diff --git a/.changelog/6633.txt b/.changelog/6633.txt new file mode 100644 index 00000000000..ee5aa811bd6 --- /dev/null +++ b/.changelog/6633.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +datafusion: added `enable_rbac` field to `google_data_fusion_instance` resource +``` diff --git a/google/resource_data_fusion_instance.go b/google/resource_data_fusion_instance.go index 97ebb858563..078faf427d0 100644 --- a/google/resource_data_fusion_instance.go +++ b/google/resource_data_fusion_instance.go @@ -18,6 +18,7 @@ import ( "fmt" "log" "reflect" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -92,6 +93,11 @@ pipelines at low cost. Possible values: ["BASIC", "ENTERPRISE", "DEVELOPER"]`, ForceNew: true, Description: `An optional description of the instance.`, }, + "enable_rbac": { + Type: schema.TypeBool, + Optional: true, + Description: `Option to enable granular role-based access control.`, + }, "enable_stackdriver_logging": { Type: schema.TypeBool, Optional: true, @@ -254,6 +260,12 @@ func resourceDataFusionInstanceCreate(d *schema.ResourceData, meta interface{}) } else if v, ok := d.GetOkExists("enable_stackdriver_monitoring"); !isEmptyValue(reflect.ValueOf(enableStackdriverMonitoringProp)) && (ok || !reflect.DeepEqual(v, enableStackdriverMonitoringProp)) { obj["enableStackdriverMonitoring"] = enableStackdriverMonitoringProp } + enableRbacProp, err := expandDataFusionInstanceEnableRbac(d.Get("enable_rbac"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("enable_rbac"); !isEmptyValue(reflect.ValueOf(enableRbacProp)) && (ok || !reflect.DeepEqual(v, enableRbacProp)) { + obj["enableRbac"] = enableRbacProp + } labelsProp, err := expandDataFusionInstanceLabels(d.Get("labels"), d, config) if err != nil { return err @@ -414,6 +426,9 @@ func resourceDataFusionInstanceRead(d *schema.ResourceData, meta interface{}) er if err := d.Set("enable_stackdriver_monitoring", flattenDataFusionInstanceEnableStackdriverMonitoring(res["enableStackdriverMonitoring"], d, config)); err != nil { return fmt.Errorf("Error reading Instance: %s", err) } + if err := d.Set("enable_rbac", flattenDataFusionInstanceEnableRbac(res["enableRbac"], d, config)); err != nil { + return fmt.Errorf("Error reading Instance: %s", err) + } if err := d.Set("labels", flattenDataFusionInstanceLabels(res["labels"], d, config)); err != nil { return fmt.Errorf("Error reading Instance: %s", err) } @@ -488,6 +503,12 @@ func resourceDataFusionInstanceUpdate(d *schema.ResourceData, meta interface{}) } else if v, ok := d.GetOkExists("enable_stackdriver_monitoring"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, enableStackdriverMonitoringProp)) { obj["enableStackdriverMonitoring"] = enableStackdriverMonitoringProp } + enableRbacProp, err := expandDataFusionInstanceEnableRbac(d.Get("enable_rbac"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("enable_rbac"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, enableRbacProp)) { + obj["enableRbac"] = enableRbacProp + } labelsProp, err := expandDataFusionInstanceLabels(d.Get("labels"), d, config) if err != nil { return err @@ -501,6 +522,27 @@ func resourceDataFusionInstanceUpdate(d *schema.ResourceData, meta interface{}) } log.Printf("[DEBUG] Updating Instance %q: %#v", d.Id(), obj) + updateMask := []string{} + + if d.HasChange("enable_stackdriver_logging") { + updateMask = append(updateMask, "enableStackdriverLogging") + } + + if d.HasChange("enable_stackdriver_monitoring") { + updateMask = append(updateMask, "enableStackdriverMonitoring") + } + + if d.HasChange("enable_rbac") { + updateMask = append(updateMask, "enableRbac") + } + + // updateMask is a URL parameter but not present in the schema, so replaceVars + // won't set it + + url, err = addQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")}) + if err != nil { + return err + } // err == nil indicates that the billing_project value was found if bp, err := getBillingProject(d, config); err == nil { @@ -615,6 +657,10 @@ func flattenDataFusionInstanceEnableStackdriverMonitoring(v interface{}, d *sche return v } +func flattenDataFusionInstanceEnableRbac(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + func flattenDataFusionInstanceLabels(v interface{}, d *schema.ResourceData, config *Config) interface{} { return v } @@ -723,6 +769,10 @@ func expandDataFusionInstanceEnableStackdriverMonitoring(v interface{}, d Terraf return v, nil } +func expandDataFusionInstanceEnableRbac(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + func expandDataFusionInstanceLabels(v interface{}, d TerraformResourceData, config *Config) (map[string]string, error) { if v == nil { return map[string]string{}, nil diff --git a/google/resource_data_fusion_instance_generated_test.go b/google/resource_data_fusion_instance_generated_test.go index a6a7c1ecb1e..1591810007b 100644 --- a/google/resource_data_fusion_instance_generated_test.go +++ b/google/resource_data_fusion_instance_generated_test.go @@ -179,6 +179,46 @@ data "google_project" "project" {} `, context) } +func TestAccDataFusionInstance_dataFusionInstanceEnterpriseExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDataFusionInstanceDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataFusionInstance_dataFusionInstanceEnterpriseExample(context), + }, + { + ResourceName: "google_data_fusion_instance.enterprise_instance", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"region"}, + }, + }, + }) +} + +func testAccDataFusionInstance_dataFusionInstanceEnterpriseExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_data_fusion_instance" "enterprise_instance" { + name = "tf-test-my-instance%{random_suffix}" + region = "us-central1" + type = "ENTERPRISE" + enable_rbac = true + # Mark for testing to avoid service networking connection usage that is not cleaned up + options = { + prober_test_run = "true" + } +} +`, context) +} + func testAccCheckDataFusionInstanceDestroyProducer(t *testing.T) func(s *terraform.State) error { return func(s *terraform.State) error { for name, rs := range s.RootModule().Resources { diff --git a/website/docs/r/data_fusion_instance.html.markdown b/website/docs/r/data_fusion_instance.html.markdown index 662fe000e82..a98e338f47c 100644 --- a/website/docs/r/data_fusion_instance.html.markdown +++ b/website/docs/r/data_fusion_instance.html.markdown @@ -125,6 +125,26 @@ resource "google_kms_crypto_key_iam_binding" "crypto_key_binding" { data "google_project" "project" {} ``` +
+ + Open in Cloud Shell + +
+## Example Usage - Data Fusion Instance Enterprise + + +```hcl +resource "google_data_fusion_instance" "enterprise_instance" { + name = "my-instance" + region = "us-central1" + type = "ENTERPRISE" + enable_rbac = true + # Mark for testing to avoid service networking connection usage that is not cleaned up + options = { + prober_test_run = "true" + } +} +``` ## Argument Reference @@ -165,6 +185,10 @@ The following arguments are supported: (Optional) Option to enable Stackdriver Monitoring. +* `enable_rbac` - + (Optional) + Option to enable granular role-based access control. + * `labels` - (Optional) The resource labels for instance to use to annotate any related underlying resources,