GoogleCloudPlatform · modular-magician · Oct 17, 2018 · Oct 17, 2018 · Oct 17, 2018 · Oct 17, 2018
diff --git a/.ci/magic-modules/create-pr.sh b/.ci/magic-modules/create-pr.sh
@@ -82,7 +82,7 @@ if [ "$BRANCH_NAME" = "$ORIGINAL_PR_BRANCH" ]; then
     fi
 
     git checkout -b "$BRANCH_NAME"
-    if INSPEC_PR=$(hub pull-request -b "$INSPEC_REPO_USER/inspec:master" -F ./downstream_body); then
+    if INSPEC_PR=$(hub pull-request -b "$INSPEC_REPO_USER/inspec-gcp:master" -F ./downstream_body); then
       DEPENDENCIES="${DEPENDENCIES}depends: $INSPEC_PR ${NEWLINE}"
     else
       echo "InSpec - did not generate a PR."

diff --git a/build/inspec b/build/inspec
diff --git a/build/terraform b/build/terraform
diff --git a/products/compute/inspec.yaml b/products/compute/inspec.yaml
@@ -19,6 +19,87 @@ manifest: !ruby/object:Provider::Inspec::Manifest
   summary: 'InSpec resources for verifying GCP infrastructure'
   description: |
     InSpec resources for verifying GCP infrastructure
+overrides: !ruby/object:Provider::ResourceOverrides
+  Address: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Autoscaler: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  BackendBucket: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  BackendService: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Disk: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  DiskType: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Firewall: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  ForwardingRule: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  GlobalAddress: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  GlobalForwardingRule: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  HealthCheck: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  HttpHealthCheck: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  HttpsHealthCheck: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Image: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Instance: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InstanceGroup: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InstanceGroupManager: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InstanceTemplate: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  InterconnectAttachment: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  License: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  MachineType: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Network: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Region: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  RegionAutoscaler: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  RegionDisk: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  RegionDiskType: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Route: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Router: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Snapshot: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  SslCertificate: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  SslPolicy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  Subnetwork: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetHttpProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetHttpsProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetPool: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetTcpProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetVpnGateway: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  TargetSslProxy: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  UrlMap: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
+  VpnTunnel: !ruby/object:Provider::Chef::ResourceOverride
+    exclude: true
 files: !ruby/object:Provider::Config::Files
 style:
 functions:

diff --git a/provider/inspec.rb b/provider/inspec.rb
@@ -21,6 +21,7 @@ module Provider
   # Code generator for Example Cookbooks that manage Google Cloud Platform
   # resources.
   class Inspec < Provider::Core
+    include Google::RubyUtils
     # Settings for the provider
     class Config < Provider::Config
       attr_reader :manifest
@@ -53,6 +54,14 @@ def generate_resource(data)
       )
     end
 
+    # Returns the url that this object can be retrieved from
+    # based off of the self link
+    def url(object)
+      url = object.self_link_url[1]
+      return url.join('') if url.is_a?(Array)
+      url.split("\n").join('')
+    end
+
     # TODO?
     def generate_resource_tests(data) end
 

diff --git a/provider/terraform/tests/resource_google_organization_iam_custom_role_test.go b/provider/terraform/tests/resource_google_organization_iam_custom_role_test.go
@@ -0,0 +1,245 @@
+package google
+
+import (
+	"fmt"
+	"reflect"
+	"sort"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccOrganizationIamCustomRole_basic(t *testing.T) {
+	t.Parallel()
+
+	org := getTestOrgFromEnv(t)
+	roleId := "tfIamCustomRole" + acctest.RandString(10)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGoogleOrganizationIamCustomRoleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckGoogleOrganizationIamCustomRole_basic(org, roleId),
+				Check: testAccCheckGoogleOrganizationIamCustomRole(
+					"google_organization_iam_custom_role.foo",
+					"My Custom Role",
+					"foo",
+					"GA",
+					[]string{"resourcemanager.projects.list"}),
+			},
+			{
+				Config: testAccCheckGoogleOrganizationIamCustomRole_update(org, roleId),
+				Check: testAccCheckGoogleOrganizationIamCustomRole(
+					"google_organization_iam_custom_role.foo",
+					"My Custom Role Updated",
+					"bar",
+					"BETA",
+					[]string{"resourcemanager.projects.list", "resourcemanager.organizations.get"}),
+			},
+			{
+				ResourceName:      "google_organization_iam_custom_role.foo",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccOrganizationIamCustomRole_undelete(t *testing.T) {
+	t.Parallel()
+
+	org := getTestOrgFromEnv(t)
+	roleId := "tfIamCustomRole" + acctest.RandString(10)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGoogleOrganizationIamCustomRoleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckGoogleOrganizationIamCustomRole_basic(org, roleId),
+				Check:  testAccCheckGoogleOrganizationIamCustomRoleDeletionStatus("google_organization_iam_custom_role.foo", false),
+			},
+			// Soft-delete
+			{
+				Config: testAccCheckGoogleOrganizationIamCustomRole_deleted(org, roleId),
+				Check:  testAccCheckGoogleOrganizationIamCustomRoleDeletionStatus("google_organization_iam_custom_role.foo", true),
+			},
+			// Undelete
+			{
+				Config: testAccCheckGoogleOrganizationIamCustomRole_basic(org, roleId),
+				Check:  testAccCheckGoogleOrganizationIamCustomRoleDeletionStatus("google_organization_iam_custom_role.foo", false),
+			},
+		},
+	})
+}
+
+func TestAccOrganizationIamCustomRole_createAfterDestroy(t *testing.T) {
+	t.Parallel()
+
+	org := getTestOrgFromEnv(t)
+	roleId := "tfIamCustomRole" + acctest.RandString(10)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGoogleOrganizationIamCustomRoleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckGoogleOrganizationIamCustomRole_basic(org, roleId),
+				Check: testAccCheckGoogleOrganizationIamCustomRole(
+					"google_organization_iam_custom_role.foo",
+					"My Custom Role",
+					"foo",
+					"GA",
+					[]string{"resourcemanager.projects.list"}),
+			},
+			// Destroy resources
+			{
+				Config:  " ",
+				Destroy: true,
+			},
+			// Re-create with no existing state
+			{
+				Config: testAccCheckGoogleOrganizationIamCustomRole_basic(org, roleId),
+				Check: testAccCheckGoogleOrganizationIamCustomRole(
+					"google_organization_iam_custom_role.foo",
+					"My Custom Role",
+					"foo",
+					"GA",
+					[]string{"resourcemanager.projects.list"}),
+			},
+		},
+	})
+}
+
+func testAccCheckGoogleOrganizationIamCustomRoleDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_organization_iam_custom_role" {
+			continue
+		}
+
+		role, err := config.clientIAM.Organizations.Roles.Get(rs.Primary.ID).Do()
+
+		if err != nil {
+			return err
+		}
+
+		if !role.Deleted {
+			return fmt.Errorf("Iam custom role still exists")
+		}
+
+	}
+
+	return nil
+}
+
+func testAccCheckGoogleOrganizationIamCustomRole(n, title, description, stage string, permissions []string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+		role, err := config.clientIAM.Organizations.Roles.Get(rs.Primary.ID).Do()
+
+		if err != nil {
+			return err
+		}
+
+		if title != role.Title {
+			return fmt.Errorf("Incorrect title. Expected %q, got %q", title, role.Title)
+		}
+
+		if description != role.Description {
+			return fmt.Errorf("Incorrect description. Expected %q, got %q", description, role.Description)
+		}
+
+		if stage != role.Stage {
+			return fmt.Errorf("Incorrect stage. Expected %q, got %q", stage, role.Stage)
+		}
+
+		sort.Strings(permissions)
+		sort.Strings(role.IncludedPermissions)
+		if !reflect.DeepEqual(permissions, role.IncludedPermissions) {
+			return fmt.Errorf("Incorrect permissions. Expected %q, got %q", permissions, role.IncludedPermissions)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckGoogleOrganizationIamCustomRoleDeletionStatus(n string, deleted bool) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+		role, err := config.clientIAM.Organizations.Roles.Get(rs.Primary.ID).Do()
+
+		if err != nil {
+			return err
+		}
+
+		if deleted != role.Deleted {
+			return fmt.Errorf("Incorrect deletion status. Expected %t, got %t", deleted, role.Deleted)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckGoogleOrganizationIamCustomRole_basic(orgId, roleId string) string {
+	return fmt.Sprintf(`
+resource "google_organization_iam_custom_role" "foo" {
+  role_id     = "%s"
+  org_id      = "%s"
+  title       = "My Custom Role"
+  description = "foo"
+  permissions = ["resourcemanager.projects.list"]
+}
+`, roleId, orgId)
+}
+
+func testAccCheckGoogleOrganizationIamCustomRole_deleted(orgId, roleId string) string {
+	return fmt.Sprintf(`
+resource "google_organization_iam_custom_role" "foo" {
+  role_id     = "%s"
+  org_id      = "%s"
+  title       = "My Custom Role"
+  description = "foo"
+  permissions = ["resourcemanager.projects.list"]
+  deleted     = true
+}
+`, roleId, orgId)
+}
+
+func testAccCheckGoogleOrganizationIamCustomRole_update(orgId, roleId string) string {
+	return fmt.Sprintf(`
+resource "google_organization_iam_custom_role" "foo" {
+  role_id     = "%s"
+  org_id      = "%s"
+  title       = "My Custom Role Updated"
+  description = "bar"
+  permissions = ["resourcemanager.projects.list", "resourcemanager.organizations.get"]
+  stage       = "BETA"
+}
+`, roleId, orgId)
+}