Cherry-picks to support 1.20.0 release.

.github/CONTRIBUTING.md

@@ -43,13 +43,17 @@ GOOGLE_ORG
 GOOGLE_BILLING_ACCOUNT
 ```
 
+The only region we support running tests in right now is `us-central1` - some products that are tested here are only available in a few regions, and the only region that all products are available in is `us-central1`.
+
 To run a specific test, use a command such as:
 ```
 make testacc TEST=./google TESTARGS='-run=TestAccContainerNodePool_basic'
 ```
 
 The `TESTARGS` variable is regexp-like, so multiple tests can be run in parallel by specifying a common substring of those tests (for example, `TestAccContainerNodePool` to run all node pool tests).
 
+To run all tests, you can simply omit the `TESTARGS` argument - but please keep in mind that that is quite a few tests and will take quite a long time and create some fairly expensive resources.  It usually is not advisable to run all tests.
+
 ### Writing Tests
 
 Tests should confirm that a resource can be created, and that the resulting Terraform state has the correct values, as well as the created GCP resource.

CHANGELOG.md

@@ -1,4 +1,31 @@
-## 1.19.2 (Unreleased)
+## 1.20.0 (Unreleased)
+
+DEPRECATIONS:
+* **Deprecated `google_compute_snapshot`'s top-level encryption fields.** [GH-2572]
+
+FEATURES: 
+* **New Resource**: `google_storage_object_access_control` for fine-grained management of ACLs on Google Cloud Storage objects [GH-2256]
+* **New Resource**: `google_storage_default_object_access_control` for fine-grained management of default object ACLs on Google Cloud Storage buckets [GH-2358]
+* **New Resource**: `google_sql_ssl_cert` for Google Cloud SQL client SSL certificates. [GH-2290]
+* **New Resource**: `google_monitoring_notification_channel` [GH-2452]
+* **New Resource**: `google_cloud_router_nat` [GH-2576]
+* **New Resource**: `google_monitoring_group` [GH-2451]
+* **New Resource**: `google_billing_account_iam_binding`, `google_billing_account_iam_member`, `google_billing_account_iam_policy` for managing Billing Account IAM policies, including managing Billing Account users. [GH-2143]
+* **New Datasource**: `google_iam_role` datasource to be able to read an IAM role's permissions. [GH-2482]
+
+ENHANCEMENTS:
+* cloudbuild: Added Update support for `google_cloudbuild_trigger`.  [GH-2121]
+* cloudfunctions: Add `runtime` support to `google_cloudfunctions_function` [GH-2340]
+* cloudfunctions: Add new-style Storage and Pub/Sub trigger support to `google_cloudfunctions_function` [GH-2412]
+* compute: `google_compute_health_check` supports for content-based load balancing (`response` field) in HTTP(S) checks. [GH-2550]
+* container: regional and private clusters are in GA now [GH-2364]
+* iam: `google_service_accounts` now supports multiple import formats. [GH-2261]
+
+BUG FIXES:
+* bigquery: added australia and europe regions to the validate function [GH-2333]
+* compute: `google_compute_disk.snapshot`, `google_compute_region_disk.snapshot` properly allow partial URIs. [GH-2450]
+* pubsub: fix issue where not all attributes were saved in state [GH-2469]
+
 ## 1.19.1 (October 12, 2018)
 
 BUG FIXES:

GNUmakefile

@@ -14,7 +14,7 @@ test: fmtcheck
 		xargs -t -n4 go test $(TESTARGS) -timeout=30s -parallel=4
 
 testacc: fmtcheck
-	TF_ACC=1 TF_SCHEMA_PANIC_ON_ERROR=1 go test $(TEST) -v $(TESTARGS) -timeout 120m
+	TF_ACC=1 TF_SCHEMA_PANIC_ON_ERROR=1 go test $(TEST) -v $(TESTARGS) -timeout 120m -ldflags="-X=github.com/terraform-providers/terraform-provider-google/version.ProviderVersion=acc"
 
 vet:
 	@echo "go vet ."

google/config.go

@@ -10,7 +10,8 @@ import (
 
 	"github.com/hashicorp/terraform/helper/logging"
 	"github.com/hashicorp/terraform/helper/pathorcontents"
-	"github.com/hashicorp/terraform/version"
+	"github.com/hashicorp/terraform/httpclient"
+	"github.com/terraform-providers/terraform-provider-google/version"
 
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
@@ -154,9 +155,10 @@ func (c *Config) loadAndValidate() error {
 
 	client.Transport = logging.NewTransport("Google", client.Transport)
 
-	projectURL := "https://www.terraform.io"
-	userAgent := fmt.Sprintf("Terraform/%s (+%s)",
-		version.String(), projectURL)
+	terraformVersion := httpclient.UserAgentString()
+	providerVersion := fmt.Sprintf("terraform-provider-google/%s", version.ProviderVersion)
+	terraformWebsite := "(+https://www.terraform.io)"
+	userAgent := fmt.Sprintf("%s %s %s", terraformVersion, terraformWebsite, providerVersion)
 
 	c.client = client
 	c.userAgent = userAgent

google/data_source_google_container_engine_versions.go

@@ -20,7 +20,6 @@ func dataSourceGoogleContainerEngineVersions() *schema.Resource {
 				Optional: true,
 			},
 			"region": {
-				Deprecated:    "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
 				Type:          schema.TypeString,
 				Optional:      true,
 				ConflictsWith: []string{"zone"},

google/data_source_google_iam_role.go

@@ -0,0 +1,48 @@
+package google
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceGoogleIamRole() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGoogleIamRoleRead,
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"title": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"included_permissions": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"stage": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceGoogleIamRoleRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	roleName := d.Get("name").(string)
+	role, err := config.clientIAM.Roles.Get(roleName).Do()
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("Error reading IAM Role %s: %s", roleName, err))
+	}
+
+	d.SetId(role.Name)
+	d.Set("title", role.Title)
+	d.Set("stage", role.Stage)
+	d.Set("included_permissions", role.IncludedPermissions)
+
+	return nil
+}

google/data_source_google_iam_role_test.go

@@ -0,0 +1,51 @@
+package google
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccDataSourceIAMRole(t *testing.T) {
+	name := "roles/viewer"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckGoogleIamRoleConfig(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGoogleIAMRoleCheck("data.google_iam_role.role"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckGoogleIAMRoleCheck(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		ds, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Can't find iam role data source: %s", n)
+		}
+
+		_, ok = ds.Primary.Attributes["included_permissions.#"]
+		if !ok {
+			return errors.New("can't find 'included_permissions' attribute")
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckGoogleIamRoleConfig(name string) string {
+	return fmt.Sprintf(`
+data "google_iam_role" "role" {
+	name = "%s"
+}
+`, name)
+}

google/iam_billing_account.go

@@ -0,0 +1,105 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform/helper/schema"
+	"google.golang.org/api/cloudbilling/v1"
+	"google.golang.org/api/cloudresourcemanager/v1"
+)
+
+var IamBillingAccountSchema = map[string]*schema.Schema{
+	"billing_account_id": {
+		Type:     schema.TypeString,
+		Required: true,
+		ForceNew: true,
+	},
+}
+
+type BillingAccountIamUpdater struct {
+	billingAccountId string
+	Config           *Config
+}
+
+func NewBillingAccountIamUpdater(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) {
+	return &BillingAccountIamUpdater{
+		billingAccountId: canonicalBillingAccountId(d.Get("billing_account_id").(string)),
+		Config:           config,
+	}, nil
+}
+
+func BillingAccountIdParseFunc(d *schema.ResourceData, _ *Config) error {
+	d.Set("billing_account_id", d.Id())
+	return nil
+}
+
+func (u *BillingAccountIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {
+	return getBillingAccountIamPolicyByBillingAccountName(u.billingAccountId, u.Config)
+}
+
+func (u *BillingAccountIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error {
+	billingPolicy, err := resourceManagerToBillingPolicy(policy)
+	if err != nil {
+		return err
+	}
+
+	_, err = u.Config.clientBilling.BillingAccounts.SetIamPolicy("billingAccounts/"+u.billingAccountId, &cloudbilling.SetIamPolicyRequest{
+		Policy: billingPolicy,
+	}).Do()
+
+	if err != nil {
+		return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err)
+	}
+
+	return nil
+}
+
+func (u *BillingAccountIamUpdater) GetResourceId() string {
+	return u.billingAccountId
+}
+
+func (u *BillingAccountIamUpdater) GetMutexKey() string {
+	return fmt.Sprintf("iam-billing-account-%s", u.billingAccountId)
+}
+
+func (u *BillingAccountIamUpdater) DescribeResource() string {
+	return fmt.Sprintf("billingAccount %q", u.billingAccountId)
+}
+
+func canonicalBillingAccountId(resource string) string {
+	return resource
+}
+
+func resourceManagerToBillingPolicy(p *cloudresourcemanager.Policy) (*cloudbilling.Policy, error) {
+	out := &cloudbilling.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, errwrap.Wrapf("Cannot convert a v1 policy to a billing policy: {{err}}", err)
+	}
+	return out, nil
+}
+
+func billingToResourceManagerPolicy(p *cloudbilling.Policy) (*cloudresourcemanager.Policy, error) {
+	out := &cloudresourcemanager.Policy{}
+	err := Convert(p, out)
+	if err != nil {
+		return nil, errwrap.Wrapf("Cannot convert a billing policy to a v1 policy: {{err}}", err)
+	}
+	return out, nil
+}
+
+// Retrieve the existing IAM Policy for a billing account
+func getBillingAccountIamPolicyByBillingAccountName(resource string, config *Config) (*cloudresourcemanager.Policy, error) {
+	p, err := config.clientBilling.BillingAccounts.GetIamPolicy("billingAccounts/" + resource).Do()
+
+	if err != nil {
+		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for billing account %q: {{err}}", resource), err)
+	}
+
+	v1Policy, err := billingToResourceManagerPolicy(p)
+	if err != nil {
+		return nil, err
+	}
+
+	return v1Policy, nil
+}

google/iam_compute_subnetwork.go

@@ -12,22 +12,22 @@ import (
 
 var IamComputeSubnetworkSchema = map[string]*schema.Schema{
 	"subnetwork": {
-		Deprecated: "This resource is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
+		Deprecated: "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
 		Type:       schema.TypeString,
 		Required:   true,
 		ForceNew:   true,
 	},
 
 	"project": {
-		Deprecated: "This resource is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
+		Deprecated: "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
 		Type:       schema.TypeString,
 		Optional:   true,
 		Computed:   true,
 		ForceNew:   true,
 	},
 
 	"region": {
-		Deprecated: "This resource is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
+		Deprecated: "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
 		Type:       schema.TypeString,
 		Optional:   true,
 		Computed:   true,

google/iam_spanner_database.go

@@ -6,7 +6,7 @@ import (
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/cloudresourcemanager/v1"
-	spanner "google.golang.org/api/spanner/v1"
+	"google.golang.org/api/spanner/v1"
 )
 
 var IamSpannerDatabaseSchema = map[string]*schema.Schema{
@@ -51,17 +51,8 @@ func NewSpannerDatabaseIamUpdater(d *schema.ResourceData, config *Config) (Resou
 }
 
 func SpannerDatabaseIdParseFunc(d *schema.ResourceData, config *Config) error {
-	id, err := extractSpannerDatabaseId(d.Id())
-	if err != nil {
-		return err
-	}
-	d.Set("instance", id.Instance)
-	d.Set("project", id.Project)
-	d.Set("database", id.Database)
-
-	// Explicitly set the id so imported resources have the same ID format as non-imported ones.
-	d.SetId(id.terraformId())
-	return nil
+	_, err := resourceSpannerDatabaseImport("database")(d, config)
+	return err
 }
 
 func (u *SpannerDatabaseIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) {