Add requested policy version to folder IAM GET (#4401)

slevenick · web-flow · commit 95894b0d0a29 · 2021-01-15T15:49:23.000-08:00
* Add requested policy version to folder IAM GET

* Add conditions test

* Skip apigee failures in VCR
diff --git a/products/apigee/terraform.yaml b/products/apigee/terraform.yaml
@@ -28,6 +28,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         org_id: :ORG_ID
         billing_account: :BILLING_ACCT
       skip_docs: true
+      # Resource creation race
+      skip_vcr: true
     - !ruby/object:Provider::Terraform::Examples
       name: "apigee_organization_cloud_full"
       skip_test: true
@@ -43,6 +45,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         billing_account: :BILLING_ACCT
       skip_docs: true
       min_version: beta
+      # Resource creation race
+      skip_vcr: true
 
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       custom_import: templates/terraform/custom_import/apigee_organization.go.erb
diff --git a/third_party/terraform/tests/resource_google_folder_iam_member_test.go b/third_party/terraform/tests/resource_google_folder_iam_member_test.go
@@ -153,5 +153,16 @@ resource "google_folder_iam_member" "multiple" {
   member = "user:paddy@hashicorp.com"
   role   = "roles/compute.instanceAdmin"
 }
+
+resource "google_folder_iam_member" "condition" {
+  folder = google_folder.acceptance.name
+  member = "user:paddy@hashicorp.com"
+  role   = "roles/compute.instanceAdmin"
+  condition {
+    title       = "expires_after_2019_12_31"
+    description = "Expiring at midnight of 2019-12-31"
+    expression  = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
+  }
+}
 `, org, fname)
 }
diff --git a/third_party/terraform/utils/iam_folder.go b/third_party/terraform/utils/iam_folder.go
@@ -116,8 +116,11 @@ func v2BetaPolicyToV1(in *resourceManagerV2Beta1.Policy) (*cloudresourcemanager.
 // Retrieve the existing IAM Policy for a folder
 func getFolderIamPolicyByFolderName(folderName, userAgent string, config *Config) (*cloudresourcemanager.Policy, error) {
 	p, err := config.NewResourceManagerV2Beta1Client(userAgent).Folders.GetIamPolicy(folderName,
-		&resourceManagerV2Beta1.GetIamPolicyRequest{}).Do()
-
+		&resourceManagerV2Beta1.GetIamPolicyRequest{
+			Options: &resourceManagerV2Beta1.GetPolicyOptions{
+				RequestedPolicyVersion: iamPolicyVersion,
+			},
+		}).Do()
 	if err != nil {
 		return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for folder %q: {{err}}", folderName), err)
 	}
