feat: implementation for iam resources on google_iam_workforce_pool

[ramonvermeulen]

Closes hashicorp/terraform-provider-google#22589

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

`google_iam_workforce_pool_iam_member`

`google_iam_workforce_pool_iam_policy`

`google_iam_workforce_pool_iam_binding`

[ramonvermeulen]

I put exclude_test: true and implemented custom iam tests because the generated test gave me an error.
Would love to hear if there is a better way to solve this.

Some background:

When I do not set exclude_test: true the generated code gives an error on a generated line that uses IamImportQualifiersForTest:

magic-modules/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl

Line 46 in aee304c

ImportStateId: fmt.Sprintf("{{ $.IamImportFormat }} {{ $.IamPolicy.AllowedIamRole }}", {{ if ne $.IamImportQualifiersForTest "" }}{{ $.IamImportQualifiersForTest }}, {{ end }}{{ $example.PrimaryResourceName }}),

Because the format string contains two times %s (for location and workforce_pool_id, based on the configured import_format) but only one argument is provided.

magic-modules/mmv1/api/resource.go

Line 1480 in aee304c

func (r Resource) IamImportQualifiersForTest() string {

When I look into this method, it only has if branches for specific keys, such as:

project
zone
region
location
universe_domain

A fix could be to add another if branch, or in the final else append importQualifiers with context["%s"] and inject the param via a format string:

else if param == "workforce_pool_id" {
    importQualifiers = append(importQualifiers, `context["workforce_pool_id"]`)
}

However, I don't know the background of this code well enough, so I don't know what is desired here. Would love to open the discussion and/or get some guidance on this!

[ramonvermeulen]

Another thing, while implementing I ran into another issue. The API seems to give 500s when trying to set the IAM policy on the resource (get the same error when I try this directly via the endpoint).

POST /v1/locations/global/workforcePools/my-test-pool:setIamPolicy?alt=json HTTP/1.1

Body:

{
  "policy": {
    "bindings": [
      {
        "members": [
          "user:[email protected]"
        ],
        "role": "roles/iam.workforcePoolAdmin"
      }
    ],
    "etag": "BwY0e7cRtGo=",
    "version": 2
  }
}

Response:

{
  "error": {
    "code": 500,
    "message": "Internal error encountered.",
    "status": "INTERNAL"
  }
}

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@SirGitsalot, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 7 files changed, 682 insertions(+), 155 deletions(-))
google-beta provider: Diff ( 7 files changed, 682 insertions(+), 155 deletions(-))
terraform-google-conversion: Diff ( 3 files changed, 345 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_iam_workforce_pool_iam_binding (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_binding" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Resource: google_iam_workforce_pool_iam_member (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_member" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Missing doc report (experimental)

The following resources have fields missing in documents.

• google_iam_workforce_pool_iam_binding
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]
• google_iam_workforce_pool_iam_member
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]
• google_iam_workforce_pool_iam_policy
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]

[modular-magician]

Tests analytics

Total tests: 20
Passed tests: 17
Skipped tests: 0
Affected tests: 3

Click here to see the affected service packages

• iamworkforcepool

Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccIAMWorkforcePoolIamBinding
• TestAccIAMWorkforcePoolIamMember
• TestAccIAMWorkforcePoolIamPolicy

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccIAMWorkforcePoolIamBinding [Debug log]
TestAccIAMWorkforcePoolIamMember [Debug log]
TestAccIAMWorkforcePoolIamPolicy [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 651 insertions(+), 6 deletions(-))
google-beta provider: Diff ( 6 files changed, 651 insertions(+), 6 deletions(-))
terraform-google-conversion: Diff ( 3 files changed, 345 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_iam_workforce_pool_iam_binding (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_binding" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Resource: google_iam_workforce_pool_iam_member (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_member" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Missing doc report (experimental)

The following resources have fields missing in documents.

• google_iam_workforce_pool_iam_binding
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]
• google_iam_workforce_pool_iam_member
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]
• google_iam_workforce_pool_iam_policy
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]

[modular-magician]

Tests analytics

Total tests: 22
Passed tests: 19
Skipped tests: 0
Affected tests: 3

Click here to see the affected service packages

• iamworkforcepool

Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccIAMWorkforcePoolWorkforcePoolIamBindingGenerated
• TestAccIAMWorkforcePoolWorkforcePoolIamMemberGenerated
• TestAccIAMWorkforcePoolWorkforcePoolIamPolicyGenerated

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccIAMWorkforcePoolWorkforcePoolIamBindingGenerated [Error message] [Debug log]
TestAccIAMWorkforcePoolWorkforcePoolIamMemberGenerated [Error message] [Debug log]
TestAccIAMWorkforcePoolWorkforcePoolIamPolicyGenerated [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[github-actions]

@BBBmau This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 651 insertions(+), 6 deletions(-))
google-beta provider: Diff ( 6 files changed, 651 insertions(+), 6 deletions(-))
terraform-google-conversion: Diff ( 3 files changed, 345 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_iam_workforce_pool_iam_binding (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_binding" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Resource: google_iam_workforce_pool_iam_member (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_member" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Missing doc report (experimental)

The following resources have fields missing in documents.

• google_iam_workforce_pool_iam_binding
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]
• google_iam_workforce_pool_iam_member
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]
• google_iam_workforce_pool_iam_policy
  • Expected Document Path: /website/docs/r/iam_workforce_pool_iam.html.markdown
  • Fields: [workforce_pool_id]

[modular-magician]

Tests analytics

Total tests: 22
Passed tests: 19
Skipped tests: 0
Affected tests: 3

Click here to see the affected service packages

• iamworkforcepool

Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccIAMWorkforcePoolWorkforcePoolIamBindingGenerated
• TestAccIAMWorkforcePoolWorkforcePoolIamMemberGenerated
• TestAccIAMWorkforcePoolWorkforcePoolIamPolicyGenerated

Get to know how VCR tests work

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 663 insertions(+), 6 deletions(-))
google-beta provider: Diff ( 6 files changed, 663 insertions(+), 6 deletions(-))
terraform-google-conversion: Diff ( 3 files changed, 345 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_iam_workforce_pool_iam_binding (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_binding" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Resource: google_iam_workforce_pool_iam_member (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_member" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Multiple resources added

This PR adds multiple new resources: google_iam_workforce_pool_iam_binding, google_iam_workforce_pool_iam_member, google_iam_workforce_pool_iam_policy. This makes review significantly more difficult. Please split it into multiple PRs, one per resource.
An override-multiple-resources label can be added to allow merging.

[modular-magician]

Tests analytics

Total tests: 24
Passed tests: 21
Skipped tests: 0
Affected tests: 3

Click here to see the affected service packages

• iamworkforcepool

#### Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccIAMWorkforcePoolWorkforcePoolIamBindingGenerated
• TestAccIAMWorkforcePoolWorkforcePoolIamMemberGenerated
• TestAccIAMWorkforcePoolWorkforcePoolIamPolicyGenerated

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccIAMWorkforcePoolWorkforcePoolIamBindingGenerated [Debug log]
TestAccIAMWorkforcePoolWorkforcePoolIamMemberGenerated [Debug log]
TestAccIAMWorkforcePoolWorkforcePoolIamPolicyGenerated [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

[github-actions]

@SirGitsalot This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[github-actions]

@GoogleCloudPlatform/terraform-team @SirGitsalot This PR has been waiting for review for 1 week. Please take a look! Use the label disable-review-reminders to disable these notifications.

[SirGitsalot]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 663 insertions(+), 6 deletions(-))
google-beta provider: Diff ( 6 files changed, 663 insertions(+), 6 deletions(-))
terraform-google-conversion: Diff ( 3 files changed, 345 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_iam_workforce_pool_iam_binding (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_binding" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Resource: google_iam_workforce_pool_iam_member (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_iam_workforce_pool_iam_member" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Multiple resources added

This PR adds multiple new resources: google_iam_workforce_pool_iam_binding, google_iam_workforce_pool_iam_member, google_iam_workforce_pool_iam_policy. This makes review significantly more difficult. Please split it into multiple PRs, one per resource.
An override-multiple-resources label can be added to allow merging.

[modular-magician]

Tests analytics

Total tests: 24
Passed tests: 24
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

• iamworkforcepool

🟢 All tests passed!

View the build log

[github-actions]

@SirGitsalot This PR is approved and has been waiting for merge for 1 week. Is it ready to merge? Use the label disable-review-reminders to disable these notifications.

[github-actions]

@SirGitsalot This PR is approved and has been waiting for merge for 2 weeks. Is it ready to merge? Use the label disable-review-reminders to disable these notifications.

stale