beta" }}
   provider = google-beta
 {{- end }}
+{{- if $.IamPolicy.ExampleConfigBody}}
 {{- $.CustomTemplate $.IamPolicy.ExampleConfigBody false }}
+{{- end }}
+
+{{- if $.IamPolicy.SampleConfigBody}}
+{{- $.CustomTemplate $.IamPolicy.SampleConfigBody false }}
+{{- end }}
   policy_data = data.google_iam_policy.admin.policy_data
 }
 ```
@@ -128,7 +140,13 @@ resource "{{ $.IamTerraformName }}_binding" "binding" {
 {{- if eq $.MinVersionObj.Name "beta" }}
   provider = google-beta
 {{- end }}
+{{- if $.IamPolicy.ExampleConfigBody}}
 {{- $.CustomTemplate $.IamPolicy.ExampleConfigBody false }}
+{{- end }}
+
+{{- if $.IamPolicy.SampleConfigBody}}
+{{- $.CustomTemplate $.IamPolicy.SampleConfigBody false }}
+{{- end }}
   role = "{{if $.IamPolicy.AdminIamRole}}{{$.IamPolicy.AdminIamRole }}{{else}}{{$.IamPolicy.AllowedIamRole}}{{end}}"
   members = [
     "user:[email protected]",
@@ -143,7 +161,13 @@ resource "{{ $.IamTerraformName }}_binding" "binding" {
 {{- if eq $.MinVersionObj.Name "beta" }}
   provider = google-beta
 {{- end }}
+{{- if $.IamPolicy.ExampleConfigBody}}
 {{- $.CustomTemplate $.IamPolicy.ExampleConfigBody false }}
+{{- end }}
+
+{{- if $.IamPolicy.SampleConfigBody}}
+{{- $.CustomTemplate $.IamPolicy.SampleConfigBody false }}
+{{- end }}
   role = "{{if $.IamPolicy.AdminIamRole}}{{$.IamPolicy.AdminIamRole }}{{else}}{{$.IamPolicy.AllowedIamRole}}{{end}}"
   members = [
     "user:[email protected]",
@@ -164,7 +188,13 @@ resource "{{ $.IamTerraformName }}_member" "member" {
 {{- if eq $.MinVersionObj.Name "beta" }}
   provider = google-beta
 {{- end }}
+{{- if $.IamPolicy.ExampleConfigBody}}
 {{- $.CustomTemplate $.IamPolicy.ExampleConfigBody false }}
+{{- end }}
+
+{{- if $.IamPolicy.SampleConfigBody}}
+{{- $.CustomTemplate $.IamPolicy.SampleConfigBody false }}
+{{- end }}
   role = "{{if $.IamPolicy.AdminIamRole}}{{$.IamPolicy.AdminIamRole }}{{else}}{{$.IamPolicy.AllowedIamRole}}{{end}}"
   member = "user:[email protected]"
 }
@@ -177,7 +207,13 @@ resource "{{ $.IamTerraformName }}_member" "member" {
 {{- if eq $.MinVersionObj.Name "beta" }}
   provider = google-beta
 {{- end }}
+{{- if $.IamPolicy.ExampleConfigBody}}
 {{- $.CustomTemplate $.IamPolicy.ExampleConfigBody false }}
+{{- end }}
+
+{{- if $.IamPolicy.SampleConfigBody}}
+{{- $.CustomTemplate $.IamPolicy.SampleConfigBody false }}
+{{- end }}
   role = "{{if $.IamPolicy.AdminIamRole}}{{$.IamPolicy.AdminIamRole}}{{else}}{{$.IamPolicy.AllowedIamRole}}{{end}}"
   member = "user:[email protected]"