Add create_ignore_already_exists to google_cloud_identity_group_membership (#14250) (#23376)

[upstream:527d99e9bc723085900474191259de7594e2e918]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14250.txt

@@ -0,0 +1 @@
+unknown: Add create_ignore_already_exists to google_cloud_identity_group_membership

google/services/cloudidentity/resource_cloud_identity_group_membership.go

@@ -28,6 +28,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"google.golang.org/api/googleapi"
 
 	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
@@ -127,6 +128,12 @@ and must be in the form of 'identitysources/{identity_source_id}'.`,
 				Computed:    true,
 				Description: `The time when the Membership was last updated.`,
 			},
+			"create_ignore_already_exists": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: `If set to true, skip group member creation if a membership with the same name already exists. Defaults to false.`,
+				Default:     false,
+			},
 		},
 		UseJSONNumber: true,
 	}
@@ -201,6 +208,75 @@ func resourceCloudIdentityGroupMembershipCreate(d *schema.ResourceData, meta int
 	}
 
 	headers := make(http.Header)
+	if d.Get("create_ignore_already_exists").(bool) {
+		log.Printf("[DEBUG] Calling get GroupMembership to check if membership already exists")
+		preferredMemberKeyPropTyped := tpgresource.CheckStringMap(preferredMemberKeyProp)
+
+		params := map[string]string{
+			"memberKey.id": preferredMemberKeyPropTyped["id"],
+		}
+		if ns, ok := preferredMemberKeyPropTyped["namespace"]; ok && ns != "" {
+			params["memberKey.namespace"] = ns
+		}
+		getUrl, err := transport_tpg.AddQueryParams(url+":lookup", params)
+		if err != nil {
+			return err
+		}
+
+		res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+			Config:    config,
+			Method:    "GET",
+			Project:   billingProject,
+			RawURL:    getUrl,
+			UserAgent: userAgent,
+			Headers:   headers,
+		})
+		// Do normal create if membership does not exist
+
+		if err != nil {
+			gerr, ok := err.(*googleapi.Error)
+			notFound := ok && gerr.Code == 404
+			// If group membership is not found, we can proceed with the create operation.
+			if !notFound {
+				return fmt.Errorf("Error checking if GroupMembership exists: %s", err)
+			}
+		} else {
+			// Set computed resource properties from create API response so that they're available on the subsequent Read call.
+			err = resourceCloudIdentityGroupMembershipPostCreateSetComputedFields(d, meta, res)
+			if err != nil {
+				return fmt.Errorf("setting computed ID format fields: %w", err)
+			}
+
+			// Store the ID now
+			id, err := tpgresource.ReplaceVars(d, config, "{{name}}")
+			if err != nil {
+				return fmt.Errorf("Error constructing id: %s", err)
+			}
+			d.SetId(id)
+
+			// `name` is autogenerated from the api so needs to be set post-create
+			name, ok := res["name"]
+			if !ok {
+				respBody, ok := res["response"]
+				if !ok {
+					return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+				}
+
+				name, ok = respBody.(map[string]interface{})["name"]
+				if !ok {
+					return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.")
+				}
+			}
+			if err := d.Set("name", name.(string)); err != nil {
+				return fmt.Errorf("Error setting name: %s", err)
+			}
+			d.SetId(name.(string))
+
+			log.Printf("[DEBUG] Finished creating GroupMembership %q: %#v", d.Id(), res)
+
+			return resourceCloudIdentityGroupMembershipRead(d, meta)
+		}
+	}
 	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
 		Config:    config,
 		Method:    "POST",
@@ -283,6 +359,13 @@ func resourceCloudIdentityGroupMembershipRead(d *schema.ResourceData, meta inter
 		return transport_tpg.HandleNotFoundError(transformCloudIdentityGroupMembershipReadError(err), d, fmt.Sprintf("CloudIdentityGroupMembership %q", d.Id()))
 	}
 
+	// Explicitly set virtual fields to default values if unset
+	if _, ok := d.GetOkExists("create_ignore_already_exists"); !ok {
+		if err := d.Set("create_ignore_already_exists", false); err != nil {
+			return fmt.Errorf("Error setting create_ignore_already_exists: %s", err)
+		}
+	}
+
 	if err := d.Set("name", flattenCloudIdentityGroupMembershipName(res["name"], d, config)); err != nil {
 		return fmt.Errorf("Error reading GroupMembership: %s", err)
 	}
@@ -491,6 +574,10 @@ func resourceCloudIdentityGroupMembershipImport(d *schema.ResourceData, meta int
 	}
 	d.SetId(id)
 
+	// Explicitly set virtual fields to default values on import
+	if err := d.Set("create_ignore_already_exists", false); err != nil {
+		return nil, fmt.Errorf("Error setting create_ignore_already_exists: %s", err)
+	}
 	// Configure "group" property, which does not appear in the response body.
 	group := regexp.MustCompile(`groups/[^/]+`).FindString(id)
 	if err := d.Set("group", group); err != nil {

google/services/cloudidentity/resource_cloud_identity_group_membership_generated_meta.yaml

@@ -5,6 +5,8 @@ api_service_name: 'cloudidentity.googleapis.com'
 api_version: 'v1'
 api_resource_type_kind: 'Membership'
 fields:
+  - field: 'create_ignore_already_exists'
+    provider_only: true
   - field: 'create_time'
   - field: 'group'
     provider_only: true

google/services/cloudidentity/resource_cloud_identity_group_membership_test.go

@@ -448,3 +448,178 @@ func testAccCheckCloudIdentityGroupMembershipDestroyProducer(t *testing.T) func(
 		return nil
 	}
 }
+
+// Test setting create_ignore_already_exists on an existing resource
+func testAccCloudIdentityGroupMembership_existingResourceCreateIgnoreAlreadyExists(t *testing.T) {
+	context := map[string]interface{}{
+		"org_domain":    envvar.GetTestOrgDomainFromEnv(t),
+		"cust_id":       envvar.GetTestCustIdFromEnv(t),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+	id := "groups/groupId/memberships/membershipId"
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckCloudIdentityGroupMembershipDestroyProducer(t),
+		Steps: []resource.TestStep{
+			// The first step creates a new resource with create_ignore_already_exists=false
+			{
+				Config: testAccCloudIdentityGroupMembershipCreateIgnoreAlreadyExists(context, false),
+				Check:  resource.TestCheckResourceAttr("google_cloud_identity_group_membership.acceptance", "id", id),
+			},
+			{
+				ResourceName:            "google_cloud_identity_group_membership.acceptance",
+				ImportStateId:           id,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"create_ignore_already_exists"}, // Import leaves this field out when false
+			},
+			// The second step updates the resource to have create_ignore_already_exists=true
+			{
+				Config: testAccCloudIdentityGroupMembershipCreateIgnoreAlreadyExists(context, true),
+				Check:  resource.TestCheckResourceAttr("google_cloud_identity_group_membership.acceptance", "id", id),
+			},
+		},
+	})
+}
+
+// Test the option to ignore ALREADY_EXISTS error from creating a Source Repository.
+func testAccCloudIdentityGroupMembership_createIgnoreAlreadyExists(t *testing.T) {
+	context := map[string]interface{}{
+		"org_domain":    envvar.GetTestOrgDomainFromEnv(t),
+		"cust_id":       envvar.GetTestCustIdFromEnv(t),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+	id := "groups/groupId/memberships/membershipId"
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckCloudIdentityGroupMembershipDestroyProducer(t),
+		Steps: []resource.TestStep{
+			// The first step creates a group membership
+			{
+				Config: testAccCloudIdentityGroupMembershipCreateIgnoreAlreadyExists(context, false),
+				Check:  resource.TestCheckResourceAttr("google_cloud_identity_group_membership.acceptance", "id", id),
+			},
+			{
+				ResourceName:      "google_cloud_identity_group_membership.acceptance",
+				ImportStateId:     id,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// The second step creates a new resource that duplicates with the existing group membership
+			{
+				Config: testAccCloudIdentityGroupMembershipDuplicateIgnoreAlreadyExists(context),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_cloud_identity_group_membership.acceptance", "id", id),
+					resource.TestCheckResourceAttr("google_cloud_identity_group_membership.duplicate", "id", id),
+				),
+			},
+		},
+	})
+}
+
+func testAccCloudIdentityGroupMembershipCreateIgnoreAlreadyExists(context map[string]interface{}, ignore_already_exists bool) string {
+	context["create_ignore_already_exists"] = fmt.Sprintf("%t", ignore_already_exists)
+	return acctest.Nprintf(`
+resource "google_cloud_identity_group" "group" {
+  display_name = "tf-test-my-identity-group%{random_suffix}"
+
+  parent = "customers/%{cust_id}"
+
+  group_key {
+    id = "tf-test-my-identity-group%{random_suffix}@%{org_domain}"
+  }
+
+  labels = {
+    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
+  }
+}
+resource "google_cloud_identity_group" "child-group" {
+  display_name = "tf-test-my-identity-group%{random_suffix}-child"
+
+  parent = "customers/%{cust_id}"
+
+  group_key {
+    id = "tf-test-my-identity-group%{random_suffix}-child@%{org_domain}"
+  }
+
+  labels = {
+    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
+  }
+}
+
+resource "google_cloud_identity_group_membership" "acceptance" {
+  group    = google_cloud_identity_group.group.id
+
+  preferred_member_key {
+    id = google_cloud_identity_group.child-group.group_key[0].id
+  }
+
+  roles {
+    name = "MEMBER"
+  }
+
+  create_ignore_already_exists = %{create_ignore_already_exists}
+}
+`, context)
+}
+
+func testAccCloudIdentityGroupMembershipDuplicateIgnoreAlreadyExists(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_cloud_identity_group" "group" {
+  display_name = "tf-test-my-identity-group%{random_suffix}"
+
+  parent = "customers/%{cust_id}"
+
+  group_key {
+    id = "tf-test-my-identity-group%{random_suffix}@%{org_domain}"
+  }
+
+  labels = {
+    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
+  }
+}
+resource "google_cloud_identity_group" "child-group" {
+  display_name = "tf-test-my-identity-group%{random_suffix}-child"
+
+  parent = "customers/%{cust_id}"
+
+  group_key {
+    id = "tf-test-my-identity-group%{random_suffix}-child@%{org_domain}"
+  }
+
+  labels = {
+    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
+  }
+}
+
+resource "google_cloud_identity_group_membership" "acceptance" {
+  group = google_cloud_identity_group.group.id
+
+  preferred_member_key {
+    id = google_cloud_identity_group.child-group.group_key[0].id
+  }
+
+  roles {
+    name = "MEMBER"
+  }
+}
+
+resource "google_cloud_identity_group_membership" "duplicate" {
+  group = google_cloud_identity_group.group.id
+
+  preferred_member_key {
+    id = google_cloud_identity_group.child-group.group_key[0].id
+  }
+
+  roles {
+    name = "MEMBER"
+  }
+
+  create_ignore_already_exists = true
+}
+`, context)
+}

website/docs/r/cloud_identity_group_membership.html.markdown

@@ -167,6 +167,8 @@ The following arguments are supported:
   EntityKey of the member.
   Structure is [documented below](#nested_preferred_member_key).
 
+* `create_ignore_already_exists` - (Optional) If set to true, skip group member creation if a membership with the same name already exists. Defaults to false.
+
 
 <a name="nested_member_key"></a>The `member_key` block supports: