Create namespace IAM resource

[rambleraptor]

Hello friends! Long time no see!

I've got a bit of a convoluted PR here:

This adds just IAM resources for the BigLake Namespace resource, not the actual BigLake namespace resource. It also adds support for adding the x-goog-user-project header, which is necessary to send over.

I've done local testing and this works as expected. We can't use the automated IAM tests to create the actual resource, since we need to use a separate not-yet-published Terraform provider to handle those resources.

(optional - why? The BigLake namespace resource follows the Iceberg REST Catalog spec, which is developed by the Apache Iceberg project. It doesn't follow the Google AIP standard and writing a Terraform resource in Magic Modules would be impossible. The Iceberg project is working on their own Terraform provider and that's the recommended way to manage these Iceberg resources. But, IAM is a Google thing with Google APIs, so we need separate IAM resources).

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

`google_biglake_iceberg_namespace_iam_policy`

`google_biglake_iceberg_namespace_iam_binding`

`google_biglake_iceberg_namespace_iam_member`

[rambleraptor]

@SirGitsalot could you take a look at this?

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@melinath, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[melinath]

hey @rambleraptor!

I've approved the build - note go/terraform-auto-test-runs. @SirGitsalot isn't available at the moment; do they have additional context on this PR?

[melinath]

For resources we ended up handling this by making the headers object available for pre_create etc. custom code... but I think it would be fine to use a single flag here for now since we don't have other use cases.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 104 files changed, 1194 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 122 files changed, 1266 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 104 files changed, 791 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_biglake_iceberg_namespace_iam_binding (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_biglake_iceberg_namespace_iam_binding" "primary" {
  catalog = # value needed
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
  members = # value needed
  name    = # value needed
  role    = # value needed
}

Resource: google_biglake_iceberg_namespace_iam_member (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_biglake_iceberg_namespace_iam_member" "primary" {
  catalog = # value needed
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
  member = # value needed
  name   = # value needed
  role   = # value needed
}

Resource: google_biglake_iceberg_namespace_iam_policy (0 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_biglake_iceberg_namespace_iam_policy" "primary" {
  catalog     = # value needed
  name        = # value needed
  policy_data = # value needed
}

[modular-magician]

Tests analytics

Total tests: 3306
Passed tests: 3044
Skipped tests: 255
Affected tests: 7

Click here to see the affected service packages

• bigqueryanalyticshub
• bigqueryconnection
• bigquerydatapolicyv2
• cloudrun
• iap
• tags
• apigee
• cloudbuildv2
• healthcare
• securitycenter
• servicemanagement
• workbench
• artifactregistry
• bigquerydatapolicy
• colab
• dns
• notebooks
• workstations
• accesscontextmanager
• binaryauthorization
• cloudfunctions
• iamworkforcepool
• pubsub
• securesourcemanager
• beyondcorp
• clouddeploy
• containeranalysis
• gkehub
• iambeta
• kms
• networksecurity
• secretmanagerregional
• bigquery
• cloudfunctions2
• cloudtasks
• dataform
• dataproc
• dataprocmetastore
• logging
• privateca
• biglakeiceberg
• compute
• datacatalog
• datafusion
• dataplex
• gemini
• secretmanager
• servicedirectory
• apigateway
• cloudrunv2
• gkebackup
• gkehub2
• runtimeconfig
• securitycenterv2
• sourcerepo
• vertexai

Action taken

Found 7 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccAccessContextManager
• TestAccBiglakeIcebergIcebergNamespaceIamBindingGenerated
• TestAccBiglakeIcebergIcebergNamespaceIamMemberGenerated
• TestAccBiglakeIcebergIcebergNamespaceIamPolicyGenerated
• TestAccDataSourceGoogleTagsTagKey_withRegex
• TestAccDataSourceGoogleTagsTagKeys_withRegex
• TestAccTags

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccAccessContextManager__access_level [Debug log]
TestAccAccessContextManager__access_level_condition [Debug log]
TestAccAccessContextManager__access_level_custom [Debug log]
TestAccAccessContextManager__access_level_full [Debug log]
TestAccAccessContextManager__access_levels [Debug log]
TestAccAccessContextManager__access_policy [Debug log]
TestAccAccessContextManager__access_policy_scoped [Debug log]
TestAccAccessContextManager__authorized_orgs_desc [Debug log]
TestAccAccessContextManager__service_perimeter [Debug log]
TestAccAccessContextManager__service_perimeter_dry_run_egress_policy [Debug log]
TestAccAccessContextManager__service_perimeter_dry_run_ingress_policy [Debug log]
TestAccAccessContextManager__service_perimeter_update [Debug log]
TestAccAccessContextManager__service_perimeters [Debug log]
TestAccDataSourceGoogleTagsTagKey_withRegex [Debug log]
TestAccDataSourceGoogleTagsTagKeys_withRegex [Debug log]
TestAccTags__tagBindingBasic [Debug log]
TestAccTags__tagKeyBasic [Debug log]
TestAccTags__tagKeyBasicWithAllowedValuesRegex [Debug log]
TestAccTags__tagKeyBasicWithPurposeDataGovernance [Debug log]
TestAccTags__tagKeyBasicWithPurposeGceFirewall [Debug log]
TestAccTags__tagKeyIamBinding [Debug log]
TestAccTags__tagKeyIamMember [Debug log]
TestAccTags__tagKeyIamPolicy [Debug log]
TestAccTags__tagKeyUpdate [Debug log]
TestAccTags__tagKeyUpdateAllowedValuesRegex [Debug log]
TestAccTags__tagValueBasic [Debug log]
TestAccTags__tagValueIamBinding [Debug log]
TestAccTags__tagValueIamMember [Debug log]
TestAccTags__tagValueIamPolicy [Debug log]
TestAccTags__tagValueUpdate [Debug log]
TestAccTags__tagsLocationTagBindingBasic [Debug log]
TestAccTags__tagsLocationTagBindingZonal [Debug log]

🔴 Tests failed when rerunning REPLAYING mode:
TestAccAccessContextManager__service_perimeter_dry_run_egress_policy [Error message] [Debug log]
TestAccAccessContextManager__service_perimeter_dry_run_ingress_policy [Error message] [Debug log]

Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made.

Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer.

---

🔴 Tests failed during RECORDING mode:
TestAccBiglakeIcebergIcebergNamespaceIamBindingGenerated [Error message] [Debug log]
TestAccBiglakeIcebergIcebergNamespaceIamMemberGenerated [Error message] [Debug log]
TestAccBiglakeIcebergIcebergNamespaceIamPolicyGenerated [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 104 files changed, 1502 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 122 files changed, 1628 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 104 files changed, 1098 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_biglake_iceberg_namespace_iam_binding (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_biglake_iceberg_namespace_iam_binding" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

Resource: google_biglake_iceberg_namespace_iam_member (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_biglake_iceberg_namespace_iam_member" "primary" {
  condition {
    description = # value needed
    expression  = # value needed
    title       = # value needed
  }
}

[modular-magician]

Tests analytics

Total tests: 3305
Passed tests: 3045
Skipped tests: 255
Affected tests: 5

Click here to see the affected service packages

• beyondcorp
• bigqueryanalyticshub
• notebooks
• privateca
• secretmanagerregional
• securesourcemanager
• servicedirectory
• bigquerydatapolicy
• compute
• dataproc
• dataprocmetastore
• iap
• logging
• secretmanager
• sourcerepo
• cloudfunctions
• cloudtasks
• containeranalysis
• gkebackup
• networksecurity
• pubsub
• securitycenter
• biglakeiceberg
• gemini
• securitycenterv2
• servicemanagement
• workstations
• cloudbuildv2
• artifactregistry
• bigquery
• bigqueryconnection
• datafusion
• dataplex
• kms
• runtimeconfig
• accesscontextmanager
• tags
• vertexai
• workbench
• clouddeploy
• apigateway
• bigquerydatapolicyv2
• cloudfunctions2
• dataform
• dns
• gkehub2
• iambeta
• binaryauthorization
• cloudrun
• cloudrunv2
• colab
• datacatalog
• gkehub
• healthcare
• iamworkforcepool
• apigee

Action taken

Found 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccAccessContextManager
• TestAccBiglakeIcebergIcebergNamespaceIamBindingGenerated
• TestAccBiglakeIcebergIcebergNamespaceIamMemberGenerated
• TestAccBiglakeIcebergIcebergNamespaceIamPolicyGenerated
• TestAccColabRuntime_update

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccAccessContextManager__access_level [Debug log]
TestAccAccessContextManager__access_level_condition [Debug log]
TestAccAccessContextManager__access_level_custom [Debug log]
TestAccAccessContextManager__access_level_full [Debug log]
TestAccAccessContextManager__access_levels [Debug log]
TestAccAccessContextManager__access_policy [Debug log]
TestAccAccessContextManager__access_policy_scoped [Debug log]
TestAccAccessContextManager__authorized_orgs_desc [Debug log]
TestAccAccessContextManager__service_perimeter [Debug log]
TestAccAccessContextManager__service_perimeter_dry_run_egress_policy [Debug log]
TestAccAccessContextManager__service_perimeter_dry_run_ingress_policy [Debug log]
TestAccAccessContextManager__service_perimeter_update [Debug log]
TestAccAccessContextManager__service_perimeters [Debug log]
TestAccColabRuntime_update [Debug log]

🔴 Tests failed when rerunning REPLAYING mode:
TestAccAccessContextManager__service_perimeter_dry_run_egress_policy [Error message] [Debug log]
TestAccAccessContextManager__service_perimeter_dry_run_ingress_policy [Error message] [Debug log]

Tests failed due to non-determinism or randomness when the VCR replayed the response after the HTTP request was made.

Please fix these to complete your PR. If you believe these test failures to be incorrect or unrelated to your change, or if you have any questions, please raise the concern with your reviewer.

---

🔴 Tests failed during RECORDING mode:
TestAccBiglakeIcebergIcebergNamespaceIamBindingGenerated [Error message] [Debug log]
TestAccBiglakeIcebergIcebergNamespaceIamMemberGenerated [Error message] [Debug log]
TestAccBiglakeIcebergIcebergNamespaceIamPolicyGenerated [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test