add google_iam_principal_access_boundary_policy resource (#12044) (#8634)

[upstream:9c562c5132b1eb36452ea2810e416cd245532f10]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/12044.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_iam_principal_access_boundary_policy` (beta)
+```

google-beta/fwmodels/provider_model.go

@@ -108,6 +108,7 @@ type ProviderModel struct {
 	GkeonpremCustomEndpoint                types.String `tfsdk:"gkeonprem_custom_endpoint"`
 	HealthcareCustomEndpoint               types.String `tfsdk:"healthcare_custom_endpoint"`
 	IAM2CustomEndpoint                     types.String `tfsdk:"iam2_custom_endpoint"`
+	IAM3CustomEndpoint                     types.String `tfsdk:"iam3_custom_endpoint"`
 	IAMBetaCustomEndpoint                  types.String `tfsdk:"iam_beta_custom_endpoint"`
 	IAMWorkforcePoolCustomEndpoint         types.String `tfsdk:"iam_workforce_pool_custom_endpoint"`
 	IapCustomEndpoint                      types.String `tfsdk:"iap_custom_endpoint"`

google-beta/fwprovider/framework_provider.go

@@ -617,6 +617,12 @@ func (p *FrameworkProvider) Schema(_ context.Context, _ provider.SchemaRequest,
 					transport_tpg.CustomEndpointValidator(),
 				},
 			},
+			"iam3_custom_endpoint": &schema.StringAttribute{
+				Optional: true,
+				Validators: []validator.String{
+					transport_tpg.CustomEndpointValidator(),
+				},
+			},
 			"iam_beta_custom_endpoint": &schema.StringAttribute{
 				Optional: true,
 				Validators: []validator.String{

google-beta/fwtransport/framework_config.go

@@ -142,6 +142,7 @@ type FrameworkProviderConfig struct {
 	GkeonpremBasePath                string
 	HealthcareBasePath               string
 	IAM2BasePath                     string
+	IAM3BasePath                     string
 	IAMBetaBasePath                  string
 	IAMWorkforcePoolBasePath         string
 	IapBasePath                      string
@@ -322,6 +323,7 @@ func (p *FrameworkProviderConfig) LoadAndValidateFramework(ctx context.Context,
 	p.GkeonpremBasePath = data.GkeonpremCustomEndpoint.ValueString()
 	p.HealthcareBasePath = data.HealthcareCustomEndpoint.ValueString()
 	p.IAM2BasePath = data.IAM2CustomEndpoint.ValueString()
+	p.IAM3BasePath = data.IAM3CustomEndpoint.ValueString()
 	p.IAMBetaBasePath = data.IAMBetaCustomEndpoint.ValueString()
 	p.IAMWorkforcePoolBasePath = data.IAMWorkforcePoolCustomEndpoint.ValueString()
 	p.IapBasePath = data.IapCustomEndpoint.ValueString()
@@ -1149,6 +1151,14 @@ func (p *FrameworkProviderConfig) HandleDefaults(ctx context.Context, data *fwmo
 			data.IAM2CustomEndpoint = types.StringValue(customEndpoint.(string))
 		}
 	}
+	if data.IAM3CustomEndpoint.IsNull() {
+		customEndpoint := transport_tpg.MultiEnvDefault([]string{
+			"GOOGLE_IAM3_CUSTOM_ENDPOINT",
+		}, transport_tpg.DefaultBasePaths[transport_tpg.IAM3BasePathKey])
+		if customEndpoint != nil {
+			data.IAM3CustomEndpoint = types.StringValue(customEndpoint.(string))
+		}
+	}
 	if data.IAMBetaCustomEndpoint.IsNull() {
 		customEndpoint := transport_tpg.MultiEnvDefault([]string{
 			"GOOGLE_IAM_BETA_CUSTOM_ENDPOINT",

google-beta/provider/provider.go

@@ -535,6 +535,11 @@ func Provider() *schema.Provider {
 				Optional:     true,
 				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
 			},
+			"iam3_custom_endpoint": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
+			},
 			"iam_beta_custom_endpoint": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -1120,6 +1125,7 @@ func ProviderConfigure(ctx context.Context, d *schema.ResourceData, p *schema.Pr
 	config.GkeonpremBasePath = d.Get("gkeonprem_custom_endpoint").(string)
 	config.HealthcareBasePath = d.Get("healthcare_custom_endpoint").(string)
 	config.IAM2BasePath = d.Get("iam2_custom_endpoint").(string)
+	config.IAM3BasePath = d.Get("iam3_custom_endpoint").(string)
 	config.IAMBetaBasePath = d.Get("iam_beta_custom_endpoint").(string)
 	config.IAMWorkforcePoolBasePath = d.Get("iam_workforce_pool_custom_endpoint").(string)
 	config.IapBasePath = d.Get("iap_custom_endpoint").(string)

google-beta/provider/provider_mmv1_resources.go

@@ -82,6 +82,7 @@ import (
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/gkeonprem"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/healthcare"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/iam2"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/iam3"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/iambeta"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/iamworkforcepool"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/iap"
@@ -502,9 +503,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 552
+// Generated resources: 553
 // Generated IAM resources: 291
-// Total generated resources: 843
+// Total generated resources: 844
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                                     accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                               accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -1012,6 +1013,7 @@ var generatedResources = map[string]*schema.Resource{
 	"google_healthcare_workspace":                                                healthcare.ResourceHealthcareWorkspace(),
 	"google_iam_access_boundary_policy":                                          iam2.ResourceIAM2AccessBoundaryPolicy(),
 	"google_iam_deny_policy":                                                     iam2.ResourceIAM2DenyPolicy(),
+	"google_iam_principal_access_boundary_policy":                                iam3.ResourceIAM3PrincipalAccessBoundaryPolicy(),
 	"google_iam_workload_identity_pool":                                          iambeta.ResourceIAMBetaWorkloadIdentityPool(),
 	"google_iam_workload_identity_pool_provider":                                 iambeta.ResourceIAMBetaWorkloadIdentityPoolProvider(),
 	"google_iam_workforce_pool":                                                  iamworkforcepool.ResourceIAMWorkforcePoolWorkforcePool(),

google-beta/services/iam3/iam3_operation.go

@@ -0,0 +1,89 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package iam3
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+type IAM3OperationWaiter struct {
+	Config    *transport_tpg.Config
+	UserAgent string
+	tpgresource.CommonOperationWaiter
+}
+
+func (w *IAM3OperationWaiter) QueryOp() (interface{}, error) {
+	if w == nil {
+		return nil, fmt.Errorf("Cannot query operation, it's unset or nil.")
+	}
+	// Returns the proper get.
+	url := fmt.Sprintf("%s%s", w.Config.IAM3BasePath, w.CommonOperationWaiter.Op.Name)
+
+	return transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    w.Config,
+		Method:    "GET",
+		RawURL:    url,
+		UserAgent: w.UserAgent,
+	})
+}
+
+func createIAM3Waiter(config *transport_tpg.Config, op map[string]interface{}, activity, userAgent string) (*IAM3OperationWaiter, error) {
+	w := &IAM3OperationWaiter{
+		Config:    config,
+		UserAgent: userAgent,
+	}
+	if err := w.CommonOperationWaiter.SetOp(op); err != nil {
+		return nil, err
+	}
+	return w, nil
+}
+
+// nolint: deadcode,unused
+func IAM3OperationWaitTimeWithResponse(config *transport_tpg.Config, op map[string]interface{}, response *map[string]interface{}, activity, userAgent string, timeout time.Duration) error {
+	w, err := createIAM3Waiter(config, op, activity, userAgent)
+	if err != nil {
+		return err
+	}
+	if err := tpgresource.OperationWait(w, activity, timeout, config.PollInterval); err != nil {
+		return err
+	}
+	rawResponse := []byte(w.CommonOperationWaiter.Op.Response)
+	if len(rawResponse) == 0 {
+		return errors.New("`resource` not set in operation response")
+	}
+	return json.Unmarshal(rawResponse, response)
+}
+
+func IAM3OperationWaitTime(config *transport_tpg.Config, op map[string]interface{}, activity, userAgent string, timeout time.Duration) error {
+	if val, ok := op["name"]; !ok || val == "" {
+		// This was a synchronous call - there is no operation to wait for.
+		return nil
+	}
+	w, err := createIAM3Waiter(config, op, activity, userAgent)
+	if err != nil {
+		// If w is nil, the op was synchronous.
+		return err
+	}
+	return tpgresource.OperationWait(w, activity, timeout, config.PollInterval)
+}