Add support for name in GcpUserAccessBinding (#14520) (#23638)

[upstream:4ab6c4db0aa1540b58a15a5d88028996507d7f7a]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14520.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+accesscontextmanager: added `name` to `google_access_context_manager_gcp_user_access_binding` resource
+```

google/services/accesscontextmanager/resource_access_context_manager_gcp_user_access_binding.go

@@ -171,7 +171,7 @@ func ResourceAccessContextManagerGcpUserAccessBinding() *schema.Resource {
 												"restricted_client_application": {
 													Type:        schema.TypeList,
 													Optional:    true,
-													Description: `Optional. The application that is subject to this binding's scope.`,
+													Description: `Optional. The application that is subject to this binding's scope. Only one of clientId or name should be specified.`,
 													MaxItems:    1,
 													Elem: &schema.Resource{
 														Schema: map[string]*schema.Schema{
@@ -180,6 +180,11 @@ func ResourceAccessContextManagerGcpUserAccessBinding() *schema.Resource {
 																Optional:    true,
 																Description: `The OAuth client ID of the application.`,
 															},
+															"name": {
+																Type:        schema.TypeString,
+																Optional:    true,
+																Description: `The name of the application. Example: "Cloud Console"`,
+															},
 														},
 													},
 												},
@@ -655,12 +660,18 @@ func flattenAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeCli
 	transformed := make(map[string]interface{})
 	transformed["client_id"] =
 		flattenAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClientScopeRestrictedClientApplicationClientId(original["clientId"], d, config)
+	transformed["name"] =
+		flattenAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClientScopeRestrictedClientApplicationName(original["name"], d, config)
 	return []interface{}{transformed}
 }
 func flattenAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClientScopeRestrictedClientApplicationClientId(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
 
+func flattenAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClientScopeRestrictedClientApplicationName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenAccessContextManagerGcpUserAccessBindingScopedAccessSettingsActiveSettings(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return nil
@@ -903,13 +914,24 @@ func expandAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClie
 		transformed["clientId"] = transformedClientId
 	}
 
+	transformedName, err := expandAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClientScopeRestrictedClientApplicationName(original["name"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedName); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["name"] = transformedName
+	}
+
 	return transformed, nil
 }
 
 func expandAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClientScopeRestrictedClientApplicationClientId(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
 
+func expandAccessContextManagerGcpUserAccessBindingScopedAccessSettingsScopeClientScopeRestrictedClientApplicationName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAccessContextManagerGcpUserAccessBindingScopedAccessSettingsActiveSettings(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {

google/services/accesscontextmanager/resource_access_context_manager_gcp_user_access_binding_generated_meta.yaml

@@ -18,6 +18,7 @@ fields:
   - field: 'scoped_access_settings.active_settings.session_settings.use_oidc_max_age'
   - field: 'scoped_access_settings.dry_run_settings.access_levels'
   - field: 'scoped_access_settings.scope.client_scope.restricted_client_application.client_id'
+  - field: 'scoped_access_settings.scope.client_scope.restricted_client_application.name'
   - field: 'session_settings.max_inactivity'
   - field: 'session_settings.session_length'
   - field: 'session_settings.session_length_enabled'

google/services/accesscontextmanager/resource_access_context_manager_gcp_user_access_binding_test.go

@@ -57,6 +57,15 @@ func testAccAccessContextManagerGcpUserAccessBinding_basicTest(t *testing.T) {
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"organization_id"},
 			},
+			{
+				Config: testAccAccessContextManagerGcpUserAccessBinding_accessContextManagerGcpUserAccessBindingNamedExample(context),
+			},
+			{
+				ResourceName:            "google_access_context_manager_gcp_user_access_binding.gcp_user_access_binding",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"organization_id"},
+			},
 		},
 	})
 }
@@ -108,7 +117,6 @@ resource "google_access_context_manager_gcp_user_access_binding" "gcp_user_acces
     google_access_context_manager_access_level.tf_test_access_level_id_for_user_access_binding%{random_suffix}.name,
   ]
   session_settings {
-    max_inactivity = "300s"
     session_length = "1800s"
     session_length_enabled = true
     session_reauth_method = "LOGIN"
@@ -127,7 +135,88 @@ resource "google_access_context_manager_gcp_user_access_binding" "gcp_user_acces
   		  google_access_context_manager_access_level.tf_test_access_level_id_for_user_access_binding%{random_suffix}.name,
   	  ]
   	  session_settings {
-  		  max_inactivity = "300s"
+  		  session_length = "1800s"
+  		  session_length_enabled = true
+  		  session_reauth_method = "LOGIN"
+  		  use_oidc_max_age = false
+  	  }
+  	}
+  	dry_run_settings {
+  	  access_levels = [
+  		  google_access_context_manager_access_level.tf_test_access_level_id_for_user_access_binding%{random_suffix}.name,
+  	  ]
+  	}
+  }
+}
+`, context)
+}
+
+func testAccAccessContextManagerGcpUserAccessBinding_accessContextManagerGcpUserAccessBindingNamedExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_cloud_identity_group" "group" {
+  display_name = "tf-test-my-identity-group%{random_suffix}"
+
+  parent = "customers/%{cust_id}"
+
+  group_key {
+    id = "tf-test-my-identity-group%{random_suffix}@%{org_domain}"
+  }
+
+  labels = {
+    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
+  }
+}
+
+resource "google_access_context_manager_access_level" "tf_test_access_level_id_for_user_access_binding%{random_suffix}" {
+  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
+  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/tf_test_chromeos_no_lock%{random_suffix}"
+  title  = "tf_test_chromeos_no_lock%{random_suffix}"
+  basic {
+    conditions {
+      device_policy {
+        require_screen_lock = true
+        os_constraints {
+          os_type = "DESKTOP_CHROME_OS"
+        }
+      }
+      regions = [
+  "US",
+      ]
+    }
+  }
+}
+
+resource "google_access_context_manager_access_policy" "access-policy" {
+  parent = "organizations/%{org_id}"
+  title  = "my policy"
+}
+
+resource "google_access_context_manager_gcp_user_access_binding" "gcp_user_access_binding" {
+  organization_id = "%{org_id}"
+  group_key       = trimprefix(google_cloud_identity_group.group.id, "groups/")
+  access_levels   = [
+    google_access_context_manager_access_level.tf_test_access_level_id_for_user_access_binding%{random_suffix}.name,
+  ]
+  session_settings {
+    session_length = "1800s"
+    session_length_enabled = true
+    session_reauth_method = "LOGIN"
+    use_oidc_max_age = false
+  }
+  scoped_access_settings {
+    scope {
+      client_scope {
+        restricted_client_application {
+	        name = "Cloud Console"
+         }
+      }
+    }
+    active_settings {
+  	  access_levels = [
+  		  google_access_context_manager_access_level.tf_test_access_level_id_for_user_access_binding%{random_suffix}.name,
+  	  ]
+  	  session_settings {
+  		  max_inactivity = "400s"
   		  session_length = "1800s"
   		  session_length_enabled = true
   		  session_reauth_method = "LOGIN"

website/docs/r/access_context_manager_gcp_user_access_binding.html.markdown

@@ -164,7 +164,7 @@ The following arguments are supported:
 
 * `restricted_client_application` -
   (Optional)
-  Optional. The application that is subject to this binding's scope.
+  Optional. The application that is subject to this binding's scope. Only one of clientId or name should be specified.
   Structure is [documented below](#nested_scoped_access_settings_scoped_access_settings_scope_client_scope_restricted_client_application).
 
 
@@ -174,6 +174,10 @@ The following arguments are supported:
   (Optional)
   The OAuth client ID of the application.
 
+* `name` -
+  (Optional)
+  The name of the application. Example: "Cloud Console"
+
 <a name="nested_scoped_access_settings_scoped_access_settings_active_settings"></a>The `active_settings` block supports:
 
 * `access_levels` -