diff --git a/tfplan2cai/converters/google/resources/resource_converters.go b/tfplan2cai/converters/google/resources/resource_converters.go index 5167bb719d..333ae13a7e 100644 --- a/tfplan2cai/converters/google/resources/resource_converters.go +++ b/tfplan2cai/converters/google/resources/resource_converters.go @@ -54,6 +54,7 @@ import ( "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/gkehub" "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/gkehub2" "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/healthcare" + "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/iambeta" "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/iap" "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/kms" "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/services/logging" @@ -366,6 +367,9 @@ func ResourceConverters() map[string][]cai.ResourceConverter { "google_healthcare_consent_store_iam_policy": {healthcare.ResourceConverterHealthcareConsentStoreIamPolicy()}, "google_healthcare_consent_store_iam_binding": {healthcare.ResourceConverterHealthcareConsentStoreIamBinding()}, "google_healthcare_consent_store_iam_member": {healthcare.ResourceConverterHealthcareConsentStoreIamMember()}, + "google_iam_workload_identity_pool_iam_policy": {iambeta.ResourceConverterIAMBetaWorkloadIdentityPoolIamPolicy()}, + "google_iam_workload_identity_pool_iam_binding": {iambeta.ResourceConverterIAMBetaWorkloadIdentityPoolIamBinding()}, + "google_iam_workload_identity_pool_iam_member": {iambeta.ResourceConverterIAMBetaWorkloadIdentityPoolIamMember()}, "google_iap_tunnel_iam_policy": {iap.ResourceConverterIapTunnelIamPolicy()}, "google_iap_tunnel_iam_binding": {iap.ResourceConverterIapTunnelIamBinding()}, "google_iap_tunnel_iam_member": {iap.ResourceConverterIapTunnelIamMember()}, diff --git a/tfplan2cai/converters/google/resources/services/iambeta/iam_iambeta_workload_identity_pool.go b/tfplan2cai/converters/google/resources/services/iambeta/iam_iambeta_workload_identity_pool.go new file mode 100644 index 0000000000..f3a32521ef --- /dev/null +++ b/tfplan2cai/converters/google/resources/services/iambeta/iam_iambeta_workload_identity_pool.go @@ -0,0 +1,225 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This code is generated by Magic Modules using the following: +// +// Configuration: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iambeta/WorkloadIdentityPool.yaml +// Template: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/iam_policy.go.tmpl +// +// DO NOT EDIT this file directly. Any changes made to this file will be +// overwritten during the next generation cycle. +// +// ---------------------------------------------------------------------------- + +package iambeta + +import ( + "fmt" + + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "google.golang.org/api/cloudresourcemanager/v1" + + "github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgiamresource" + "github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport" +) + +var IAMBetaWorkloadIdentityPoolIamSchema = map[string]*schema.Schema{ + "project": { + Type: schema.TypeString, + Computed: true, + Optional: true, + ForceNew: true, + }, + "workload_identity_pool_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName, + }, +} + +type IAMBetaWorkloadIdentityPoolIamUpdater struct { + project string + workloadIdentityPoolId string + d tpgresource.TerraformResourceData + Config *transport_tpg.Config +} + +func IAMBetaWorkloadIdentityPoolIamUpdaterProducer(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (tpgiamresource.ResourceIamUpdater, error) { + values := make(map[string]string) + + project, _ := tpgresource.GetProject(d, config) + if project != "" { + if err := d.Set("project", project); err != nil { + return nil, fmt.Errorf("Error setting project: %s", err) + } + } + values["project"] = project + if v, ok := d.GetOk("workload_identity_pool_id"); ok { + values["workload_identity_pool_id"] = v.(string) + } + + // We may have gotten either a long or short name, so attempt to parse long name if possible + m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P[^/]+)/locations/global/workloadIdentityPools/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("workload_identity_pool_id").(string)) + if err != nil { + return nil, err + } + + for k, v := range m { + values[k] = v + } + + u := &IAMBetaWorkloadIdentityPoolIamUpdater{ + project: values["project"], + workloadIdentityPoolId: values["workload_identity_pool_id"], + d: d, + Config: config, + } + + if err := d.Set("project", u.project); err != nil { + return nil, fmt.Errorf("Error setting project: %s", err) + } + if err := d.Set("workload_identity_pool_id", u.GetResourceId()); err != nil { + return nil, fmt.Errorf("Error setting workload_identity_pool_id: %s", err) + } + + return u, nil +} + +func IAMBetaWorkloadIdentityPoolIdParseFunc(d *schema.ResourceData, config *transport_tpg.Config) error { + values := make(map[string]string) + + project, _ := tpgresource.GetProject(d, config) + if project != "" { + values["project"] = project + } + + m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P[^/]+)/locations/global/workloadIdentityPools/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Id()) + if err != nil { + return err + } + + for k, v := range m { + values[k] = v + } + + u := &IAMBetaWorkloadIdentityPoolIamUpdater{ + project: values["project"], + workloadIdentityPoolId: values["workload_identity_pool_id"], + d: d, + Config: config, + } + if err := d.Set("workload_identity_pool_id", u.GetResourceId()); err != nil { + return fmt.Errorf("Error setting workload_identity_pool_id: %s", err) + } + d.SetId(u.GetResourceId()) + return nil +} + +func (u *IAMBetaWorkloadIdentityPoolIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) { + url, err := u.qualifyWorkloadIdentityPoolUrl("getIamPolicy") + if err != nil { + return nil, err + } + + project, err := tpgresource.GetProject(u.d, u.Config) + if err != nil { + return nil, err + } + var obj map[string]interface{} + obj = map[string]interface{}{ + "options": map[string]interface{}{ + "requestedPolicyVersion": tpgiamresource.IamPolicyVersion, + }, + } + + userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent) + if err != nil { + return nil, err + } + + policy, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: u.Config, + Method: "POST", + Project: project, + RawURL: url, + UserAgent: userAgent, + Body: obj, + }) + if err != nil { + return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err) + } + + out := &cloudresourcemanager.Policy{} + err = tpgresource.Convert(policy, out) + if err != nil { + return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err) + } + + return out, nil +} + +func (u *IAMBetaWorkloadIdentityPoolIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error { + json, err := tpgresource.ConvertToMap(policy) + if err != nil { + return err + } + + obj := make(map[string]interface{}) + obj["policy"] = json + + url, err := u.qualifyWorkloadIdentityPoolUrl("setIamPolicy") + if err != nil { + return err + } + project, err := tpgresource.GetProject(u.d, u.Config) + if err != nil { + return err + } + + userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent) + if err != nil { + return err + } + + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: u.Config, + Method: "POST", + Project: project, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: u.d.Timeout(schema.TimeoutCreate), + }) + if err != nil { + return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err) + } + + return nil +} + +func (u *IAMBetaWorkloadIdentityPoolIamUpdater) qualifyWorkloadIdentityPoolUrl(methodIdentifier string) (string, error) { + urlTemplate := fmt.Sprintf("{{IAMBetaBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/global/workloadIdentityPools/%s", u.project, u.workloadIdentityPoolId), methodIdentifier) + url, err := tpgresource.ReplaceVars(u.d, u.Config, urlTemplate) + if err != nil { + return "", err + } + return url, nil +} + +func (u *IAMBetaWorkloadIdentityPoolIamUpdater) GetResourceId() string { + return fmt.Sprintf("projects/%s/locations/global/workloadIdentityPools/%s", u.project, u.workloadIdentityPoolId) +} + +func (u *IAMBetaWorkloadIdentityPoolIamUpdater) GetMutexKey() string { + return fmt.Sprintf("iam-iambeta-workloadidentitypool-%s", u.GetResourceId()) +} + +func (u *IAMBetaWorkloadIdentityPoolIamUpdater) DescribeResource() string { + return fmt.Sprintf("iambeta workloadidentitypool %q", u.GetResourceId()) +} diff --git a/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool.go b/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool.go index 1c01be3678..2acb0e48fa 100644 --- a/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool.go +++ b/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool.go @@ -22,6 +22,8 @@ import ( "regexp" "strings" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/cai" "github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport" @@ -105,6 +107,24 @@ func GetIAMBetaWorkloadIdentityPoolApiObject(d tpgresource.TerraformResourceData } else if v, ok := d.GetOkExists("disabled"); !tpgresource.IsEmptyValue(reflect.ValueOf(disabledProp)) && (ok || !reflect.DeepEqual(v, disabledProp)) { obj["disabled"] = disabledProp } + modeProp, err := expandIAMBetaWorkloadIdentityPoolMode(d.Get("mode"), d, config) + if err != nil { + return nil, err + } else if v, ok := d.GetOkExists("mode"); !tpgresource.IsEmptyValue(reflect.ValueOf(modeProp)) && (ok || !reflect.DeepEqual(v, modeProp)) { + obj["mode"] = modeProp + } + inlineCertificateIssuanceConfigProp, err := expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfig(d.Get("inline_certificate_issuance_config"), d, config) + if err != nil { + return nil, err + } else if v, ok := d.GetOkExists("inline_certificate_issuance_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(inlineCertificateIssuanceConfigProp)) && (ok || !reflect.DeepEqual(v, inlineCertificateIssuanceConfigProp)) { + obj["inlineCertificateIssuanceConfig"] = inlineCertificateIssuanceConfigProp + } + inlineTrustConfigProp, err := expandIAMBetaWorkloadIdentityPoolInlineTrustConfig(d.Get("inline_trust_config"), d, config) + if err != nil { + return nil, err + } else if v, ok := d.GetOkExists("inline_trust_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(inlineTrustConfigProp)) && (ok || !reflect.DeepEqual(v, inlineTrustConfigProp)) { + obj["inlineTrustConfig"] = inlineTrustConfigProp + } return obj, nil } @@ -120,3 +140,140 @@ func expandIAMBetaWorkloadIdentityPoolDescription(v interface{}, d tpgresource.T func expandIAMBetaWorkloadIdentityPoolDisabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { return v, nil } + +func expandIAMBetaWorkloadIdentityPoolMode(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedCaPools, err := expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigCaPools(original["ca_pools"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedCaPools); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["caPools"] = transformedCaPools + } + + transformedLifetime, err := expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigLifetime(original["lifetime"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedLifetime); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["lifetime"] = transformedLifetime + } + + transformedRotationWindowPercentage, err := expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigRotationWindowPercentage(original["rotation_window_percentage"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedRotationWindowPercentage); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["rotationWindowPercentage"] = transformedRotationWindowPercentage + } + + transformedKeyAlgorithm, err := expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigKeyAlgorithm(original["key_algorithm"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedKeyAlgorithm); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["keyAlgorithm"] = transformedKeyAlgorithm + } + + return transformed, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigCaPools(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) { + if v == nil { + return map[string]string{}, nil + } + m := make(map[string]string) + for k, val := range v.(map[string]interface{}) { + m[k] = val.(string) + } + return m, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigLifetime(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigRotationWindowPercentage(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineCertificateIssuanceConfigKeyAlgorithm(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineTrustConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedAdditionalTrustBundles, err := expandIAMBetaWorkloadIdentityPoolInlineTrustConfigAdditionalTrustBundles(original["additional_trust_bundles"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedAdditionalTrustBundles); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["additionalTrustBundles"] = transformedAdditionalTrustBundles + } + + return transformed, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineTrustConfigAdditionalTrustBundles(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]interface{}, error) { + if v == nil { + return map[string]interface{}{}, nil + } + m := make(map[string]interface{}) + for _, raw := range v.(*schema.Set).List() { + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedTrustAnchors, err := expandIAMBetaWorkloadIdentityPoolInlineTrustConfigAdditionalTrustBundlesTrustAnchors(original["trust_anchors"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedTrustAnchors); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["trustAnchors"] = transformedTrustAnchors + } + + transformedTrustDomain, err := tpgresource.ExpandString(original["trust_domain"], d, config) + if err != nil { + return nil, err + } + m[transformedTrustDomain] = transformed + } + return m, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineTrustConfigAdditionalTrustBundlesTrustAnchors(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedPemCertificate, err := expandIAMBetaWorkloadIdentityPoolInlineTrustConfigAdditionalTrustBundlesTrustAnchorsPemCertificate(original["pem_certificate"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedPemCertificate); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["pemCertificate"] = transformedPemCertificate + } + + req = append(req, transformed) + } + return req, nil +} + +func expandIAMBetaWorkloadIdentityPoolInlineTrustConfigAdditionalTrustBundlesTrustAnchorsPemCertificate(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} diff --git a/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_iam.go b/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_iam.go new file mode 100644 index 0000000000..9f5b0c3eff --- /dev/null +++ b/tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_iam.go @@ -0,0 +1,128 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This code is generated by Magic Modules using the following: +// +// Configuration: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iambeta/WorkloadIdentityPool.yaml +// Template: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/tgc/resource_converter_iam.go.tmpl +// +// DO NOT EDIT this file directly. Any changes made to this file will be +// overwritten during the next generation cycle. +// +// ---------------------------------------------------------------------------- + +package iambeta + +import ( + "fmt" + + "github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/cai" + "github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport" +) + +// Provide a separate asset type constant so we don't have to worry about name conflicts between IAM and non-IAM converter files +const IAMBetaWorkloadIdentityPoolIAMAssetType string = "iam.googleapis.com/WorkloadIdentityPool" + +func ResourceConverterIAMBetaWorkloadIdentityPoolIamPolicy() cai.ResourceConverter { + return cai.ResourceConverter{ + AssetType: IAMBetaWorkloadIdentityPoolIAMAssetType, + Convert: GetIAMBetaWorkloadIdentityPoolIamPolicyCaiObject, + MergeCreateUpdate: MergeIAMBetaWorkloadIdentityPoolIamPolicy, + } +} + +func ResourceConverterIAMBetaWorkloadIdentityPoolIamBinding() cai.ResourceConverter { + return cai.ResourceConverter{ + AssetType: IAMBetaWorkloadIdentityPoolIAMAssetType, + Convert: GetIAMBetaWorkloadIdentityPoolIamBindingCaiObject, + FetchFullResource: FetchIAMBetaWorkloadIdentityPoolIamPolicy, + MergeCreateUpdate: MergeIAMBetaWorkloadIdentityPoolIamBinding, + MergeDelete: MergeIAMBetaWorkloadIdentityPoolIamBindingDelete, + } +} + +func ResourceConverterIAMBetaWorkloadIdentityPoolIamMember() cai.ResourceConverter { + return cai.ResourceConverter{ + AssetType: IAMBetaWorkloadIdentityPoolIAMAssetType, + Convert: GetIAMBetaWorkloadIdentityPoolIamMemberCaiObject, + FetchFullResource: FetchIAMBetaWorkloadIdentityPoolIamPolicy, + MergeCreateUpdate: MergeIAMBetaWorkloadIdentityPoolIamMember, + MergeDelete: MergeIAMBetaWorkloadIdentityPoolIamMemberDelete, + } +} + +func GetIAMBetaWorkloadIdentityPoolIamPolicyCaiObject(d tpgresource.TerraformResourceData, config *transport_tpg.Config) ([]cai.Asset, error) { + return newIAMBetaWorkloadIdentityPoolIamAsset(d, config, cai.ExpandIamPolicyBindings) +} + +func GetIAMBetaWorkloadIdentityPoolIamBindingCaiObject(d tpgresource.TerraformResourceData, config *transport_tpg.Config) ([]cai.Asset, error) { + return newIAMBetaWorkloadIdentityPoolIamAsset(d, config, cai.ExpandIamRoleBindings) +} + +func GetIAMBetaWorkloadIdentityPoolIamMemberCaiObject(d tpgresource.TerraformResourceData, config *transport_tpg.Config) ([]cai.Asset, error) { + return newIAMBetaWorkloadIdentityPoolIamAsset(d, config, cai.ExpandIamMemberBindings) +} + +func MergeIAMBetaWorkloadIdentityPoolIamPolicy(existing, incoming cai.Asset) cai.Asset { + existing.IAMPolicy = incoming.IAMPolicy + return existing +} + +func MergeIAMBetaWorkloadIdentityPoolIamBinding(existing, incoming cai.Asset) cai.Asset { + return cai.MergeIamAssets(existing, incoming, cai.MergeAuthoritativeBindings) +} + +func MergeIAMBetaWorkloadIdentityPoolIamBindingDelete(existing, incoming cai.Asset) cai.Asset { + return cai.MergeDeleteIamAssets(existing, incoming, cai.MergeDeleteAuthoritativeBindings) +} + +func MergeIAMBetaWorkloadIdentityPoolIamMember(existing, incoming cai.Asset) cai.Asset { + return cai.MergeIamAssets(existing, incoming, cai.MergeAdditiveBindings) +} + +func MergeIAMBetaWorkloadIdentityPoolIamMemberDelete(existing, incoming cai.Asset) cai.Asset { + return cai.MergeDeleteIamAssets(existing, incoming, cai.MergeDeleteAdditiveBindings) +} + +func newIAMBetaWorkloadIdentityPoolIamAsset( + d tpgresource.TerraformResourceData, + config *transport_tpg.Config, + expandBindings func(d tpgresource.TerraformResourceData) ([]cai.IAMBinding, error), +) ([]cai.Asset, error) { + bindings, err := expandBindings(d) + if err != nil { + return []cai.Asset{}, fmt.Errorf("expanding bindings: %v", err) + } + + name, err := cai.AssetName(d, config, "//iam.googleapis.com/projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}") + if err != nil { + return []cai.Asset{}, err + } + + return []cai.Asset{{ + Name: name, + Type: IAMBetaWorkloadIdentityPoolIAMAssetType, + IAMPolicy: &cai.IAMPolicy{ + Bindings: bindings, + }, + }}, nil +} + +func FetchIAMBetaWorkloadIdentityPoolIamPolicy(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (cai.Asset, error) { + // Check if the identity field returns a value + if _, ok := d.GetOk("workload_identity_pool_id"); !ok { + return cai.Asset{}, cai.ErrEmptyIdentityField + } + + return cai.FetchIamPolicy( + IAMBetaWorkloadIdentityPoolIamUpdaterProducer, + d, + config, + "//iam.googleapis.com/projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}", + IAMBetaWorkloadIdentityPoolIAMAssetType, + ) +}