diff --git a/mmv1/products/accessapproval/FolderSettings.yaml b/mmv1/products/accessapproval/FolderSettings.yaml index b16f1d807c30..a466d51e29dd 100644 --- a/mmv1/products/accessapproval/FolderSettings.yaml +++ b/mmv1/products/accessapproval/FolderSettings.yaml @@ -1,4 +1,4 @@ -# Copyright 2023 Google Inc. +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,67 +11,73 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- !ruby/object:Api::Resource -name: FolderSettings -base_url: 'folders/{{folder_id}}/accessApprovalSettings' -self_link: 'folders/{{folder_id}}/accessApprovalSettings' -create_verb: :PATCH -update_verb: :PATCH -update_mask: true +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FolderSettings' +legacy_name: 'google_folder_access_approval_settings' description: | Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. -references: !ruby/object:Api::Resource::ReferenceLinks +references: + guides: api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/folders' -legacy_name: 'google_folder_access_approval_settings' -import_format: ['folders/{{folder_id}}/accessApprovalSettings'] +docs: +base_url: 'folders/{{folder_id}}/accessApprovalSettings' +self_link: 'folders/{{folder_id}}/accessApprovalSettings' +create_verb: 'PATCH' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'folders/{{folder_id}}/accessApprovalSettings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/access_approval.go.tmpl' + pre_create: 'templates/terraform/update_mask.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/clear_folder_access_approval_settings.go.tmpl' examples: - - !ruby/object:Provider::Terraform::Examples - skip_test: true - name: 'folder_access_approval_full' + - name: 'folder_access_approval_full' primary_resource_id: 'folder_access_approval' vars: folder_name: 'my-folder' test_env_vars: - org_id: :ORG_ID - - !ruby/object:Provider::Terraform::Examples + org_id: 'ORG_ID' skip_test: true - name: 'folder_access_approval_active_key_version' + - name: 'folder_access_approval_active_key_version' primary_resource_id: 'folder_access_approval' vars: folder_name: 'my-folder' test_env_vars: - org_id: :ORG_ID -custom_code: !ruby/object:Provider::Terraform::CustomCode - custom_delete: templates/terraform/custom_delete/clear_folder_access_approval_settings.go.erb - pre_create: templates/terraform/update_mask.erb - constants: templates/terraform/constants/access_approval.go.erb + org_id: 'ORG_ID' + skip_test: true parameters: - - !ruby/object:Api::Type::String - name: folder_id + - name: 'folder_id' + type: String description: | ID of the folder of the access approval settings. + url_param_only: true required: true immutable: true - url_param_only: true properties: - - !ruby/object:Api::Type::String - name: name + - name: 'name' + type: String description: | The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings" output: true - - !ruby/object:Api::Type::Array - name: notificationEmails + - name: 'notificationEmails' + type: Array description: | A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email addresses are allowed. - max_size: 50 - item_type: Api::Type::String is_set: true default_from_api: true - - !ruby/object:Api::Type::Array - name: enrolledServices - required: true + item_type: + type: String + max_size: 50 + - name: 'enrolledServices' + type: Array description: | A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the resource given by name against any of these services contained here will be required @@ -79,12 +85,13 @@ properties: A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. is_set: true + required: true set_hash_func: accessApprovalEnrolledServicesHash - item_type: !ruby/object:Api::Type::NestedObject + item_type: + type: NestedObject properties: - - !ruby/object:Api::Type::String - name: cloudProduct - required: true + - name: 'cloudProduct' + type: String description: | The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): * all @@ -110,34 +117,35 @@ properties: * iam.googleapis.com * pubsub.googleapis.com * storage.googleapis.com - - !ruby/object:Api::Type::Enum - name: enrollmentLevel + required: true + - name: 'enrollmentLevel' + type: Enum description: | The enrollment level of the service. - default_value: :BLOCK_ALL - values: - - :BLOCK_ALL - - !ruby/object:Api::Type::Boolean - name: enrolledAncestor - output: true + default_value: "BLOCK_ALL" + enum_values: + - 'BLOCK_ALL' + - name: 'enrolledAncestor' + type: Boolean description: | If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder. - - !ruby/object:Api::Type::String - name: activeKeyVersion + output: true + - name: 'activeKeyVersion' + type: String description: | The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a Google-managed key should be used for signing. This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. - - !ruby/object:Api::Type::Boolean - name: ancestorHasActiveKeyVersion - output: true + - name: 'ancestorHasActiveKeyVersion' + type: Boolean description: | If the field is true, that indicates that an ancestor of this Folder has set active_key_version. - - !ruby/object:Api::Type::Boolean - name: invalidKeyVersion output: true + - name: 'invalidKeyVersion' + type: Boolean description: | If the field is true, that indicates that there is some configuration issue with the active_key_version configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, as key versions are inherited top-down. + output: true diff --git a/mmv1/products/accessapproval/OrganizationSettings.yaml b/mmv1/products/accessapproval/OrganizationSettings.yaml index 7e72511aedd5..c486995d8b83 100644 --- a/mmv1/products/accessapproval/OrganizationSettings.yaml +++ b/mmv1/products/accessapproval/OrganizationSettings.yaml @@ -1,4 +1,4 @@ -# Copyright 2023 Google Inc. +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,62 +11,68 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- !ruby/object:Api::Resource -name: OrganizationSettings -base_url: 'organizations/{{organization_id}}/accessApprovalSettings' -self_link: 'organizations/{{organization_id}}/accessApprovalSettings' -create_verb: :PATCH -update_verb: :PATCH -update_mask: true +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationSettings' +legacy_name: 'google_organization_access_approval_settings' description: | Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. -references: !ruby/object:Api::Resource::ReferenceLinks +references: + guides: api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/organizations' -legacy_name: 'google_organization_access_approval_settings' -import_format: ['organizations/{{organization_id}}/accessApprovalSettings'] +docs: +base_url: 'organizations/{{organization_id}}/accessApprovalSettings' +self_link: 'organizations/{{organization_id}}/accessApprovalSettings' +create_verb: 'PATCH' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'organizations/{{organization_id}}/accessApprovalSettings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/update_mask.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/clear_organization_access_approval_settings.go.tmpl' examples: - - !ruby/object:Provider::Terraform::Examples - skip_test: true - name: 'organization_access_approval_full' + - name: 'organization_access_approval_full' primary_resource_id: 'organization_access_approval' test_env_vars: - org_id: :ORG_ID - - !ruby/object:Provider::Terraform::Examples + org_id: 'ORG_ID' skip_test: true - name: 'organization_access_approval_active_key_version' + - name: 'organization_access_approval_active_key_version' primary_resource_id: 'organization_access_approval' test_env_vars: - org_id: :ORG_ID -custom_code: !ruby/object:Provider::Terraform::CustomCode - custom_delete: templates/terraform/custom_delete/clear_organization_access_approval_settings.go.erb - pre_create: templates/terraform/update_mask.erb + org_id: 'ORG_ID' + skip_test: true parameters: - - !ruby/object:Api::Type::String - name: organization_id + - name: 'organization_id' + type: String description: | ID of the organization of the access approval settings. + url_param_only: true required: true immutable: true - url_param_only: true properties: - - !ruby/object:Api::Type::String - name: name + - name: 'name' + type: String description: | The resource name of the settings. Format is "organizations/{organization_id}/accessApprovalSettings" output: true - - !ruby/object:Api::Type::Array - name: notificationEmails + - name: 'notificationEmails' + type: Array description: | A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email addresses are allowed. - max_size: 50 - item_type: Api::Type::String is_set: true default_from_api: true - - !ruby/object:Api::Type::Array - name: enrolledServices - required: true + item_type: + type: String + max_size: 50 + - name: 'enrolledServices' + type: Array description: | A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the resource given by name against any of these services contained here will be required @@ -74,12 +80,13 @@ properties: A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. is_set: true + required: true set_hash_func: accessApprovalEnrolledServicesHash - item_type: !ruby/object:Api::Type::NestedObject + item_type: + type: NestedObject properties: - - !ruby/object:Api::Type::String - name: cloudProduct - required: true + - name: 'cloudProduct' + type: String description: | The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): all @@ -92,32 +99,33 @@ properties: iam.googleapis.com pubsub.googleapis.com storage.googleapis.com - - !ruby/object:Api::Type::Enum - name: enrollmentLevel + required: true + - name: 'enrollmentLevel' + type: Enum description: | The enrollment level of the service. - default_value: :BLOCK_ALL - values: - - :BLOCK_ALL - - !ruby/object:Api::Type::Boolean - name: enrolledAncestor - output: true + default_value: "BLOCK_ALL" + enum_values: + - 'BLOCK_ALL' + - name: 'enrolledAncestor' + type: Boolean description: | This field will always be unset for the organization since organizations do not have ancestors. - - !ruby/object:Api::Type::String - name: activeKeyVersion + output: true + - name: 'activeKeyVersion' + type: String description: | The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a Google-managed key should be used for signing. - - !ruby/object:Api::Type::Boolean - name: ancestorHasActiveKeyVersion - output: true + - name: 'ancestorHasActiveKeyVersion' + type: Boolean description: | This field will always be unset for the organization since organizations do not have ancestors. - - !ruby/object:Api::Type::Boolean - name: invalidKeyVersion output: true + - name: 'invalidKeyVersion' + type: Boolean description: | If the field is true, that indicates that there is some configuration issue with the active_key_version configured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the correct permissions on it, etc.). + output: true diff --git a/mmv1/products/accessapproval/ProjectSettings.yaml b/mmv1/products/accessapproval/ProjectSettings.yaml index 68eddf5026e8..806609b22c4f 100644 --- a/mmv1/products/accessapproval/ProjectSettings.yaml +++ b/mmv1/products/accessapproval/ProjectSettings.yaml @@ -1,4 +1,4 @@ -# Copyright 2023 Google Inc. +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,64 +11,70 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- !ruby/object:Api::Resource -name: ProjectSettings -base_url: 'projects/{{project_id}}/accessApprovalSettings' -self_link: 'projects/{{project_id}}/accessApprovalSettings' -create_verb: :PATCH -update_verb: :PATCH -update_mask: true +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectSettings' +legacy_name: 'google_project_access_approval_settings' description: | Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. -references: !ruby/object:Api::Resource::ReferenceLinks +references: + guides: api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/projects' -legacy_name: 'google_project_access_approval_settings' -import_format: ['projects/{{project_id}}/accessApprovalSettings'] +docs: +base_url: 'projects/{{project_id}}/accessApprovalSettings' +self_link: 'projects/{{project_id}}/accessApprovalSettings' +create_verb: 'PATCH' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project_id}}/accessApprovalSettings' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + pre_create: 'templates/terraform/update_mask.go.tmpl' + custom_delete: 'templates/terraform/custom_delete/go/clear_project_access_approval_settings.go.tmpl' examples: - - !ruby/object:Provider::Terraform::Examples - skip_test: true - name: 'project_access_approval_full' + - name: 'project_access_approval_full' primary_resource_id: 'project_access_approval' test_env_vars: - project: :PROJECT_NAME - org_id: :ORG_ID - - !ruby/object:Provider::Terraform::Examples + project: 'PROJECT_NAME' + org_id: 'ORG_ID' skip_test: true - name: 'project_access_approval_active_key_version' + - name: 'project_access_approval_active_key_version' primary_resource_id: 'project_access_approval' test_env_vars: - project: :PROJECT_NAME - org_id: :ORG_ID -custom_code: !ruby/object:Provider::Terraform::CustomCode - custom_delete: templates/terraform/custom_delete/clear_project_access_approval_settings.go.erb - pre_create: templates/terraform/update_mask.erb + project: 'PROJECT_NAME' + org_id: 'ORG_ID' + skip_test: true parameters: - - !ruby/object:Api::Type::String - name: project_id + - name: 'project_id' + type: String description: | ID of the project of the access approval settings. + url_param_only: true required: true immutable: true - url_param_only: true properties: - - !ruby/object:Api::Type::String - name: name + - name: 'name' + type: String description: | The resource name of the settings. Format is "projects/{project_id}/accessApprovalSettings" output: true - - !ruby/object:Api::Type::Array - name: notificationEmails + - name: 'notificationEmails' + type: Array description: | A list of email addresses to which notifications relating to approval requests should be sent. Notifications relating to a resource will be sent to all emails in the settings of ancestor resources of that resource. A maximum of 50 email addresses are allowed. - max_size: 50 - item_type: Api::Type::String is_set: true default_from_api: true - - !ruby/object:Api::Type::Array - name: enrolledServices - required: true + item_type: + type: String + max_size: 50 + - name: 'enrolledServices' + type: Array description: | A list of Google Cloud Services for which the given resource has Access Approval enrolled. Access requests for the resource given by name against any of these services contained here will be required @@ -76,12 +82,13 @@ properties: A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. is_set: true + required: true set_hash_func: accessApprovalEnrolledServicesHash - item_type: !ruby/object:Api::Type::NestedObject + item_type: + type: NestedObject properties: - - !ruby/object:Api::Type::String - name: cloudProduct - required: true + - name: 'cloudProduct' + type: String description: | The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): all @@ -94,40 +101,40 @@ properties: iam.googleapis.com pubsub.googleapis.com storage.googleapis.com - - !ruby/object:Api::Type::Enum - name: enrollmentLevel + required: true + - name: 'enrollmentLevel' + type: Enum description: | The enrollment level of the service. - default_value: :BLOCK_ALL - values: - - :BLOCK_ALL - - !ruby/object:Api::Type::Boolean - name: enrolledAncestor - output: true + default_value: "BLOCK_ALL" + enum_values: + - 'BLOCK_ALL' + - name: 'enrolledAncestor' + type: Boolean description: | If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project. - - !ruby/object:Api::Type::String - name: activeKeyVersion + output: true + - name: 'activeKeyVersion' + type: String description: | The asymmetric crypto key version to use for signing approval requests. Empty active_key_version indicates that a Google-managed key should be used for signing. This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. - - !ruby/object:Api::Type::Boolean - name: ancestorHasActiveKeyVersion - output: true + - name: 'ancestorHasActiveKeyVersion' + type: Boolean description: | If the field is true, that indicates that an ancestor of this Project has set active_key_version. - - !ruby/object:Api::Type::Boolean - name: invalidKeyVersion output: true + - name: 'invalidKeyVersion' + type: Boolean description: | If the field is true, that indicates that there is some configuration issue with the active_key_version configured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, as key versions are inherited top-down. - - !ruby/object:Api::Type::String - name: project + output: true + - name: 'project' + type: String description: | Project id. - deprecation_message: >- - `project` is deprecated and will be removed in a future major release. Use `project_id` instead. + deprecation_message: '`project` is deprecated and will be removed in a future major release. Use `project_id` instead.' diff --git a/mmv1/products/accessapproval/go_FolderSettings.yaml b/mmv1/products/accessapproval/go_FolderSettings.yaml deleted file mode 100644 index a466d51e29dd..000000000000 --- a/mmv1/products/accessapproval/go_FolderSettings.yaml +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 2024 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Warning: This is a temporary file, and should not be edited directly ---- -name: 'FolderSettings' -legacy_name: 'google_folder_access_approval_settings' -description: | - Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. -references: - guides: - api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/folders' -docs: -base_url: 'folders/{{folder_id}}/accessApprovalSettings' -self_link: 'folders/{{folder_id}}/accessApprovalSettings' -create_verb: 'PATCH' -update_verb: 'PATCH' -update_mask: true -import_format: - - 'folders/{{folder_id}}/accessApprovalSettings' -timeouts: - insert_minutes: 20 - update_minutes: 20 - delete_minutes: 20 -custom_code: - constants: 'templates/terraform/constants/go/access_approval.go.tmpl' - pre_create: 'templates/terraform/update_mask.go.tmpl' - custom_delete: 'templates/terraform/custom_delete/go/clear_folder_access_approval_settings.go.tmpl' -examples: - - name: 'folder_access_approval_full' - primary_resource_id: 'folder_access_approval' - vars: - folder_name: 'my-folder' - test_env_vars: - org_id: 'ORG_ID' - skip_test: true - - name: 'folder_access_approval_active_key_version' - primary_resource_id: 'folder_access_approval' - vars: - folder_name: 'my-folder' - test_env_vars: - org_id: 'ORG_ID' - skip_test: true -parameters: - - name: 'folder_id' - type: String - description: | - ID of the folder of the access approval settings. - url_param_only: true - required: true - immutable: true -properties: - - name: 'name' - type: String - description: | - The resource name of the settings. Format is "folders/{folder_id}/accessApprovalSettings" - output: true - - name: 'notificationEmails' - type: Array - description: | - A list of email addresses to which notifications relating to approval requests should be sent. - Notifications relating to a resource will be sent to all emails in the settings of ancestor - resources of that resource. A maximum of 50 email addresses are allowed. - is_set: true - default_from_api: true - item_type: - type: String - max_size: 50 - - name: 'enrolledServices' - type: Array - description: | - A list of Google Cloud Services for which the given resource has Access Approval enrolled. - Access requests for the resource given by name against any of these services contained here will be required - to have explicit approval. Enrollment can only be done on an all or nothing basis. - - A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. - is_set: true - required: true - set_hash_func: accessApprovalEnrolledServicesHash - item_type: - type: NestedObject - properties: - - name: 'cloudProduct' - type: String - description: | - The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): - * all - * App Engine - * BigQuery - * Cloud Bigtable - * Cloud Key Management Service - * Compute Engine - * Cloud Dataflow - * Cloud Identity and Access Management - * Cloud Pub/Sub - * Cloud Storage - * Persistent Disk - - Note: These values are supported as input, but considered a legacy format: - * all - * appengine.googleapis.com - * bigquery.googleapis.com - * bigtable.googleapis.com - * cloudkms.googleapis.com - * compute.googleapis.com - * dataflow.googleapis.com - * iam.googleapis.com - * pubsub.googleapis.com - * storage.googleapis.com - required: true - - name: 'enrollmentLevel' - type: Enum - description: | - The enrollment level of the service. - default_value: "BLOCK_ALL" - enum_values: - - 'BLOCK_ALL' - - name: 'enrolledAncestor' - type: Boolean - description: | - If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder. - output: true - - name: 'activeKeyVersion' - type: String - description: | - The asymmetric crypto key version to use for signing approval requests. - Empty active_key_version indicates that a Google-managed key should be used for signing. - This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. - - name: 'ancestorHasActiveKeyVersion' - type: Boolean - description: | - If the field is true, that indicates that an ancestor of this Folder has set active_key_version. - output: true - - name: 'invalidKeyVersion' - type: Boolean - description: | - If the field is true, that indicates that there is some configuration issue with the active_key_version - configured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the - correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, - as key versions are inherited top-down. - output: true diff --git a/mmv1/products/accessapproval/go_OrganizationSettings.yaml b/mmv1/products/accessapproval/go_OrganizationSettings.yaml deleted file mode 100644 index c486995d8b83..000000000000 --- a/mmv1/products/accessapproval/go_OrganizationSettings.yaml +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2024 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Warning: This is a temporary file, and should not be edited directly ---- -name: 'OrganizationSettings' -legacy_name: 'google_organization_access_approval_settings' -description: | - Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. -references: - guides: - api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/organizations' -docs: -base_url: 'organizations/{{organization_id}}/accessApprovalSettings' -self_link: 'organizations/{{organization_id}}/accessApprovalSettings' -create_verb: 'PATCH' -update_verb: 'PATCH' -update_mask: true -import_format: - - 'organizations/{{organization_id}}/accessApprovalSettings' -timeouts: - insert_minutes: 20 - update_minutes: 20 - delete_minutes: 20 -custom_code: - pre_create: 'templates/terraform/update_mask.go.tmpl' - custom_delete: 'templates/terraform/custom_delete/go/clear_organization_access_approval_settings.go.tmpl' -examples: - - name: 'organization_access_approval_full' - primary_resource_id: 'organization_access_approval' - test_env_vars: - org_id: 'ORG_ID' - skip_test: true - - name: 'organization_access_approval_active_key_version' - primary_resource_id: 'organization_access_approval' - test_env_vars: - org_id: 'ORG_ID' - skip_test: true -parameters: - - name: 'organization_id' - type: String - description: | - ID of the organization of the access approval settings. - url_param_only: true - required: true - immutable: true -properties: - - name: 'name' - type: String - description: | - The resource name of the settings. Format is "organizations/{organization_id}/accessApprovalSettings" - output: true - - name: 'notificationEmails' - type: Array - description: | - A list of email addresses to which notifications relating to approval requests should be sent. - Notifications relating to a resource will be sent to all emails in the settings of ancestor - resources of that resource. A maximum of 50 email addresses are allowed. - is_set: true - default_from_api: true - item_type: - type: String - max_size: 50 - - name: 'enrolledServices' - type: Array - description: | - A list of Google Cloud Services for which the given resource has Access Approval enrolled. - Access requests for the resource given by name against any of these services contained here will be required - to have explicit approval. Enrollment can be done for individual services. - - A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. - is_set: true - required: true - set_hash_func: accessApprovalEnrolledServicesHash - item_type: - type: NestedObject - properties: - - name: 'cloudProduct' - type: String - description: | - The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): - all - appengine.googleapis.com - bigquery.googleapis.com - bigtable.googleapis.com - cloudkms.googleapis.com - compute.googleapis.com - dataflow.googleapis.com - iam.googleapis.com - pubsub.googleapis.com - storage.googleapis.com - required: true - - name: 'enrollmentLevel' - type: Enum - description: | - The enrollment level of the service. - default_value: "BLOCK_ALL" - enum_values: - - 'BLOCK_ALL' - - name: 'enrolledAncestor' - type: Boolean - description: | - This field will always be unset for the organization since organizations do not have ancestors. - output: true - - name: 'activeKeyVersion' - type: String - description: | - The asymmetric crypto key version to use for signing approval requests. - Empty active_key_version indicates that a Google-managed key should be used for signing. - - name: 'ancestorHasActiveKeyVersion' - type: Boolean - description: | - This field will always be unset for the organization since organizations do not have ancestors. - output: true - - name: 'invalidKeyVersion' - type: Boolean - description: | - If the field is true, that indicates that there is some configuration issue with the active_key_version - configured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the - correct permissions on it, etc.). - output: true diff --git a/mmv1/products/accessapproval/go_ProjectSettings.yaml b/mmv1/products/accessapproval/go_ProjectSettings.yaml deleted file mode 100644 index 806609b22c4f..000000000000 --- a/mmv1/products/accessapproval/go_ProjectSettings.yaml +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright 2024 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Warning: This is a temporary file, and should not be edited directly ---- -name: 'ProjectSettings' -legacy_name: 'google_project_access_approval_settings' -description: | - Access Approval enables you to require your explicit approval whenever Google support and engineering need to access your customer content. -references: - guides: - api: 'https://cloud.google.com/access-approval/docs/reference/rest/v1/projects' -docs: -base_url: 'projects/{{project_id}}/accessApprovalSettings' -self_link: 'projects/{{project_id}}/accessApprovalSettings' -create_verb: 'PATCH' -update_verb: 'PATCH' -update_mask: true -import_format: - - 'projects/{{project_id}}/accessApprovalSettings' -timeouts: - insert_minutes: 20 - update_minutes: 20 - delete_minutes: 20 -custom_code: - pre_create: 'templates/terraform/update_mask.go.tmpl' - custom_delete: 'templates/terraform/custom_delete/go/clear_project_access_approval_settings.go.tmpl' -examples: - - name: 'project_access_approval_full' - primary_resource_id: 'project_access_approval' - test_env_vars: - project: 'PROJECT_NAME' - org_id: 'ORG_ID' - skip_test: true - - name: 'project_access_approval_active_key_version' - primary_resource_id: 'project_access_approval' - test_env_vars: - project: 'PROJECT_NAME' - org_id: 'ORG_ID' - skip_test: true -parameters: - - name: 'project_id' - type: String - description: | - ID of the project of the access approval settings. - url_param_only: true - required: true - immutable: true -properties: - - name: 'name' - type: String - description: | - The resource name of the settings. Format is "projects/{project_id}/accessApprovalSettings" - output: true - - name: 'notificationEmails' - type: Array - description: | - A list of email addresses to which notifications relating to approval requests should be sent. - Notifications relating to a resource will be sent to all emails in the settings of ancestor - resources of that resource. A maximum of 50 email addresses are allowed. - is_set: true - default_from_api: true - item_type: - type: String - max_size: 50 - - name: 'enrolledServices' - type: Array - description: | - A list of Google Cloud Services for which the given resource has Access Approval enrolled. - Access requests for the resource given by name against any of these services contained here will be required - to have explicit approval. Enrollment can only be done on an all or nothing basis. - - A maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded. - is_set: true - required: true - set_hash_func: accessApprovalEnrolledServicesHash - item_type: - type: NestedObject - properties: - - name: 'cloudProduct' - type: String - description: | - The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive): - all - appengine.googleapis.com - bigquery.googleapis.com - bigtable.googleapis.com - cloudkms.googleapis.com - compute.googleapis.com - dataflow.googleapis.com - iam.googleapis.com - pubsub.googleapis.com - storage.googleapis.com - required: true - - name: 'enrollmentLevel' - type: Enum - description: | - The enrollment level of the service. - default_value: "BLOCK_ALL" - enum_values: - - 'BLOCK_ALL' - - name: 'enrolledAncestor' - type: Boolean - description: | - If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project. - output: true - - name: 'activeKeyVersion' - type: String - description: | - The asymmetric crypto key version to use for signing approval requests. - Empty active_key_version indicates that a Google-managed key should be used for signing. - This property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set. - - name: 'ancestorHasActiveKeyVersion' - type: Boolean - description: | - If the field is true, that indicates that an ancestor of this Project has set active_key_version. - output: true - - name: 'invalidKeyVersion' - type: Boolean - description: | - If the field is true, that indicates that there is some configuration issue with the active_key_version - configured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the - correct permissions on it, etc.) This key version is not necessarily the effective key version at this level, - as key versions are inherited top-down. - output: true - - name: 'project' - type: String - description: | - Project id. - deprecation_message: '`project` is deprecated and will be removed in a future major release. Use `project_id` instead.' diff --git a/mmv1/products/accessapproval/go_product.yaml b/mmv1/products/accessapproval/go_product.yaml deleted file mode 100644 index d925b1742897..000000000000 --- a/mmv1/products/accessapproval/go_product.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2024 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Warning: This is a temporary file, and should not be edited directly ---- -name: 'AccessApproval' -display_name: 'Access Approval' -versions: - - name: 'ga' - base_url: 'https://accessapproval.googleapis.com/v1/' -scopes: - - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/accessapproval/product.yaml b/mmv1/products/accessapproval/product.yaml index ec7d98243638..d925b1742897 100644 --- a/mmv1/products/accessapproval/product.yaml +++ b/mmv1/products/accessapproval/product.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 Google Inc. +# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -11,12 +11,12 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- !ruby/object:Api::Product -name: AccessApproval -display_name: Access Approval +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'AccessApproval' +display_name: 'Access Approval' versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://accessapproval.googleapis.com/v1/ + - name: 'ga' + base_url: 'https://accessapproval.googleapis.com/v1/' scopes: - - https://www.googleapis.com/auth/cloud-platform + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/templates/terraform/examples/folder_access_approval_full.tf.erb b/mmv1/templates/terraform/examples/folder_access_approval_full.tf.erb deleted file mode 100644 index 140550f5a161..000000000000 --- a/mmv1/templates/terraform/examples/folder_access_approval_full.tf.erb +++ /dev/null @@ -1,14 +0,0 @@ -resource "google_folder" "my_folder" { - display_name = "<%= ctx[:vars]['folder_name'] %>" - parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" - deletion_protection = false -} - -resource "google_folder_access_approval_settings" "<%= ctx[:primary_resource_id] %>" { - folder_id = google_folder.my_folder.folder_id - notification_emails = ["testuser@example.com", "example.user@example.com"] - - enrolled_services { - cloud_product = "all" - } -} diff --git a/mmv1/templates/terraform/examples/go/folder_access_approval_full.tf.tmpl b/mmv1/templates/terraform/examples/folder_access_approval_full.tf.tmpl similarity index 100% rename from mmv1/templates/terraform/examples/go/folder_access_approval_full.tf.tmpl rename to mmv1/templates/terraform/examples/folder_access_approval_full.tf.tmpl diff --git a/mmv1/third_party/terraform/services/appengine/resource_app_engine_flexible_app_version_test.go.erb b/mmv1/third_party/terraform/services/appengine/resource_app_engine_flexible_app_version_test.go.erb deleted file mode 100644 index bd3832d48dd1..000000000000 --- a/mmv1/third_party/terraform/services/appengine/resource_app_engine_flexible_app_version_test.go.erb +++ /dev/null @@ -1,446 +0,0 @@ -<% autogen_exception -%> -package appengine_test - -<% unless version == 'ga' -%> - -import ( - "log" - "strings" - "testing" - - "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/terraform" - "github.com/hashicorp/terraform-provider-google/google/acctest" - "github.com/hashicorp/terraform-provider-google/google/envvar" -) - -func TestAccAppEngineFlexibleAppVersion_update(t *testing.T) { - t.Skip("https://github.com/hashicorp/terraform-provider-google/issues/18239") - t.Parallel() - - context := map[string]interface{}{ - "org_id": envvar.GetTestOrgFromEnv(t), - "billing_account": envvar.GetTestBillingAccountFromEnv(t), - "random_suffix": acctest.RandString(t, 10), - } - - acctest.VcrTest(t, resource.TestCase{ - PreCheck: func() { acctest.AccTestPreCheck(t) }, - ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), - CheckDestroy: testAccCheckAppEngineFlexibleAppVersionDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testAccAppEngineFlexibleAppVersion_python(context), - }, - { - ResourceName: "google_app_engine_flexible_app_version.foo", - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"env_variables", "deployment", "entrypoint", "service", "noop_on_destroy"}, - }, - { - Config: testAccAppEngineFlexibleAppVersion_pythonUpdate(context), - }, - { - ResourceName: "google_app_engine_flexible_app_version.foo", - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"env_variables", "deployment", "entrypoint", "service", "delete_service_on_destroy"}, - }, - }, - }) -} - -func testAccAppEngineFlexibleAppVersion_python(context map[string]interface{}) string { - return acctest.Nprintf(` -resource "google_project" "my_project" { - provider = google-beta - name = "tf-test-appeng-flex%{random_suffix}" - project_id = "tf-test-appeng-flex%{random_suffix}" - org_id = "%{org_id}" - billing_account = "%{billing_account}" - deletion_policy = "DELETE" -} - -resource "google_project_service" "compute" { - provider = google-beta - project = google_project.my_project.project_id - service = "compute.googleapis.com" - - disable_dependent_services = false -} - -resource "google_project_service" "appengineflex" { - provider = google-beta - project = google_project.my_project.project_id - service = "appengineflex.googleapis.com" - - disable_dependent_services = false - depends_on = [google_project_service.compute] -} - -resource "google_compute_network" "network" { - provider = google-beta - project = google_project_service.compute.project - name = "custom" - auto_create_subnetworks = "false" -} - -resource "google_compute_subnetwork" "subnetwork" { - provider = google-beta - project = google_project_service.compute.project - name = "custom" - region = "us-central1" - network = google_compute_network.network.id - ip_cidr_range = "10.0.0.0/16" - private_ip_google_access = true -} - -resource "google_app_engine_application" "app" { - provider = google-beta - project = google_project.my_project.project_id - location_id = "us-central" -} - -resource "google_project_iam_member" "gae_api" { - provider = google-beta - project = google_project_service.appengineflex.project - role = "roles/compute.networkUser" - member = "serviceAccount:service-${google_project.my_project.number}@gae-api-prod.google.com.iam.gserviceaccount.com" -} - -resource "google_app_engine_standard_app_version" "foo" { - provider = google-beta - project = google_project_iam_member.gae_api.project - version_id = "v1" - service = "default" - runtime = "python38" - - entrypoint { - shell = "gunicorn -b :$PORT main:app" - } - - deployment { - files { - name = "main.py" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.main.name}" - } - - files { - name = "requirements.txt" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.requirements.name}" - } - } - - env_variables = { - port = "8000" - } - - noop_on_destroy = true -} - -resource "google_app_engine_flexible_app_version" "foo" { - provider = google-beta - project = google_project_iam_member.gae_api.project - version_id = "v1" - service = "custom" - runtime = "python" - - runtime_api_version = "1" - - resources { - cpu = 1 - memory_gb = 0.5 - disk_gb = 10 - } - - entrypoint { - shell = "gunicorn -b :$PORT main:app" - } - - flexible_runtime_settings { - operating_system = "ubuntu22" - runtime_version = "3.11" - } - - deployment { - files { - name = "main.py" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.main.name}" - } - - files { - name = "requirements.txt" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.requirements.name}" - } - - files { - name = "app.yaml" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.yaml.name}" - } - } - - liveness_check { - path = "alive" - } - - readiness_check { - path = "ready" - } - - env_variables = { - port = "8000" - } - - network { - name = google_compute_network.network.name - subnetwork = google_compute_subnetwork.subnetwork.name - instance_ip_mode = "EXTERNAL" - } - - instance_class = "B1" - - manual_scaling { - instances = 1 - } - - noop_on_destroy = true - - depends_on = [google_app_engine_standard_app_version.foo] -} - -resource "google_storage_bucket" "bucket" { - provider = google-beta - project = google_project.my_project.project_id - name = "tf-test-%{random_suffix}-flex-ae-bucket" - location = "US" -} - -resource "google_storage_bucket_object" "yaml" { - provider = google-beta - name = "app.yaml" - bucket = google_storage_bucket.bucket.name - source = "./test-fixtures/hello-world-flask/app.yaml" -} - -resource "google_storage_bucket_object" "requirements" { - provider = google-beta - name = "requirements.txt" - bucket = google_storage_bucket.bucket.name - source = "./test-fixtures/hello-world-flask/requirements.txt" -} - -resource "google_storage_bucket_object" "main" { - provider = google-beta - name = "main.py" - bucket = google_storage_bucket.bucket.name - source = "./test-fixtures/hello-world-flask/main.py" -}`, context) -} - -func testAccAppEngineFlexibleAppVersion_pythonUpdate(context map[string]interface{}) string { - return acctest.Nprintf(` -resource "google_project" "my_project" { - provider = google-beta - name = "tf-test-appeng-flex%{random_suffix}" - project_id = "tf-test-appeng-flex%{random_suffix}" - org_id = "%{org_id}" - billing_account = "%{billing_account}" - deletion_policy = "DELETE" -} - -resource "google_project_service" "compute" { - provider = google-beta - project = google_project.my_project.project_id - service = "compute.googleapis.com" - - disable_dependent_services = false -} - -resource "google_project_service" "appengineflex" { - provider = google-beta - project = google_project.my_project.project_id - service = "appengineflex.googleapis.com" - - disable_dependent_services = false - depends_on = [google_project_service.compute] -} - -resource "google_compute_network" "network" { - provider = google-beta - project = google_project_service.compute.project - name = "custom" - auto_create_subnetworks = "false" -} - -resource "google_compute_subnetwork" "subnetwork" { - provider = google-beta - project = google_project_service.compute.project - name = "custom" - region = "us-central1" - network = google_compute_network.network.id - ip_cidr_range = "10.0.0.0/16" - private_ip_google_access = true -} - -resource "google_app_engine_application" "app" { - provider = google-beta - project = google_project.my_project.project_id - location_id = "us-central" -} - -resource "google_project_iam_member" "gae_api" { - provider = google-beta - project = google_project_service.appengineflex.project - role = "roles/compute.networkUser" - member = "serviceAccount:service-${google_project.my_project.number}@gae-api-prod.google.com.iam.gserviceaccount.com" -} - -resource "google_app_engine_standard_app_version" "foo" { - provider = google-beta - project = google_project_iam_member.gae_api.project - version_id = "v1" - service = "default" - runtime = "python38" - - entrypoint { - shell = "gunicorn -b :$PORT main:app" - } - - deployment { - files { - name = "main.py" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.main.name}" - } - - files { - name = "requirements.txt" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.requirements.name}" - } - } - - env_variables = { - port = "8000" - } - - noop_on_destroy = true -} - -resource "google_app_engine_flexible_app_version" "foo" { - provider = google-beta - project = google_project_iam_member.gae_api.project - version_id = "v1" - service = "custom" - runtime = "python" - - runtime_api_version = "1" - - resources { - cpu = 1 - memory_gb = 1 - disk_gb = 10 - } - - entrypoint { - shell = "gunicorn -b :$PORT main:app" - } - - flexible_runtime_settings { - operating_system = "ubuntu22" - runtime_version = "3.11" - } - - deployment { - files { - name = "main.py" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.main.name}" - } - - files { - name = "requirements.txt" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.requirements.name}" - } - - files { - name = "app.yaml" - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.yaml.name}" - } - } - - liveness_check { - path = "" - } - - readiness_check { - path = "" - } - - env_variables = { - port = "8000" - } - - network { - name = google_compute_network.network.name - subnetwork = google_compute_subnetwork.subnetwork.name - instance_ip_mode = "INTERNAL" - } - - instance_class = "B2" - - manual_scaling { - instances = 2 - } - - delete_service_on_destroy = true - - depends_on = [google_app_engine_standard_app_version.foo] -} - -resource "google_storage_bucket" "bucket" { - provider = google-beta - project = google_project.my_project.project_id - name = "tf-test-%{random_suffix}-flex-ae-bucket" - location = "US" -} - -resource "google_storage_bucket_object" "yaml" { - provider = google-beta - name = "app.yaml" - bucket = google_storage_bucket.bucket.name - source = "./test-fixtures/hello-world-flask/app.yaml" -} - -resource "google_storage_bucket_object" "requirements" { - provider = google-beta - name = "requirements.txt" - bucket = google_storage_bucket.bucket.name - source = "./test-fixtures/hello-world-flask/requirements.txt" -} - -resource "google_storage_bucket_object" "main" { - provider = google-beta - name = "main.py" - bucket = google_storage_bucket.bucket.name - source = "./test-fixtures/hello-world-flask/main.py" -}`, context) -} - -// Remove when generated test is enabled -func testAccCheckAppEngineFlexibleAppVersionDestroyProducer(t *testing.T) func(s *terraform.State) error { - return func(s *terraform.State) error { - for name, rs := range s.RootModule().Resources { - if rs.Type != "google_app_engine_flexible_app_version" { - continue - } - if strings.HasPrefix(name, "data.") { - continue - } - - log.Printf("[DEBUG] Ignoring destroy during test") - } - - return nil - } -} - -<% end -%> diff --git a/mmv1/third_party/terraform/services/appengine/go/resource_app_engine_flexible_app_version_test.go.tmpl b/mmv1/third_party/terraform/services/appengine/resource_app_engine_flexible_app_version_test.go.tmpl similarity index 100% rename from mmv1/third_party/terraform/services/appengine/go/resource_app_engine_flexible_app_version_test.go.tmpl rename to mmv1/third_party/terraform/services/appengine/resource_app_engine_flexible_app_version_test.go.tmpl