add fine-grained resource for service perimeter resource (#3052) (#5574)

* add fine-grained resource for service perimeter resource

* exclude from inspec

* add sidebar entry and change acctest import

* comments, readability

Signed-off-by: Modular Magician <magic-modules@google.com>

Author: modular-magician

.changelog/3052.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_access_context_manager_service_perimeter_resource`
+```

google/bootstrap_utils_test.go

@@ -8,7 +8,9 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
 	"google.golang.org/api/cloudkms/v1"
+	cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1"
 	"google.golang.org/api/iam/v1"
 )
 
@@ -293,3 +295,70 @@ func BootstrapSharedTestNetwork(t *testing.T, testId string) string {
 	}
 	return network.Name
 }
+
+var SharedServicePerimeterProjectPrefix = "tf-bootstrap-sp-"
+
+func BootstrapServicePerimeterProjects(t *testing.T, desiredProjects int) []*cloudresourcemanager.Project {
+	if v := os.Getenv("TF_ACC"); v == "" {
+		log.Println("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set")
+		return nil
+	}
+
+	org := getTestOrgFromEnv(t)
+	config := &Config{
+		Credentials: getTestCredsFromEnv(),
+		Project:     getTestProjectFromEnv(),
+		Region:      getTestRegionFromEnv(),
+		Zone:        getTestZoneFromEnv(),
+	}
+
+	ConfigureBasePaths(config)
+
+	if err := config.LoadAndValidate(context.Background()); err != nil {
+		t.Fatalf("Bootstrapping failed. Unable to load test config: %s", err)
+	}
+
+	// The filter endpoint works differently if you provide both the parent id and parent type, and
+	// doesn't seem to allow for prefix matching. Don't change this to include the parent type unless
+	// that API behavior changes.
+	prefixFilter := fmt.Sprintf("id:%s* parent.id:%s", SharedServicePerimeterProjectPrefix, org)
+	res, err := config.clientResourceManager.Projects.List().Filter(prefixFilter).Do()
+	if err != nil {
+		t.Errorf("Error getting shared test projects: %s", err)
+	}
+
+	projects := res.Projects
+	for len(projects) < desiredProjects {
+		pid := SharedServicePerimeterProjectPrefix + acctest.RandString(10)
+		project := &cloudresourcemanager.Project{
+			ProjectId: pid,
+			Name:      "TF Service Perimeter Test",
+			Parent: &cloudresourcemanager.ResourceId{
+				Type: "organization",
+				Id:   org,
+			},
+		}
+		op, err := config.clientResourceManager.Projects.Create(project).Do()
+		if err != nil {
+			t.Fatalf("Error bootstrapping shared test project: %s", err)
+		}
+
+		opAsMap, err := ConvertToMap(op)
+		if err != nil {
+			t.Fatalf("Error bootstrapping shared test project: %s", err)
+		}
+
+		err = resourceManagerOperationWaitTime(config, opAsMap, "creating project", 4)
+		if err != nil {
+			t.Fatalf("Error bootstrapping shared test project: %s", err)
+		}
+
+		p, err := config.clientResourceManager.Projects.Get(pid).Do()
+		if err != nil {
+			t.Fatalf("Error getting shared test project: %s", err)
+		}
+		projects = append(projects, p)
+	}
+
+	return projects
+}

google/provider.go

@@ -486,9 +486,9 @@ func Provider() terraform.ResourceProvider {
 	return provider
 }
 
-// Generated resources: 98
+// Generated resources: 99
 // Generated IAM resources: 48
-// Total generated resources: 146
+// Total generated resources: 147
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -500,6 +500,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_access_context_manager_access_policy":                  resourceAccessContextManagerAccessPolicy(),
 			"google_access_context_manager_access_level":                   resourceAccessContextManagerAccessLevel(),
 			"google_access_context_manager_service_perimeter":              resourceAccessContextManagerServicePerimeter(),
+			"google_access_context_manager_service_perimeter_resource":     resourceAccessContextManagerServicePerimeterResource(),
 			"google_app_engine_domain_mapping":                             resourceAppEngineDomainMapping(),
 			"google_app_engine_firewall_rule":                              resourceAppEngineFirewallRule(),
 			"google_app_engine_standard_app_version":                       resourceAppEngineStandardAppVersion(),

google/resource_access_context_manager_access_policy_test.go

@@ -74,11 +74,12 @@ func testSweepAccessContextManagerPolicies(region string) error {
 // can exist, they need to be ran serially
 func TestAccAccessContextManager(t *testing.T) {
 	testCases := map[string]func(t *testing.T){
-		"access_policy":            testAccAccessContextManagerAccessPolicy_basicTest,
-		"service_perimeter":        testAccAccessContextManagerServicePerimeter_basicTest,
-		"service_perimeter_update": testAccAccessContextManagerServicePerimeter_updateTest,
-		"access_level":             testAccAccessContextManagerAccessLevel_basicTest,
-		"access_level_full":        testAccAccessContextManagerAccessLevel_fullTest,
+		"access_policy":              testAccAccessContextManagerAccessPolicy_basicTest,
+		"service_perimeter":          testAccAccessContextManagerServicePerimeter_basicTest,
+		"service_perimeter_update":   testAccAccessContextManagerServicePerimeter_updateTest,
+		"service_perimeter_resource": testAccAccessContextManagerServicePerimeterResource_basicTest,
+		"access_level":               testAccAccessContextManagerAccessLevel_basicTest,
+		"access_level_full":          testAccAccessContextManagerAccessLevel_fullTest,
 	}
 
 	for name, tc := range testCases {

google/resource_access_context_manager_service_perimeter.go

@@ -206,6 +206,13 @@ func resourceAccessContextManagerServicePerimeterCreate(d *schema.ResourceData,
 		return err
 	}
 
+	lockName, err := replaceVars(d, config, "{{name}}")
+	if err != nil {
+		return err
+	}
+	mutexKV.Lock(lockName)
+	defer mutexKV.Unlock(lockName)
+
 	url, err := replaceVars(d, config, "{{AccessContextManagerBasePath}}{{parent}}/servicePerimeters")
 	if err != nil {
 		return err
@@ -305,6 +312,13 @@ func resourceAccessContextManagerServicePerimeterUpdate(d *schema.ResourceData,
 		return err
 	}
 
+	lockName, err := replaceVars(d, config, "{{name}}")
+	if err != nil {
+		return err
+	}
+	mutexKV.Lock(lockName)
+	defer mutexKV.Unlock(lockName)
+
 	url, err := replaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}")
 	if err != nil {
 		return err
@@ -350,6 +364,13 @@ func resourceAccessContextManagerServicePerimeterUpdate(d *schema.ResourceData,
 func resourceAccessContextManagerServicePerimeterDelete(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
+	lockName, err := replaceVars(d, config, "{{name}}")
+	if err != nil {
+		return err
+	}
+	mutexKV.Lock(lockName)
+	defer mutexKV.Unlock(lockName)
+
 	url, err := replaceVars(d, config, "{{AccessContextManagerBasePath}}{{name}}")
 	if err != nil {
 		return err