@@ -109,6 +109,16 @@ func resourceIsImmutableType(v bool) ResourceOptionsFunc {
109109 }
110110}
111111
112+ // resourceIsGlobalService marks a resource type as a global (non-regional) service.
113+ // Global services (e.g. IAM) must not pass a RegionID to the Cloud Control API;
114+ // sending a regional value causes a "RegionNotSupport" error.
115+ func resourceIsGlobalService (v bool ) ResourceOptionsFunc {
116+ return func (o * genericResource ) error {
117+ o .globalService = v
118+ return nil
119+ }
120+ }
121+
112122// resourceWithWriteOnlyPropertyPaths is a helper function to construct functional options
113123// that set a resource type's write-only property paths (JSON Pointer).
114124// If multiple resourceWithWriteOnlyPropertyPaths calls are made, the last call overrides
@@ -301,6 +311,13 @@ func (opts ResourceOptions) IsImmutableType(v bool) ResourceOptions {
301311 return append (opts , resourceIsImmutableType (v ))
302312}
303313
314+ // IsGlobalService marks the resource as belonging to a global (non-regional) service.
315+ // When true, an empty RegionID is sent to the Cloud Control API instead of the
316+ // provider-configured region, avoiding "RegionNotSupport" errors for services like IAM.
317+ func (opts ResourceOptions ) IsGlobalService (v bool ) ResourceOptions {
318+ return append (opts , resourceIsGlobalService (v ))
319+ }
320+
304321// WithWriteOnlyPropertyPaths is a helper function to construct functional options
305322// that set a resource type's write-only property paths, append that function to the
306323// current slice of functional options and return the new slice of options.
@@ -388,6 +405,7 @@ type genericResource struct {
388405 tfToCcNameMap map [string ]string // Map of Terraform attribute name to Cloud Control property name
389406 ccToTfNameMap map [string ]string // Map of Cloud Control property name to Terraform attribute name
390407 isImmutableType bool // Resources cannot be updated and must be recreated
408+ globalService bool // Service is global (non-regional); omit RegionID from Cloud Control API calls
391409 writeOnlyAttributePaths []* path.Path // Paths to any write-only attributes
392410 readOnlyAttributePaths []* path.Path // Paths to any read-only attributes
393411 createOnlyAttributePaths []* path.Path // Paths to any create-only attributes
@@ -451,7 +469,7 @@ func (r *genericResource) Create(ctx context.Context, request resource.CreateReq
451469 }
452470 output , err := cloudControlClient .CreateResourceWithContext (ctx , & cloudcontrol.CreateResourceInput {
453471 TypeName : util .StringPtr (r .ccTypeName ),
454- RegionID : r .provider . Region (ctx ),
472+ RegionID : r .regionID (ctx ),
455473 ClientToken : util .StringPtr (util .GenerateToken (32 )),
456474 TargetState : & targetState ,
457475 })
@@ -741,7 +759,7 @@ func (r *genericResource) Update(ctx context.Context, request resource.UpdateReq
741759 }
742760 output , err := cloudControlClient .UpdateResourceWithContext (ctx , & cloudcontrol.UpdateResourceInput {
743761 TypeName : util .StringPtr (r .ccTypeName ),
744- RegionID : util .StringPtr (r .provider . Region (ctx )),
762+ RegionID : util .StringPtr (r .regionID (ctx )),
745763 Identifier : util .StringPtr (id ),
746764 ClientToken : util .StringPtr (util .GenerateToken (32 )),
747765 PatchDocument : PatchDocumentArray ,
@@ -834,7 +852,7 @@ func (r *genericResource) Delete(ctx context.Context, request resource.DeleteReq
834852 return
835853 }
836854
837- err = tfcloudcontrol .DeleteResource (ctx , conn , r .provider . Region (ctx ), "" , r .ccTypeName , id )
855+ err = tfcloudcontrol .DeleteResource (ctx , conn , r .regionID (ctx ), "" , r .ccTypeName , id )
838856
839857 if err != nil {
840858 response .Diagnostics .Append (ServiceOperationErrorDiag ("Cloud Control API" , "DeleteResource" , err ))
@@ -872,14 +890,24 @@ func (r *genericResource) ConfigValidators(context.Context) []resource.ConfigVal
872890 return validators
873891}
874892
893+ // regionID returns the region string to pass to Cloud Control API calls.
894+ // Global services (e.g. IAM Group) must receive an empty string to avoid
895+ // "RegionNotSupport" errors from the regional Cloud Control endpoint.
896+ func (r * genericResource ) regionID (ctx context.Context ) string {
897+ if r .globalService {
898+ return ""
899+ }
900+ return r .provider .Region (ctx )
901+ }
902+
875903// describe returns the live state of the specified resource.
876904func (r * genericResource ) describe (ctx context.Context , client * cloudcontrol.CloudControl , id string ) (* cloudcontrol.GetResourceOutput , error ) {
877- return tfcloudcontrol .FindResourceByTypeNameAndID (ctx , client , r .provider . Region (ctx ), r .ccTypeName , id )
905+ return tfcloudcontrol .FindResourceByTypeNameAndID (ctx , client , r .regionID (ctx ), r .ccTypeName , id )
878906}
879907
880908// describe returns the live state of the specified resource.
881909func (r * genericResource ) describeWithSysTag (ctx context.Context , client * cloudcontrol.CloudControl , id string ) (* cloudcontrol.GetResourceOutput , error ) {
882- return tfcloudcontrol .FindResourceByTypeNameAndIDWithSysTag (ctx , client , r .provider . Region (ctx ), r .ccTypeName , id )
910+ return tfcloudcontrol .FindResourceByTypeNameAndIDWithSysTag (ctx , client , r .regionID (ctx ), r .ccTypeName , id )
883911}
884912
885913// getId returns the resource's primary identifier value from State.
0 commit comments