Support for projects in EgressSource (#12532)

[upstream:43ea8747f7ccc2ef1774b12444a8f4dae98cc0cb]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/hcl/v2 v2.20.1
 	github.com/hashicorp/terraform-json v0.22.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0
-	github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250131183209-0394f74fb1b9
+	github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250131200031-88dcd513b784
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.9.0

go.sum

@@ -172,8 +172,8 @@ github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A=
 github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c=
 github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0=
-github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250131183209-0394f74fb1b9 h1:IjGoAtyJVwM7vnKpSpQUYZ3q2pWIdnio8+4J9Yo/x0I=
-github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250131183209-0394f74fb1b9/go.mod h1:IkJf/cFmSb0kvMORnXqL/PqiMSLMSAuOKHzH60Fea58=
+github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250131200031-88dcd513b784 h1:Iftzfuauk/KbEFjZOnw3OQqBeoueAbha2T1YEKa5E+w=
+github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250131200031-88dcd513b784/go.mod h1:IkJf/cFmSb0kvMORnXqL/PqiMSLMSAuOKHzH60Fea58=
 github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI=
 github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM=
 github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=

tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go

@@ -623,6 +623,13 @@ func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSou
 			transformed["accessLevel"] = transformedAccessLevel
 		}
 
+		transformedResource, err := expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSourcesResource(original["resource"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedResource); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["resource"] = transformedResource
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -632,6 +639,10 @@ func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSou
 	return v, nil
 }
 
+func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSourcesResource(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAccessContextManagerServicePerimeterStatusEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
@@ -1157,6 +1168,13 @@ func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourc
 			transformed["accessLevel"] = transformedAccessLevel
 		}
 
+		transformedResource, err := expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourcesResource(original["resource"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedResource); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["resource"] = transformedResource
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -1166,6 +1184,10 @@ func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourc
 	return v, nil
 }
 
+func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourcesResource(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAccessContextManagerServicePerimeterSpecEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeters.go

@@ -583,6 +583,13 @@ func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPol
 			transformed["accessLevel"] = transformedAccessLevel
 		}
 
+		transformedResource, err := expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSourcesResource(original["resource"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedResource); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["resource"] = transformedResource
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -592,6 +599,10 @@ func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPol
 	return v, nil
 }
 
+func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSourcesResource(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAccessContextManagerServicePerimetersServicePerimetersStatusEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
@@ -1117,6 +1128,13 @@ func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPolic
 			transformed["accessLevel"] = transformedAccessLevel
 		}
 
+		transformedResource, err := expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSourcesResource(original["resource"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedResource); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["resource"] = transformedResource
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -1126,6 +1144,10 @@ func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPolic
 	return v, nil
 }
 
+func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSourcesResource(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAccessContextManagerServicePerimetersServicePerimetersSpecEgressPoliciesEgressFromSourceRestriction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.json

@@ -20,6 +20,9 @@
                 "sources": [
                     {
                       "accessLevel": "accessPolicies/987654/accessLevels/restrict_storage"
+                    },
+                    {
+                      "resource": "projects/4321"
                     }
                   ]
               }

tfplan2cai/testdata/templates/example_access_context_manager_service_perimeter.tf

@@ -60,7 +60,10 @@ resource "google_access_context_manager_service_perimeter" "service-perimeter" {
         sources {
           access_level = "accessPolicies/987654/accessLevels/restrict_storage"
         }
-	source_restriction = "SOURCE_RESTRICTION_ENABLED"
+        sources {
+          resource = "projects/4321"
+        }
+	      source_restriction = "SOURCE_RESTRICTION_ENABLED"
         identity_type = "ANY_USER_ACCOUNT"
       }
     }