Terraform support for Workbench instances (#9368) (#16773)

* Workbench Instances

* fix yaml to run tests

* fix yaml to run tests

* fix basic test

* diff suppress for tags

* add custom flattens

* Add labels example

* fix tags diff

* custom_flatten with ignore_read

* removed ignore_read

* remove ignore_read on disks

* Add kms key in full test

* read_ignore for examples

* clean up extra flattens

* add update test

* fix indent lint

* fix wbi lint

* fix lint issues

* fix whitespace

* change names in full test to vars

* change tests to use variable names instead of hard coded values

* stop wbi before updating machine_type

* all tests passing

* fix terraformgoogleconversion-codegen compiler error

* make service account immutable

* addressed issues with immutable fields

* add disable_proxy_access into full example

* Add disable_proxy_access in full test

* remove returns in pre and post updates

* test false values in secure vm config

* fix empty shielded instance config

* fixed update on non stop needing fields failing

* create custom update mask

* make disks sub fields completely immutable

* update tests for shielded config and gpu driver

* Removed scopes block from product

* removed apis required

* break shielded_instance_config update msk into submasks

* revert update mask for shieldedInstanceConfig

* Make vm image immutable

* Remove gpu driver config

* remove shielded instance config field

* removed unspecified values in enums

* reupload

* removed max_items in serviceAccounts
[upstream:c2f6cc6bfdc7c160de0eb36c9b9c9e6f151d8bba]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/9368.txt

@@ -0,0 +1,6 @@
+```release-note: new-resource
+google_workbench_instance
+```
+```release-note: new-resource
+google_workbench_instance_iam_*
+```

.teamcity/components/generated/services.kt

@@ -641,6 +641,11 @@ var services = mapOf(
         "displayName" to "Vpcaccess",
         "path" to "./google/services/vpcaccess"
     ),
+    "workbench" to mapOf(
+        "name" to "workbench",
+        "displayName" to "Workbench",
+        "path" to "./google/services/workbench"
+    ),
     "workflows" to mapOf(
         "name" to "workflows",
         "displayName" to "Workflows",

google/fwmodels/provider_model.go

@@ -130,6 +130,7 @@ type ProviderModel struct {
 	VertexAICustomEndpoint                 types.String `tfsdk:"vertex_ai_custom_endpoint"`
 	VmwareengineCustomEndpoint             types.String `tfsdk:"vmwareengine_custom_endpoint"`
 	VPCAccessCustomEndpoint                types.String `tfsdk:"vpc_access_custom_endpoint"`
+	WorkbenchCustomEndpoint                types.String `tfsdk:"workbench_custom_endpoint"`
 	WorkflowsCustomEndpoint                types.String `tfsdk:"workflows_custom_endpoint"`
 
 	// Handwritten Products / Versioned / Atypical Entries

google/fwprovider/framework_provider.go

@@ -760,6 +760,12 @@ func (p *FrameworkProvider) Schema(_ context.Context, _ provider.SchemaRequest,
 					transport_tpg.CustomEndpointValidator(),
 				},
 			},
+			"workbench_custom_endpoint": &schema.StringAttribute{
+				Optional: true,
+				Validators: []validator.String{
+					transport_tpg.CustomEndpointValidator(),
+				},
+			},
 			"workflows_custom_endpoint": &schema.StringAttribute{
 				Optional: true,
 				Validators: []validator.String{

google/fwtransport/framework_config.go

@@ -155,6 +155,7 @@ type FrameworkProviderConfig struct {
 	VertexAIBasePath                 string
 	VmwareengineBasePath             string
 	VPCAccessBasePath                string
+	WorkbenchBasePath                string
 	WorkflowsBasePath                string
 }
 
@@ -299,6 +300,7 @@ func (p *FrameworkProviderConfig) LoadAndValidateFramework(ctx context.Context,
 	p.VertexAIBasePath = data.VertexAICustomEndpoint.ValueString()
 	p.VmwareengineBasePath = data.VmwareengineCustomEndpoint.ValueString()
 	p.VPCAccessBasePath = data.VPCAccessCustomEndpoint.ValueString()
+	p.WorkbenchBasePath = data.WorkbenchCustomEndpoint.ValueString()
 	p.WorkflowsBasePath = data.WorkflowsCustomEndpoint.ValueString()
 
 	p.Context = ctx
@@ -1259,6 +1261,14 @@ func (p *FrameworkProviderConfig) HandleDefaults(ctx context.Context, data *fwmo
 			data.VPCAccessCustomEndpoint = types.StringValue(customEndpoint.(string))
 		}
 	}
+	if data.WorkbenchCustomEndpoint.IsNull() {
+		customEndpoint := transport_tpg.MultiEnvDefault([]string{
+			"GOOGLE_WORKBENCH_CUSTOM_ENDPOINT",
+		}, transport_tpg.DefaultBasePaths[transport_tpg.WorkbenchBasePathKey])
+		if customEndpoint != nil {
+			data.WorkbenchCustomEndpoint = types.StringValue(customEndpoint.(string))
+		}
+	}
 	if data.WorkflowsCustomEndpoint.IsNull() {
 		customEndpoint := transport_tpg.MultiEnvDefault([]string{
 			"GOOGLE_WORKFLOWS_CUSTOM_ENDPOINT",

google/provider/provider.go

@@ -655,6 +655,11 @@ func Provider() *schema.Provider {
 				Optional:     true,
 				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
 			},
+			"workbench_custom_endpoint": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
+			},
 			"workflows_custom_endpoint": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -964,6 +969,7 @@ func ProviderConfigure(ctx context.Context, d *schema.ResourceData, p *schema.Pr
 	config.VertexAIBasePath = d.Get("vertex_ai_custom_endpoint").(string)
 	config.VmwareengineBasePath = d.Get("vmwareengine_custom_endpoint").(string)
 	config.VPCAccessBasePath = d.Get("vpc_access_custom_endpoint").(string)
+	config.WorkbenchBasePath = d.Get("workbench_custom_endpoint").(string)
 	config.WorkflowsBasePath = d.Get("workflows_custom_endpoint").(string)
 
 	// Handwritten Products / Versioned / Atypical Entries

google/provider/provider_mmv1_resources.go

@@ -108,6 +108,7 @@ import (
 	"github.com/hashicorp/terraform-provider-google/google/services/vertexai"
 	"github.com/hashicorp/terraform-provider-google/google/services/vmwareengine"
 	"github.com/hashicorp/terraform-provider-google/google/services/vpcaccess"
+	"github.com/hashicorp/terraform-provider-google/google/services/workbench"
 	"github.com/hashicorp/terraform-provider-google/google/services/workflows"
 
 	"github.com/hashicorp/terraform-provider-google/google/services/composer"
@@ -343,6 +344,7 @@ var generatedIAMDatasources = map[string]*schema.Resource{
 	"google_storage_bucket_iam_policy":                       tpgiamresource.DataSourceIamPolicy(storage.StorageBucketIamSchema, storage.StorageBucketIamUpdaterProducer),
 	"google_tags_tag_key_iam_policy":                         tpgiamresource.DataSourceIamPolicy(tags.TagsTagKeyIamSchema, tags.TagsTagKeyIamUpdaterProducer),
 	"google_tags_tag_value_iam_policy":                       tpgiamresource.DataSourceIamPolicy(tags.TagsTagValueIamSchema, tags.TagsTagValueIamUpdaterProducer),
+	"google_workbench_instance_iam_policy":                   tpgiamresource.DataSourceIamPolicy(workbench.WorkbenchInstanceIamSchema, workbench.WorkbenchInstanceIamUpdaterProducer),
 	// ####### END generated IAM datasources ###########
 }
 
@@ -371,9 +373,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 349
-// Generated IAM resources: 216
-// Total generated resources: 565
+// Generated resources: 350
+// Generated IAM resources: 219
+// Total generated resources: 569
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                         accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                   accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -921,6 +923,10 @@ var generatedResources = map[string]*schema.Resource{
 	"google_vmwareengine_private_cloud":                              vmwareengine.ResourceVmwareenginePrivateCloud(),
 	"google_vmwareengine_subnet":                                     vmwareengine.ResourceVmwareengineSubnet(),
 	"google_vpc_access_connector":                                    vpcaccess.ResourceVPCAccessConnector(),
+	"google_workbench_instance":                                      workbench.ResourceWorkbenchInstance(),
+	"google_workbench_instance_iam_binding":                          tpgiamresource.ResourceIamBinding(workbench.WorkbenchInstanceIamSchema, workbench.WorkbenchInstanceIamUpdaterProducer, workbench.WorkbenchInstanceIdParseFunc),
+	"google_workbench_instance_iam_member":                           tpgiamresource.ResourceIamMember(workbench.WorkbenchInstanceIamSchema, workbench.WorkbenchInstanceIamUpdaterProducer, workbench.WorkbenchInstanceIdParseFunc),
+	"google_workbench_instance_iam_policy":                           tpgiamresource.ResourceIamPolicy(workbench.WorkbenchInstanceIamSchema, workbench.WorkbenchInstanceIamUpdaterProducer, workbench.WorkbenchInstanceIdParseFunc),
 	"google_workflows_workflow":                                      workflows.ResourceWorkflowsWorkflow(),
 }
 

google/services/workbench/iam_workbench_instance.go

@@ -0,0 +1,245 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package workbench
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"google.golang.org/api/cloudresourcemanager/v1"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgiamresource"
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+var WorkbenchInstanceIamSchema = map[string]*schema.Schema{
+	"project": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"location": {
+		Type:     schema.TypeString,
+		Computed: true,
+		Optional: true,
+		ForceNew: true,
+	},
+	"name": {
+		Type:             schema.TypeString,
+		Required:         true,
+		ForceNew:         true,
+		DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+	},
+}
+
+type WorkbenchInstanceIamUpdater struct {
+	project  string
+	location string
+	name     string
+	d        tpgresource.TerraformResourceData
+	Config   *transport_tpg.Config
+}
+
+func WorkbenchInstanceIamUpdaterProducer(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (tpgiamresource.ResourceIamUpdater, error) {
+	values := make(map[string]string)
+
+	project, _ := tpgresource.GetProject(d, config)
+	if project != "" {
+		if err := d.Set("project", project); err != nil {
+			return nil, fmt.Errorf("Error setting project: %s", err)
+		}
+	}
+	values["project"] = project
+	location, _ := tpgresource.GetLocation(d, config)
+	if location != "" {
+		if err := d.Set("location", location); err != nil {
+			return nil, fmt.Errorf("Error setting location: %s", err)
+		}
+	}
+	values["location"] = location
+	if v, ok := d.GetOk("name"); ok {
+		values["name"] = v.(string)
+	}
+
+	// We may have gotten either a long or short name, so attempt to parse long name if possible
+	m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/instances/(?P<name>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<name>[^/]+)", "(?P<location>[^/]+)/(?P<name>[^/]+)", "(?P<name>[^/]+)"}, d, config, d.Get("name").(string))
+	if err != nil {
+		return nil, err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &WorkbenchInstanceIamUpdater{
+		project:  values["project"],
+		location: values["location"],
+		name:     values["name"],
+		d:        d,
+		Config:   config,
+	}
+
+	if err := d.Set("project", u.project); err != nil {
+		return nil, fmt.Errorf("Error setting project: %s", err)
+	}
+	if err := d.Set("location", u.location); err != nil {
+		return nil, fmt.Errorf("Error setting location: %s", err)
+	}
+	if err := d.Set("name", u.GetResourceId()); err != nil {
+		return nil, fmt.Errorf("Error setting name: %s", err)
+	}
+
+	return u, nil
+}
+
+func WorkbenchInstanceIdParseFunc(d *schema.ResourceData, config *transport_tpg.Config) error {
+	values := make(map[string]string)
+
+	project, _ := tpgresource.GetProject(d, config)
+	if project != "" {
+		values["project"] = project
+	}
+
+	location, _ := tpgresource.GetLocation(d, config)
+	if location != "" {
+		values["location"] = location
+	}
+
+	m, err := tpgresource.GetImportIdQualifiers([]string{"projects/(?P<project>[^/]+)/locations/(?P<location>[^/]+)/instances/(?P<name>[^/]+)", "(?P<project>[^/]+)/(?P<location>[^/]+)/(?P<name>[^/]+)", "(?P<location>[^/]+)/(?P<name>[^/]+)", "(?P<name>[^/]+)"}, d, config, d.Id())
+	if err != nil {
+		return err
+	}
+
+	for k, v := range m {
+		values[k] = v
+	}
+
+	u := &WorkbenchInstanceIamUpdater{
+		project:  values["project"],
+		location: values["location"],
+		name:     values["name"],
+		d:        d,
+		Config:   config,
+	}
+	if err := d.Set("name", u.GetResourceId()); err != nil {
+		return fmt.Errorf("Error setting name: %s", err)
+	}
+	d.SetId(u.GetResourceId())
+	return nil
+}
+
+func (u *WorkbenchInstanceIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
+	url, err := u.qualifyInstanceUrl("getIamPolicy")
+	if err != nil {
+		return nil, err
+	}
+
+	project, err := tpgresource.GetProject(u.d, u.Config)
+	if err != nil {
+		return nil, err
+	}
+	var obj map[string]interface{}
+
+	userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent)
+	if err != nil {
+		return nil, err
+	}
+
+	policy, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    u.Config,
+		Method:    "GET",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+	})
+	if err != nil {
+		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	out := &cloudresourcemanager.Policy{}
+	err = tpgresource.Convert(policy, out)
+	if err != nil {
+		return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err)
+	}
+
+	return out, nil
+}
+
+func (u *WorkbenchInstanceIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
+	json, err := tpgresource.ConvertToMap(policy)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	obj["policy"] = json
+
+	url, err := u.qualifyInstanceUrl("setIamPolicy")
+	if err != nil {
+		return err
+	}
+	project, err := tpgresource.GetProject(u.d, u.Config)
+	if err != nil {
+		return err
+	}
+
+	userAgent, err := tpgresource.GenerateUserAgentString(u.d, u.Config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    u.Config,
+		Method:    "POST",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   u.d.Timeout(schema.TimeoutCreate),
+	})
+	if err != nil {
+		return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	return nil
+}
+
+func (u *WorkbenchInstanceIamUpdater) qualifyInstanceUrl(methodIdentifier string) (string, error) {
+	urlTemplate := fmt.Sprintf("{{WorkbenchBasePath}}%s:%s", fmt.Sprintf("projects/%s/locations/%s/instances/%s", u.project, u.location, u.name), methodIdentifier)
+	url, err := tpgresource.ReplaceVars(u.d, u.Config, urlTemplate)
+	if err != nil {
+		return "", err
+	}
+	return url, nil
+}
+
+func (u *WorkbenchInstanceIamUpdater) GetResourceId() string {
+	return fmt.Sprintf("projects/%s/locations/%s/instances/%s", u.project, u.location, u.name)
+}
+
+func (u *WorkbenchInstanceIamUpdater) GetMutexKey() string {
+	return fmt.Sprintf("iam-workbench-instance-%s", u.GetResourceId())
+}
+
+func (u *WorkbenchInstanceIamUpdater) DescribeResource() string {
+	return fmt.Sprintf("workbench instance %q", u.GetResourceId())
+}