diff --git a/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl b/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl index 25d454a7c08e..ac709eb7defe 100644 --- a/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl +++ b/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl @@ -16,6 +16,9 @@ import ( "{{ $.ImportPath }}/acctest" "{{ $.ImportPath }}/envvar" "{{ $.ImportPath }}/tpgresource" +{{- if $.FirstTestExample.BootstrapIam }} + "{{ $.ImportPath }}/services/resourcemanager" +{{- end }} ) {{if $.CustomCode.TestConstants -}} diff --git a/mmv1/templates/terraform/examples/base_configs/test_file.go.tmpl b/mmv1/templates/terraform/examples/base_configs/test_file.go.tmpl index 2bee4b84ba98..2233fbdc7dd7 100644 --- a/mmv1/templates/terraform/examples/base_configs/test_file.go.tmpl +++ b/mmv1/templates/terraform/examples/base_configs/test_file.go.tmpl @@ -31,6 +31,12 @@ import ( "{{ $.ImportPath }}/acctest" "{{ $.ImportPath }}/envvar" "{{ $.ImportPath }}/services/{{ lower $.Res.ProductMetadata.Name }}" +{{ range $s := $.Res.TestExamples }} + {{- if $s.BootstrapIam }} + "{{ $.ImportPath }}/services/resourcemanager" + {{ break }} + {{- end }} +{{- end }} "{{ $.ImportPath }}/tpgresource" transport_tpg "{{ $.ImportPath }}/transport" @@ -73,7 +79,7 @@ func TestAcc{{ $e.TestSlug $.Res.ProductMetadata.Name $.Res.Name }}(t *testing.T t.Parallel() {{- if $e.BootstrapIam }} - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ {{- range $iam := $e.BootstrapIam }} { Member: "{{$iam.Member}}", diff --git a/mmv1/templates/terraform/iam/iam_test_setup.go.tmpl b/mmv1/templates/terraform/iam/iam_test_setup.go.tmpl index 350843e759c9..0664c33f45a3 100644 --- a/mmv1/templates/terraform/iam/iam_test_setup.go.tmpl +++ b/mmv1/templates/terraform/iam/iam_test_setup.go.tmpl @@ -3,7 +3,7 @@ {{- $sample := $config.Sample }} {{- $step := $config.Step }} {{- if $sample.BootstrapIam }} - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ {{- range $iam := $sample.BootstrapIam }} { Member: "{{$iam.Member}}", diff --git a/mmv1/templates/terraform/iam/iam_test_setup_legacy.go.tmpl b/mmv1/templates/terraform/iam/iam_test_setup_legacy.go.tmpl index fd54b2b1167e..f1ec32060b57 100644 --- a/mmv1/templates/terraform/iam/iam_test_setup_legacy.go.tmpl +++ b/mmv1/templates/terraform/iam/iam_test_setup_legacy.go.tmpl @@ -1,6 +1,6 @@ {{- define "IamTestSetup" }} {{- if $.FirstTestExample.BootstrapIam }} - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ {{- range $iam := $.FirstTestExample.BootstrapIam }} { Member: "{{$iam.Member}}", diff --git a/mmv1/templates/terraform/samples/base_configs/iam_test_file.go.tmpl b/mmv1/templates/terraform/samples/base_configs/iam_test_file.go.tmpl index 9c1f5e7a944a..6eaa523e7681 100644 --- a/mmv1/templates/terraform/samples/base_configs/iam_test_file.go.tmpl +++ b/mmv1/templates/terraform/samples/base_configs/iam_test_file.go.tmpl @@ -16,6 +16,9 @@ import ( "{{ $.ImportPath }}/acctest" "{{ $.ImportPath }}/envvar" "{{ $.ImportPath }}/tpgresource" +{{- if $.FirstTestConfig.Sample.BootstrapIam }} + "{{ $.ImportPath }}/services/resourcemanager" +{{- end }} ) {{if $.CustomCode.TestConstants -}} diff --git a/mmv1/templates/terraform/samples/base_configs/test_file.go.tmpl b/mmv1/templates/terraform/samples/base_configs/test_file.go.tmpl index ff005afc877e..b09d6bf4536f 100644 --- a/mmv1/templates/terraform/samples/base_configs/test_file.go.tmpl +++ b/mmv1/templates/terraform/samples/base_configs/test_file.go.tmpl @@ -41,10 +41,17 @@ import ( "{{ $.ImportPath }}/acctest" "{{ $.ImportPath }}/envvar" "{{ $.ImportPath }}/services/{{ lower $.Res.ProductMetadata.Name }}" +{{ range $s := $.Res.TestSamples }} + {{- if $s.BootstrapIam }} + "{{ $.ImportPath }}/services/resourcemanager" + {{ break }} + {{- end }} +{{- end }} "{{ $.ImportPath }}/tpgresource" transport_tpg "{{ $.ImportPath }}/transport" "google.golang.org/api/googleapi" + ) {{if $.Res.CustomCode.TestConstants -}} @@ -82,7 +89,7 @@ func TestAcc{{ $s.TestSampleSlug $.Res.ProductMetadata.Name $.Res.Name }}(t *tes t.Parallel() {{- if $s.BootstrapIam }} - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ {{- range $iam := $s.BootstrapIam }} { Member: "{{$iam.Member}}", diff --git a/mmv1/third_party/terraform/acctest/bootstrap_test_utils.go b/mmv1/third_party/terraform/acctest/bootstrap_test_utils.go deleted file mode 100644 index cd3e8be96f7a..000000000000 --- a/mmv1/third_party/terraform/acctest/bootstrap_test_utils.go +++ /dev/null @@ -1,331 +0,0 @@ -package acctest - -import ( - "fmt" - "log" - "strings" - "testing" - "time" - - "github.com/hashicorp/terraform-provider-google/google/envvar" - tpgcloudbilling "github.com/hashicorp/terraform-provider-google/google/services/cloudbilling" - "github.com/hashicorp/terraform-provider-google/google/services/iambeta" - "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" - rmClient "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager/client" - "github.com/hashicorp/terraform-provider-google/google/services/resourcemanagerv3" - "github.com/hashicorp/terraform-provider-google/google/tpgresource" - transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" - resourceManagerV3 "google.golang.org/api/cloudresourcemanager/v3" - - "google.golang.org/api/cloudbilling/v1" - cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1" - iam "google.golang.org/api/iam/v1" -) - -var serviceAccountPrefix = "tf-bootstrap-sa-" -var serviceAccountDisplay = "Bootstrapped Service Account for Terraform tests" - -// Some tests need a second service account, other than the test runner, to assert functionality on. -// This provides a well-known service account that can be used when dynamically creating a service -// account isn't an option. -func getOrCreateServiceAccount(config *transport_tpg.Config, project, serviceAccountEmail string) (*iam.ServiceAccount, error) { - name := fmt.Sprintf("projects/%s/serviceAccounts/%s@%s.iam.gserviceaccount.com", project, serviceAccountEmail, project) - log.Printf("[DEBUG] Verifying %s as bootstrapped service account.\n", name) - - sa, err := iambeta.NewClient(config, config.UserAgent).Projects.ServiceAccounts.Get(name).Do() - if err != nil && !transport_tpg.IsGoogleApiErrorWithCode(err, 404) { - return nil, fmt.Errorf("encountered a non-404 error when looking for bootstrapped service account %s: %w", name, err) - } - - if sa == nil { - log.Printf("[DEBUG] Account missing. Creating %s as bootstrapped service account.\n", name) - sa = &iam.ServiceAccount{ - DisplayName: serviceAccountDisplay, - } - - r := &iam.CreateServiceAccountRequest{ - AccountId: serviceAccountEmail, - ServiceAccount: sa, - } - sa, err = iambeta.NewClient(config, config.UserAgent).Projects.ServiceAccounts.Create("projects/"+project, r).Do() - if err != nil { - return nil, fmt.Errorf("error when creating bootstrapped service account %s: %w", name, err) - } - } - - return sa, nil -} - -// In order to test impersonation we need to grant the testRunner's account the ability to grant tokens -// on a different service account. Granting permissions takes time and there is no operation to wait on -// so instead this creates a single service account once per test-suite with the correct permissions. -// The first time this test is run it will fail, but subsequent runs will succeed. -func impersonationServiceAccountPermissions(config *transport_tpg.Config, sa *iam.ServiceAccount, testRunner string) error { - log.Printf("[DEBUG] Setting service account permissions.\n") - policy := iam.Policy{ - Bindings: []*iam.Binding{}, - } - - binding := &iam.Binding{ - Role: "roles/iam.serviceAccountTokenCreator", - Members: []string{"serviceAccount:" + sa.Email, "serviceAccount:" + testRunner}, - } - policy.Bindings = append(policy.Bindings, binding) - - // Overwrite the roles each time on this service account. This is because this account is - // only created for the test suite and will stop snowflaking of permissions to get tests - // to run. Overwriting permissions on 1 service account shouldn't affect others. - _, err := iambeta.NewClient(config, config.UserAgent).Projects.ServiceAccounts.SetIamPolicy(sa.Name, &iam.SetIamPolicyRequest{ - Policy: &policy, - }).Do() - if err != nil { - return err - } - - return nil -} - -// A separate testId should be used for each test, to create separate service accounts for each, -// and avoid race conditions where the policy of the same service account is being modified by 2 -// tests at once. This is needed as long as the function overwrites the policy on every run. -func BootstrapServiceAccount(t *testing.T, testId, testRunner string) string { - project := envvar.GetTestProjectFromEnv() - serviceAccountEmail := serviceAccountPrefix + testId - - config := transport_tpg.BootstrapConfig(t) - if config == nil { - return "" - } - - sa, err := getOrCreateServiceAccount(config, project, serviceAccountEmail) - if err != nil { - t.Fatalf("Bootstrapping failed. Cannot retrieve service account, %s", err) - } - - err = impersonationServiceAccountPermissions(config, sa, testRunner) - if err != nil { - t.Fatalf("Bootstrapping failed. Cannot set service account permissions, %s", err) - } - - return sa.Email -} - -var SharedServicePerimeterProjectPrefix = "tf-bootstrap-sp-" - -func BootstrapServicePerimeterProjects(t *testing.T, desiredProjects int) []*cloudresourcemanager.Project { - config := transport_tpg.BootstrapConfig(t) - if config == nil { - return nil - } - - org := envvar.GetTestOrgFromEnv(t) - - // The filter endpoint works differently if you provide both the parent id and parent type, and - // doesn't seem to allow for prefix matching. Don't change this to include the parent type unless - // that API behavior changes. - prefixFilter := fmt.Sprintf("id:%s* parent.id:%s", SharedServicePerimeterProjectPrefix, org) - res, err := rmClient.NewClient(config, config.UserAgent).Projects.List().Filter(prefixFilter).Do() - if err != nil { - t.Fatalf("Error getting shared test projects: %s", err) - } - - projects := res.Projects - for len(projects) < desiredProjects { - pid := SharedServicePerimeterProjectPrefix + RandString(t, 10) - project := &cloudresourcemanager.Project{ - ProjectId: pid, - Name: "TF Service Perimeter Test", - Parent: &cloudresourcemanager.ResourceId{ - Type: "organization", - Id: org, - }, - } - op, err := rmClient.NewClient(config, config.UserAgent).Projects.Create(project).Do() - if err != nil { - t.Fatalf("Error bootstrapping shared test project: %s", err) - } - - opAsMap, err := tpgresource.ConvertToMap(op) - if err != nil { - t.Fatalf("Error bootstrapping shared test project: %s", err) - } - - err = resourcemanager.ResourceManagerOperationWaitTime(config, opAsMap, "creating project", config.UserAgent, 4) - if err != nil { - t.Fatalf("Error bootstrapping shared test project: %s", err) - } - - p, err := rmClient.NewClient(config, config.UserAgent).Projects.Get(pid).Do() - if err != nil { - t.Fatalf("Error getting shared test project: %s", err) - } - projects = append(projects, p) - } - - return projects -} - -// BootstrapFolder creates or get a folder having a input folderDisplayName within a TestOrgEnv -func BootstrapFolder(t *testing.T, folderDisplayName string) *resourceManagerV3.Folder { - config := transport_tpg.BootstrapConfig(t) - if config == nil { - return nil - } - - crmClient := resourcemanagerv3.NewClient(config, config.UserAgent) - searchQuery := fmt.Sprintf("displayName=%s", folderDisplayName) - folderSearchResp, err := crmClient.Folders.Search().Query(searchQuery).Do() - if err != nil { - t.Fatalf("error searching for folder with displayName: %s", folderDisplayName) - } - var folder *resourceManagerV3.Folder - if len(folderSearchResp.Folders) == 0 { - op, err := crmClient.Folders.Create(&resourceManagerV3.Folder{ - DisplayName: folderDisplayName, - Parent: fmt.Sprintf("organizations/%s", envvar.GetTestOrgFromEnv(t)), - }).Do() - if err != nil { - t.Fatalf("error bootstrapping test folder: %s", err) - } - - opAsMap, err := tpgresource.ConvertToMap(op) - if err != nil { - t.Fatalf("error converting folder operation map: %s", err) - } - var responseMap map[string]interface{} - err = resourcemanager.ResourceManagerOperationWaitTimeWithResponse(config, opAsMap, &responseMap, "creating folder", config.UserAgent, 4*time.Minute) - if err != nil { - t.Fatalf("error waiting for create folder operation: %s", err) - } - folder, err = crmClient.Folders.Get(responseMap["name"].(string)).Do() - if err != nil { - t.Fatalf("error getting folder: %s", err) - } - } else { - folder = folderSearchResp.Folders[0] - } - - if folder.State == "DELETE_REQUESTED" { - _, err := crmClient.Folders.Undelete(folder.Name, &resourceManagerV3.UndeleteFolderRequest{}).Do() - if err != nil { - t.Fatalf("error undeleting folder: %s", err) - } - } - return folder -} - -// BootstrapProject will create or get a project named -// "" that will persist across test runs, -// where projectIDSuffix is based off of getTestProjectFromEnv(). The reason -// for the naming is to isolate bootstrapped projects by test environment. -// Given the existing projects being used by our team, the prefix provided to -// this function can be no longer than 18 characters. -func BootstrapProject(t *testing.T, projectIDPrefix, billingAccount string, services []string) *cloudresourcemanager.Project { - org := envvar.GetTestOrgFromEnv(t) - parent := &cloudresourcemanager.ResourceId{ - Type: "organization", - Id: org, - } - projectIDSuffix := strings.Replace(envvar.GetTestProjectFromEnv(), "ci-test-project-", "", 1) - projectID := projectIDPrefix + projectIDSuffix - - return BootstrapProjectWithParent(t, projectID, billingAccount, parent, services) -} - -func BootstrapProjectWithParent(t *testing.T, projectID string, billingAccount string, parent *cloudresourcemanager.ResourceId, services []string) *cloudresourcemanager.Project { - config := transport_tpg.BootstrapConfig(t) - if config == nil { - return nil - } - crmClient := rmClient.NewClient(config, config.UserAgent) - - project, err := crmClient.Projects.Get(projectID).Do() - if err != nil { - if !transport_tpg.IsGoogleApiErrorWithCode(err, 403) { - t.Fatalf("Error getting bootstrapped project: %s", err) - } - op, err := crmClient.Projects.Create(&cloudresourcemanager.Project{ - ProjectId: projectID, - Name: "Bootstrapped Test Project", - Parent: parent, - }).Do() - if err != nil { - t.Fatalf("Error creating bootstrapped test project: %s", err) - } - - opAsMap, err := tpgresource.ConvertToMap(op) - if err != nil { - t.Fatalf("Error converting create project operation to map: %s", err) - } - - err = resourcemanager.ResourceManagerOperationWaitTime(config, opAsMap, "creating project", config.UserAgent, 4*time.Minute) - if err != nil { - t.Fatalf("Error waiting for create project operation: %s", err) - } - - project, err = crmClient.Projects.Get(projectID).Do() - if err != nil { - t.Fatalf("Error getting bootstrapped project: %s", err) - } - - } - - if project.LifecycleState == "DELETE_REQUESTED" { - _, err := crmClient.Projects.Undelete(projectID, &cloudresourcemanager.UndeleteProjectRequest{}).Do() - if err != nil { - t.Fatalf("Error undeleting bootstrapped project: %s", err) - } - } - - if billingAccount != "" { - billingClient := tpgcloudbilling.NewClient(config, config.UserAgent) - var pbi *cloudbilling.ProjectBillingInfo - err = transport_tpg.Retry(transport_tpg.RetryOptions{ - RetryFunc: func() error { - var reqErr error - pbi, reqErr = billingClient.Projects.GetBillingInfo(resourcemanager.PrefixedProject(projectID)).Do() - return reqErr - }, - Timeout: 30 * time.Second, - }) - if err != nil { - t.Fatalf("Error getting billing info for project %q: %v", projectID, err) - } - if strings.TrimPrefix(pbi.BillingAccountName, "billingAccounts/") != billingAccount { - pbi.BillingAccountName = "billingAccounts/" + billingAccount - err := transport_tpg.Retry(transport_tpg.RetryOptions{ - RetryFunc: func() error { - _, err := tpgcloudbilling.NewClient(config, config.UserAgent).Projects.UpdateBillingInfo(resourcemanager.PrefixedProject(projectID), pbi).Do() - return err - }, - Timeout: 2 * time.Minute, - }) - if err != nil { - t.Fatalf("Error setting billing account for project %q to %q: %s", projectID, billingAccount, err) - } - } - } - - if len(services) > 0 { - - enabledServices, err := resourcemanager.ListCurrentlyEnabledServices(projectID, "", config.UserAgent, config, 1*time.Minute) - if err != nil { - t.Fatalf("Error listing services for project %q: %s", projectID, err) - } - - servicesToEnable := make([]string, 0, len(services)) - for _, service := range services { - if _, ok := enabledServices[service]; !ok { - servicesToEnable = append(servicesToEnable, service) - } - } - - if len(servicesToEnable) > 0 { - if err := resourcemanager.EnableServiceUsageProjectServices(servicesToEnable, projectID, "", config.UserAgent, config, 10*time.Minute); err != nil { - t.Fatalf("Error enabling services for project %q: %s", projectID, err) - } - } - } - - return project -} diff --git a/mmv1/third_party/terraform/acctest/provider_test_utils.go.tmpl b/mmv1/third_party/terraform/acctest/provider_test_utils.go.tmpl index 61e0e3d1b1d4..a85e5ef50b56 100644 --- a/mmv1/third_party/terraform/acctest/provider_test_utils.go.tmpl +++ b/mmv1/third_party/terraform/acctest/provider_test_utils.go.tmpl @@ -22,6 +22,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/provider" tpgcloudbilling "github.com/hashicorp/terraform-provider-google/google/services/cloudbilling" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" tpgiamcredentials "github.com/hashicorp/terraform-provider-google/google/services/iamcredentials" "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" rmClient "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager/client" @@ -250,8 +251,8 @@ func SetupProjectsAndGetAccessToken(org, billing, pid, service string, config *t } // Create a service account for project-1 - serviceAccountEmail := serviceAccountPrefix + service - sa1, err := getOrCreateServiceAccount(config, pid, serviceAccountEmail) + serviceAccountEmail := iambeta.ServiceAccountPrefix + service + sa1, err := iambeta.GetOrCreateServiceAccount(config, pid, serviceAccountEmail) if err != nil { return "", fmt.Errorf("error creating service account %s in 'project-1' with project id %s: %w", serviceAccountEmail, pid, err) } diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy_test.go index 519f9a76106d..9c1c6cf8645f 100644 --- a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy_test.go +++ b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy_test.go @@ -10,20 +10,80 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/accesscontextmanager" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" + rmClient "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager/client" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" + + cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1" ) +var SharedServicePerimeterProjectPrefix = "tf-bootstrap-sp-" + +func BootstrapServicePerimeterProjects(t *testing.T, desiredProjects int) []*cloudresourcemanager.Project { + config := transport_tpg.BootstrapConfig(t) + if config == nil { + return nil + } + + org := envvar.GetTestOrgFromEnv(t) + + // The filter endpoint works differently if you provide both the parent id and parent type, and + // doesn't seem to allow for prefix matching. Don't change this to include the parent type unless + // that API behavior changes. + prefixFilter := fmt.Sprintf("id:%s* parent.id:%s", SharedServicePerimeterProjectPrefix, org) + res, err := rmClient.NewClient(config, config.UserAgent).Projects.List().Filter(prefixFilter).Do() + if err != nil { + t.Fatalf("Error getting shared test projects: %s", err) + } + + projects := res.Projects + for len(projects) < desiredProjects { + pid := SharedServicePerimeterProjectPrefix + acctest.RandString(t, 10) + project := &cloudresourcemanager.Project{ + ProjectId: pid, + Name: "TF Service Perimeter Test", + Parent: &cloudresourcemanager.ResourceId{ + Type: "organization", + Id: org, + }, + } + op, err := rmClient.NewClient(config, config.UserAgent).Projects.Create(project).Do() + if err != nil { + t.Fatalf("Error bootstrapping shared test project: %s", err) + } + + opAsMap, err := tpgresource.ConvertToMap(op) + if err != nil { + t.Fatalf("Error bootstrapping shared test project: %s", err) + } + + err = resourcemanager.ResourceManagerOperationWaitTime(config, opAsMap, "creating project", config.UserAgent, 4) + if err != nil { + t.Fatalf("Error bootstrapping shared test project: %s", err) + } + + p, err := rmClient.NewClient(config, config.UserAgent).Projects.Get(pid).Do() + if err != nil { + t.Fatalf("Error getting shared test project: %s", err) + } + projects = append(projects, p) + } + + return projects +} + // Since each test here is acting on the same organization and only one AccessPolicy // can exist, they need to be run serially. See AccessPolicy for the test runner. func testAccAccessContextManagerServicePerimeterDryRunEgressPolicy_basicTest(t *testing.T) { org := envvar.GetTestOrgFromEnv(t) - //projects := acctest.BootstrapServicePerimeterProjects(t, 1) + //projects := BootstrapServicePerimeterProjects(t, 1) // Bootstrap a service account to use as egress from identity initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - serviceAccount := acctest.BootstrapServiceAccount(t, "acm-egress-1", initialServiceAccount) + serviceAccount := iambeta.BootstrapServiceAccount(t, "acm-egress-1", initialServiceAccount) policyTitle := acctest.RandString(t, 10) perimeterTitle := "perimeter" diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy_test.go index 38c82b754d22..647a0be8cd4e 100644 --- a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy_test.go +++ b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/accesscontextmanager" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -19,11 +20,11 @@ import ( func testAccAccessContextManagerServicePerimeterDryRunIngressPolicy_basicTest(t *testing.T) { org := envvar.GetTestOrgFromEnv(t) - //projects := acctest.BootstrapServicePerimeterProjects(t, 1) + //projects := BootstrapServicePerimeterProjects(t, 1) // Bootstrap a service account to use as ingress from identity initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - serviceAccount := acctest.BootstrapServiceAccount(t, "acm-ingress-1", initialServiceAccount) + serviceAccount := iambeta.BootstrapServiceAccount(t, "acm-ingress-1", initialServiceAccount) policyTitle := acctest.RandString(t, 10) perimeterTitle := "perimeter" diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource_test.go index 7fd98bd4b421..5288766459b6 100644 --- a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource_test.go +++ b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_dry_run_resource_test.go @@ -18,7 +18,7 @@ import ( func testAccAccessContextManagerServicePerimeterDryRunResource_basicTest(t *testing.T) { org := envvar.GetTestOrgFromEnv(t) - projects := acctest.BootstrapServicePerimeterProjects(t, 2) + projects := BootstrapServicePerimeterProjects(t, 2) policyTitle := "my policy" perimeterTitle := "perimeter" diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy_test.go index 62cac0a90b22..709516576aae 100644 --- a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy_test.go +++ b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/accesscontextmanager" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -22,9 +23,9 @@ func testAccAccessContextManagerServicePerimeterEgressPolicy_basicTest(t *testin // Bootstrap a service account to use as egress from identity initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - serviceAccount := acctest.BootstrapServiceAccount(t, "acm-egress-2", initialServiceAccount) + serviceAccount := iambeta.BootstrapServiceAccount(t, "acm-egress-2", initialServiceAccount) - //projects := acctest.BootstrapServicePerimeterProjects(t, 1) + //projects := BootstrapServicePerimeterProjects(t, 1) policyTitle := acctest.RandString(t, 10) perimeterTitle := "perimeter" projectNumber := envvar.GetTestProjectNumberFromEnv() diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go index 8273b46ed5c0..784bd1280632 100644 --- a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go +++ b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/accesscontextmanager" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -19,11 +20,11 @@ import ( func testAccAccessContextManagerServicePerimeterIngressPolicy_basicTest(t *testing.T) { org := envvar.GetTestOrgFromEnv(t) - //projects := acctest.BootstrapServicePerimeterProjects(t, 1) + //projects := BootstrapServicePerimeterProjects(t, 1) // Bootstrap a service account to use as ingress from identity initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - serviceAccount := acctest.BootstrapServiceAccount(t, "acm-ingress-2", initialServiceAccount) + serviceAccount := iambeta.BootstrapServiceAccount(t, "acm-ingress-2", initialServiceAccount) policyTitle := acctest.RandString(t, 10) perimeterTitle := "perimeter" diff --git a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_resource_test.go b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_resource_test.go index b3930663bb01..cd48f4c85d3c 100644 --- a/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_resource_test.go +++ b/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_resource_test.go @@ -18,7 +18,7 @@ import ( func testAccAccessContextManagerServicePerimeterResource_basicTest(t *testing.T) { org := envvar.GetTestOrgFromEnv(t) - projects := acctest.BootstrapServicePerimeterProjects(t, 2) + projects := BootstrapServicePerimeterProjects(t, 2) policyTitle := "my policy" perimeterTitle := "perimeter" diff --git a/mmv1/third_party/terraform/services/cloudfunctions/resource_cloudfunctions_function_test.go.tmpl b/mmv1/third_party/terraform/services/cloudfunctions/resource_cloudfunctions_function_test.go.tmpl index 809f0fc8342f..c9c49fc16f36 100644 --- a/mmv1/third_party/terraform/services/cloudfunctions/resource_cloudfunctions_function_test.go.tmpl +++ b/mmv1/third_party/terraform/services/cloudfunctions/resource_cloudfunctions_function_test.go.tmpl @@ -13,6 +13,7 @@ import ( {{ if ne $.TargetVersionName `ga` -}} "github.com/hashicorp/terraform-provider-google/google/services/kms" {{- end }} + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "google.golang.org/api/cloudfunctions/v1" ) @@ -29,7 +30,7 @@ const testSecretEnvVarFunctionPath = "./test-fixtures/secret_environment_variabl const testSecretVolumesMountFunctionPath = "./test-fixtures/secret_volumes_mount.js" func bootstrapGcfAdminAgents(t *testing.T) { - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com", Role: "roles/vpcaccess.admin", diff --git a/mmv1/third_party/terraform/services/cloudfunctions2/resource_cloudfunctions2_function_test.go b/mmv1/third_party/terraform/services/cloudfunctions2/resource_cloudfunctions2_function_test.go index 96e7c7f8273a..6ded072cb94f 100644 --- a/mmv1/third_party/terraform/services/cloudfunctions2/resource_cloudfunctions2_function_test.go +++ b/mmv1/third_party/terraform/services/cloudfunctions2/resource_cloudfunctions2_function_test.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccCloudFunctions2Function_update(t *testing.T) { @@ -198,7 +199,7 @@ func TestAccCloudFunctions2Function_fullUpdate(t *testing.T) { "random_suffix": randomSuffix, } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/composer/resource_composer_environment_test.go b/mmv1/third_party/terraform/services/composer/resource_composer_environment_test.go index 01a76346d92e..b2ca312abc94 100644 --- a/mmv1/third_party/terraform/services/composer/resource_composer_environment_test.go +++ b/mmv1/third_party/terraform/services/composer/resource_composer_environment_test.go @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/services/composer" tpgcompute "github.com/hashicorp/terraform-provider-google/google/services/compute" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -24,7 +25,7 @@ const testComposerBucketPrefix = "tf-test-composer-bucket" const testComposerNetworkAttachmentPrefix = "tf-test-composer-nta" func bootstrapComposerServiceAgents(t *testing.T) { - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@cloudcomposer-accounts.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_disk_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_disk_test.go.tmpl index e6ffec9b5504..c4c03af14779 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_disk_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_disk_test.go.tmpl @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/envvar" tpgcompute "github.com/hashicorp/terraform-provider-google/google/services/compute" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -661,7 +662,7 @@ func TestAccComputeDisk_encryptionKMS(t *testing.T) { importID := fmt.Sprintf("%s/%s/%s", pid, "us-central1-a", diskName) var disk map[string]interface{} - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl index fb10bc6b5238..aa5113ece59c 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_instance_test.go.tmpl @@ -25,6 +25,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/envvar" tpgcompute "github.com/hashicorp/terraform-provider-google/google/services/compute" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/tpgresource" {{ if eq $.TargetVersionName `ga` }} @@ -904,7 +905,7 @@ func TestAccComputeInstance_kmsDiskEncryption(t *testing.T) { }, } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -976,7 +977,7 @@ func TestAccComputeInstance_instanceEncryption(t *testing.T) { "desired_status": "RUNNING", } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:{project_number}-compute@developer.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_region_disk_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_region_disk_test.go.tmpl index f6c0f2db540d..0af7acb2a114 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_region_disk_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_region_disk_test.go.tmpl @@ -16,6 +16,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/envvar" tpgcompute "github.com/hashicorp/terraform-provider-google/google/services/compute" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-plugin-testing/plancheck" {{ if eq $.TargetVersionName `ga` }} @@ -916,7 +917,7 @@ func TestAccComputeRegionDisk_fromImageKMS(t *testing.T) { "disk_name": diskName, } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -1112,7 +1113,7 @@ func TestAccComputeRegionDisk_fromImageKMSWithServiceAccount(t *testing.T) { "disk_name": diskName, } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl index 563187728822..e99060afde39 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl @@ -15,11 +15,12 @@ import ( tpgcompute "github.com/hashicorp/terraform-provider-google/google/services/compute" "github.com/hashicorp/terraform-provider-google/google/services/container" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" cloudkms "google.golang.org/api/cloudkms/v1" ) func bootstrapGkeTagManagerServiceAgents(t *testing.T) { - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com", Role: "roles/resourcemanager.tagAdmin", @@ -3229,7 +3230,7 @@ func TestAccContainerCluster_withBootDiskKmsKey(t *testing.T) { networkName := tpgcompute.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := tpgcompute.BootstrapSubnet(t, "gke-cluster", networkName) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -5836,7 +5837,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsBootDiskKmsKey(t *testi networkName := tpgcompute.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := tpgcompute.BootstrapSubnet(t, "gke-cluster", networkName) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -7036,7 +7037,7 @@ func TestAccContainerCluster_WithCPAFeatures(t *testing.T) { // *ALL* Cloud KMS keys in the project. A more realistic usage would be to // grant the service agent the necessary roles only on the individual keys // we have created. - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com", Role: "roles/container.cloudKmsKeyUser", @@ -14084,7 +14085,7 @@ func TestAccContainerCluster_withConfidentialBootDisk(t *testing.T) { networkName := tpgcompute.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := tpgcompute.BootstrapSubnet(t, "gke-cluster", networkName) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -14150,7 +14151,7 @@ func TestAccContainerCluster_withConfidentialBootDiskNodeConfig(t *testing.T) { networkName := tpgcompute.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := tpgcompute.BootstrapSubnet(t, "gke-cluster", networkName) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -16976,7 +16977,7 @@ func TestAccContainerCluster_WithCPAFeaturesUpdate(t *testing.T) { // *ALL* Cloud KMS keys in the project. A more realistic usage would be to // grant the service agent the necessary roles only on the individual keys // we have created. - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com", Role: "roles/container.cloudKmsKeyUser", diff --git a/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl b/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl index c38aa7663a12..fdac7e999dc6 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl @@ -13,6 +13,7 @@ import ( tpgcompute "github.com/hashicorp/terraform-provider-google/google/services/compute" "github.com/hashicorp/terraform-provider-google/google/services/container" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/tags" ) @@ -1422,7 +1423,7 @@ func TestAccContainerNodePool_withBootDiskKmsKey(t *testing.T) { networkName := tpgcompute.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := tpgcompute.BootstrapSubnet(t, "gke-cluster", networkName) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -5579,7 +5580,7 @@ func TestAccContainerNodePool_withConfidentialBootDisk(t *testing.T) { networkName := tpgcompute.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := tpgcompute.BootstrapSubnet(t, "gke-cluster", networkName) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/dataflow/resource_dataflow_flex_template_job_test.go.tmpl b/mmv1/third_party/terraform/services/dataflow/resource_dataflow_flex_template_job_test.go.tmpl index edfedff74368..d57cae57b4e4 100644 --- a/mmv1/third_party/terraform/services/dataflow/resource_dataflow_flex_template_job_test.go.tmpl +++ b/mmv1/third_party/terraform/services/dataflow/resource_dataflow_flex_template_job_test.go.tmpl @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/services/dataflow" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/tpgresource" compute_tpg "github.com/hashicorp/terraform-provider-google/google/services/compute" @@ -310,7 +311,7 @@ func TestAccDataflowFlexTemplateJob_withKmsKey(t *testing.T) { bucket := "tf-test-dataflow-bucket-" + randStr topic := "tf-test-topic" + randStr - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/dataflow/resource_dataflow_job_test.go.tmpl b/mmv1/third_party/terraform/services/dataflow/resource_dataflow_job_test.go.tmpl index 05299d274c94..81159abb5f8f 100644 --- a/mmv1/third_party/terraform/services/dataflow/resource_dataflow_job_test.go.tmpl +++ b/mmv1/third_party/terraform/services/dataflow/resource_dataflow_job_test.go.tmpl @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-google/google/services/dataflow" compute_tpg "github.com/hashicorp/terraform-provider-google/google/services/compute" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" dataflowapi "google.golang.org/api/dataflow/v1b3" "github.com/hashicorp/terraform-provider-google/google/acctest" @@ -393,7 +394,7 @@ func TestAccDataflowJob_withKmsKey(t *testing.T) { bucket := "tf-test-dataflow-gcs-" + randStr job := "tf-test-dataflow-job-" + randStr - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster_test.go b/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster_test.go index 37660add2b9c..340049e39fec 100644 --- a/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster_test.go +++ b/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster_test.go @@ -18,6 +18,7 @@ import ( tpgcompute "github.com/hashicorp/terraform-provider-google/google/services/compute" dataproc_tpg "github.com/hashicorp/terraform-provider-google/google/services/dataproc" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/storage" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" @@ -367,7 +368,7 @@ func TestAccDataprocCluster_withResourceManagerTags(t *testing.T) { subnetworkName := tpgcompute.BootstrapSubnet(t, "dataproc-cluster", networkName) BootstrapFirewallForDataprocSharedNetwork(t, "dataproc-cluster", networkName) // TODO: remove this IAM binding once tagUser permissions are present in Dataproc Service Agent role. - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: fmt.Sprintf("serviceAccount:service-%s@dataproc-accounts.iam.gserviceaccount.com", projectNumber), Role: "roles/resourcemanager.tagUser", @@ -1250,7 +1251,7 @@ func TestAccDataprocCluster_KMS(t *testing.T) { subnetworkName := tpgcompute.BootstrapSubnet(t, "dataproc-cluster", networkName) BootstrapFirewallForDataprocSharedNetwork(t, "dataproc-cluster", networkName) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@compute-system.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/dataproc/resource_dataproc_session_template_test.go b/mmv1/third_party/terraform/services/dataproc/resource_dataproc_session_template_test.go index 7a7b2d407ac1..345a09e9d3dd 100644 --- a/mmv1/third_party/terraform/services/dataproc/resource_dataproc_session_template_test.go +++ b/mmv1/third_party/terraform/services/dataproc/resource_dataproc_session_template_test.go @@ -9,12 +9,13 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccDataprocSessionTemplate_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@dataproc-accounts.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_channel_test.go b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_channel_test.go index 13e2512eb6cb..246437c6b868 100644 --- a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_channel_test.go +++ b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_channel_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) @@ -22,7 +23,7 @@ func TestAccEventarcChannel_cryptoKeyUpdate(t *testing.T) { "key2": kms.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-channel-key2").CryptoKey.Name, "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_google_channel_config_test.go b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_google_channel_config_test.go index 88f4896f9999..7c3905fdd983 100644 --- a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_google_channel_config_test.go +++ b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_google_channel_config_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" @@ -40,7 +41,7 @@ func testAccEventarcGoogleChannelConfig_basic(t *testing.T) { "region": region, "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -80,7 +81,7 @@ func testAccEventarcGoogleChannelConfig_longForm(t *testing.T) { "region": region, "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -124,7 +125,7 @@ func testAccEventarcGoogleChannelConfig_cryptoKeyUpdate(t *testing.T) { "key1": kms.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-google-channel-config-key1").CryptoKey.Name, "key2": kms.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-google-channel-config-key2").CryptoKey.Name, } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_message_bus_test.go b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_message_bus_test.go index 1e5636d235e3..64ef4c017667 100644 --- a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_message_bus_test.go +++ b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_message_bus_test.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -45,7 +46,7 @@ func testAccEventarcMessageBus_basic(t *testing.T) { "region": envvar.GetTestRegionFromEnv(), "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -94,7 +95,7 @@ func testAccEventarcMessageBus_cryptoKey(t *testing.T) { "key": kms.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-messagebus-key").CryptoKey.Name, "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -141,7 +142,7 @@ func testAccEventarcMessageBus_update(t *testing.T) { "key2": kms.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-messagebus-key2").CryptoKey.Name, "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -246,7 +247,7 @@ func testAccEventarcMessageBus_googleApiSource(t *testing.T) { "region": region, "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", @@ -313,7 +314,7 @@ func testAccEventarcMessageBus_updateGoogleApiSource(t *testing.T) { "region": region, "random_suffix": acctest.RandString(t, 10), } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_pipeline_test.go b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_pipeline_test.go index 82b20f0baa6c..e7a6381ef89a 100644 --- a/mmv1/third_party/terraform/services/eventarc/resource_eventarc_pipeline_test.go +++ b/mmv1/third_party/terraform/services/eventarc/resource_eventarc_pipeline_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" @@ -26,7 +27,7 @@ func TestAccEventarcPipeline_update(t *testing.T) { "random_suffix": randomSuffix, } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-eventarc.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/iambeta/bootstrap_test_utils.go b/mmv1/third_party/terraform/services/iambeta/bootstrap_test_utils.go new file mode 100644 index 000000000000..0564f25ccd83 --- /dev/null +++ b/mmv1/third_party/terraform/services/iambeta/bootstrap_test_utils.go @@ -0,0 +1,100 @@ +package iambeta + +import ( + "fmt" + "log" + "testing" + + "github.com/hashicorp/terraform-provider-google/google/envvar" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" + + iam "google.golang.org/api/iam/v1" +) + +var ServiceAccountPrefix = "tf-bootstrap-sa-" +var serviceAccountDisplay = "Bootstrapped Service Account for Terraform tests" + +// Some tests need a second service account, other than the test runner, to assert functionality on. +// This provides a well-known service account that can be used when dynamically creating a service +// account isn't an option. +func GetOrCreateServiceAccount(config *transport_tpg.Config, project, serviceAccountEmail string) (*iam.ServiceAccount, error) { + name := fmt.Sprintf("projects/%s/serviceAccounts/%s@%s.iam.gserviceaccount.com", project, serviceAccountEmail, project) + log.Printf("[DEBUG] Verifying %s as bootstrapped service account.\n", name) + + sa, err := NewClient(config, config.UserAgent).Projects.ServiceAccounts.Get(name).Do() + if err != nil && !transport_tpg.IsGoogleApiErrorWithCode(err, 404) { + return nil, fmt.Errorf("encountered a non-404 error when looking for bootstrapped service account %s: %w", name, err) + } + + if sa == nil { + log.Printf("[DEBUG] Account missing. Creating %s as bootstrapped service account.\n", name) + sa = &iam.ServiceAccount{ + DisplayName: serviceAccountDisplay, + } + + r := &iam.CreateServiceAccountRequest{ + AccountId: serviceAccountEmail, + ServiceAccount: sa, + } + sa, err = NewClient(config, config.UserAgent).Projects.ServiceAccounts.Create("projects/"+project, r).Do() + if err != nil { + return nil, fmt.Errorf("error when creating bootstrapped service account %s: %w", name, err) + } + } + + return sa, nil +} + +// In order to test impersonation we need to grant the testRunner's account the ability to grant tokens +// on a different service account. Granting permissions takes time and there is no operation to wait on +// so instead this creates a single service account once per test-suite with the correct permissions. +// The first time this test is run it will fail, but subsequent runs will succeed. +func impersonationServiceAccountPermissions(config *transport_tpg.Config, sa *iam.ServiceAccount, testRunner string) error { + log.Printf("[DEBUG] Setting service account permissions.\n") + policy := iam.Policy{ + Bindings: []*iam.Binding{}, + } + + binding := &iam.Binding{ + Role: "roles/iam.serviceAccountTokenCreator", + Members: []string{"serviceAccount:" + sa.Email, "serviceAccount:" + testRunner}, + } + policy.Bindings = append(policy.Bindings, binding) + + // Overwrite the roles each time on this service account. This is because this account is + // only created for the test suite and will stop snowflaking of permissions to get tests + // to run. Overwriting permissions on 1 service account shouldn't affect others. + _, err := NewClient(config, config.UserAgent).Projects.ServiceAccounts.SetIamPolicy(sa.Name, &iam.SetIamPolicyRequest{ + Policy: &policy, + }).Do() + if err != nil { + return err + } + + return nil +} + +// A separate testId should be used for each test, to create separate service accounts for each, +// and avoid race conditions where the policy of the same service account is being modified by 2 +// tests at once. This is needed as long as the function overwrites the policy on every run. +func BootstrapServiceAccount(t *testing.T, testId, testRunner string) string { + project := envvar.GetTestProjectFromEnv() + serviceAccountEmail := ServiceAccountPrefix + testId + + config := transport_tpg.BootstrapConfig(t) + if config == nil { + return "" + } + + sa, err := GetOrCreateServiceAccount(config, project, serviceAccountEmail) + if err != nil { + t.Fatalf("Bootstrapping failed. Cannot retrieve service account, %s", err) + } + + err = impersonationServiceAccountPermissions(config, sa, testRunner) + if err != nil { + t.Fatalf("Bootstrapping failed. Cannot set service account permissions, %s", err) + } + + return sa.Email +} diff --git a/mmv1/third_party/terraform/services/kms/data_source_google_kms_auotokey_config_test.go b/mmv1/third_party/terraform/services/kms/data_source_google_kms_auotokey_config_test.go index 806f18dcb27e..5d5141b314b5 100644 --- a/mmv1/third_party/terraform/services/kms/data_source_google_kms_auotokey_config_test.go +++ b/mmv1/third_party/terraform/services/kms/data_source_google_kms_auotokey_config_test.go @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/resourcemanagerv3" tpgserviceusage "github.com/hashicorp/terraform-provider-google/google/services/serviceusage" "github.com/hashicorp/terraform-provider-google/google/tpgresource" @@ -115,13 +116,13 @@ func setupAutokeyTestResources(t *testing.T, config *transport_tpg.Config) (*res t.Errorf("unable to bootstrap KMS keyHandle. Cannot get current usr: %s", err) } // create a folder to configure autokey config and resource folder - autokeyFolder := acctest.BootstrapFolder(t, defaultAutokeyTestFolderName) + autokeyFolder := BootstrapFolder(t, defaultAutokeyTestFolderName) parent := &cloudresourcemanager.ResourceId{ Type: "folder", Id: strings.Split(autokeyFolder.Name, "/")[1], } // create and setup kms project for hosting keyring and keys for autokey - kmsProject := acctest.BootstrapProjectWithParent(t, defaultAutokeyTestKmsProject, envvar.GetTestBillingAccountFromEnv(t), parent, []string{CloudKmsSrviceName}) + kmsProject := resourcemanager.BootstrapProjectWithParent(t, defaultAutokeyTestKmsProject, envvar.GetTestBillingAccountFromEnv(t), parent, []string{CloudKmsSrviceName}) kmsProjectID := fmt.Sprintf("projects/%s", kmsProject.ProjectId) kmsSAEmail, err := GenerateCloudKmsServiceIdentity(config, fmt.Sprintf("%v", kmsProject.ProjectNumber)) if err != nil { @@ -141,7 +142,7 @@ func setupAutokeyTestResources(t *testing.T, config *transport_tpg.Config) (*res } // create and setup resource folder to host keyhandle - resourceProject := acctest.BootstrapProjectWithParent(t, defaultAutokeyTestResourceProject, envvar.GetTestBillingAccountFromEnv(t), parent, []string{}) + resourceProject := resourcemanager.BootstrapProjectWithParent(t, defaultAutokeyTestResourceProject, envvar.GetTestBillingAccountFromEnv(t), parent, []string{}) return autokeyFolder, kmsProject, resourceProject } @@ -261,6 +262,55 @@ func setPolicy(crmService *resourceManagerV3.Service, resourceType string, resou return nil } +// BootstrapFolder creates or get a folder having a input folderDisplayName within a TestOrgEnv +func BootstrapFolder(t *testing.T, folderDisplayName string) *resourceManagerV3.Folder { + config := transport_tpg.BootstrapConfig(t) + if config == nil { + return nil + } + + crmClient := resourcemanagerv3.NewClient(config, config.UserAgent) + searchQuery := fmt.Sprintf("displayName=%s", folderDisplayName) + folderSearchResp, err := crmClient.Folders.Search().Query(searchQuery).Do() + if err != nil { + t.Fatalf("error searching for folder with displayName: %s", folderDisplayName) + } + var folder *resourceManagerV3.Folder + if len(folderSearchResp.Folders) == 0 { + op, err := crmClient.Folders.Create(&resourceManagerV3.Folder{ + DisplayName: folderDisplayName, + Parent: fmt.Sprintf("organizations/%s", envvar.GetTestOrgFromEnv(t)), + }).Do() + if err != nil { + t.Fatalf("error bootstrapping test folder: %s", err) + } + + opAsMap, err := tpgresource.ConvertToMap(op) + if err != nil { + t.Fatalf("error converting folder operation map: %s", err) + } + var responseMap map[string]interface{} + err = resourcemanager.ResourceManagerOperationWaitTimeWithResponse(config, opAsMap, &responseMap, "creating folder", config.UserAgent, 4*time.Minute) + if err != nil { + t.Fatalf("error waiting for create folder operation: %s", err) + } + folder, err = crmClient.Folders.Get(responseMap["name"].(string)).Do() + if err != nil { + t.Fatalf("error getting folder: %s", err) + } + } else { + folder = folderSearchResp.Folders[0] + } + + if folder.State == "DELETE_REQUESTED" { + _, err := crmClient.Folders.Undelete(folder.Name, &resourceManagerV3.UndeleteFolderRequest{}).Do() + if err != nil { + t.Fatalf("error undeleting folder: %s", err) + } + } + return folder +} + func TestAccDataSourceGoogleKmsAutokeyConfig_basic(t *testing.T) { kmsAutokey := BootstrapKMSAutokeyKeyHandle(t) folder := fmt.Sprintf("folders/%s", strings.Split(kmsAutokey.AutokeyConfig.Name, "/")[1]) diff --git a/mmv1/third_party/terraform/services/looker/resource_looker_instance_test.go b/mmv1/third_party/terraform/services/looker/resource_looker_instance_test.go index 3d9a5950e980..6bac0408b197 100644 --- a/mmv1/third_party/terraform/services/looker/resource_looker_instance_test.go +++ b/mmv1/third_party/terraform/services/looker/resource_looker_instance_test.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccLookerInstance_update(t *testing.T) { @@ -147,7 +148,7 @@ func TestAccLookerInstance_updatePeriodicExport(t *testing.T) { "random_suffix": suffix, } - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { // For writing/managing the export files in GCS Member: "serviceAccount:service-{project_number}@gcp-sa-looker.iam.gserviceaccount.com", diff --git a/mmv1/third_party/terraform/services/modelarmorglobal/resource_model_armor_floorsetting_test.go b/mmv1/third_party/terraform/services/modelarmorglobal/resource_model_armor_floorsetting_test.go index 26205098df64..f969195735f0 100644 --- a/mmv1/third_party/terraform/services/modelarmorglobal/resource_model_armor_floorsetting_test.go +++ b/mmv1/third_party/terraform/services/modelarmorglobal/resource_model_armor_floorsetting_test.go @@ -4,19 +4,18 @@ import ( "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" - "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccModelArmorGlobalFloorsetting_update(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "project_id": acctest.BootstrapProject(t, "tf-boot-magf-", envvar.GetTestBillingAccountFromEnv(t), []string{"modelarmor.googleapis.com"}).ProjectId, + "project_id": resourcemanager.BootstrapProject(t, "tf-boot-magf-", envvar.GetTestBillingAccountFromEnv(t), []string{"modelarmor.googleapis.com"}).ProjectId, } acctest.VcrTest(t, resource.TestCase{ diff --git a/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_for_organization_test.go b/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_for_organization_test.go index e34839ff36e1..2282c86ceee1 100644 --- a/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_for_organization_test.go +++ b/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_for_organization_test.go @@ -6,10 +6,11 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccOSConfigV2PolicyOrchestratorForOrganization_basic(t *testing.T) { - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-org-{organization_id}@gcp-sa-osconfig.iam.gserviceaccount.com", Role: "roles/osconfig.serviceAgent", diff --git a/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_test.go b/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_test.go index 4aed5eeac4ef..9f1e7b7f305c 100644 --- a/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_test.go +++ b/mmv1/third_party/terraform/services/osconfigv2/resource_os_config_v2_policy_orchestrator_test.go @@ -6,12 +6,13 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccOSConfigV2PolicyOrchestrator_basic(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-osconfig.iam.gserviceaccount.com", Role: "roles/osconfig.serviceAgent", diff --git a/mmv1/third_party/terraform/services/parametermanager/data_source_parameter_manager_parameter_version_test.go b/mmv1/third_party/terraform/services/parametermanager/data_source_parameter_manager_parameter_version_test.go index 566d8f78ceba..543722eb5d9e 100644 --- a/mmv1/third_party/terraform/services/parametermanager/data_source_parameter_manager_parameter_version_test.go +++ b/mmv1/third_party/terraform/services/parametermanager/data_source_parameter_manager_parameter_version_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccDataSourceParameterManagerParameterVersion_basicWithResourceReference(t *testing.T) { @@ -191,7 +192,7 @@ data "google_parameter_manager_parameter_version" "parameter-version-with-yaml-d func TestAccDataSourceParameterManagerParameterVersion_withKmsKey(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-pm.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/parametermanager/resource_parameter_manager_parameter_test.go b/mmv1/third_party/terraform/services/parametermanager/resource_parameter_manager_parameter_test.go index 0ce0a4f86f40..10381b05b514 100644 --- a/mmv1/third_party/terraform/services/parametermanager/resource_parameter_manager_parameter_test.go +++ b/mmv1/third_party/terraform/services/parametermanager/resource_parameter_manager_parameter_test.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccParameterManagerParameter_labelsUpdate(t *testing.T) { @@ -106,7 +107,7 @@ resource "google_parameter_manager_parameter" "parameter-with-labels" { func TestAccParameterManagerParameter_kmsKeyUpdate(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-pm.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/parametermanagerregional/data_source_parameter_manager_regional_parameter_version_test.go b/mmv1/third_party/terraform/services/parametermanagerregional/data_source_parameter_manager_regional_parameter_version_test.go index 83c1edd81c1a..f06381fbabb5 100644 --- a/mmv1/third_party/terraform/services/parametermanagerregional/data_source_parameter_manager_regional_parameter_version_test.go +++ b/mmv1/third_party/terraform/services/parametermanagerregional/data_source_parameter_manager_regional_parameter_version_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccDataSourceParameterManagerRegionalRegionalParameterVersion_basicWithResourceReference(t *testing.T) { @@ -197,7 +198,7 @@ data "google_parameter_manager_regional_parameter_version" "regional-parameter-v func TestAccDataSourceParameterManagerRegionalRegionalParameterVersion_withKmsKey(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-pm.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/parametermanagerregional/resource_parameter_manager_regional_parameter_test.go b/mmv1/third_party/terraform/services/parametermanagerregional/resource_parameter_manager_regional_parameter_test.go index d191b41f1c2e..b1aecd297832 100644 --- a/mmv1/third_party/terraform/services/parametermanagerregional/resource_parameter_manager_regional_parameter_test.go +++ b/mmv1/third_party/terraform/services/parametermanagerregional/resource_parameter_manager_regional_parameter_test.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccParameterManagerRegionalRegionalParameter_import(t *testing.T) { @@ -153,7 +154,7 @@ resource "google_parameter_manager_regional_parameter" "regional-parameter-with- func TestAccParameterManagerRegionalRegionalParameter_kmskeyUpdate(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-pm.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/privateca/resource_privateca_ca_pool_test.go b/mmv1/third_party/terraform/services/privateca/resource_privateca_ca_pool_test.go index 1c3d629f1789..8943fcb74150 100644 --- a/mmv1/third_party/terraform/services/privateca/resource_privateca_ca_pool_test.go +++ b/mmv1/third_party/terraform/services/privateca/resource_privateca_ca_pool_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" "github.com/hashicorp/terraform-provider-google/google/services/privateca" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -514,7 +515,7 @@ resource "google_privateca_ca_pool" "default" { func TestAccPrivatecaCaPool_CmekKeyUpdate(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-privateca.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/pubsub/resource_pubsub_subscription_test.go b/mmv1/third_party/terraform/services/pubsub/resource_pubsub_subscription_test.go index 98bb8686137d..e5414e3f7ff9 100644 --- a/mmv1/third_party/terraform/services/pubsub/resource_pubsub_subscription_test.go +++ b/mmv1/third_party/terraform/services/pubsub/resource_pubsub_subscription_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/pubsub" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/tags" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -244,7 +245,7 @@ func TestAccPubsubSubscriptionBigQuery_serviceAccount(t *testing.T) { serviceAccount := fmt.Sprintf("bq-test-sa-%s", acctest.RandString(t, 10)) serviceAccount2 := fmt.Sprintf("bq-test-sa2-%s", acctest.RandString(t, 10)) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com", Role: "roles/bigquery.dataEditor", diff --git a/mmv1/third_party/terraform/services/pubsub/resource_pubsub_topic_test.go b/mmv1/third_party/terraform/services/pubsub/resource_pubsub_topic_test.go index 50924b32b033..741520b737a1 100644 --- a/mmv1/third_party/terraform/services/pubsub/resource_pubsub_topic_test.go +++ b/mmv1/third_party/terraform/services/pubsub/resource_pubsub_topic_test.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/tags" ) @@ -51,7 +52,7 @@ func TestAccPubsubTopic_cmek(t *testing.T) { bootstrapped := kms.BootstrapKMSKey(t) topicName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)) - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/acctest/bootstrap_iam_test_utils.go b/mmv1/third_party/terraform/services/resourcemanager/bootstrap_iam_test_utils.go similarity index 99% rename from mmv1/third_party/terraform/acctest/bootstrap_iam_test_utils.go rename to mmv1/third_party/terraform/services/resourcemanager/bootstrap_iam_test_utils.go index adf9373cbd6a..1759a7234cab 100644 --- a/mmv1/third_party/terraform/acctest/bootstrap_iam_test_utils.go +++ b/mmv1/third_party/terraform/services/resourcemanager/bootstrap_iam_test_utils.go @@ -1,4 +1,4 @@ -package acctest +package resourcemanager import ( "strconv" diff --git a/mmv1/third_party/terraform/services/resourcemanager/bootstrap_test_utils.go b/mmv1/third_party/terraform/services/resourcemanager/bootstrap_test_utils.go new file mode 100644 index 000000000000..b289bdf63e23 --- /dev/null +++ b/mmv1/third_party/terraform/services/resourcemanager/bootstrap_test_utils.go @@ -0,0 +1,132 @@ +package resourcemanager + +import ( + "strings" + "testing" + "time" + + "github.com/hashicorp/terraform-provider-google/google/envvar" + tpgcloudbilling "github.com/hashicorp/terraform-provider-google/google/services/cloudbilling" + rmClient "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager/client" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" + + "google.golang.org/api/cloudbilling/v1" + cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1" +) + +// BootstrapProject will create or get a project named +// "" that will persist across test runs, +// where projectIDSuffix is based off of getTestProjectFromEnv(). The reason +// for the naming is to isolate bootstrapped projects by test environment. +// Given the existing projects being used by our team, the prefix provided to +// this function can be no longer than 18 characters. +func BootstrapProject(t *testing.T, projectIDPrefix, billingAccount string, services []string) *cloudresourcemanager.Project { + org := envvar.GetTestOrgFromEnv(t) + parent := &cloudresourcemanager.ResourceId{ + Type: "organization", + Id: org, + } + projectIDSuffix := strings.Replace(envvar.GetTestProjectFromEnv(), "ci-test-project-", "", 1) + projectID := projectIDPrefix + projectIDSuffix + + return BootstrapProjectWithParent(t, projectID, billingAccount, parent, services) +} + +func BootstrapProjectWithParent(t *testing.T, projectID string, billingAccount string, parent *cloudresourcemanager.ResourceId, services []string) *cloudresourcemanager.Project { + config := transport_tpg.BootstrapConfig(t) + if config == nil { + return nil + } + crmClient := rmClient.NewClient(config, config.UserAgent) + + project, err := crmClient.Projects.Get(projectID).Do() + if err != nil { + if !transport_tpg.IsGoogleApiErrorWithCode(err, 403) { + t.Fatalf("Error getting bootstrapped project: %s", err) + } + op, err := crmClient.Projects.Create(&cloudresourcemanager.Project{ + ProjectId: projectID, + Name: "Bootstrapped Test Project", + Parent: parent, + }).Do() + if err != nil { + t.Fatalf("Error creating bootstrapped test project: %s", err) + } + + opAsMap, err := tpgresource.ConvertToMap(op) + if err != nil { + t.Fatalf("Error converting create project operation to map: %s", err) + } + + err = ResourceManagerOperationWaitTime(config, opAsMap, "creating project", config.UserAgent, 4*time.Minute) + if err != nil { + t.Fatalf("Error waiting for create project operation: %s", err) + } + + project, err = crmClient.Projects.Get(projectID).Do() + if err != nil { + t.Fatalf("Error getting bootstrapped project: %s", err) + } + + } + + if project.LifecycleState == "DELETE_REQUESTED" { + _, err := crmClient.Projects.Undelete(projectID, &cloudresourcemanager.UndeleteProjectRequest{}).Do() + if err != nil { + t.Fatalf("Error undeleting bootstrapped project: %s", err) + } + } + + if billingAccount != "" { + billingClient := tpgcloudbilling.NewClient(config, config.UserAgent) + var pbi *cloudbilling.ProjectBillingInfo + err = transport_tpg.Retry(transport_tpg.RetryOptions{ + RetryFunc: func() error { + var reqErr error + pbi, reqErr = billingClient.Projects.GetBillingInfo(PrefixedProject(projectID)).Do() + return reqErr + }, + Timeout: 30 * time.Second, + }) + if err != nil { + t.Fatalf("Error getting billing info for project %q: %v", projectID, err) + } + if strings.TrimPrefix(pbi.BillingAccountName, "billingAccounts/") != billingAccount { + pbi.BillingAccountName = "billingAccounts/" + billingAccount + err := transport_tpg.Retry(transport_tpg.RetryOptions{ + RetryFunc: func() error { + _, err := tpgcloudbilling.NewClient(config, config.UserAgent).Projects.UpdateBillingInfo(PrefixedProject(projectID), pbi).Do() + return err + }, + Timeout: 2 * time.Minute, + }) + if err != nil { + t.Fatalf("Error setting billing account for project %q to %q: %s", projectID, billingAccount, err) + } + } + } + + if len(services) > 0 { + + enabledServices, err := ListCurrentlyEnabledServices(projectID, "", config.UserAgent, config, 1*time.Minute) + if err != nil { + t.Fatalf("Error listing services for project %q: %s", projectID, err) + } + + servicesToEnable := make([]string, 0, len(services)) + for _, service := range services { + if _, ok := enabledServices[service]; !ok { + servicesToEnable = append(servicesToEnable, service) + } + } + + if len(servicesToEnable) > 0 { + if err := EnableServiceUsageProjectServices(servicesToEnable, projectID, "", config.UserAgent, config, 10*time.Minute); err != nil { + t.Fatalf("Error enabling services for project %q: %s", projectID, err) + } + } + } + + return project +} diff --git a/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_access_token_test.go b/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_access_token_test.go index a32115ce5dee..48b0044a3433 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_access_token_test.go +++ b/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_access_token_test.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -34,7 +35,7 @@ func TestAccDataSourceGoogleServiceAccountAccessToken_basic(t *testing.T) { resourceName := "data.google_service_account_access_token.default" serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "acctoken", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "acctoken", serviceAccount) acctest.VcrTest(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, diff --git a/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_id_token_test.go b/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_id_token_test.go index 6b5e3598b5b0..443c81a2a60d 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_id_token_test.go +++ b/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_id_token_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" ) const targetAudience = "https://foo.bar/" @@ -73,7 +74,7 @@ func TestAccDataSourceGoogleServiceAccountIdToken_impersonation(t *testing.T) { resourceName := "data.google_service_account_id_token.default" serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "idtoken-imp", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "idtoken-imp", serviceAccount) resource.Test(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, diff --git a/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_jwt_test.go b/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_jwt_test.go index 0f9acee03abd..167a458b933d 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_jwt_test.go +++ b/mmv1/third_party/terraform/services/resourcemanager/data_source_google_service_account_jwt_test.go @@ -15,6 +15,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) @@ -100,7 +101,7 @@ func TestAccDataSourceGoogleServiceAccountJwt(t *testing.T) { resourceName := "data.google_service_account_jwt.default" serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "jwt", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "jwt", serviceAccount) staticTime := time.Now() diff --git a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_access_token_test.go b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_access_token_test.go index 8451e2fce30e..aeb198878225 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_access_token_test.go +++ b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_access_token_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" ) var defaultMaxLifetime string = "3600s" @@ -14,7 +15,7 @@ func TestAccEphemeralServiceAccountToken_basic(t *testing.T) { t.Parallel() serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "basic", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "basic", serviceAccount) context := map[string]interface{}{ "ephemeral_resource_name": "token", @@ -47,9 +48,9 @@ func TestAccEphemeralServiceAccountToken_withDelegates(t *testing.T) { t.Parallel() initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - delegateServiceAccountEmailOne := acctest.BootstrapServiceAccount(t, "delegate1", initialServiceAccount) // SA_2 - delegateServiceAccountEmailTwo := acctest.BootstrapServiceAccount(t, "delegate2", delegateServiceAccountEmailOne) // SA_3 - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "target", delegateServiceAccountEmailTwo) // SA_4 + delegateServiceAccountEmailOne := iambeta.BootstrapServiceAccount(t, "delegate1", initialServiceAccount) // SA_2 + delegateServiceAccountEmailTwo := iambeta.BootstrapServiceAccount(t, "delegate2", delegateServiceAccountEmailOne) // SA_3 + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "target", delegateServiceAccountEmailTwo) // SA_4 context := map[string]interface{}{ "ephemeral_resource_name": "token", @@ -82,7 +83,7 @@ func TestAccEphemeralServiceAccountToken_withCustomLifetime(t *testing.T) { t.Parallel() serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "lifetime", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "lifetime", serviceAccount) context := map[string]interface{}{ "ephemeral_resource_name": "token", diff --git a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_id_token_test.go b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_id_token_test.go index ed3812140c2b..29cf299b4561 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_id_token_test.go +++ b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_id_token_test.go @@ -7,13 +7,14 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" ) func TestAccEphemeralServiceAccountIdToken_basic(t *testing.T) { t.Parallel() serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "idtoken", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "idtoken", serviceAccount) resource.Test(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, @@ -30,9 +31,9 @@ func TestAccEphemeralServiceAccountIdToken_withDelegates(t *testing.T) { t.Parallel() initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - delegateServiceAccountEmailOne := acctest.BootstrapServiceAccount(t, "id-delegate1", initialServiceAccount) // SA_2 - delegateServiceAccountEmailTwo := acctest.BootstrapServiceAccount(t, "id-delegate2", delegateServiceAccountEmailOne) // SA_3 - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "id-target", delegateServiceAccountEmailTwo) // SA_4 + delegateServiceAccountEmailOne := iambeta.BootstrapServiceAccount(t, "id-delegate1", initialServiceAccount) // SA_2 + delegateServiceAccountEmailTwo := iambeta.BootstrapServiceAccount(t, "id-delegate2", delegateServiceAccountEmailOne) // SA_3 + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "id-target", delegateServiceAccountEmailTwo) // SA_4 resource.Test(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, @@ -49,7 +50,7 @@ func TestAccEphemeralServiceAccountIdToken_withEmptyDelegates(t *testing.T) { t.Parallel() initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "no-del", initialServiceAccount) // SA_4 + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "no-del", initialServiceAccount) // SA_4 resource.Test(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, @@ -69,7 +70,7 @@ func TestAccEphemeralServiceAccountIdToken_withIncludeEmail(t *testing.T) { t.Parallel() serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "idtoken-email", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "idtoken-email", serviceAccount) resource.Test(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, diff --git a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_jwt_test.go b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_jwt_test.go index f31beed7b903..cbc44990bb29 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_jwt_test.go +++ b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_jwt_test.go @@ -6,13 +6,14 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" ) func TestAccEphemeralServiceAccountJwt_basic(t *testing.T) { t.Parallel() serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "jwt-basic", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "jwt-basic", serviceAccount) context := map[string]interface{}{ "ephemeral_resource_name": "jwt", @@ -45,9 +46,9 @@ func TestAccEphemeralServiceAccountJwt_withDelegates(t *testing.T) { t.Parallel() initialServiceAccount := envvar.GetTestServiceAccountFromEnv(t) - delegateServiceAccountEmailOne := acctest.BootstrapServiceAccount(t, "jwt-delegate1", initialServiceAccount) // SA_2 - delegateServiceAccountEmailTwo := acctest.BootstrapServiceAccount(t, "jwt-delegate2", delegateServiceAccountEmailOne) // SA_3 - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "jwt-target", delegateServiceAccountEmailTwo) // SA_4 + delegateServiceAccountEmailOne := iambeta.BootstrapServiceAccount(t, "jwt-delegate1", initialServiceAccount) // SA_2 + delegateServiceAccountEmailTwo := iambeta.BootstrapServiceAccount(t, "jwt-delegate2", delegateServiceAccountEmailOne) // SA_3 + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "jwt-target", delegateServiceAccountEmailTwo) // SA_4 context := map[string]interface{}{ "ephemeral_resource_name": "jwt", @@ -81,7 +82,7 @@ func TestAccEphemeralServiceAccountJwt_withExpiresIn(t *testing.T) { t.Parallel() serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "expiry", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "expiry", serviceAccount) context := map[string]interface{}{ "ephemeral_resource_name": "jwt", diff --git a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_key_test.go b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_key_test.go index 474476cb0888..9254ee7e998a 100644 --- a/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_key_test.go +++ b/mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_key_test.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/iambeta" ) func TestAccEphemeralServiceAccountKey_create(t *testing.T) { @@ -127,7 +128,7 @@ func TestAccEphemeralServiceAccountKey_fetch(t *testing.T) { t.Parallel() serviceAccount := envvar.GetTestServiceAccountFromEnv(t) - targetServiceAccountEmail := acctest.BootstrapServiceAccount(t, "key-basic", serviceAccount) + targetServiceAccountEmail := iambeta.BootstrapServiceAccount(t, "key-basic", serviceAccount) resource.Test(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), diff --git a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_release_test.go.tmpl b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_release_test.go.tmpl index d6f37ef0a683..754b57d9c049 100644 --- a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_release_test.go.tmpl +++ b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_release_test.go.tmpl @@ -10,11 +10,12 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccSaasRuntimeRelease_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com", Role: "roles/saasservicemgmt.serviceAgent", diff --git a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_rollout_kind_test.go.tmpl b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_rollout_kind_test.go.tmpl index db8350e21493..e43c0e418590 100644 --- a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_rollout_kind_test.go.tmpl +++ b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_rollout_kind_test.go.tmpl @@ -9,11 +9,12 @@ import ( "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccSaasRuntimeRolloutKind_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com", Role: "roles/saasservicemgmt.serviceAgent", diff --git a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_saas_test.go.tmpl b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_saas_test.go.tmpl index 1d9c30460336..64a7dba00d50 100644 --- a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_saas_test.go.tmpl +++ b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_saas_test.go.tmpl @@ -9,11 +9,12 @@ import ( "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccSaasRuntimeSaas_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com", Role: "roles/saasservicemgmt.serviceAgent", diff --git a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_tenant_test.go.tmpl b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_tenant_test.go.tmpl index aa1945d986af..36d69e3e5557 100644 --- a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_tenant_test.go.tmpl +++ b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_tenant_test.go.tmpl @@ -10,11 +10,12 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccSaasRuntimeTenant_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com", Role: "roles/saasservicemgmt.serviceAgent", diff --git a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_kind_test.go.tmpl b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_kind_test.go.tmpl index f9d1c2534f91..55aa9fae73d1 100644 --- a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_kind_test.go.tmpl +++ b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_kind_test.go.tmpl @@ -10,11 +10,12 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccSaasRuntimeUnitKind_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com", Role: "roles/saasservicemgmt.serviceAgent", diff --git a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_test.go.tmpl b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_test.go.tmpl index 9b8216729068..d11f67a9fee5 100644 --- a/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_test.go.tmpl +++ b/mmv1/third_party/terraform/services/saasruntime/resource_saas_runtime_unit_test.go.tmpl @@ -10,11 +10,12 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccSaasRuntimeUnit_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-saasservicemgmt.iam.gserviceaccount.com", Role: "roles/saasservicemgmt.serviceAgent", diff --git a/mmv1/third_party/terraform/services/spanner/resource_spanner_database_test.go b/mmv1/third_party/terraform/services/spanner/resource_spanner_database_test.go index ea2e5acafd49..78996df00f85 100644 --- a/mmv1/third_party/terraform/services/spanner/resource_spanner_database_test.go +++ b/mmv1/third_party/terraform/services/spanner/resource_spanner_database_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccSpannerDatabase_basic(t *testing.T) { @@ -627,7 +628,7 @@ resource "google_spanner_database" "database" { func TestAccSpannerDatabase_cmek(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-spanner.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/storagecontrol/data_source_storage_control_project_intelligence_config_test.go b/mmv1/third_party/terraform/services/storagecontrol/data_source_storage_control_project_intelligence_config_test.go index 2cc23c42aaec..817da3edc8f2 100644 --- a/mmv1/third_party/terraform/services/storagecontrol/data_source_storage_control_project_intelligence_config_test.go +++ b/mmv1/third_party/terraform/services/storagecontrol/data_source_storage_control_project_intelligence_config_test.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccDataSourceGoogleStorageControlProjectIntelligenceConfig_basic(t *testing.T) { @@ -13,7 +14,7 @@ func TestAccDataSourceGoogleStorageControlProjectIntelligenceConfig_basic(t *tes context := map[string]interface{}{ "random_suffix": acctest.RandString(t, 10), - "project": acctest.BootstrapProject(t, "tf-boot-stor-int-", envvar.GetTestBillingAccountFromEnv(t), []string{"storage.googleapis.com"}).ProjectId, + "project": resourcemanager.BootstrapProject(t, "tf-boot-stor-int-", envvar.GetTestBillingAccountFromEnv(t), []string{"storage.googleapis.com"}).ProjectId, } acctest.VcrTest(t, resource.TestCase{ diff --git a/mmv1/third_party/terraform/services/storagecontrol/resource_storage_control_project_intelligence_config_test.go b/mmv1/third_party/terraform/services/storagecontrol/resource_storage_control_project_intelligence_config_test.go index c0ebc73c9fd4..0013b1faef20 100644 --- a/mmv1/third_party/terraform/services/storagecontrol/resource_storage_control_project_intelligence_config_test.go +++ b/mmv1/third_party/terraform/services/storagecontrol/resource_storage_control_project_intelligence_config_test.go @@ -6,13 +6,14 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccStorageControlProjectIntelligenceConfig_update(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "project": acctest.BootstrapProject(t, "tf-boot-stor-int-", envvar.GetTestBillingAccountFromEnv(t), []string{"storage.googleapis.com"}).ProjectId, + "project": resourcemanager.BootstrapProject(t, "tf-boot-stor-int-", envvar.GetTestBillingAccountFromEnv(t), []string{"storage.googleapis.com"}).ProjectId, "random_suffix": acctest.RandString(t, 10), } diff --git a/mmv1/third_party/terraform/services/storagetransfer/resource_storage_transfer_job_test.go b/mmv1/third_party/terraform/services/storagetransfer/resource_storage_transfer_job_test.go index da6f7fc0a7bd..3a43cf94ac7a 100644 --- a/mmv1/third_party/terraform/services/storagetransfer/resource_storage_transfer_job_test.go +++ b/mmv1/third_party/terraform/services/storagetransfer/resource_storage_transfer_job_test.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/storagetransfer" ) @@ -114,7 +115,7 @@ func TestAccStorageTransferJob_updateLoggingConfig(t *testing.T) { func TestAccStorageTransferReplicationJob_basic(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gs-project-accounts.iam.gserviceaccount.com", Role: "roles/pubsub.publisher", @@ -248,7 +249,7 @@ func TestAccStorageTransferJob_omitScheduleEndDate(t *testing.T) { func TestAccStorageTransferJob_posixSource(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:project-{project_number}@storage-transfer-service.iam.gserviceaccount.com", Role: "roles/pubsub.admin", @@ -286,7 +287,7 @@ func TestAccStorageTransferJob_posixSource(t *testing.T) { func TestAccStorageTransferJob_posixSink(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:project-{project_number}@storage-transfer-service.iam.gserviceaccount.com", Role: "roles/pubsub.admin", @@ -544,7 +545,7 @@ func TestAccStorageTransferJob_notificationConfig(t *testing.T) { func TestAccStorageTransferJob_hdfsSource(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:project-{project_number}@storage-transfer-service.iam.gserviceaccount.com", Role: "roles/pubsub.admin", diff --git a/mmv1/third_party/terraform/services/vertexai/resource_vertex_ai_reasoning_engine_test.go b/mmv1/third_party/terraform/services/vertexai/resource_vertex_ai_reasoning_engine_test.go index 25ca48f40f85..9eba66457187 100644 --- a/mmv1/third_party/terraform/services/vertexai/resource_vertex_ai_reasoning_engine_test.go +++ b/mmv1/third_party/terraform/services/vertexai/resource_vertex_ai_reasoning_engine_test.go @@ -8,12 +8,13 @@ import ( "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" ) func TestAccVertexAIReasoningEngine_vertexAiReasoningEngineUpdate(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-aiplatform.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", diff --git a/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_cluster_test.go b/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_cluster_test.go index a92495fdfc87..87f04dc03bd5 100644 --- a/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_cluster_test.go +++ b/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_cluster_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/servicenetworking" "github.com/hashicorp/terraform-provider-google/google/services/vmwareengine" "github.com/hashicorp/terraform-provider-google/google/tpgresource" @@ -22,7 +23,7 @@ func TestAccVmwareengineCluster_vmwareEngineClusterUpdate(t *testing.T) { acctest.SkipIfVcr(t) t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-vmwareengine.iam.gserviceaccount.com", Role: "roles/file.viewer", diff --git a/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_datastore_test.go b/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_datastore_test.go index 8ccac88088ad..49cb366f25cc 100644 --- a/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_datastore_test.go +++ b/mmv1/third_party/terraform/services/vmwareengine/resource_vmwareengine_datastore_test.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/servicenetworking" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" @@ -76,7 +77,7 @@ resource "google_vmwareengine_datastore" "example_thirdparty" { func TestAccVmwareengineDatastore_vmwareEngineDatastoreFilestore_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-vmwareengine.iam.gserviceaccount.com", Role: "roles/file.viewer", @@ -164,7 +165,7 @@ resource "google_vmwareengine_datastore" "example_filestore" { func TestAccVmwareengineDatastore_vmwareEngineDatastoreNetapp_update(t *testing.T) { t.Parallel() - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-vmwareengine.iam.gserviceaccount.com", Role: "roles/netapp.viewer", diff --git a/mmv1/third_party/terraform/services/workflows/resource_workflows_workflow_test.go b/mmv1/third_party/terraform/services/workflows/resource_workflows_workflow_test.go index 78d48472c9f7..f7ffebd63e8a 100644 --- a/mmv1/third_party/terraform/services/workflows/resource_workflows_workflow_test.go +++ b/mmv1/third_party/terraform/services/workflows/resource_workflows_workflow_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/services/kms" + "github.com/hashicorp/terraform-provider-google/google/services/resourcemanager" "github.com/hashicorp/terraform-provider-google/google/services/workflows" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -295,7 +296,7 @@ func TestAccWorkflowsWorkflow_CMEK(t *testing.T) { workflowName := fmt.Sprintf("tf-test-acc-workflow-%d", acctest.RandInt(t)) bootstrapped := kms.BootstrapKMSKeyInLocation(t, "us-central1") - acctest.BootstrapIamMembers(t, []acctest.IamMember{ + resourcemanager.BootstrapIamMembers(t, []resourcemanager.IamMember{ { Member: "serviceAccount:service-{project_number}@gcp-sa-workflows.iam.gserviceaccount.com", Role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",