Fixes issue #24052 related to google_chronicle_reference_list resource (#15036) (#24250)

[upstream:58550b1c4dde492e4bea6c4e20551d3d022ffdec]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/15036.txt

@@ -0,0 +1,3 @@
+```release-note:note
+chronicle: made the `scope_info` field in `google_chronicle_reference_list` configurable
+```

google/services/chronicle/resource_chronicle_reference_list.go

@@ -110,6 +110,37 @@ REFERENCE_LIST_SYNTAX_TYPE_PLAIN_TEXT_STRING
 REFERENCE_LIST_SYNTAX_TYPE_REGEX
 REFERENCE_LIST_SYNTAX_TYPE_CIDR`,
 			},
+			"scope_info": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: `ScopeInfo specifies the scope info of the reference list.`,
+				MaxItems:    1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"reference_list_scope": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `ReferenceListScope specifies the list of scope names of the reference list.`,
+							MaxItems:    1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"scope_names": {
+										Type:             schema.TypeList,
+										Optional:         true,
+										DiffSuppressFunc: tpgresource.ProjectNumberDiffSuppress,
+										Description: `Optional. The list of scope names of the reference list. The scope names should be
+full resource names and should be of the format:
+"projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope_name}".`,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 			"display_name": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -142,35 +173,6 @@ This is returned only when the view is REFERENCE_LIST_VIEW_FULL.`,
 					Type: schema.TypeString,
 				},
 			},
-			"scope_info": {
-				Type:        schema.TypeList,
-				Computed:    true,
-				Description: `ScopeInfo specifies the scope info of the reference list.`,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"reference_list_scope": {
-							Type:        schema.TypeList,
-							Required:    true,
-							Description: `ReferenceListScope specifies the list of scope names of the reference list.`,
-							MaxItems:    1,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"scope_names": {
-										Type:     schema.TypeList,
-										Optional: true,
-										Description: `Optional. The list of scope names of the reference list. The scope names should be
-full resource names and should be of the format:
-"projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope_name}".`,
-										Elem: &schema.Schema{
-											Type: schema.TypeString,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
 			"project": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -202,6 +204,12 @@ func resourceChronicleReferenceListCreate(d *schema.ResourceData, meta interface
 	} else if v, ok := d.GetOkExists("entries"); !tpgresource.IsEmptyValue(reflect.ValueOf(entriesProp)) && (ok || !reflect.DeepEqual(v, entriesProp)) {
 		obj["entries"] = entriesProp
 	}
+	scopeInfoProp, err := expandChronicleReferenceListScopeInfo(d.Get("scope_info"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("scope_info"); !tpgresource.IsEmptyValue(reflect.ValueOf(scopeInfoProp)) && (ok || !reflect.DeepEqual(v, scopeInfoProp)) {
+		obj["scopeInfo"] = scopeInfoProp
+	}
 	syntaxTypeProp, err := expandChronicleReferenceListSyntaxType(d.Get("syntax_type"), d, config)
 	if err != nil {
 		return err
@@ -356,6 +364,12 @@ func resourceChronicleReferenceListUpdate(d *schema.ResourceData, meta interface
 	} else if v, ok := d.GetOkExists("entries"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, entriesProp)) {
 		obj["entries"] = entriesProp
 	}
+	scopeInfoProp, err := expandChronicleReferenceListScopeInfo(d.Get("scope_info"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("scope_info"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, scopeInfoProp)) {
+		obj["scopeInfo"] = scopeInfoProp
+	}
 	syntaxTypeProp, err := expandChronicleReferenceListSyntaxType(d.Get("syntax_type"), d, config)
 	if err != nil {
 		return err
@@ -380,6 +394,10 @@ func resourceChronicleReferenceListUpdate(d *schema.ResourceData, meta interface
 		updateMask = append(updateMask, "entries")
 	}
 
+	if d.HasChange("scope_info") {
+		updateMask = append(updateMask, "scopeInfo")
+	}
+
 	if d.HasChange("syntax_type") {
 		updateMask = append(updateMask, "syntaxType")
 	}
@@ -571,6 +589,48 @@ func expandChronicleReferenceListEntriesValue(v interface{}, d tpgresource.Terra
 	return v, nil
 }
 
+func expandChronicleReferenceListScopeInfo(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedReferenceListScope, err := expandChronicleReferenceListScopeInfoReferenceListScope(original["reference_list_scope"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedReferenceListScope); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["referenceListScope"] = transformedReferenceListScope
+	}
+
+	return transformed, nil
+}
+
+func expandChronicleReferenceListScopeInfoReferenceListScope(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedScopeNames, err := expandChronicleReferenceListScopeInfoReferenceListScopeScopeNames(original["scope_names"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedScopeNames); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["scopeNames"] = transformedScopeNames
+	}
+
+	return transformed, nil
+}
+
+func expandChronicleReferenceListScopeInfoReferenceListScopeScopeNames(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandChronicleReferenceListSyntaxType(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google/services/chronicle/resource_chronicle_reference_list_generated_test.go

@@ -53,15 +53,32 @@ func TestAccChronicleReferenceList_chronicleReferencelistBasicExample(t *testing
 
 func testAccChronicleReferenceList_chronicleReferencelistBasicExample(context map[string]interface{}) string {
 	return acctest.Nprintf(`
+resource "google_chronicle_data_access_scope" "test_scope" {
+  location = "us"
+  instance = "%{chronicle_id}"
+  data_access_scope_id = "tf-test-scope-id%{random_suffix}"
+  description = "test scope description"
+  allowed_data_access_labels {
+    log_type = "GCP_CLOUDAUDIT"
+  }
+}
+
 resource "google_chronicle_reference_list" "example" {
- location = "us"
- instance = "%{chronicle_id}"
- reference_list_id = "tf_test_reference_list_id%{random_suffix}"
- description = "referencelist-description"
- entries {
-  value = "referencelist-entry-value"
- }
- syntax_type = "REFERENCE_LIST_SYNTAX_TYPE_PLAIN_TEXT_STRING"
+  location = "us"
+  instance = "%{chronicle_id}"
+  reference_list_id = "tf_test_reference_list_id%{random_suffix}"
+  description = "referencelist-description"
+  entries {
+    value = "referencelist-entry-value"
+  }
+  syntax_type = "REFERENCE_LIST_SYNTAX_TYPE_PLAIN_TEXT_STRING"
+  scope_info {
+    reference_list_scope {
+      scope_names = [
+        google_chronicle_data_access_scope.test_scope.name
+      ]
+    }
+  }
 }
 `, context)
 }

google/services/chronicle/resource_chronicle_reference_list_test.go

@@ -29,8 +29,10 @@ func TestAccChronicleReferenceList_chronicleReferencelistBasicExample_update(t *
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"chronicle_id":  envvar.GetTestChronicleInstanceIdFromEnv(t),
-		"random_suffix": acctest.RandString(t, 10),
+		"chronicle_id":             envvar.GetTestChronicleInstanceIdFromEnv(t),
+		"random_suffix":            acctest.RandString(t, 10),
+		"data_access_scope_id":     "test-scope-id" + acctest.RandString(t, 5),
+		"data_access_scope_id_new": "new-test-scope-id" + acctest.RandString(t, 5),
 	}
 
 	acctest.VcrTest(t, resource.TestCase{
@@ -61,6 +63,16 @@ func TestAccChronicleReferenceList_chronicleReferencelistBasicExample_update(t *
 
 func testAccChronicleReferenceList_chronicleReferencelistBasicExample_basic(context map[string]interface{}) string {
 	return acctest.Nprintf(`
+resource "google_chronicle_data_access_scope" "test_scope" {
+  location = "us"
+  instance = "%{chronicle_id}"
+  data_access_scope_id = "%{data_access_scope_id}"
+  description = "test scope description"
+  allowed_data_access_labels {
+    log_type = "GCP_CLOUDAUDIT"
+  }
+}
+
 resource "google_chronicle_reference_list" "example" {
  location = "us"
  instance = "%{chronicle_id}"
@@ -70,12 +82,29 @@ resource "google_chronicle_reference_list" "example" {
   value = "referencelist-entry-value"
  }
  syntax_type = "REFERENCE_LIST_SYNTAX_TYPE_PLAIN_TEXT_STRING"
+ scope_info {
+    reference_list_scope {
+      scope_names = [
+        google_chronicle_data_access_scope.test_scope.name
+      ]
+    }
+  }
 }
 `, context)
 }
 
 func testAccChronicleReferenceList_chronicleReferencelistBasicExample_update(context map[string]interface{}) string {
 	return acctest.Nprintf(`
+resource "google_chronicle_data_access_scope" "test_scope" {
+  location = "us"
+  instance = "%{chronicle_id}"
+  data_access_scope_id = "%{data_access_scope_id_new}"
+  description = "test scope description"
+  allowed_data_access_labels {
+    log_type = "GITHUB"
+  }
+}
+
 resource "google_chronicle_reference_list" "example" {
  location = "us"
  instance = "%{chronicle_id}"
@@ -85,6 +114,13 @@ resource "google_chronicle_reference_list" "example" {
   value = "referencelist-entry-value-updated"
  }
  syntax_type = "REFERENCE_LIST_SYNTAX_TYPE_REGEX"
+ scope_info {
+    reference_list_scope {
+      scope_names = [
+        google_chronicle_data_access_scope.test_scope.name
+      ]
+    }
+  }
 }
 `, context)
 }

website/docs/r/chronicle_reference_list.html.markdown

@@ -34,15 +34,32 @@ To get more information about ReferenceList, see:
 
 
 ```hcl
+resource "google_chronicle_data_access_scope" "test_scope" {
+  location = "us"
+  instance = "00000000-0000-0000-0000-000000000000"
+  data_access_scope_id = "scope-id"
+  description = "test scope description"
+  allowed_data_access_labels {
+    log_type = "GCP_CLOUDAUDIT"
+  }
+}
+
 resource "google_chronicle_reference_list" "example" {
- location = "us"
- instance = "00000000-0000-0000-0000-000000000000"
- reference_list_id = "reference_list_id"
- description = "referencelist-description"
- entries {
-  value = "referencelist-entry-value"
- }
- syntax_type = "REFERENCE_LIST_SYNTAX_TYPE_PLAIN_TEXT_STRING"
+  location = "us"
+  instance = "00000000-0000-0000-0000-000000000000"
+  reference_list_id = "reference_list_id"
+  description = "referencelist-description"
+  entries {
+    value = "referencelist-entry-value"
+  }
+  syntax_type = "REFERENCE_LIST_SYNTAX_TYPE_PLAIN_TEXT_STRING"
+  scope_info {
+    reference_list_scope {
+      scope_names = [
+        google_chronicle_data_access_scope.test_scope.name
+      ]
+    }
+  }
 }
 ```
 
@@ -89,6 +106,11 @@ The following arguments are supported:
   - Must be unique.
 
 
+* `scope_info` -
+  (Optional)
+  ScopeInfo specifies the scope info of the reference list.
+  Structure is [documented below](#nested_scope_info).
+
 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.
 
@@ -100,6 +122,22 @@ The following arguments are supported:
   (Required)
   Required. The value of the entry. Maximum length is 512 characters.
 
+<a name="nested_scope_info"></a>The `scope_info` block supports:
+
+* `reference_list_scope` -
+  (Optional)
+  ReferenceListScope specifies the list of scope names of the reference list.
+  Structure is [documented below](#nested_scope_info_reference_list_scope).
+
+
+<a name="nested_scope_info_reference_list_scope"></a>The `reference_list_scope` block supports:
+
+* `scope_names` -
+  (Optional)
+  Optional. The list of scope names of the reference list. The scope names should be
+  full resource names and should be of the format:
+  "projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope_name}".
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported:
@@ -111,10 +149,6 @@ In addition to the arguments listed above, the following computed attributes are
   Format:
   projects/{project}/locations/{location}/instances/{instance}/referenceLists/{reference_list}
 
-* `scope_info` -
-  ScopeInfo specifies the scope info of the reference list.
-  Structure is [documented below](#nested_scope_info).
-
 * `display_name` -
   Output only. The unique display name of the reference list.
 
@@ -130,22 +164,6 @@ In addition to the arguments listed above, the following computed attributes are
   Output only. The count of self-authored rules using the reference list.
 
 
-<a name="nested_scope_info"></a>The `scope_info` block contains:
-
-* `reference_list_scope` -
-  (Required)
-  ReferenceListScope specifies the list of scope names of the reference list.
-  Structure is [documented below](#nested_scope_info_reference_list_scope).
-
-
-<a name="nested_scope_info_reference_list_scope"></a>The `reference_list_scope` block supports:
-
-* `scope_names` -
-  (Optional)
-  Optional. The list of scope names of the reference list. The scope names should be
-  full resource names and should be of the format:
-  "projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope_name}".
-
 ## Timeouts
 
 This resource provides the following