Change ServicePerimeterResource to use a policy level mutex lock (#12725) (#9042)

modular-magician · web-flow · commit 7317470f81f4 · 2025-01-10T16:36:14.000-08:00
[upstream:fb31f70316dfb5b648f2a5ba0412d8511d5cf983]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/12725.txt b/.changelog/12725.txt
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource.go
@@ -299,6 +299,9 @@ func resourceAccessContextManagerServicePerimeterDryRunResourceImport(d *schema.
 		return nil, err
 	}
 
+	if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil {
+		return nil, fmt.Errorf("Error setting access_policy_id: %s", err)
+	}
 	if err := d.Set("perimeter_name", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil {
 		return nil, fmt.Errorf("Error setting perimeter_name: %s", err)
 	}
diff --git a/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_resource.go b/google-beta/services/accesscontextmanager/resource_access_context_manager_service_perimeter_resource.go
@@ -22,6 +22,7 @@ import (
 	"log"
 	"net/http"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -61,6 +62,11 @@ func ResourceAccessContextManagerServicePerimeterResource() *schema.Resource {
 Currently only projects are allowed.
 Format: projects/{project_number}`,
 			},
+			"access_policy_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `The name of the Access Policy this resource belongs to.`,
+			},
 		},
 		UseJSONNumber: true,
 	}
@@ -81,7 +87,12 @@ func resourceAccessContextManagerServicePerimeterResourceCreate(d *schema.Resour
 		obj["resource"] = resourceProp
 	}
 
-	lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter_name}}")
+	obj, err = resourceAccessContextManagerServicePerimeterResourceEncoder(d, meta, obj)
+	if err != nil {
+		return err
+	}
+
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
 	if err != nil {
 		return err
 	}
@@ -235,7 +246,7 @@ func resourceAccessContextManagerServicePerimeterResourceDelete(d *schema.Resour
 
 	billingProject := ""
 
-	lockName, err := tpgresource.ReplaceVars(d, config, "{{perimeter_name}}")
+	lockName, err := tpgresource.ReplaceVars(d, config, "{{access_policy_id}}")
 	if err != nil {
 		return err
 	}
@@ -301,6 +312,9 @@ func resourceAccessContextManagerServicePerimeterResourceImport(d *schema.Resour
 		return nil, err
 	}
 
+	if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil {
+		return nil, fmt.Errorf("Error setting access_policy_id: %s", err)
+	}
 	if err := d.Set("perimeter_name", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil {
 		return nil, fmt.Errorf("Error setting perimeter_name: %s", err)
 	}
@@ -318,6 +332,17 @@ func expandNestedAccessContextManagerServicePerimeterResourceResource(v interfac
 	return v, nil
 }
 
+func resourceAccessContextManagerServicePerimeterResourceEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
+	// Set the access_policy_id field from part of the perimeter_name parameter.
+
+	// The is logic is inside the encoder since the access_policy_id field is part of
+	// the mutex lock and encoders run before the lock is set.
+	parts := strings.Split(d.Get("perimeter_name").(string), "/")
+	d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1]))
+
+	return obj, nil
+}
+
 func flattenNestedAccessContextManagerServicePerimeterResource(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) {
 	var v interface{}
 	var ok bool
diff --git a/website/docs/r/access_context_manager_service_perimeter_resource.html.markdown b/website/docs/r/access_context_manager_service_perimeter_resource.html.markdown
@@ -96,6 +96,9 @@ In addition to the arguments listed above, the following computed attributes are
 
 * `id` - an identifier for the resource with format `{{perimeter_name}}/{{resource}}`
 
+* `access_policy_id` -
+  The name of the Access Policy this resource belongs to.
+
 
 ## Timeouts
 

Original file line number	Diff line number	Diff line change
`@@ -299,6 +299,9 @@ func resourceAccessContextManagerServicePerimeterDryRunResourceImport(d *schema.`
`299`	`299`	`return nil, err`
`300`	`300`	`}`
`301`	`301`
	`302`	`+ if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil {`
	`303`	`+ return nil, fmt.Errorf("Error setting access_policy_id: %s", err)`
	`304`	`+ }`
`302`	`305`	`if err := d.Set("perimeter_name", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil {`
`303`	`306`	`return nil, fmt.Errorf("Error setting perimeter_name: %s", err)`
`304`	`307`	`}`