Add ControlPlaneAccess support for Apigee (#12825) (#9709)

[upstream:208b384af6f750bfbf5435eb3749f48aa1de6b0c]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/12825.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_control_plane_access`
+```

google-beta/provider/provider_mmv1_resources.go

@@ -554,9 +554,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 637
+// Generated resources: 638
 // Generated IAM resources: 312
-// Total generated resources: 949
+// Total generated resources: 950
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                                     accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                               accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -601,6 +601,7 @@ var generatedResources = map[string]*schema.Resource{
 	"google_api_gateway_gateway_iam_policy":                                      tpgiamresource.ResourceIamPolicy(apigateway.ApiGatewayGatewayIamSchema, apigateway.ApiGatewayGatewayIamUpdaterProducer, apigateway.ApiGatewayGatewayIdParseFunc),
 	"google_apigee_addons_config":                                                apigee.ResourceApigeeAddonsConfig(),
 	"google_apigee_app_group":                                                    apigee.ResourceApigeeAppGroup(),
+	"google_apigee_control_plane_access":                                         apigee.ResourceApigeeControlPlaneAccess(),
 	"google_apigee_developer":                                                    apigee.ResourceApigeeDeveloper(),
 	"google_apigee_dns_zone":                                                     apigee.ResourceApigeeDnsZone(),
 	"google_apigee_endpoint_attachment":                                          apigee.ResourceApigeeEndpointAttachment(),

google-beta/services/apigee/resource_apigee_control_plane_access.go

@@ -0,0 +1,338 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This code is generated by Magic Modules using the following:
+//
+//     Configuration: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/apigee/ControlPlaneAccess.yaml
+//     Template:      https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/resource.go.tmpl
+//
+//     DO NOT EDIT this file directly. Any changes made to this file will be
+//     overwritten during the next generation cycle.
+//
+// ----------------------------------------------------------------------------
+
+package apigee
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"reflect"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+func ResourceApigeeControlPlaneAccess() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceApigeeControlPlaneAccessCreate,
+		Read:   resourceApigeeControlPlaneAccessRead,
+		Update: resourceApigeeControlPlaneAccessUpdate,
+		Delete: resourceApigeeControlPlaneAccessDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: resourceApigeeControlPlaneAccessImport,
+		},
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(20 * time.Minute),
+			Update: schema.DefaultTimeout(20 * time.Minute),
+			Delete: schema.DefaultTimeout(20 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: `Name of the Apigee organization.`,
+			},
+			"analytics_publisher_identities": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Description: `Array of service accounts authorized to publish analytics data to the control plane, each specified using the following format: 'serviceAccount:service-account-name'.
+
+The 'service-account-name' is formatted like an email address. For example: serviceAccount@my_project_id.iam.gserviceaccount.com
+
+You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.`,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"synchronizer_identities": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Description: `Array of service accounts to grant access to control plane resources (for the Synchronizer component), each specified using the following format: 'serviceAccount:service-account-name'.
+
+The 'service-account-name' is formatted like an email address. For example: serviceAccount@my_project_id.iam.gserviceaccount.com
+
+You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.
+
+The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts).`,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+		UseJSONNumber: true,
+	}
+}
+
+func resourceApigeeControlPlaneAccessCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	synchronizerIdentitiesProp, err := expandApigeeControlPlaneAccessSynchronizerIdentities(d.Get("synchronizer_identities"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("synchronizer_identities"); ok || !reflect.DeepEqual(v, synchronizerIdentitiesProp) {
+		obj["synchronizerIdentities"] = synchronizerIdentitiesProp
+	}
+	analyticsPublisherIdentitiesProp, err := expandApigeeControlPlaneAccessAnalyticsPublisherIdentities(d.Get("analytics_publisher_identities"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("analytics_publisher_identities"); ok || !reflect.DeepEqual(v, analyticsPublisherIdentitiesProp) {
+		obj["analyticsPublisherIdentities"] = analyticsPublisherIdentitiesProp
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{ApigeeBasePath}}organizations/{{name}}/controlPlaneAccess")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Creating new ControlPlaneAccess: %#v", obj)
+	billingProject := ""
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	headers := make(http.Header)
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "PATCH",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   d.Timeout(schema.TimeoutCreate),
+		Headers:   headers,
+	})
+	if err != nil {
+		return fmt.Errorf("Error creating ControlPlaneAccess: %s", err)
+	}
+
+	// Store the ID now
+	id, err := tpgresource.ReplaceVars(d, config, "organizations/{{name}}/controlPlaneAccess")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	// Use the resource in the operation response to populate
+	// identity fields and d.Id() before read
+	var opRes map[string]interface{}
+	err = ApigeeOperationWaitTimeWithResponse(
+		config, res, &opRes, "Creating ControlPlaneAccess", userAgent,
+		d.Timeout(schema.TimeoutCreate))
+	if err != nil {
+		// The resource didn't actually create
+		d.SetId("")
+
+		return fmt.Errorf("Error waiting to create ControlPlaneAccess: %s", err)
+	}
+
+	// This may have caused the ID to update - update it if so.
+	id, err = tpgresource.ReplaceVars(d, config, "organizations/{{name}}/controlPlaneAccess")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	log.Printf("[DEBUG] Finished creating ControlPlaneAccess %q: %#v", d.Id(), res)
+
+	return resourceApigeeControlPlaneAccessRead(d, meta)
+}
+
+func resourceApigeeControlPlaneAccessRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{ApigeeBasePath}}organizations/{{name}}/controlPlaneAccess")
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	headers := make(http.Header)
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "GET",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Headers:   headers,
+	})
+	if err != nil {
+		return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("ApigeeControlPlaneAccess %q", d.Id()))
+	}
+
+	if err := d.Set("synchronizer_identities", flattenApigeeControlPlaneAccessSynchronizerIdentities(res["synchronizerIdentities"], d, config)); err != nil {
+		return fmt.Errorf("Error reading ControlPlaneAccess: %s", err)
+	}
+	if err := d.Set("analytics_publisher_identities", flattenApigeeControlPlaneAccessAnalyticsPublisherIdentities(res["analyticsPublisherIdentities"], d, config)); err != nil {
+		return fmt.Errorf("Error reading ControlPlaneAccess: %s", err)
+	}
+
+	return nil
+}
+
+func resourceApigeeControlPlaneAccessUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	obj := make(map[string]interface{})
+	synchronizerIdentitiesProp, err := expandApigeeControlPlaneAccessSynchronizerIdentities(d.Get("synchronizer_identities"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("synchronizer_identities"); ok || !reflect.DeepEqual(v, synchronizerIdentitiesProp) {
+		obj["synchronizerIdentities"] = synchronizerIdentitiesProp
+	}
+	analyticsPublisherIdentitiesProp, err := expandApigeeControlPlaneAccessAnalyticsPublisherIdentities(d.Get("analytics_publisher_identities"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("analytics_publisher_identities"); ok || !reflect.DeepEqual(v, analyticsPublisherIdentitiesProp) {
+		obj["analyticsPublisherIdentities"] = analyticsPublisherIdentitiesProp
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{ApigeeBasePath}}organizations/{{name}}/controlPlaneAccess")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Updating ControlPlaneAccess %q: %#v", d.Id(), obj)
+	headers := make(http.Header)
+	updateMask := []string{}
+
+	if d.HasChange("synchronizer_identities") {
+		updateMask = append(updateMask, "synchronizerIdentities")
+	}
+
+	if d.HasChange("analytics_publisher_identities") {
+		updateMask = append(updateMask, "analyticsPublisherIdentities")
+	}
+	// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+	// won't set it
+	url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+	if err != nil {
+		return err
+	}
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	// if updateMask is empty we are not updating anything so skip the post
+	if len(updateMask) > 0 {
+		res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+			Config:    config,
+			Method:    "PATCH",
+			Project:   billingProject,
+			RawURL:    url,
+			UserAgent: userAgent,
+			Body:      obj,
+			Timeout:   d.Timeout(schema.TimeoutUpdate),
+			Headers:   headers,
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error updating ControlPlaneAccess %q: %s", d.Id(), err)
+		} else {
+			log.Printf("[DEBUG] Finished updating ControlPlaneAccess %q: %#v", d.Id(), res)
+		}
+
+		err = ApigeeOperationWaitTime(
+			config, res, "Updating ControlPlaneAccess", userAgent,
+			d.Timeout(schema.TimeoutUpdate))
+
+		if err != nil {
+			return err
+		}
+	}
+
+	return resourceApigeeControlPlaneAccessRead(d, meta)
+}
+
+func resourceApigeeControlPlaneAccessDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[WARNING] Apigee ControlPlaneAccess resources"+
+		" cannot be deleted from Google Cloud. The resource %s will be removed from Terraform"+
+		" state, but will still be present on Google Cloud.", d.Id())
+	d.SetId("")
+
+	return nil
+}
+
+func resourceApigeeControlPlaneAccessImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	config := meta.(*transport_tpg.Config)
+	if err := tpgresource.ParseImportId([]string{
+		"^organizations/(?P<name>[^/]+)/controlPlaneAccess$",
+		"^(?P<name>[^/]+)$",
+	}, d, config); err != nil {
+		return nil, err
+	}
+
+	// Replace import id for the resource id
+	id, err := tpgresource.ReplaceVars(d, config, "organizations/{{name}}/controlPlaneAccess")
+	if err != nil {
+		return nil, fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	return []*schema.ResourceData{d}, nil
+}
+
+func flattenApigeeControlPlaneAccessSynchronizerIdentities(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenApigeeControlPlaneAccessAnalyticsPublisherIdentities(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func expandApigeeControlPlaneAccessSynchronizerIdentities(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandApigeeControlPlaneAccessAnalyticsPublisherIdentities(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}

google-beta/services/apigee/resource_apigee_control_plane_access_generated_meta.yaml

@@ -0,0 +1,11 @@
+resource: 'google_apigee_control_plane_access'
+generation_type: 'mmv1'
+source_file: 'products/apigee/ControlPlaneAccess.yaml'
+api_service_name: 'apigee.googleapis.com'
+api_version: 'v1'
+api_resource_type_kind: 'ControlPlaneAccess'
+fields:
+  - field: 'analytics_publisher_identities'
+  - field: 'name'
+    provider_only: true
+  - field: 'synchronizer_identities'