Add requested policy version to folder IAM GET (#4401) (#8235)

* Add requested policy version to folder IAM GET

* Add conditions test

* Skip apigee failures in VCR

Signed-off-by: Modular Magician <[email protected]>

.changelog/4401.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resourcemanager: fixed an inconsistent result when IAM conditions are specified with `google_folder_iam_*`
+```

google/iam_folder.go

@@ -116,8 +116,11 @@ func v2BetaPolicyToV1(in *resourceManagerV2Beta1.Policy) (*cloudresourcemanager.
 // Retrieve the existing IAM Policy for a folder
 func getFolderIamPolicyByFolderName(folderName, userAgent string, config *Config) (*cloudresourcemanager.Policy, error) {
 	p, err := config.NewResourceManagerV2Beta1Client(userAgent).Folders.GetIamPolicy(folderName,
-		&resourceManagerV2Beta1.GetIamPolicyRequest{}).Do()
-
+		&resourceManagerV2Beta1.GetIamPolicyRequest{
+			Options: &resourceManagerV2Beta1.GetPolicyOptions{
+				RequestedPolicyVersion: iamPolicyVersion,
+			},
+		}).Do()
 	if err != nil {
 		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for folder %q: {{err}}", folderName), err)
 	}

google/resource_apigee_organization_generated_test.go

@@ -24,6 +24,7 @@ import (
 )
 
 func TestAccApigeeOrganization_apigeeOrganizationCloudBasicTestExample(t *testing.T) {
+	skipIfVcr(t)
 	t.Parallel()
 
 	context := map[string]interface{}{

google/resource_google_folder_iam_member_test.go

@@ -153,5 +153,16 @@ resource "google_folder_iam_member" "multiple" {
   member = "user:[email protected]"
   role   = "roles/compute.instanceAdmin"
 }
+
+resource "google_folder_iam_member" "condition" {
+  folder = google_folder.acceptance.name
+  member = "user:[email protected]"
+  role   = "roles/compute.instanceAdmin"
+  condition {
+    title       = "expires_after_2019_12_31"
+    description = "Expiring at midnight of 2019-12-31"
+    expression  = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
+  }
+}
 `, org, fname)
 }