Update Tags to support purpose and purposeData (#6593) (#4721)

Signed-off-by: Modular Magician <[email protected]> Signed-off-by: Modular Magician <[email protected]>
hashicorp · Sep 26, 2022 · 44f7520 · 44f7520
1 parent 75faeae
commit 44f7520
Show file tree

Hide file tree

Showing 4 changed files with 116 additions and 11 deletions.
diff --git a/.changelog/6593.txt b/.changelog/6593.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+tags: Added `purpose` and `purpose_data` properties to `google_tags_tag_key`
+```
diff --git a/google-beta/resource_tags_tag_key.go b/google-beta/resource_tags_tag_key.go
@@ -64,6 +64,24 @@ The short name must be 1-63 characters, beginning and ending with an alphanumeri
 				ValidateFunc: validation.StringLenBetween(0, 256),
 				Description:  `User-assigned description of the TagKey. Must not exceed 256 characters.`,
 			},
+			"purpose": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validateEnum([]string{"GCE_FIREWALL", ""}),
+				Description: `Optional. A purpose cannot be changed once set.
+
+A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]`,
+			},
+			"purpose_data": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				ForceNew: true,
+				Description: `Optional. Purpose data cannot be changed once set.
+
+Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "<project-name>/<vpc-name>"'.`,
+				Elem: &schema.Schema{Type: schema.TypeString},
+			},
 			"create_time": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -119,6 +137,18 @@ func resourceTagsTagKeyCreate(d *schema.ResourceData, meta interface{}) error {
 	} else if v, ok := d.GetOkExists("description"); !isEmptyValue(reflect.ValueOf(descriptionProp)) && (ok || !reflect.DeepEqual(v, descriptionProp)) {
 		obj["description"] = descriptionProp
 	}
+	purposeProp, err := expandTagsTagKeyPurpose(d.Get("purpose"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("purpose"); !isEmptyValue(reflect.ValueOf(purposeProp)) && (ok || !reflect.DeepEqual(v, purposeProp)) {
+		obj["purpose"] = purposeProp
+	}
+	purposeDataProp, err := expandTagsTagKeyPurposeData(d.Get("purpose_data"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("purpose_data"); !isEmptyValue(reflect.ValueOf(purposeDataProp)) && (ok || !reflect.DeepEqual(v, purposeDataProp)) {
+		obj["purposeData"] = purposeDataProp
+	}
 
 	lockName, err := replaceVars(d, config, "tagKeys/{{parent}}")
 	if err != nil {
@@ -225,6 +255,9 @@ func resourceTagsTagKeyRead(d *schema.ResourceData, meta interface{}) error {
 	if err := d.Set("update_time", flattenTagsTagKeyUpdateTime(res["updateTime"], d, config)); err != nil {
 		return fmt.Errorf("Error reading TagKey: %s", err)
 	}
+	if err := d.Set("purpose", flattenTagsTagKeyPurpose(res["purpose"], d, config)); err != nil {
+		return fmt.Errorf("Error reading TagKey: %s", err)
+	}
 
 	return nil
 }
@@ -391,6 +424,10 @@ func flattenTagsTagKeyUpdateTime(v interface{}, d *schema.ResourceData, config *
 	return v
 }
 
+func flattenTagsTagKeyPurpose(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func expandTagsTagKeyParent(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
@@ -402,3 +439,18 @@ func expandTagsTagKeyShortName(v interface{}, d TerraformResourceData, config *C
 func expandTagsTagKeyDescription(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
+
+func expandTagsTagKeyPurpose(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandTagsTagKeyPurposeData(v interface{}, d TerraformResourceData, config *Config) (map[string]string, error) {
+	if v == nil {
+		return map[string]string{}, nil
+	}
+	m := make(map[string]string)
+	for k, val := range v.(map[string]interface{}) {
+		m[k] = val.(string)
+	}
+	return m, nil
+}
diff --git a/google-beta/resource_tags_test.go b/google-beta/resource_tags_test.go
@@ -14,17 +14,18 @@ import (
 
 func TestAccTags(t *testing.T) {
 	testCases := map[string]func(t *testing.T){
-		"tagKeyBasic":        testAccTagsTagKey_tagKeyBasic,
-		"tagKeyUpdate":       testAccTagsTagKey_tagKeyUpdate,
-		"tagKeyIamBinding":   testAccTagsTagKeyIamBinding,
-		"tagKeyIamMember":    testAccTagsTagKeyIamMember,
-		"tagKeyIamPolicy":    testAccTagsTagKeyIamPolicy,
-		"tagValueBasic":      testAccTagsTagValue_tagValueBasic,
-		"tagValueUpdate":     testAccTagsTagValue_tagValueUpdate,
-		"tagBindingBasic":    testAccTagsTagBinding_tagBindingBasic,
-		"tagValueIamBinding": testAccTagsTagValueIamBinding,
-		"tagValueIamMember":  testAccTagsTagValueIamMember,
-		"tagValueIamPolicy":  testAccTagsTagValueIamPolicy,
+		"tagKeyBasic":                       testAccTagsTagKey_tagKeyBasic,
+		"tagKeyBasicWithPurposeGceFirewall": testAccTagsTagKey_tagKeyBasicWithPurposeGceFirewall,
+		"tagKeyUpdate":                      testAccTagsTagKey_tagKeyUpdate,
+		"tagKeyIamBinding":                  testAccTagsTagKeyIamBinding,
+		"tagKeyIamMember":                   testAccTagsTagKeyIamMember,
+		"tagKeyIamPolicy":                   testAccTagsTagKeyIamPolicy,
+		"tagValueBasic":                     testAccTagsTagValue_tagValueBasic,
+		"tagValueUpdate":                    testAccTagsTagValue_tagValueUpdate,
+		"tagBindingBasic":                   testAccTagsTagBinding_tagBindingBasic,
+		"tagValueIamBinding":                testAccTagsTagValueIamBinding,
+		"tagValueIamMember":                 testAccTagsTagValueIamMember,
+		"tagValueIamPolicy":                 testAccTagsTagValueIamPolicy,
 	}
 
 	for name, tc := range testCases {
@@ -68,6 +69,44 @@ resource "google_tags_tag_key" "key" {
 `, context)
 }
 
+func testAccTagsTagKey_tagKeyBasicWithPurposeGceFirewall(t *testing.T) {
+	context := map[string]interface{}{
+		"org_id":        getTestOrgFromEnv(t),
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckTagsTagKeyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTagsTagKey_tagKeyBasicWithPurposeGceFirewallExample(context),
+			},
+		},
+	})
+}
+
+func testAccTagsTagKey_tagKeyBasicWithPurposeGceFirewallExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_compute_network" "tag_network" {
+	name = "vpc-%{random_suffix}"
+	auto_create_subnetworks = false
+}
+
+resource "google_tags_tag_key" "key" {
+	  parent = "organizations/%{org_id}"
+	  short_name = "foo%{random_suffix}"
+	  description = "For foo%{random_suffix} resources."
+	  purpose = "GCE_FIREWALL"
+	  # purpose_data expects either a selfLinkWithId (not a property of google_compute_network) or the format <project-name>/<vpc-name>.
+	  # selfLink is not sufficient and will result in an error, so we build a string to match the second option.
+	  purpose_data = {network = "${google_compute_network.tag_network.project}/${google_compute_network.tag_network.name}"}
+	}
+
+`, context)
+}
+
 func testAccTagsTagKey_tagKeyUpdate(t *testing.T) {
 	context := map[string]interface{}{
 		"org_id":        getTestOrgFromEnv(t),

diff --git a/website/docs/r/tags_tag_key.html.markdown b/website/docs/r/tags_tag_key.html.markdown
@@ -62,6 +62,17 @@ The following arguments are supported:
   (Optional)
   User-assigned description of the TagKey. Must not exceed 256 characters.
 
+* `purpose` -
+  (Optional)
+  Optional. A purpose cannot be changed once set.
+  A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag.
+  Possible values are `GCE_FIREWALL`.
+
+* `purpose_data` -
+  (Optional)
+  Optional. Purpose data cannot be changed once set.
+  Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: `network = "<project-name>/<vpc-name>"`.
+
 
 ## Attributes Reference