Add basic deny policy support (#5854) (#4194)

* Add basic deny policy support

Add etag to update

Add folder test

* Fix format for SA principal

* IAM deny test is only beta

* Make deny policies in new projects to avoid conflicts

* Dates

* PR feedback

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/5854.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+google_iam_deny_policy
+```

google-beta/config.go

@@ -203,6 +203,7 @@ type Config struct {
 	GameServicesBasePath         string
 	GKEHubBasePath               string
 	HealthcareBasePath           string
+	IAM2BasePath                 string
 	IAMBetaBasePath              string
 	IapBasePath                  string
 	IdentityPlatformBasePath     string
@@ -312,6 +313,7 @@ const FirestoreBasePathKey = "Firestore"
 const GameServicesBasePathKey = "GameServices"
 const GKEHubBasePathKey = "GKEHub"
 const HealthcareBasePathKey = "Healthcare"
+const IAM2BasePathKey = "IAM2"
 const IAMBetaBasePathKey = "IAMBeta"
 const IapBasePathKey = "Iap"
 const IdentityPlatformBasePathKey = "IdentityPlatform"
@@ -404,6 +406,7 @@ var DefaultBasePaths = map[string]string{
 	GameServicesBasePathKey:         "https://gameservices.googleapis.com/v1beta/",
 	GKEHubBasePathKey:               "https://gkehub.googleapis.com/v1beta1/",
 	HealthcareBasePathKey:           "https://healthcare.googleapis.com/v1beta1/",
+	IAM2BasePathKey:                 "https://iam.googleapis.com/v2beta/",
 	IAMBetaBasePathKey:              "https://iam.googleapis.com/v1beta/",
 	IapBasePathKey:                  "https://iap.googleapis.com/v1/",
 	IdentityPlatformBasePathKey:     "https://identitytoolkit.googleapis.com/v2/",
@@ -1272,6 +1275,7 @@ func ConfigureBasePaths(c *Config) {
 	c.GameServicesBasePath = DefaultBasePaths[GameServicesBasePathKey]
 	c.GKEHubBasePath = DefaultBasePaths[GKEHubBasePathKey]
 	c.HealthcareBasePath = DefaultBasePaths[HealthcareBasePathKey]
+	c.IAM2BasePath = DefaultBasePaths[IAM2BasePathKey]
 	c.IAMBetaBasePath = DefaultBasePaths[IAMBetaBasePathKey]
 	c.IapBasePath = DefaultBasePaths[IapBasePathKey]
 	c.IdentityPlatformBasePath = DefaultBasePaths[IdentityPlatformBasePathKey]

google-beta/iam2_operation.go

@@ -0,0 +1,59 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+package google
+
+import (
+	"fmt"
+	"time"
+)
+
+type IAM2OperationWaiter struct {
+	Config    *Config
+	UserAgent string
+	CommonOperationWaiter
+}
+
+func (w *IAM2OperationWaiter) QueryOp() (interface{}, error) {
+	if w == nil {
+		return nil, fmt.Errorf("Cannot query operation, it's unset or nil.")
+	}
+	// Returns the proper get.
+	url := fmt.Sprintf("%s%s", w.Config.IAM2BasePath, w.CommonOperationWaiter.Op.Name)
+
+	return sendRequest(w.Config, "GET", "", url, w.UserAgent, nil)
+}
+
+func createIAM2Waiter(config *Config, op map[string]interface{}, activity, userAgent string) (*IAM2OperationWaiter, error) {
+	w := &IAM2OperationWaiter{
+		Config:    config,
+		UserAgent: userAgent,
+	}
+	if err := w.CommonOperationWaiter.SetOp(op); err != nil {
+		return nil, err
+	}
+	return w, nil
+}
+
+func iAM2OperationWaitTime(config *Config, op map[string]interface{}, activity, userAgent string, timeout time.Duration) error {
+	if val, ok := op["name"]; !ok || val == "" {
+		// This was a synchronous call - there is no operation to wait for.
+		return nil
+	}
+	w, err := createIAM2Waiter(config, op, activity, userAgent)
+	if err != nil {
+		// If w is nil, the op was synchronous.
+		return err
+	}
+	return OperationWait(w, activity, timeout, config.PollInterval)
+}

google-beta/provider.go

@@ -485,6 +485,14 @@ func Provider() *schema.Provider {
 					"GOOGLE_HEALTHCARE_CUSTOM_ENDPOINT",
 				}, DefaultBasePaths[HealthcareBasePathKey]),
 			},
+			"iam2_custom_endpoint": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateCustomEndpoint,
+				DefaultFunc: schema.MultiEnvDefaultFunc([]string{
+					"GOOGLE_IAM2_CUSTOM_ENDPOINT",
+				}, DefaultBasePaths[IAM2BasePathKey]),
+			},
 			"iam_beta_custom_endpoint": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -918,9 +926,9 @@ func Provider() *schema.Provider {
 	return provider
 }
 
-// Generated resources: 246
+// Generated resources: 247
 // Generated IAM resources: 135
-// Total generated resources: 381
+// Total generated resources: 382
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -1169,6 +1177,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_healthcare_consent_store_iam_binding":                  ResourceIamBinding(HealthcareConsentStoreIamSchema, HealthcareConsentStoreIamUpdaterProducer, HealthcareConsentStoreIdParseFunc),
 			"google_healthcare_consent_store_iam_member":                   ResourceIamMember(HealthcareConsentStoreIamSchema, HealthcareConsentStoreIamUpdaterProducer, HealthcareConsentStoreIdParseFunc),
 			"google_healthcare_consent_store_iam_policy":                   ResourceIamPolicy(HealthcareConsentStoreIamSchema, HealthcareConsentStoreIamUpdaterProducer, HealthcareConsentStoreIdParseFunc),
+			"google_iam_deny_policy":                                       resourceIAM2DenyPolicy(),
 			"google_iam_workload_identity_pool":                            resourceIAMBetaWorkloadIdentityPool(),
 			"google_iam_workload_identity_pool_provider":                   resourceIAMBetaWorkloadIdentityPoolProvider(),
 			"google_iap_web_iam_binding":                                   ResourceIamBinding(IapWebIamSchema, IapWebIamUpdaterProducer, IapWebIdParseFunc),
@@ -1609,6 +1618,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData, p *schema.Pr
 	config.GameServicesBasePath = d.Get("game_services_custom_endpoint").(string)
 	config.GKEHubBasePath = d.Get("gke_hub_custom_endpoint").(string)
 	config.HealthcareBasePath = d.Get("healthcare_custom_endpoint").(string)
+	config.IAM2BasePath = d.Get("iam2_custom_endpoint").(string)
 	config.IAMBetaBasePath = d.Get("iam_beta_custom_endpoint").(string)
 	config.IapBasePath = d.Get("iap_custom_endpoint").(string)
 	config.IdentityPlatformBasePath = d.Get("identity_platform_custom_endpoint").(string)