Add comments to Go yaml files + refresh

mmv1/products/accesscontextmanager/go_AccessLevel.yaml

@@ -13,6 +13,7 @@
 
 # Warning: This is a temporary file, and should not be edited directly
 ---
+# This is the singular of `AccessLevels`, any changes here should be made to `AccessLevels` as well
 name: 'AccessLevel'
 description: |
   An AccessLevel is a label that can be applied to requests to GCP services,
@@ -31,6 +32,11 @@ docs:
 id_format: '{{name}}'
 base_url: ''
 self_link: '{{name}}'
+# This is an unusual API, so we need to use a few fields to map the methods
+# to the right URL.
+# create_url is the Create URL
+# base_url is the Get and Delete and Patch URL. It is empty on purpose.
+# List won't work yet. It should share a URL with Create.
 create_url: '{{parent}}/accessLevels'
 update_verb: 'PATCH'
 update_mask: true
@@ -57,6 +63,7 @@ async:
 custom_code:
   encoder: 'templates/terraform/encoders/go/access_level_never_send_parent.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_self_link.go.tmpl'
+# Skipping the sweeper due to the non-standard base_url
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_access_level_basic'
@@ -65,6 +72,8 @@ examples:
       access_level_name: 'chromeos_no_lock'
     skip_test: true
 parameters:
+  # Parent is a path parameter that _cannot_ be read or sent in the request at all.
+  # This must be done at the provider level.
   - name: 'parent'
     type: String
     description: |
@@ -111,6 +120,8 @@ properties:
         enum_values:
           - 'AND'
           - 'OR'
+      # All of the false defaults below here are omitted on purpose.
+      # Let's keep this as simple as possible, since they will all be set by the API.
       - name: 'conditions'
         type: Array
         description: |

mmv1/products/accesscontextmanager/go_AccessLevelCondition.yaml

@@ -37,6 +37,11 @@ docs:
 id_format: '{{access_level}}'
 base_url: ''
 self_link: '{{access_level}}'
+# This is an unusual API, so we need to use a few fields to map the methods
+# to the right URL.
+# create_url is the Create URL
+# base_url is the Get and Delete and Patch URL. It is empty on purpose.
+# List won't work yet. It should share a URL with Create.
 create_url: '{{access_level}}'
 create_verb: 'PATCH'
 update_mask: true
@@ -45,6 +50,7 @@ immutable: true
 mutex: '{{access_level}}'
 import_format:
   - '{{access_level}}'
+ # no unique way to specify
 exclude_import: true
 timeouts:
   insert_minutes: 20
@@ -73,6 +79,7 @@ nested_query:
   modify_by_patch: true
 custom_code:
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under AccessLevel
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_access_level_condition_basic'

mmv1/products/accesscontextmanager/go_AccessLevels.yaml

@@ -13,6 +13,7 @@
 
 # Warning: This is a temporary file, and should not be edited directly
 ---
+# This is the plural of `AccessLevel`, any changes here should be made to `AccessLevel` as well
 name: 'AccessLevels'
 description: |
   Replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.
@@ -57,6 +58,7 @@ async:
 custom_code:
   custom_delete: 'templates/terraform/custom_delete/go/replace_all_access_levels_empty_list.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_access_policy.go.tmpl'
+# Skipping the sweeper due to the non-standard base_url
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_access_levels_basic'
@@ -66,6 +68,8 @@ examples:
       access_level_name2: 'mac_no_lock'
     skip_test: true
 parameters:
+  # Parent is a path parameter that _cannot_ be read or sent in the request at all.
+  # This must be done at the provider level.
   - name: 'parent'
     type: String
     description: |
@@ -105,6 +109,8 @@ properties:
           type: NestedObject
           description: |
             A set of predefined conditions for the access level and a combining function.
+          # conflicts:
+          #   - custom
           properties:
             - name: 'combiningFunction'
               type: Enum
@@ -119,6 +125,8 @@ properties:
               enum_values:
                 - 'AND'
                 - 'OR'
+            # All of the false defaults below here are omitted on purpose.
+            # Let's keep this as simple as possible, since they will all be set by the API.
             - name: 'conditions'
               type: Array
               description: |
@@ -282,6 +290,8 @@ properties:
           description: |
             Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.
             See CEL spec at: https://github.com/google/cel-spec.
+          # conflicts:
+          #   - basic
           properties:
             - name: 'expr'
               type: NestedObject

mmv1/products/accesscontextmanager/go_AccessPolicy.yaml

@@ -67,6 +67,7 @@ iam_policy:
     - '{{name}}'
 custom_code:
   post_create: 'templates/terraform/post_create/go/accesspolicy.tmpl'
+# Skipping the sweeper due to the non-standard base_url
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_access_policy_basic'

mmv1/products/accesscontextmanager/go_AuthorizedOrgsDesc.yaml

@@ -61,6 +61,7 @@ custom_code:
   post_create: 'templates/terraform/post_create/go/sleep_2_min.go.tmpl'
   pre_update: 'templates/terraform/update_mask.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_self_link.go.tmpl'
+# Skipping the sweeper due to the non-standard base_url
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_authorized_orgs_desc_basic'

mmv1/products/accesscontextmanager/go_EgressPolicy.yaml

@@ -59,6 +59,7 @@ nested_query:
 custom_code:
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_egress_policy.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter/IngressPolicy
 exclude_sweeper: true
 parameters:
   - name: 'egressPolicyName'

mmv1/products/accesscontextmanager/go_GcpUserAccessBinding.yaml

@@ -59,8 +59,11 @@ examples:
       org_id: 'ORG_ID'
       org_domain: 'ORG_DOMAIN'
       cust_id: 'CUST_ID'
+    # Has a handwritten test due to AccessPolicy-related tests needing to run synchronously
     skip_test: true
 parameters:
+  # Parent is a path parameter that _cannot_ be read or sent in the request at all.
+  # This must be done at the provider level.
   - name: 'organizationId'
     type: String
     description: |

mmv1/products/accesscontextmanager/go_IngressPolicy.yaml

@@ -59,6 +59,7 @@ nested_query:
 custom_code:
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter/IngressPolicy
 exclude_sweeper: true
 parameters:
   - name: 'ingressPolicyName'

mmv1/products/accesscontextmanager/go_ServicePerimeter.yaml

@@ -13,6 +13,7 @@
 
 # Warning: This is a temporary file, and should not be edited directly
 ---
+# This is the singular of `ServicePerimeters`, any changes here should be made to `ServicePerimeters` as well
 name: 'ServicePerimeter'
 description: |
   ServicePerimeter describes a set of GCP resources which can freely import
@@ -38,6 +39,11 @@ docs:
 id_format: '{{name}}'
 base_url: ''
 self_link: '{{name}}'
+# This is an unusual API, so we need to use a few fields to map the methods
+# to the right URL.
+# create_url is the Create URL
+# base_url is the Get and Delete and Patch URL. It is empty on purpose.
+# List won't work yet. It should share a URL with Create.
 create_url: '{{parent}}/servicePerimeters'
 update_verb: 'PATCH'
 update_mask: true
@@ -65,6 +71,7 @@ async:
 custom_code:
   encoder: 'templates/terraform/encoders/go/access_level_never_send_parent.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_self_link.go.tmpl'
+# Skipping the sweeper due to the non-standard base_url
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeter_basic'
@@ -84,6 +91,8 @@ examples:
       service_perimeter_name: 'restrict_bigquery_dryrun_storage'
     skip_test: true
 parameters:
+  # Parent is a path parameter that _cannot_ be read or sent in the request at all.
+  # This must be done at the provider level.
   - name: 'parent'
     type: String
     description: |

mmv1/products/accesscontextmanager/go_ServicePerimeterDryRunEgressPolicy.yaml

@@ -76,6 +76,7 @@ custom_code:
   pre_delete: 'templates/terraform/pre_create/go/access_context_manager_dry_run_resource.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeter_dry_run_egress_policy'

mmv1/products/accesscontextmanager/go_ServicePerimeterDryRunIngressPolicy.yaml

@@ -77,6 +77,7 @@ custom_code:
   pre_delete: 'templates/terraform/pre_create/go/access_context_manager_dry_run_resource.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeter_dry_run_ingress_policy'

mmv1/products/accesscontextmanager/go_ServicePerimeterDryRunResource.yaml

@@ -78,6 +78,7 @@ custom_code:
   pre_delete: 'templates/terraform/pre_create/go/access_context_manager_dry_run_resource.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_resource.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeter_dry_run_resource_basic'

mmv1/products/accesscontextmanager/go_ServicePerimeterEgressPolicy.yaml

@@ -73,6 +73,7 @@ nested_query:
 custom_code:
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeter_egress_policy'

mmv1/products/accesscontextmanager/go_ServicePerimeterIngressPolicy.yaml

@@ -74,6 +74,7 @@ nested_query:
 custom_code:
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_ingress_policy.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeter_ingress_policy'

mmv1/products/accesscontextmanager/go_ServicePerimeterResource.yaml

@@ -75,6 +75,7 @@ nested_query:
 custom_code:
   custom_import: 'templates/terraform/custom_import/go/access_context_manager_service_perimeter_resource.go.tmpl'
 exclude_tgc: true
+# Skipping the sweeper due to the non-standard base_url and because this is fine-grained under ServicePerimeter
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeter_resource_basic'

mmv1/products/accesscontextmanager/go_ServicePerimeters.yaml

@@ -13,6 +13,7 @@
 
 # Warning: This is a temporary file, and should not be edited directly
 ---
+ # This is the plural of `ServicePerimeter`, any changes here should be made to `ServicePerimeter` as well
 name: 'ServicePerimeters'
 description: |
   Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.
@@ -51,6 +52,7 @@ async:
 custom_code:
   custom_delete: 'templates/terraform/custom_delete/go/replace_all_service_perimeters_empty_list.go.tmpl'
   custom_import: 'templates/terraform/custom_import/go/set_access_policy_parent_from_access_policy.go.tmpl'
+# Skipping the sweeper due to the non-standard base_url
 exclude_sweeper: true
 examples:
   - name: 'access_context_manager_service_perimeters_basic'
@@ -60,6 +62,8 @@ examples:
       service_perimeter_name: 'restrict_storage'
     skip_test: true
 parameters:
+  # Parent is a path parameter that _cannot_ be read or sent in the request at all.
+  # This must be done at the provider level.
   - name: 'parent'
     type: String
     description: |
@@ -144,6 +148,12 @@ properties:
                 Currently only projects are allowed.
                 Format: projects/{project_number}
               is_set: true
+              # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported.
+              # (github.com/hashicorp/terraform-plugin-sdk/issues/470)
+              # at_least_one_of:
+              #   - status.0.resources
+              #   - status.0.access_levels
+              #   - status.0.restricted_services
               item_type:
                 type: String
             - name: 'accessLevels'
@@ -160,6 +170,12 @@ properties:
 
                 Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}
               is_set: true
+              # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported.
+              # (github.com/hashicorp/terraform-plugin-sdk/issues/470)
+              # at_least_one_of:
+              #   - spec.0.resources
+              #   - spec.0.access_levels
+              #   - spec.0.restricted_services
               item_type:
                 type: String
             - name: 'restrictedServices'
@@ -171,6 +187,12 @@ properties:
                 buckets inside the perimeter must meet the perimeter's access
                 restrictions.
               is_set: true
+              # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported.
+              # (github.com/hashicorp/terraform-plugin-sdk/issues/470)
+              # at_least_one_of:
+              #   - spec.0.resources
+              #   - spec.0.access_levels
+              #   - spec.0.restricted_services
               item_type:
                 type: String
             - name: 'vpcAccessibleServices'
@@ -437,6 +459,12 @@ properties:
                 A list of GCP resources that are inside of the service perimeter.
                 Currently only projects are allowed.
                 Format: projects/{project_number}
+              # TODO: (mbang) won't work for arrays yet, uncomment here once they are supported.
+              # (github.com/hashicorp/terraform-plugin-sdk/issues/470)
+              # at_least_one_of:
+              #   - spec.0.resources
+              #   - spec.0.access_levels
+              #   - spec.0.restricted_services
               is_set: true
               item_type:
                 type: String

mmv1/products/activedirectory/go_Domain.yaml

@@ -27,6 +27,7 @@ self_link: '{{name}}'
 create_url: 'projects/{{project}}/locations/global/domains?domainName={{domain_name}}'
 update_verb: 'PATCH'
 update_mask: true
+ # equivalent to {{name}}, but makes sweepers work
 delete_url: 'projects/{{project}}/locations/global/domains/{{domain_name}}'
 import_format:
   - '{{name}}'
@@ -42,6 +43,7 @@ async:
     base_url: '{{op_id}}'
     path: 'name'
     wait_ms: 1000
+      # It takes about 35-40 mins to get the resource created
     timeouts:
       insert_minutes: 60
       update_minutes: 60
@@ -63,9 +65,13 @@ examples:
     primary_resource_id: 'ad-domain'
     vars:
       name: 'myorg'
+      # the part of the domain before the first "." must be <15 chars, and
+      # the random suffix is 10 chars. In order to make sure these get swept,
+      # 'tfgen' is the only option here.
       domain_name: 'tfgen'
     ignore_read_extra:
       - 'deletion_protection'
+    # skip the test until Active Directory setup issue got resolved
     skip_test: true
 virtual_fields:
   - name: 'deletion_protection'

mmv1/products/activedirectory/go_DomainTrust.yaml

@@ -27,6 +27,7 @@ self_link: 'projects/{{project}}/locations/global/domains/{{domain}}'
 create_url: 'projects/{{project}}/locations/global/domains/{{domain}}:attachTrust'
 update_url: 'projects/{{project}}/locations/global/domains/{{domain}}:reconfigureTrust'
 update_verb: 'POST'
+  # Resource custom delete function needs to be modified any time when the resource schema is edited
 delete_url: 'projects/{{project}}/locations/global/domains/{{domain}}:detachTrust'
 delete_verb: 'POST'
 import_format:
@@ -60,10 +61,14 @@ custom_code:
   encoder: 'templates/terraform/encoders/go/active_directory_domain_trust.go.tmpl'
   update_encoder: 'templates/terraform/update_encoder/go/active_directory_domain_trust.go.tmpl'
   decoder: 'templates/terraform/decoders/go/unwrap_resource.go.tmpl'
+    # Delete function needs to be modified any time when the resource schema is edited
   custom_delete: 'templates/terraform/custom_delete/go/active_directory_domain_trust.go.tmpl'
 examples:
   - name: 'active_directory_domain_trust_basic'
     primary_resource_id: 'ad-domain-trust'
+      # Fine-grained resource need different autogenerated tests, as
+      # we need to check destroy during a test step where the parent resource
+      # still exists and we need to validate that child resource has been deleted
     skip_test: true
 parameters:
   - name: 'domain'

mmv1/products/activedirectory/go_Peering.yaml

@@ -58,6 +58,7 @@ examples:
     test_env_vars:
       org_id: 'ORG_ID'
       billing_account: 'BILLING_ACCT'
+      # skip the test until Active Directory setup issue got resolved
     skip_test: true
     skip_import_test: true
 parameters: