Add data source for retrieving a project iam custom role (#13302) (#21866)

[upstream:8e77cbb4e60799af9dce31291408dc1cb40fbe9b]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/13302.txt

@@ -0,0 +1,3 @@
+```release-note:new-datasource
+`google_project_iam_custom_role`
+```

google/provider/provider_mmv1_resources.go

@@ -308,6 +308,7 @@ var handwrittenDatasources = map[string]*schema.Resource{
 	"google_project":                                       resourcemanager.DataSourceGoogleProject(),
 	"google_projects":                                      resourcemanager.DataSourceGoogleProjects(),
 	"google_project_ancestry":                              resourcemanager.DataSourceGoogleProjectAncestry(),
+	"google_project_iam_custom_role":                       resourcemanager.DataSourceGoogleProjectIamCustomRole(),
 	"google_project_iam_custom_roles":                      resourcemanager.DataSourceGoogleProjectIamCustomRoles(),
 	"google_project_organization_policy":                   resourcemanager.DataSourceGoogleProjectOrganizationPolicy(),
 	"google_project_service":                               resourcemanager.DataSourceGoogleProjectService(),

google/services/resourcemanager/data_source_google_project_iam_custom_role.go

@@ -0,0 +1,49 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package resourcemanager
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+func DataSourceGoogleProjectIamCustomRole() *schema.Resource {
+	dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceGoogleProjectIamCustomRole().Schema)
+
+	dsSchema["project"].Computed = false
+	dsSchema["project"].Optional = true
+	dsSchema["role_id"].Computed = false
+	dsSchema["role_id"].Required = true
+
+	return &schema.Resource{
+		Read:   dataSourceProjectIamCustomRoleRead,
+		Schema: dsSchema,
+	}
+}
+
+func dataSourceProjectIamCustomRoleRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for service accounts: %s", err)
+	}
+
+	roleId := d.Get("role_id").(string)
+	d.SetId(fmt.Sprintf("projects/%s/roles/%s", project, roleId))
+
+	id := d.Id()
+
+	if err := resourceGoogleProjectIamCustomRoleRead(d, meta); err != nil {
+		return err
+	}
+
+	if d.Id() == "" {
+		return fmt.Errorf("Role %s not found!", id)
+	}
+
+	return nil
+}

google/services/resourcemanager/data_source_google_project_iam_custom_role_test.go

@@ -0,0 +1,61 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package resourcemanager_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+func TestAccDataSourceGoogleProjectIamCustomRole_basic(t *testing.T) {
+	t.Parallel()
+
+	project := envvar.GetTestProjectFromEnv()
+	roleId := "tfIamCustomRole" + acctest.RandString(t, 10)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckGoogleProjectIamCustomRoleConfig(project, roleId),
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckDataSourceStateMatchesResourceState(
+						"data.google_project_iam_custom_role.this",
+						"google_project_iam_custom_role.this",
+					),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckGoogleProjectIamCustomRoleConfig(project string, roleId string) string {
+	return fmt.Sprintf(`
+locals {
+  project = "%s"
+  role_id = "%s"
+}
+
+resource "google_project_iam_custom_role" "this" {
+  project = local.project
+  role_id = local.role_id
+  title   = "Terraform Test"
+
+  permissions = [
+	"iam.roles.create",
+	"iam.roles.delete",
+    "iam.roles.list",
+  ]
+}
+
+data "google_project_iam_custom_role" "this" {
+  project = google_project_iam_custom_role.this.project
+  role_id = google_project_iam_custom_role.this.role_id
+}
+`, project, roleId)
+}

google/services/resourcemanager/data_source_google_project_iam_custom_roles.go

@@ -15,7 +15,7 @@ import (
 
 func DataSourceGoogleProjectIamCustomRoles() *schema.Resource {
 	return &schema.Resource{
-		Read: dataSourceProjectIamCustomRoleRead,
+		Read: dataSourceProjectIamCustomRolesRead,
 		Schema: map[string]*schema.Schema{
 			"project": {
 				Type:     schema.TypeString,
@@ -30,7 +30,7 @@ func DataSourceGoogleProjectIamCustomRoles() *schema.Resource {
 				Type:         schema.TypeString,
 				Optional:     true,
 				Default:      "BASIC",
-				ValidateFunc: validateView,
+				ValidateFunc: validateViewProjectIamCustomRoles,
 			},
 			"roles": {
 				Type:     schema.TypeList,
@@ -77,7 +77,7 @@ func DataSourceGoogleProjectIamCustomRoles() *schema.Resource {
 	}
 }
 
-func validateView(val interface{}, key string) ([]string, []error) {
+func validateViewProjectIamCustomRoles(val interface{}, key string) ([]string, []error) {
 	v := val.(string)
 	var errs []error
 
@@ -88,7 +88,7 @@ func validateView(val interface{}, key string) ([]string, []error) {
 	return nil, errs
 }
 
-func dataSourceProjectIamCustomRoleRead(d *schema.ResourceData, meta interface{}) error {
+func dataSourceProjectIamCustomRolesRead(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*transport_tpg.Config)
 	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
 	if err != nil {

website/docs/d/project_iam_custom_role.html.markdown

@@ -0,0 +1,37 @@
+---
+subcategory: "Cloud Platform"
+description: |-
+  Get information about a Google Cloud IAM Custom Role from a project.
+---
+
+# google_project_iam_custom_role
+
+Get information about a Google Cloud Project IAM Custom Role. Note that you must have the `roles/iam.roleViewer` role (or equivalent permissions) at the project level to use this datasource.
+
+```hcl
+data "google_project_iam_custom_role" "example" {
+  project = "your-project-id"
+  role_id = "your-role-id"
+}
+
+resource "google_project_iam_member" "project" {
+  project = "your-project-id"
+  role    = data.google_project_iam_custom_role.example.name
+  member  = "user:[email protected]"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `role_id` - (Required) The role id that has been used for this role.
+
+* `project` - (Optional) The project were the custom role has been created in. Defaults to the provider project configuration.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following attributes are exported:
+
+See [google_project_iam_custom_role](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam_custom_role) resource for details of the available attributes.
+