Enabling Membership resource to be regionalized with global as default value (#8994) (#16105)

* Adding Terraform resources for Tenancy APIs in GKEHub

* Segregating MembershipBinding and MembershipRBACRoleBinding to keep things simpler in the review

* Fixing the docu URIs

* Adding TF support for Tenancy API for Membership Binding

* Adding dependent membership binding to the same commit chain

* Making Scope un-updatable and replacing hard coded project number with the one from test env

* Making Scope RRBAC updatable

* Making Namespace immutable

* Adding update test cases

* Removing all memberships field from Scope since it is no longer supported

* Removing all_memberships field for Scope from all test cases

* Enabling Membership resource to be regionalized with global as default value

* Moving the test to be the first one in sequence to work-around the IAM test failure

* Update mmv1/products/gkehub/Membership.yaml



* Adding state migration for gke hub membership

* Update mmv1/templates/terraform/examples/gkehub_membership_regional.tf.erb



---------


[upstream:bf6b0ee32b7b469a27b4595c695619dcc9f0de5b]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/8994.txt

@@ -0,0 +1,6 @@
+```release-note:enhancement
+gkehub: added `location` field to `google_gke_hub_membership` resource
+```
+```release-note:enhancement
+gkehub: added `location` field to `google_gke_hub_membership_iam_*` resources
+```

google/services/gkehub/iam_gke_hub_membership.go

@@ -36,6 +36,12 @@ var GKEHubMembershipIamSchema = map[string]*schema.Schema{
 		Optional: true,
 		ForceNew: true,
 	},
+	"location": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
 	"membership_id": {
 		Type:             schema.TypeString,
 		Required:         true,
@@ -46,6 +52,7 @@ var GKEHubMembershipIamSchema = map[string]*schema.Schema{
 
 type GKEHubMembershipIamUpdater struct {
 	project      string
+	location     string
 	membershipId string
 	d            tpgresource.TerraformResourceData
 	Config       *transport_tpg.Config
@@ -61,6 +68,13 @@ func GKEHubMembershipIamUpdaterProducer(d tpgresource.TerraformResourceData, con
 		}
 	}
 	values["project"] = project
+	location, _ := tpgresource.GetLocation(d, config)
+	if location != "" {
+		if err := d.Set("location", location); err != nil {
+			return nil, fmt.Errorf("Error setting location: %s", err)
+		}
+	}
+	values["location"] = location
 	if v, ok := d.GetOk("membership_id"); ok {
 		values["membership_id"] = v.(string)
 	}
@@ -77,6 +91,7 @@ func GKEHubMembershipIamUpdaterProducer(d tpgresource.TerraformResourceData, con
 
 	u := &GKEHubMembershipIamUpdater{
 		project:      values["project"],
+		location:     values["location"],
 		membershipId: values["membership_id"],
 		d:            d,
 		Config:       config,
@@ -85,6 +100,9 @@ func GKEHubMembershipIamUpdaterProducer(d tpgresource.TerraformResourceData, con
 	if err := d.Set("project", u.project); err != nil {
 		return nil, fmt.Errorf("Error setting project: %s", err)
 	}
+	if err := d.Set("location", u.location); err != nil {
+		return nil, fmt.Errorf("Error setting location: %s", err)
+	}
 	if err := d.Set("membership_id", u.GetResourceId()); err != nil {
 		return nil, fmt.Errorf("Error setting membership_id: %s", err)
 	}
@@ -100,6 +118,11 @@ func GKEHubMembershipIdParseFunc(d *schema.ResourceData, config *transport_tpg.C
 		values["project"] = project
 	}
 
+	location, _ := tpgresource.GetLocation(d, config)
+	if location != "" {
+		values["location"] = location
+	}
+
 	m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/memberships/(?P<membership_id>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<membership_id>[^/]+)", "(?P<location>[^/]+)/(?P<membership_id>[^/]+)", "(?P<membership_id>[^/]+)"}, d, config, d.Id())
 	if err != nil {
 		return err
@@ -111,6 +134,7 @@ func GKEHubMembershipIdParseFunc(d *schema.ResourceData, config *transport_tpg.C
 
 	u := &GKEHubMembershipIamUpdater{
 		project:      values["project"],
+		location:     values["location"],
 		membershipId: values["membership_id"],
 		d:            d,
 		Config:       config,
@@ -200,7 +224,7 @@ func (u *GKEHubMembershipIamUpdater) SetResourceIamPolicy(policy *cloudresourcem
 }
 
 func (u *GKEHubMembershipIamUpdater) qualifyMembershipUrl(methodIdentifier string) (string, error) {
-	urlTemplate := fmt.Sprintf("{{GKEHubBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/global/memberships/%s", u.project, u.membershipId), methodIdentifier)
+	urlTemplate := fmt.Sprintf("{{GKEHubBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/%s/memberships/%s", u.project, u.location, u.membershipId), methodIdentifier)
 	url, err := tpgresource.ReplaceVars(u.d, u.Config, urlTemplate)
 	if err != nil {
 		return "", err
@@ -209,7 +233,7 @@ func (u *GKEHubMembershipIamUpdater) qualifyMembershipUrl(methodIdentifier strin
 }
 
 func (u *GKEHubMembershipIamUpdater) GetResourceId() string {
-	return fmt.Sprintf("projects/%s/locations/global/memberships/%s", u.project, u.membershipId)
+	return fmt.Sprintf("projects/%s/locations/%s/memberships/%s", u.project, u.location, u.membershipId)
 }
 
 func (u *GKEHubMembershipIamUpdater) GetMutexKey() string {

google/services/gkehub/iam_gke_hub_membership_generated_test.go

@@ -31,9 +31,10 @@ func TestAccGKEHubMembershipIamBindingGenerated(t *testing.T) {
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"random_suffix":       acctest.RandString(t, 10),
-		"role":                "roles/viewer",
-		"deletion_protection": false,
+		"random_suffix": acctest.RandString(t, 10),
+		"role":          "roles/viewer",
+		"project":       envvar.GetTestProjectFromEnv(),
+		"location":      envvar.GetTestRegionFromEnv(),
 	}
 
 	acctest.VcrTest(t, resource.TestCase{
@@ -67,9 +68,10 @@ func TestAccGKEHubMembershipIamMemberGenerated(t *testing.T) {
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"random_suffix":       acctest.RandString(t, 10),
-		"role":                "roles/viewer",
-		"deletion_protection": false,
+		"random_suffix": acctest.RandString(t, 10),
+		"role":          "roles/viewer",
+		"project":       envvar.GetTestProjectFromEnv(),
+		"location":      envvar.GetTestRegionFromEnv(),
 	}
 
 	acctest.VcrTest(t, resource.TestCase{
@@ -94,9 +96,10 @@ func TestAccGKEHubMembershipIamPolicyGenerated(t *testing.T) {
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"random_suffix":       acctest.RandString(t, 10),
-		"role":                "roles/viewer",
-		"deletion_protection": false,
+		"random_suffix": acctest.RandString(t, 10),
+		"role":          "roles/viewer",
+		"project":       envvar.GetTestProjectFromEnv(),
+		"location":      envvar.GetTestRegionFromEnv(),
 	}
 
 	acctest.VcrTest(t, resource.TestCase{
@@ -132,24 +135,22 @@ resource "google_container_cluster" "primary" {
   name               = "basiccluster%{random_suffix}"
   location           = "us-central1-a"
   initial_node_count = 1
-  deletion_protection  = "%{deletion_protection}"
+  deletion_protection = false
 }
 
 resource "google_gke_hub_membership" "membership" {
   membership_id = "basic%{random_suffix}"
+  location = "%{location}"
   endpoint {
     gke_cluster {
       resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}"
     }
   }
-
-  labels = {
-    env = "test"
-  }
 }
 
 resource "google_gke_hub_membership_iam_member" "foo" {
   project = google_gke_hub_membership.membership.project
+  location = google_gke_hub_membership.membership.location
   membership_id = google_gke_hub_membership.membership.membership_id
   role = "%{role}"
   member = "user:[email protected]"
@@ -163,20 +164,17 @@ resource "google_container_cluster" "primary" {
   name               = "basiccluster%{random_suffix}"
   location           = "us-central1-a"
   initial_node_count = 1
-  deletion_protection  = "%{deletion_protection}"
+  deletion_protection = false
 }
 
 resource "google_gke_hub_membership" "membership" {
   membership_id = "basic%{random_suffix}"
+  location = "%{location}"
   endpoint {
     gke_cluster {
       resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}"
     }
   }
-
-  labels = {
-    env = "test"
-  }
 }
 
 data "google_iam_policy" "foo" {
@@ -188,12 +186,14 @@ data "google_iam_policy" "foo" {
 
 resource "google_gke_hub_membership_iam_policy" "foo" {
   project = google_gke_hub_membership.membership.project
+  location = google_gke_hub_membership.membership.location
   membership_id = google_gke_hub_membership.membership.membership_id
   policy_data = data.google_iam_policy.foo.policy_data
 }
 
 data "google_gke_hub_membership_iam_policy" "foo" {
   project = google_gke_hub_membership.membership.project
+  location = google_gke_hub_membership.membership.location
   membership_id = google_gke_hub_membership.membership.membership_id
   depends_on = [
     google_gke_hub_membership_iam_policy.foo
@@ -208,27 +208,25 @@ resource "google_container_cluster" "primary" {
   name               = "basiccluster%{random_suffix}"
   location           = "us-central1-a"
   initial_node_count = 1
-  deletion_protection  = "%{deletion_protection}"
+  deletion_protection = false
 }
 
 resource "google_gke_hub_membership" "membership" {
   membership_id = "basic%{random_suffix}"
+  location = "%{location}"
   endpoint {
     gke_cluster {
       resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}"
     }
   }
-
-  labels = {
-    env = "test"
-  }
 }
 
 data "google_iam_policy" "foo" {
 }
 
 resource "google_gke_hub_membership_iam_policy" "foo" {
   project = google_gke_hub_membership.membership.project
+  location = google_gke_hub_membership.membership.location
   membership_id = google_gke_hub_membership.membership.membership_id
   policy_data = data.google_iam_policy.foo.policy_data
 }
@@ -241,24 +239,22 @@ resource "google_container_cluster" "primary" {
   name               = "basiccluster%{random_suffix}"
   location           = "us-central1-a"
   initial_node_count = 1
-  deletion_protection  = "%{deletion_protection}"
+  deletion_protection = false
 }
 
 resource "google_gke_hub_membership" "membership" {
   membership_id = "basic%{random_suffix}"
+  location = "%{location}"
   endpoint {
     gke_cluster {
       resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}"
     }
   }
-
-  labels = {
-    env = "test"
-  }
 }
 
 resource "google_gke_hub_membership_iam_binding" "foo" {
   project = google_gke_hub_membership.membership.project
+  location = google_gke_hub_membership.membership.location
   membership_id = google_gke_hub_membership.membership.membership_id
   role = "%{role}"
   members = ["user:[email protected]"]
@@ -272,24 +268,22 @@ resource "google_container_cluster" "primary" {
   name               = "basiccluster%{random_suffix}"
   location           = "us-central1-a"
   initial_node_count = 1
-  deletion_protection  = "%{deletion_protection}"
+  deletion_protection = false
 }
 
 resource "google_gke_hub_membership" "membership" {
   membership_id = "basic%{random_suffix}"
+  location = "%{location}"
   endpoint {
     gke_cluster {
       resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}"
     }
   }
-
-  labels = {
-    env = "test"
-  }
 }
 
 resource "google_gke_hub_membership_iam_binding" "foo" {
   project = google_gke_hub_membership.membership.project
+  location = google_gke_hub_membership.membership.location
   membership_id = google_gke_hub_membership.membership.membership_id
   role = "%{role}"
   members = ["user:[email protected]", "user:[email protected]"]