Posture deployment resource addition to terraform (#9356) (#17085)

* add posture deployment resource

* fix lint errors

* Add unit tests

* fix create test

* make etag output only field

* fix update test

* add_project_number

* change target resource description

* add posture support

* modify update test

* fix update test

* address review comments

* fix spacing

* modify posture fields

* modify posture name description

* fix the commented year

* fix fields description

* add reference

* add failure message field

* modify resource description

* add example value of project number

* fix posture update issue

* fix lint issues

* fix custom constraint diff

* address review comments

* fix spacing

* fix tests

* fix test location field

* remove annotations

* fix name description

* remove annotation for revisionIdCustomizeDiff

---------


[upstream:3588330a4feda5100cc4a585f7fef25c68a739a8]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/9356.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_securityposture_posture_deployment`
+```

google/provider/provider_mmv1_resources.go

@@ -380,9 +380,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 369
+// Generated resources: 370
 // Generated IAM resources: 222
-// Total generated resources: 591
+// Total generated resources: 592
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                         accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                   accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -898,6 +898,7 @@ var generatedResources = map[string]*schema.Resource{
 	"google_scc_source_iam_member":                                   tpgiamresource.ResourceIamMember(securitycenter.SecurityCenterSourceIamSchema, securitycenter.SecurityCenterSourceIamUpdaterProducer, securitycenter.SecurityCenterSourceIdParseFunc),
 	"google_scc_source_iam_policy":                                   tpgiamresource.ResourceIamPolicy(securitycenter.SecurityCenterSourceIamSchema, securitycenter.SecurityCenterSourceIamUpdaterProducer, securitycenter.SecurityCenterSourceIdParseFunc),
 	"google_securityposture_posture":                                 securityposture.ResourceSecurityposturePosture(),
+	"google_securityposture_posture_deployment":                      securityposture.ResourceSecurityposturePostureDeployment(),
 	"google_endpoints_service_iam_binding":                           tpgiamresource.ResourceIamBinding(servicemanagement.ServiceManagementServiceIamSchema, servicemanagement.ServiceManagementServiceIamUpdaterProducer, servicemanagement.ServiceManagementServiceIdParseFunc),
 	"google_endpoints_service_iam_member":                            tpgiamresource.ResourceIamMember(servicemanagement.ServiceManagementServiceIamSchema, servicemanagement.ServiceManagementServiceIamUpdaterProducer, servicemanagement.ServiceManagementServiceIdParseFunc),
 	"google_endpoints_service_iam_policy":                            tpgiamresource.ResourceIamPolicy(servicemanagement.ServiceManagementServiceIamSchema, servicemanagement.ServiceManagementServiceIamUpdaterProducer, servicemanagement.ServiceManagementServiceIdParseFunc),

google/services/securityposture/resource_securityposture_posture.go

@@ -35,7 +35,7 @@ import (
 
 // Compute revision_id for changes in posture fields.
 func revisionIdCustomizeDiff(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error {
-	if d.HasChanges("annotations", "description", "state", "policy_sets") {
+	if d.HasChanges("description", "state", "policy_sets") {
 		err := d.SetNewComputed("revision_id")
 		if err != nil {
 			return fmt.Errorf("Error re-setting revision_id: %s", err)
@@ -63,7 +63,6 @@ func ResourceSecurityposturePosture() *schema.Resource {
 
 		CustomizeDiff: customdiff.All(
 			revisionIdCustomizeDiff,
-			tpgresource.SetAnnotationsDiff,
 		),
 
 		Schema: map[string]*schema.Schema{
@@ -92,17 +91,6 @@ func ResourceSecurityposturePosture() *schema.Resource {
 				Description: `State of the posture. Update to state field should not be triggered along with
 with other field updates. Possible values: ["DEPRECATED", "DRAFT", "ACTIVE"]`,
 			},
-			"annotations": {
-				Type:     schema.TypeMap,
-				Optional: true,
-				Description: `Annotations is a key value map stored with a resource that
-may be set by external tools to store and retrieve arbitrary metadata.
-
-
-**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
-Please refer to the field 'effective_annotations' for all of the annotations present on the resource.`,
-				Elem: &schema.Schema{Type: schema.TypeString},
-			},
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -133,7 +121,7 @@ Please refer to the field 'effective_annotations' for all of the annotations pre
 									"constraint": {
 										Type:        schema.TypeList,
 										Required:    true,
-										Description: `Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint OrgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule`,
+										Description: `Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule`,
 										MaxItems:    1,
 										Elem: &schema.Resource{
 											Schema: map[string]*schema.Schema{
@@ -615,12 +603,6 @@ returned by this custom module.`,
 				Computed:    true,
 				Description: `Time the Posture was created in UTC.`,
 			},
-			"effective_annotations": {
-				Type:        schema.TypeMap,
-				Computed:    true,
-				Description: `All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.`,
-				Elem:        &schema.Schema{Type: schema.TypeString},
-			},
 			"etag": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -683,12 +665,6 @@ func resourceSecurityposturePostureCreate(d *schema.ResourceData, meta interface
 	} else if v, ok := d.GetOkExists("policy_sets"); !tpgresource.IsEmptyValue(reflect.ValueOf(policySetsProp)) && (ok || !reflect.DeepEqual(v, policySetsProp)) {
 		obj["policySets"] = policySetsProp
 	}
-	annotationsProp, err := expandSecurityposturePostureEffectiveAnnotations(d.Get("effective_annotations"), d, config)
-	if err != nil {
-		return err
-	} else if v, ok := d.GetOkExists("effective_annotations"); !tpgresource.IsEmptyValue(reflect.ValueOf(annotationsProp)) && (ok || !reflect.DeepEqual(v, annotationsProp)) {
-		obj["annotations"] = annotationsProp
-	}
 
 	url, err := tpgresource.ReplaceVars(d, config, "{{SecuritypostureBasePath}}{{parent}}/locations/{{location}}/postures?postureId={{posture_id}}")
 	if err != nil {
@@ -789,18 +765,12 @@ func resourceSecurityposturePostureRead(d *schema.ResourceData, meta interface{}
 	if err := d.Set("etag", flattenSecurityposturePostureEtag(res["etag"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Posture: %s", err)
 	}
-	if err := d.Set("annotations", flattenSecurityposturePostureAnnotations(res["annotations"], d, config)); err != nil {
-		return fmt.Errorf("Error reading Posture: %s", err)
-	}
 	if err := d.Set("reconciling", flattenSecurityposturePostureReconciling(res["reconciling"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Posture: %s", err)
 	}
 	if err := d.Set("policy_sets", flattenSecurityposturePosturePolicySets(res["policySets"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Posture: %s", err)
 	}
-	if err := d.Set("effective_annotations", flattenSecurityposturePostureEffectiveAnnotations(res["annotations"], d, config)); err != nil {
-		return fmt.Errorf("Error reading Posture: %s", err)
-	}
 
 	return nil
 }
@@ -839,12 +809,6 @@ func resourceSecurityposturePostureUpdate(d *schema.ResourceData, meta interface
 	} else if v, ok := d.GetOkExists("policy_sets"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, policySetsProp)) {
 		obj["policySets"] = policySetsProp
 	}
-	annotationsProp, err := expandSecurityposturePostureEffectiveAnnotations(d.Get("effective_annotations"), d, config)
-	if err != nil {
-		return err
-	} else if v, ok := d.GetOkExists("effective_annotations"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, annotationsProp)) {
-		obj["annotations"] = annotationsProp
-	}
 
 	url, err := tpgresource.ReplaceVars(d, config, "{{SecuritypostureBasePath}}{{parent}}/locations/{{location}}/postures/{{posture_id}}?revisionId={{revision_id}}")
 	if err != nil {
@@ -869,10 +833,6 @@ func resourceSecurityposturePostureUpdate(d *schema.ResourceData, meta interface
 	if d.HasChange("policy_sets") {
 		updateMask = append(updateMask, "policySets")
 	}
-
-	if d.HasChange("effective_annotations") {
-		updateMask = append(updateMask, "annotations")
-	}
 	// updateMask is a URL parameter but not present in the schema, so ReplaceVars
 	// won't set it
 	url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
@@ -1008,21 +968,6 @@ func flattenSecurityposturePostureEtag(v interface{}, d *schema.ResourceData, co
 	return v
 }
 
-func flattenSecurityposturePostureAnnotations(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	if v == nil {
-		return v
-	}
-
-	transformed := make(map[string]interface{})
-	if l, ok := d.GetOkExists("annotations"); ok {
-		for k := range l.(map[string]interface{}) {
-			transformed[k] = v.(map[string]interface{})[k]
-		}
-	}
-
-	return transformed
-}
-
 func flattenSecurityposturePostureReconciling(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1621,10 +1566,6 @@ func flattenSecurityposturePosturePolicySetsPoliciesConstraintSecurityHealthAnal
 	return v
 }
 
-func flattenSecurityposturePostureEffectiveAnnotations(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	return v
-}
-
 func expandSecurityposturePostureState(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
@@ -2596,14 +2537,3 @@ func expandSecurityposturePosturePolicySetsPoliciesConstraintSecurityHealthAnaly
 func expandSecurityposturePosturePolicySetsPoliciesConstraintSecurityHealthAnalyticsCustomModuleConfigRecommendation(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
-
-func expandSecurityposturePostureEffectiveAnnotations(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
-	if v == nil {
-		return map[string]string{}, nil
-	}
-	m := make(map[string]string)
-	for k, val := range v.(map[string]interface{}) {
-		m[k] = val.(string)
-	}
-	return m, nil
-}