Add etag checks to ACM directional policy resources (GoogleCloudPlatform#12903)

Author: coder-221

mmv1/products/accesscontextmanager/ServicePerimeterDryRunEgressPolicy.yaml

@@ -72,9 +72,10 @@ nested_query:
 custom_code:
   constants: 'templates/terraform/constants/access_context_manager.go.tmpl'
   encoder: 'templates/terraform/encoders/access_context_manager_service_perimeter_dry_run_egress_policy.go.tmpl'
-  pre_create: 'templates/terraform/pre_create/access_context_manager_dry_run_resource.go.tmpl'
+  pre_create: 'templates/terraform/pre_create/access_context_manager_service_perimeter_dry_run_egress_policy.go.tmpl'
   pre_update: 'templates/terraform/pre_create/access_context_manager_dry_run_resource.go.tmpl'
-  pre_delete: 'templates/terraform/pre_create/access_context_manager_dry_run_resource.go.tmpl'
+  pre_delete: 'templates/terraform/pre_delete/access_context_manager_service_perimeter_dry_run_egress_policy.go.tmpl'
+  post_read: 'templates/terraform/post_read/access_context_manager_service_perimeter_resource.go.tmpl'
   custom_import: 'templates/terraform/custom_import/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
 # Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
@@ -218,3 +219,8 @@ properties:
       The name of the Access Policy this resource belongs to.
     ignore_read: true
     output: true
+  - name: 'etag'
+    type: String
+    output: true
+    description: |
+      The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies.

mmv1/products/accesscontextmanager/ServicePerimeterDryRunIngressPolicy.yaml

@@ -73,9 +73,10 @@ nested_query:
 custom_code:
   constants: 'templates/terraform/constants/access_context_manager.go.tmpl'
   encoder: 'templates/terraform/encoders/access_context_manager_service_perimeter_dry_run_egress_policy.go.tmpl'
-  pre_create: 'templates/terraform/pre_create/access_context_manager_dry_run_resource.go.tmpl'
+  pre_create: 'templates/terraform/pre_create/access_context_manager_service_perimeter_dry_run_ingress_policy.go.tmpl'
   pre_update: 'templates/terraform/pre_create/access_context_manager_dry_run_resource.go.tmpl'
-  pre_delete: 'templates/terraform/pre_create/access_context_manager_dry_run_resource.go.tmpl'
+  pre_delete: 'templates/terraform/pre_delete/access_context_manager_service_perimeter_dry_run_ingress_policy.go.tmpl'
+  post_read: 'templates/terraform/post_read/access_context_manager_service_perimeter_resource.go.tmpl'
   custom_import: 'templates/terraform/custom_import/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
 # Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
@@ -217,3 +218,8 @@ properties:
       The name of the Access Policy this resource belongs to.
     ignore_read: true
     output: true
+  - name: 'etag'
+    type: String
+    output: true
+    description: |
+      The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies.

mmv1/products/accesscontextmanager/ServicePerimeterEgressPolicy.yaml

@@ -73,6 +73,9 @@ custom_code:
   constants: 'templates/terraform/constants/access_context_manager.go.tmpl'
   custom_import: 'templates/terraform/custom_import/access_context_manager_service_perimeter_egress_policy.go.tmpl'
   encoder: 'templates/terraform/encoders/access_context_manager_service_perimeter_egress_policy.go.tmpl'
+  post_read: 'templates/terraform/post_read/access_context_manager_service_perimeter_resource.go.tmpl'
+  pre_create: 'templates/terraform/pre_create/access_context_manager_service_perimeter_egress_policy.go.tmpl'
+  pre_delete: 'templates/terraform/pre_delete/access_context_manager_service_perimeter_egress_policy.go.tmpl'
 exclude_tgc: true
 # Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
@@ -215,3 +218,8 @@ properties:
       The name of the Access Policy this resource belongs to.
     ignore_read: true
     output: true
+  - name: 'etag'
+    type: String
+    output: true
+    description: |
+      The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies.

mmv1/products/accesscontextmanager/ServicePerimeterIngressPolicy.yaml

@@ -74,6 +74,9 @@ custom_code:
   constants: 'templates/terraform/constants/access_context_manager.go.tmpl'
   custom_import: 'templates/terraform/custom_import/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
   encoder: 'templates/terraform/encoders/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
+  post_read: 'templates/terraform/post_read/access_context_manager_service_perimeter_resource.go.tmpl'
+  pre_create: 'templates/terraform/pre_create/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
+  pre_delete: 'templates/terraform/pre_delete/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
 # Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
@@ -217,3 +220,8 @@ properties:
       The name of the Access Policy this resource belongs to.
     ignore_read: true
     output: true
+  - name: 'etag'
+    type: String
+    output: true
+    description: |
+      The perimeter etag is internally used to prevent overwriting the list of policies on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of policies. The policy defined in this resource is added or removed from that list, and then this etag is sent with the PATCH call along with the updated policies.

mmv1/templates/terraform/pre_create/access_context_manager_service_perimeter_dry_run_egress_policy.go.tmpl

@@ -0,0 +1,17 @@
+obj["use_explicit_dry_run_spec"] = true
+
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"spec.egressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}

mmv1/templates/terraform/pre_create/access_context_manager_service_perimeter_dry_run_ingress_policy.go.tmpl

@@ -0,0 +1,17 @@
+obj["use_explicit_dry_run_spec"] = true
+
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"spec.ingressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}

mmv1/templates/terraform/pre_create/access_context_manager_service_perimeter_egress_policy.go.tmpl

@@ -0,0 +1,15 @@
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"status.egressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}

mmv1/templates/terraform/pre_create/access_context_manager_service_perimeter_ingress_policy.go.tmpl

@@ -0,0 +1,15 @@
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"status.ingressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}

mmv1/templates/terraform/pre_delete/access_context_manager_service_perimeter_dry_run_egress_policy.go.tmpl

@@ -0,0 +1,17 @@
+obj["use_explicit_dry_run_spec"] = true
+
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"spec.egressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}

mmv1/templates/terraform/pre_delete/access_context_manager_service_perimeter_dry_run_ingress_policy.go.tmpl

@@ -0,0 +1,17 @@
+obj["use_explicit_dry_run_spec"] = true
+
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"spec.ingressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}

mmv1/templates/terraform/pre_delete/access_context_manager_service_perimeter_egress_policy.go.tmpl

@@ -0,0 +1,15 @@
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"status.egressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}

mmv1/templates/terraform/pre_delete/access_context_manager_service_perimeter_ingress_policy.go.tmpl

@@ -0,0 +1,15 @@
+etag := d.Get("etag").(string)
+
+if etag == "" {
+	log.Printf("[ERROR] Unable to get etag: %s", err)
+	return nil
+}
+obj["etag"] = etag
+
+// updateMask is a URL parameter but not present in the schema, so ReplaceVars
+// won't set it
+updateMask := []string{"status.ingressPolicies", "etag"}
+url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+if err != nil {
+	return err
+}