Add mode, inline cert iss & trust config to workload identity pool (#13814) (#3894)

[upstream:1ffca3b72196be5cee231a0930532f2fa4a30ab5]

Signed-off-by: Modular Magician <magic-modules@google.com>

Author: modular-magician

tfplan2cai/converters/google/resources/resource_converters.go

@@ -54,6 +54,7 @@ import (
 	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/gkehub"
 	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/gkehub2"
 	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/healthcare"
+	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/iambeta"
 	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/iap"
 	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/kms"
 	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/logging"
@@ -366,6 +367,9 @@ func ResourceConverters() map[string][]cai.ResourceConverter {
 		"google_healthcare_consent_store_iam_policy":                    {healthcare.ResourceConverterHealthcareConsentStoreIamPolicy()},
 		"google_healthcare_consent_store_iam_binding":                   {healthcare.ResourceConverterHealthcareConsentStoreIamBinding()},
 		"google_healthcare_consent_store_iam_member":                    {healthcare.ResourceConverterHealthcareConsentStoreIamMember()},
+		"google_iam_workload_identity_pool_iam_policy":                  {iambeta.ResourceConverterIAMBetaWorkloadIdentityPoolIamPolicy()},
+		"google_iam_workload_identity_pool_iam_binding":                 {iambeta.ResourceConverterIAMBetaWorkloadIdentityPoolIamBinding()},
+		"google_iam_workload_identity_pool_iam_member":                  {iambeta.ResourceConverterIAMBetaWorkloadIdentityPoolIamMember()},
 		"google_iap_tunnel_iam_policy":                                  {iap.ResourceConverterIapTunnelIamPolicy()},
 		"google_iap_tunnel_iam_binding":                                 {iap.ResourceConverterIapTunnelIamBinding()},
 		"google_iap_tunnel_iam_member":                                  {iap.ResourceConverterIapTunnelIamMember()},

tfplan2cai/converters/google/resources/services/iambeta/iam_iambeta_workload_identity_pool.go

@@ -0,0 +1,225 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This code is generated by Magic Modules using the following:
+//
+//     Configuration: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iambeta/WorkloadIdentityPool.yaml
+//     Template:      https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/iam_policy.go.tmpl
+//
+//     DO NOT EDIT this file directly. Any changes made to this file will be
+//     overwritten during the next generation cycle.
+//
+// ----------------------------------------------------------------------------
+
+package iambeta
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"google.golang.org/api/cloudresourcemanager/v1"
+
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgiamresource"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+var IAMBetaWorkloadIdentityPoolIamSchema = map[string]*schema.Schema{
+	"project": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"workload_identity_pool_id": {
+		Type:             schema.TypeString,
+		Required:         true,
+		ForceNew:         true,
+		DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+	},
+}
+
+type IAMBetaWorkloadIdentityPoolIamUpdater struct {
+	project                string
+	workloadIdentityPoolId string
+	d                      tpgresource.TerraformResourceData
+	Config                 *transport_tpg.Config
+}
+
+func IAMBetaWorkloadIdentityPoolIamUpdaterProducer(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (tpgiamresource.ResourceIamUpdater, error) {
+	values := make(map[string]string)
+
+	project, _ := tpgresource.GetProject(d, config)
+	if project != "" {
+		if err := d.Set("project", project); err != nil {
+			return nil, fmt.Errorf("Error setting project: %s", err)
+		}
+	}
+	values["project"] = project
+	if v, ok := d.GetOk("workload_identity_pool_id"); ok {
+		values["workload_identity_pool_id"] = v.(string)
+	}
+
+	// We may have gotten either a long or short name, so attempt to parse long name if possible
+	m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/global/workloadIdentityPools/(?P<workload_identity_pool_id>[^/]+)", "(?P<project>[^/]+)/(?P<workload_identity_pool_id>[^/]+)", "(?P<workload_identity_pool_id>[^/]+)"}, d, config, d.Get("workload_identity_pool_id").(string))
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &IAMBetaWorkloadIdentityPoolIamUpdater{
+		project:                values["project"],
+		workloadIdentityPoolId: values["workload_identity_pool_id"],
+		d:                      d,
+		Config:                 config,
+	}
+
+	if err := d.Set("project", u.project); err != nil {
+		return nil, fmt.Errorf("Error setting project: %s", err)
+	}
+	if err := d.Set("workload_identity_pool_id", u.GetResourceId()); err != nil {
+		return nil, fmt.Errorf("Error setting workload_identity_pool_id: %s", err)
+	}
+
+	return u, nil
+}
+
+func IAMBetaWorkloadIdentityPoolIdParseFunc(d *schema.ResourceData, config *transport_tpg.Config) error {
+	values := make(map[string]string)
+
+	project, _ := tpgresource.GetProject(d, config)
+	if project != "" {
+		values["project"] = project
+	}
+
+	m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/global/workloadIdentityPools/(?P<workload_identity_pool_id>[^/]+)", "(?P<project>[^/]+)/(?P<workload_identity_pool_id>[^/]+)", "(?P<workload_identity_pool_id>[^/]+)"}, d, config, d.Id())
+	if err != nil {
+		return err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &IAMBetaWorkloadIdentityPoolIamUpdater{
+		project:                values["project"],
+		workloadIdentityPoolId: values["workload_identity_pool_id"],
+		d:                      d,
+		Config:                 config,
+	}
+	if err := d.Set("workload_identity_pool_id", u.GetResourceId()); err != nil {
+		return fmt.Errorf("Error setting workload_identity_pool_id: %s", err)
+	}
+	d.SetId(u.GetResourceId())
+	return nil
+}
+
+func (u *IAMBetaWorkloadIdentityPoolIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
+	url, err := u.qualifyWorkloadIdentityPoolUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
+
+	project, err := tpgresource.GetProject(u.d, u.Config)
+	if err != nil {
+		return nil, err
+	}
+	var obj map[string]interface{}
+	obj = map[string]interface{}{
+		"options": map[string]interface{}{
+			"requestedPolicyVersion": tpgiamresource.IamPolicyVersion,
+		},
+	}
+
+	userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent)
+	if err != nil {
+		return nil, err
+	}
+
+	policy, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    u.Config,
+		Method:    "POST",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+	})
+	if err != nil {
+		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	out := &cloudresourcemanager.Policy{}
+	err = tpgresource.Convert(policy, out)
+	if err != nil {
+		return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err)
+	}
+
+	return out, nil
+}
+
+func (u *IAMBetaWorkloadIdentityPoolIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
+	json, err := tpgresource.ConvertToMap(policy)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	obj["policy"] = json
+
+	url, err := u.qualifyWorkloadIdentityPoolUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
+	project, err := tpgresource.GetProject(u.d, u.Config)
+	if err != nil {
+		return err
+	}
+
+	userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    u.Config,
+		Method:    "POST",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   u.d.Timeout(schema.TimeoutCreate),
+	})
+	if err != nil {
+		return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	return nil
+}
+
+func (u *IAMBetaWorkloadIdentityPoolIamUpdater) qualifyWorkloadIdentityPoolUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{IAMBetaBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/global/workloadIdentityPools/%s", u.project, u.workloadIdentityPoolId), methodIdentifier)
+	url, err := tpgresource.ReplaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
+}
+
+func (u *IAMBetaWorkloadIdentityPoolIamUpdater) GetResourceId() string {
+	return fmt.Sprintf("projects/%s/locations/global/workloadIdentityPools/%s", u.project, u.workloadIdentityPoolId)
+}
+
+func (u *IAMBetaWorkloadIdentityPoolIamUpdater) GetMutexKey() string {
+	return fmt.Sprintf("iam-iambeta-workloadidentitypool-%s", u.GetResourceId())
+}
+
+func (u *IAMBetaWorkloadIdentityPoolIamUpdater) DescribeResource() string {
+	return fmt.Sprintf("iambeta workloadidentitypool %q", u.GetResourceId())
+}