Add OiCS link generation to the Terraform docs.

.ci/magic-modules/create-pr.sh

@@ -82,7 +82,7 @@ if [ "$BRANCH_NAME" = "$ORIGINAL_PR_BRANCH" ]; then
     fi
 
     git checkout -b "$BRANCH_NAME"
-    if INSPEC_PR=$(hub pull-request -b "$INSPEC_REPO_USER/inspec:master" -F ./downstream_body); then
+    if INSPEC_PR=$(hub pull-request -b "$INSPEC_REPO_USER/inspec-gcp:master" -F ./downstream_body); then
       DEPENDENCIES="${DEPENDENCIES}depends: $INSPEC_PR ${NEWLINE}"
     else
       echo "InSpec - did not generate a PR."

api/type.rb

@@ -310,6 +310,12 @@ def requires
         end
         [property_file]
       end
+
+      def exclude_if_not_in_version(version)
+        super
+        @item_type.exclude_if_not_in_version(version) \
+          if @item_type.is_a? NestedObject
+      end
     end
 
     # Represents an enum, and store is valid values
@@ -499,6 +505,11 @@ def all_properties
       def properties
         @properties.reject(&:exclude)
       end
+
+      def exclude_if_not_in_version(version)
+        super
+        @properties.each { |p| p.exclude_if_not_in_version(version) }
+      end
     end
 
     # Represents an array of name=value pairs, and stores its items' type

products/compute/inspec.yaml

@@ -19,6 +19,87 @@ manifest: !ruby/object:Provider::Inspec::Manifest
   summary: 'InSpec resources for verifying GCP infrastructure'
   description: |
     InSpec resources for verifying GCP infrastructure
+overrides: !ruby/object:Provider::ResourceOverrides
+  Address: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Autoscaler: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  BackendBucket: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  BackendService: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Disk: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  DiskType: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Firewall: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  ForwardingRule: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  GlobalAddress: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  GlobalForwardingRule: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  HealthCheck: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  HttpHealthCheck: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  HttpsHealthCheck: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Image: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Instance: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InstanceGroup: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InstanceGroupManager: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InstanceTemplate: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InterconnectAttachment: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  License: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  MachineType: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Network: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Region: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  RegionAutoscaler: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  RegionDisk: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  RegionDiskType: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Route: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Router: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Snapshot: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  SslCertificate: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  SslPolicy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Subnetwork: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetHttpProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetHttpsProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetPool: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetTcpProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetVpnGateway: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetSslProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  UrlMap: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  VpnTunnel: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
 files: !ruby/object:Provider::Config::Files
 style:
 functions:

products/storage/api.yaml

@@ -322,6 +322,10 @@ objects:
     kind: 'storage#objectAccessControl'
     base_url: b/{{bucket}}/o/{{object}}/acl
     self_link: b/{{bucket}}/o/{{object}}/acl/{{entity}}
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/create-manage-lists'
+      api: 'https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls'
     description: |
       The ObjectAccessControls resources represent the Access Control Lists
       (ACLs) for objects within Google Cloud Storage. ACLs let you specify

products/storage/object_access_control.yaml

@@ -27,25 +27,20 @@
   output: true
 - !ruby/object:Api::Type::String
   name: 'entity'
+  required: true
   description: |
     The entity holding the permission, in one of the following forms:
-      user-userId
-      user-email
-      group-groupId
-      group-email
-      domain-domain
-      project-team-projectId
-      allUsers
-      allAuthenticatedUsers
-    Examples:
-      The user liz@example.com would be user-liz@example.com.
-      The group example@googlegroups.com would be
-      group-example@googlegroups.com.
-      To refer to all members of the Google Apps for Business domain
-      example.com, the entity would be domain-example.com.
-  required: true
+      * user-{{userId}}
+      * user-{{email}} (such as "user-liz@example.com")
+      * group-{{groupId}}
+      * group-{{email}} (such as "group-example@googlegroups.com")
+      * domain-{{domain}} (such as "domain-example.com")
+      * project-team-{{projectId}}
+      * allUsers
+      * allAuthenticatedUsers
 - !ruby/object:Api::Type::String
   name: 'entityId'
+  output: true
   description: 'The ID for the entity'
 # | 'etag' is not applicable for state convergence.
 - !ruby/object:Api::Type::Integer
@@ -63,6 +58,7 @@
 - !ruby/object:Api::Type::NestedObject
   name: 'projectTeam'
   description: 'The project team associated with the entity'
+  output: true
   properties:
     - !ruby/object:Api::Type::String
       name: 'projectNumber'
@@ -77,6 +73,7 @@
 - !ruby/object:Api::Type::Enum
   name: 'role'
   description: 'The access permission for the entity.'
+  required: true
   values:
     - :OWNER
     - :READER

products/storage/terraform.yaml

@@ -0,0 +1,49 @@
+# Copyright 2017 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Provider::Terraform::Config
+overrides: !ruby/object:Provider::ResourceOverrides
+  Bucket: !ruby/object:Provider::Terraform::ResourceOverride
+    exclude: true
+  BucketAccessControl: !ruby/object:Provider::Terraform::ResourceOverride
+    exclude: true
+  ObjectAccessControl: !ruby/object:Provider::Terraform::ResourceOverride
+    example:
+    - !ruby/object:Provider::Terraform::Examples
+      name: "storage_object_access_control_public_object"
+      primary_resource_id: "public_rule"
+      skip_test: true
+      vars:
+        bucket_name: "static-content-bucket"
+        object_name: "public-object"
+    id_format: "{{bucket}}/{{object}}/{{entity}}"
+    import_format: ["{{bucket}}/{{object}}/{{entity}}"]
+    properties:
+      id: !ruby/object:Provider::Terraform::PropertyOverride
+        exclude: true
+      bucket: !ruby/object:Provider::Terraform::PropertyOverride
+        custom_expand: 'templates/terraform/custom_expand/resourceref_as_string.go.erb'
+      object: !ruby/object:Provider::Terraform::PropertyOverride
+        description: The name of the object to apply the access control to.
+  DefaultObjectACL: !ruby/object:Provider::Terraform::ResourceOverride
+    exclude: true
+
+# This is for copying files over
+files: !ruby/object:Provider::Config::Files
+  # All of these files will be copied verbatim.
+  copy:
+<%= lines(indent(compile('provider/terraform/common~copy.yaml'), 4)) -%>
+  # These files have templating (ERB) code that will be run.
+  # This is usually to add licensing info, autogeneration notices, etc.
+  compile:
+<%= lines(indent(compile('provider/terraform/common~compile.yaml'), 4)) -%>

provider/inspec.rb

@@ -21,6 +21,7 @@ module Provider
   # Code generator for Example Cookbooks that manage Google Cloud Platform
   # resources.
   class Inspec < Provider::Core
+    include Google::RubyUtils
     # Settings for the provider
     class Config < Provider::Config
       attr_reader :manifest
@@ -53,6 +54,14 @@ def generate_resource(data)
       )
     end
 
+    # Returns the url that this object can be retrieved from
+    # based off of the self link
+    def url(object)
+      url = object.self_link_url[1]
+      return url.join('') if url.is_a?(Array)
+      url.split("\n").join('')
+    end
+
     # TODO?
     def generate_resource_tests(data) end
 

provider/terraform/custom_code.rb

@@ -123,6 +123,22 @@ def config_example
         substitute_example_paths body
       end
 
+      def oics_link
+        hash = {
+          cloudshell_git_repo: 'https://github.com/terraform-google-modules/docs-examples.git',
+          cloudshell_working_dir: @name,
+          cloudshell_image: 'gcr.io/graphite-cloud-shell-images/terraform:latest',
+          open_in_editor: 'main.tf',
+          cloudshell_print: './motd',
+          cloudshell_tutorial: './tutorial.md'
+        }
+        URI::HTTPS.build(
+          host: 'console.cloud.google.com',
+          path: '/cloudshell/open',
+          query: URI.encode_www_form(hash)
+        )
+      end
+
       def substitute_test_paths(config)
         config = config.gsub('path/to/private.key', 'test-fixtures/ssl_cert/test.key')
         config.gsub('path/to/certificate.crt', 'test-fixtures/ssl_cert/test.crt')

provider/terraform/resources/resource_cloudiot_registry.go

@@ -76,6 +76,7 @@ func resourceCloudIoTRegistry() *schema.Resource {
 			},
 			"mqtt_config": &schema.Schema{
 				Type:     schema.TypeMap,
+				Computed: true,
 				Optional: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -90,6 +91,7 @@ func resourceCloudIoTRegistry() *schema.Resource {
 			},
 			"http_config": &schema.Schema{
 				Type:     schema.TypeMap,
+				Computed: true,
 				Optional: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -233,6 +235,11 @@ func resourceCloudIoTRegistryCreate(d *schema.ResourceData, meta interface{}) er
 		d.SetId("")
 		return err
 	}
+
+	// If we infer project and region, they are never actually set so we set them here
+	d.Set("project", project)
+	d.Set("region", region)
+
 	return resourceCloudIoTRegistryRead(d, meta)
 }
 
@@ -317,19 +324,9 @@ func resourceCloudIoTRegistryRead(d *schema.ResourceData, meta interface{}) erro
 	} else {
 		d.Set("state_notification_config", nil)
 	}
-	// If no config exist for mqtt or http config default values are omitted.
-	mqttState := res.MqttConfig.MqttEnabledState
-	_, hasMqttConfig := d.GetOk("mqtt_config")
-	if mqttState != mqttEnabled || hasMqttConfig {
-		d.Set("mqtt_config",
-			map[string]string{"mqtt_enabled_state": mqttState})
-	}
-	httpState := res.HttpConfig.HttpEnabledState
-	_, hasHttpConfig := d.GetOk("http_config")
-	if httpState != httpEnabled || hasHttpConfig {
-		d.Set("http_config",
-			map[string]string{"http_enabled_state": httpState})
-	}
+
+	d.Set("mqtt_config", map[string]string{"mqtt_enabled_state": res.MqttConfig.MqttEnabledState})
+	d.Set("http_config", map[string]string{"http_enabled_state": res.HttpConfig.HttpEnabledState})
 
 	credentials := make([]map[string]interface{}, len(res.Credentials))
 	for i, item := range res.Credentials {

provider/terraform/resources/resource_composer_environment.go

@@ -677,10 +677,34 @@ func expandComposerEnvironmentZone(v interface{}, d *schema.ResourceData, config
 	return getRelativePath(zone)
 }
 
-func expandComposerEnvironmentMachineType(v interface{}, d *schema.ResourceData, config *Config, nodeCfgZone interface{}) (string, error) {
+func expandComposerEnvironmentMachineType(v interface{}, d *schema.ResourceData, config *Config, nodeCfgZone string) (string, error) {
+	machineType := v.(string)
+	requiredZone := GetResourceNameFromSelfLink(nodeCfgZone)
+
 	fv, err := ParseMachineTypesFieldValue(v.(string), d, config)
 	if err != nil {
-		return "", nil
+		if requiredZone == "" {
+			return "", err
+		}
+
+		// Try to construct machine type with zone/project given in config.
+		project, err := getProject(d, config)
+		if err != nil {
+			return "", err
+		}
+
+		fv = &ZonalFieldValue{
+			Project:      project,
+			Zone:         requiredZone,
+			Name:         GetResourceNameFromSelfLink(machineType),
+			resourceType: "machineTypes",
+		}
+	}
+
+	// Make sure zone in node_config.machineType matches node_config.zone if
+	// given.
+	if requiredZone != "" && fv.Zone != requiredZone {
+		return "", fmt.Errorf("node_config machine_type %q must be in node_config zone %q", machineType, requiredZone)
 	}
 	return fv.RelativeLink(), nil
 }