Change ServicePerimeterResource to use a policy level mutex lock (#12725

)
GoogleCloudPlatform · Jan 11, 2025 · fb31f70 · fb31f70
1 parent ef139e7
commit fb31f70
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 1 deletion.
diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterResource.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterResource.yaml
@@ -43,7 +43,7 @@ create_verb: 'PATCH'
 update_mask: true
 delete_verb: 'PATCH'
 immutable: true
-mutex: '{{perimeter_name}}'
+mutex: '{{access_policy_id}}'
 import_format:
   - '{{perimeter_name}}/{{resource}}'
 timeouts:
@@ -67,6 +67,7 @@ nested_query:
   is_list_of_ids: true
   modify_by_patch: true
 custom_code:
+  encoder: 'templates/terraform/encoders/access_context_manager_service_perimeter_resource.go.tmpl'
   custom_import: 'templates/terraform/custom_import/access_context_manager_service_perimeter_resource.go.tmpl'
   post_read: 'templates/terraform/post_read/access_context_manager_service_perimeter_resource.go.tmpl'
 exclude_tgc: true
@@ -97,3 +98,10 @@ properties:
       Format: projects/{project_number}
     required: true
     immutable: true
+  - name: 'accessPolicyId'
+    type: String
+    description: |
+      The name of the Access Policy this resource belongs to.
+    ignore_read: true
+    immutable: true
+    output: true
diff --git a/...mplates/terraform/custom_import/access_context_manager_service_perimeter_resource.go.tmpl b/...mplates/terraform/custom_import/access_context_manager_service_perimeter_resource.go.tmpl
@@ -18,6 +18,9 @@
 		return nil, err
 	}
 
+	if err := d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts["accessPolicy"])); err != nil {
+		return nil, fmt.Errorf("Error setting access_policy_id: %s", err)
+	}
 	if err := d.Set("perimeter_name", fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", parts["accessPolicy"], parts["perimeter"])); err != nil {
 		return nil, fmt.Errorf("Error setting perimeter_name: %s", err)
 	}

diff --git a/mmv1/templates/terraform/encoders/access_context_manager_service_perimeter_resource.go.tmpl b/mmv1/templates/terraform/encoders/access_context_manager_service_perimeter_resource.go.tmpl
@@ -0,0 +1,8 @@
+// Set the access_policy_id field from part of the perimeter_name parameter.
+
+// The is logic is inside the encoder since the access_policy_id field is part of
+// the mutex lock and encoders run before the lock is set.
+parts := strings.Split(d.Get("perimeter_name").(string), "/")
+d.Set("access_policy_id", fmt.Sprintf("accessPolicies/%s", parts[1]))
+
+return obj, nil