Access Context Manager - Add support for roles in service perimeter resources

[Charlesleonius]

Add support for IAM roles in Access Context Manager service perimeter resources.

accesscontextmanager: Add roles field to ingress and egress policies of google_access_context_manager_service_perimeter.* resources

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run. Googlers: see go/terraform-auto-test-runs to set up automatic test runs.

@BBBmau, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 24 files changed, 424 insertions(+), 5 deletions(-))
google-beta provider: Diff ( 24 files changed, 424 insertions(+), 5 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 88 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_access_context_manager_service_perimeter (12 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter" "primary" {
  spec {
    egress_policies {
      egress_to {
        roles = # value needed
      }
    }
    ingress_policies {
      ingress_to {
        roles = # value needed
      }
    }
  }
}

Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeters (3 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeters" "primary" {
  service_perimeters {
    spec {
      egress_policies {
        egress_to {
          roles = # value needed
        }
      }
      ingress_policies {
        ingress_to {
          roles = # value needed
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 3
Passed tests: 2
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• accesscontextmanager

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccAccessContextManager

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccAccessContextManager [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[BBBmau]

although you've add the root ingress_to in the test files it's still necessary to add them in the examples also. It appears that it's missing here in the root resource.

*_test.go is used for update tests.

[Charlesleonius]

We disable to the example to test generation since it doesn't behave well with our API. I fixed the customer flattener for one of the resources which fixed the test.

[BBBmau]

can you go ahead and still include them in the examples with the them set as skip_test: true? It should also contain a link or at least an explanation of why this is skipped. Your explanation here would be good.

https://github.com/GoogleCloudPlatform/magic-modules/pull/13413/files#r2012461682

[Charlesleonius]

Updated all the examples and added a comment to explain why the tests are disabled.

[BBBmau]

looks like it's still returning a missing report for the fields that are within spec.egress_policies and spec.ingress_policies

as well for both egress_to and ingress_to but those look to be because of no update_test being applied.

[Charlesleonius]

Added fields to the spec section for that test. Should fix it

[BBBmau]

that fixed it! However we still get missing fields for the following, can you make sure they get added in for create+update tests?

[Charlesleonius]

Im not sure what else I need to do. This field is being covered in every test we have for every resource that has this field. I also updated all the examples. We always have these missing test reports because I believe it does not pickup our manual tests. See #10990 for an example.

[BBBmau]

Seeing the PR you linked help a ton. Thanks!

[Charlesleonius]

Thanks for the thorough review. We will look into how we can fix our test setup to leverage the recommended generated tests.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 24 files changed, 451 insertions(+), 5 deletions(-))
google-beta provider: Diff ( 24 files changed, 451 insertions(+), 5 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 92 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_access_context_manager_service_perimeter (12 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter" "primary" {
  spec {
    egress_policies {
      egress_to {
        roles = # value needed
      }
    }
    ingress_policies {
      ingress_to {
        roles = # value needed
      }
    }
  }
}

Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

[modular-magician]

Tests analytics

Total tests: 3
Passed tests: 2
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• accesscontextmanager

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccAccessContextManager

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccAccessContextManager [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

[BBBmau]

we're getting missing tests due to a create test not being added in the examples list: refer to https://googlecloudplatform.github.io/magic-modules/test/test/#add-a-create-test

[Charlesleonius]

We can not use the examples to generate tests because those tests will run in parallel and all of our tests depend on creating a resource that can only be created once at a time. We are looking to refactor our tests in the future but for now this is what we have. I have added this field to the existing tests for all of our resources.

[Charlesleonius]

Hi @BBBmau can you please take a look at this again. We need to have this merged by tomorrow to meet release deadlines.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 24 files changed, 664 insertions(+), 5 deletions(-))
google-beta provider: Diff ( 24 files changed, 664 insertions(+), 5 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 92 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_access_context_manager_service_perimeter (12 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter" "primary" {
  spec {
    egress_policies {
      egress_to {
        roles = # value needed
      }
    }
    ingress_policies {
      ingress_to {
        roles = # value needed
      }
    }
  }
}

Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

[modular-magician]

Tests analytics

Total tests: 3
Passed tests: 3
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

• accesscontextmanager

🟢 All tests passed!

View the build log

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 24 files changed, 684 insertions(+), 5 deletions(-))
google-beta provider: Diff ( 24 files changed, 684 insertions(+), 5 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 92 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_access_context_manager_service_perimeter_dry_run_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_dry_run_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_dry_run_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_egress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_egress_policy" "primary" {
  egress_to {
    roles = # value needed
  }
}

Resource: google_access_context_manager_service_perimeter_ingress_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_access_context_manager_service_perimeter_ingress_policy" "primary" {
  ingress_to {
    roles = # value needed
  }
}

[modular-magician]

Tests analytics

Total tests: 3
Passed tests: 2
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• accesscontextmanager

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccAccessContextManager

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccAccessContextManager [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test