TPG 3.0.0

api/type.rb

@@ -70,6 +70,12 @@ module Fields
       # A list of properties that conflict with this property.
       attr_reader :conflicts
 
+      # A list of properties that at least one of must be set.
+      attr_reader :at_least_one_of
+
+      # A list of properties that exactly one of must be set.
+      attr_reader :exactly_one_of
+
       # Can only be overridden - we should never set this ourselves.
       attr_reader :new_type
 
@@ -109,6 +115,8 @@ def validate
 
       check_default_value_property
       check_conflicts
+      check_at_least_one_of
+      check_exactly_one_of
     end
 
     def to_s
@@ -135,6 +143,10 @@ def to_json(opts = nil)
       instance_variables.each do |v|
         if v == :@conflicts && instance_variable_get(v).empty?
           # ignore empty conflict arrays
+        elsif v == :@at_least_one_of && instance_variable_get(v).empty?
+          # ignore empty at_least_one_of arrays
+        elsif v == :@exactly_one_of && instance_variable_get(v).empty?
+          # ignore empty exactly_one_of arrays
         elsif instance_variable_get(v) == false || instance_variable_get(v).nil?
           # ignore false booleans as non-existence indicates falsey
         elsif !ignored_fields.include? v
@@ -194,6 +206,38 @@ def conflicting
        @__resource.all_user_properties.select { |p| p.conflicts.include?(@api_name) }).uniq
     end
 
+    # Checks that all properties that needs at least one of their fields actually exist.
+    # This currently just returns if empty, because we don't want to do the check, since
+    # this list will have a full path for nested attributes.
+    def check_at_least_one_of
+      check :at_least_one_of, type: ::Array, default: [], item_type: ::String
+
+      return if @at_least_one_of.empty?
+    end
+
+    # Returns list of properties that needs at least one of their fields set.
+    def at_least_one_of_list
+      return [] unless @__resource
+
+      @at_least_one_of
+    end
+
+    # Checks that all properties that needs exactly one of their fields actually exist.
+    # This currently just returns if empty, because we don't want to do the check, since
+    # this list will have a full path for nested attributes.
+    def check_exactly_one_of
+      check :exactly_one_of, type: ::Array, default: [], item_type: ::String
+
+      return if @exactly_one_of.empty?
+    end
+
+    # Returns list of properties that needs exactly one of their fields set.
+    def exactly_one_of_list
+      return [] unless @__resource
+
+      @exactly_one_of
+    end
+
     def type
       self.class.name.split('::').last
     end
@@ -289,6 +333,8 @@ class FetchedExternal < Type
 
       def validate
         @conflicts ||= []
+        @at_least_one_of ||= []
+        @exactly_one_of ||= []
       end
 
       def api_name

overrides/terraform/property_override.rb

@@ -69,6 +69,12 @@ def self.attributes
           # Names of attributes that can't be set alongside this one
           :conflicts_with,
 
+          # Names of attributes that at least one of must be set
+          :at_least_one_of,
+
+          # Names of attributes that exactly one of must be set
+          :exactly_one_of,
+
           # Names of fields that should be included in the updateMask.
           :update_mask_fields,
 

overrides/terraform/resource_override.rb

@@ -76,7 +76,7 @@ def validate
         @examples ||= []
 
         check :legacy_name, type: String
-        check :id_format, type: String, default: '{{name}}'
+        check :id_format, type: String
         check :examples, item_type: Provider::Terraform::Examples, type: Array, default: []
         check :virtual_fields,
               item_type: Provider::Terraform::VirtualFields,

products/accesscontextmanager/api.yaml

@@ -267,14 +267,15 @@ objects:
                           Format: "major.minor.patch" such as "10.5.301", "9.2.1".
                       - !ruby/object:Api::Type::Enum
                         name: 'osType'
+                        required: true
                         description: |
                           The operating system type of the device.
                         values:
-                        - :OS_UNSPECIFIED
-                        - :DESKTOP_MAC
-                        - :DESKTOP_WINDOWS
-                        - :DESKTOP_LINUX
-                        - :DESKTOP_CHROME_OS
+                          - :OS_UNSPECIFIED
+                          - :DESKTOP_MAC
+                          - :DESKTOP_WINDOWS
+                          - :DESKTOP_LINUX
+                          - :DESKTOP_CHROME_OS
   - !ruby/object:Api::Resource
     name: 'ServicePerimeter'
     # This is an unusual API, so we need to use a few fields to map the methods
@@ -376,6 +377,10 @@ objects:
               A list of GCP resources that are inside of the service perimeter.
               Currently only projects are allowed.
               Format: projects/{project_number}
+            at_least_one_of:
+              - status.0.resources
+              - status.0.access_levels
+              - status.0.restricted_services
             item_type: Api::Type::String
           - !ruby/object:Api::Type::Array
             name: 'accessLevels'
@@ -390,6 +395,10 @@ objects:
               be empty.
 
               Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}
+            at_least_one_of:
+              - status.0.resources
+              - status.0.access_levels
+              - status.0.restricted_services
             item_type: Api::Type::String
           - !ruby/object:Api::Type::Array
             name: 'restrictedServices'
@@ -399,4 +408,8 @@ objects:
               `storage.googleapis.com` is specified, access to the storage
               buckets inside the perimeter must meet the perimeter's access
               restrictions.
+            at_least_one_of:
+              - status.0.resources
+              - status.0.access_levels
+              - status.0.restricted_services
             item_type: Api::Type::String

products/accesscontextmanager/terraform.yaml

@@ -19,6 +19,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       update_minutes: 6
       delete_minutes: 6
     autogen_async: true
+    id_format: "{{name}}"
     import_format: ["{{name}}"]
     examples:
       - !ruby/object:Provider::Terraform::Examples

products/appengine/api.yaml

@@ -94,6 +94,7 @@ objects:
               Example: 12345.
           - !ruby/object:Api::Type::Enum
             name: 'sslManagementType'
+            required: true
             description: |
               SSL management type for this domain. If `AUTOMATIC`, a managed certificate is automatically provisioned.
               If `MANUAL`, `certificateId` must be manually specified in order to configure SSL for this domain.
@@ -331,16 +332,19 @@ objects:
               - :REDIRECT_HTTP_RESPONSE_CODE_307
           - !ruby/object:Api::Type::NestedObject
             name: 'script'
+            # TODO (mbang): Exactly one of script, staticFiles, or apiEndpoint must be set
             description: |
               Executes a script to handle the requests that match this URL pattern. 
               Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto".
             properties:
             - !ruby/object:Api::Type::String
               name: 'scriptPath'
+              required: true
               description: |
                 Path to the script from the application root directory.
           - !ruby/object:Api::Type::NestedObject
             name: 'staticFiles'
+            # TODO (mbang): Exactly one of script, staticFiles, or apiEndpoint must be set
             description: |
               Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.
             properties:
@@ -403,10 +407,14 @@ objects:
             name: 'zip'
             description: 'Zip File'
             required: false
+            at_least_one_of:
+              - deployment.0.zip
+              - deployment.0.files
             properties:
               - !ruby/object:Api::Type::String
                 name: 'sourceUrl'
                 description: 'Source URL'
+                required: true
               - !ruby/object:Api::Type::Integer
                 name: 'filesCount'
                 description: 'files count'
@@ -417,6 +425,9 @@ objects:
               Manifest of the files stored in Google Cloud Storage that are included as part of this version.
               All files must be readable using the credentials supplied with this call.
             required: false
+            at_least_one_of:
+              - deployment.0.zip
+              - deployment.0.files
             key_name: 'name'
             key_description: |
               name of file
@@ -428,6 +439,7 @@ objects:
                     SHA1 checksum of the file
                 - !ruby/object:Api::Type::String
                   name: 'sourceUrl'
+                  required: true
                   description: |
                     Source URL
       - !ruby/object:Api::Type::NestedObject
@@ -438,6 +450,7 @@ objects:
         properties:
           - !ruby/object:Api::Type::String
             name: 'shell'
+            required: true
             description: |
               The format should be a shell command that can be fed to bash -c.
       - !ruby/object:Api::Type::String

products/appengine/terraform.yaml

@@ -14,8 +14,7 @@
 --- !ruby/object:Provider::Terraform::Config
 overrides: !ruby/object:Overrides::ResourceOverrides
   FirewallRule: !ruby/object:Overrides::Terraform::ResourceOverride
-    id_format: "{{project}}/{{priority}}"
-    import_format: ["{{project}}/{{priority}}"]
+    import_format: ["apps/{{project}}/firewall/ingressRules/{{priority}}"]
     examples:
       - !ruby/object:Provider::Terraform::Examples
         name: "app_engine_firewall_rule_basic"
@@ -25,7 +24,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         test_env_vars:
           org_id: :ORG_ID
   StandardAppVersion: !ruby/object:Overrides::Terraform::ResourceOverride
-    id_format: "apps/{{project}}/services/{{service}}/versions/{{version_id}}"
     import_format: ["apps/{{project}}/services/{{service}}/versions/{{version_id}}"]
     mutex: "apps/{{project}}"
     parameters:
@@ -73,8 +71,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   DomainMapping: !ruby/object:Overrides::Terraform::ResourceOverride
     self_link: 'apps/{{project}}/domainMappings/{{domain_name}}'
-    id_format: "{{domain_name}}"
-    import_format: ["{{domain_name}}"]
+    id_format: 'apps/{{project}}/domainMappings/{{domain_name}}'
+    import_format: ['apps/{{project}}/domainMappings/{{domain_name}}']
     examples:
       - !ruby/object:Provider::Terraform::Examples
         name: "app_engine_domain_mapping_basic"

products/bigquery/api.yaml

@@ -52,6 +52,7 @@ objects:
               description: An email address of a Google Group to grant access to.
             - !ruby/object:Api::Type::String
               name: 'role'
+              required: true
               description: |
                 Describes the rights granted to the user specified by the other
                 member of the access object. Primitive, Predefined and custom

products/bigquery/terraform.yaml

@@ -15,8 +15,7 @@
 legacy_name: 'bigquery'
 overrides: !ruby/object:Overrides::ResourceOverrides
   Dataset: !ruby/object:Overrides::Terraform::ResourceOverride
-    id_format: "{{project}}:{{dataset_id}}"
-    import_format: ["{{project}}:{{dataset_id}}", "{{project}}/{{dataset_id}}", "{{dataset_id}}"]
+    import_format: ["projects/{{project}}/datasets/{{dataset_id}}"]
     delete_url: projects/{{project}}/datasets/{{dataset_id}}?deleteContents={{delete_contents_on_destroy}}
     examples:
       - !ruby/object:Provider::Terraform::Examples

products/bigtable/api.yaml

@@ -64,23 +64,26 @@ objects:
           Long form description of the use case for this app profile.
       - !ruby/object:Api::Type::Boolean
         name: 'multiClusterRoutingUseAny'
-        conflicts:
-          - singleClusterRouting
+        exactly_one_of:
+          - single_cluster_routing
+          - multi_cluster_routing_use_any
         description: |
           If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available
           in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes
           consistency to improve availability.
         input: true
       - !ruby/object:Api::Type::NestedObject
         name: 'singleClusterRouting'
-        conflicts:
-          - multiClusterRoutingUseAny
+        exactly_one_of:
+          - single_cluster_routing
+          - multi_cluster_routing_use_any
         description: |
           Use a single-cluster routing policy.
         input: true
         properties:
             - !ruby/object:Api::Type::String
               name: 'clusterId'
+              required: true
               description: |
                 The cluster to which read/write requests should be routed.
             - !ruby/object:Api::Type::Boolean

products/bigtable/terraform.yaml

@@ -14,7 +14,7 @@
 --- !ruby/object:Provider::Terraform::Config
 overrides: !ruby/object:Overrides::ResourceOverrides
   AppProfile: !ruby/object:Overrides::Terraform::ResourceOverride
-    id_format: "{{project}}/{{instance}}/{{app_profile_id}}"
+    id_format: "projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}}"
     import_format: ["projects/{{project}}/instances/{{instance}}/appProfiles/{{app_profile_id}}"]
     examples:
       - !ruby/object:Provider::Terraform::Examples

products/binaryauthorization/api.yaml

@@ -96,6 +96,7 @@ objects:
                     See the documentation on publicKey cases below for details.
                 - !ruby/object:Api::Type::String
                   name: asciiArmoredPgpPublicKey
+                  # TODO (mbang): Exactly one of asciiArmoredPgpPublicKey or pkixPublicKey must be set
                   description: |
                     ASCII-armored representation of a PGP public key, as the
                     entire output by the command
@@ -108,6 +109,7 @@ objects:
                     be overwritten by the API-calculated ID.
                 - !ruby/object:Api::Type::NestedObject
                   name: pkixPublicKey
+                  # TODO (mbang): Exactly one of asciiArmoredPgpPublicKey or pkixPublicKey must be set
                   description: |
                     A raw PKIX SubjectPublicKeyInfo format public key.
 
@@ -178,6 +180,7 @@ objects:
           properties:
             - !ruby/object:Api::Type::String
               name: namePattern
+              required: true
               description: |
                 An image name pattern to whitelist, in the form
                 `registry/path/to/image`. This supports a trailing * as a
@@ -202,6 +205,7 @@ objects:
           properties:
             - !ruby/object:Api::Type::Enum
               name: evaluationMode
+              required: true
               description: How this admission rule will be evaluated.
               values:
                 - :ALWAYS_ALLOW
@@ -221,6 +225,7 @@ objects:
               item_type: Api::Type::String
             - !ruby/object:Api::Type::Enum
               name: enforcementMode
+              required: true
               description: |
                 The action when a pod creation is denied by the admission rule.
               values:

products/binaryauthorization/terraform.yaml

@@ -15,7 +15,6 @@
 overrides: !ruby/object:Overrides::ResourceOverrides
   Attestor: !ruby/object:Overrides::Terraform::ResourceOverride
     import_format: ["projects/{{project}}/attestors/{{name}}"]
-    id_format: "{{project}}/{{name}}"
     examples:
      - !ruby/object:Provider::Terraform::Examples
       name: "binary_authorization_attestor_basic"
@@ -39,7 +38,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     properties:
       name: !ruby/object:Overrides::Terraform::PropertyOverride
         custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb'
-        custom_expand: 'templates/terraform/custom_expand/binaryauthorization_attestor_name.erb'
+        custom_expand: 'templates/terraform/custom_expand/shortname_to_url.go.erb'
       attestationAuthorityNote.noteReference: !ruby/object:Overrides::Terraform::PropertyOverride
         custom_expand: 'templates/terraform/custom_expand/container_analysis_note.erb'
         diff_suppress_func: 'compareSelfLinkOrResourceName'
@@ -54,7 +53,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       attestationAuthorityNote.publicKeys.id: !ruby/object:Overrides::Terraform::PropertyOverride
         default_from_api: true
   Policy: !ruby/object:Overrides::Terraform::ResourceOverride
-    id_format: "{{project}}"
+    id_format: "projects/{{project}}"
     import_format: ["projects/{{project}}"]
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       constants: 'templates/terraform/constants/binaryauthorization_policy.erb'