Update generated IAM acceptance tests to include conditions, or omit IAM conditions from missing test detector

[SarahFrench]

What kind of contribution is this issue about?

MMv1-based resource

Details

When new resources are added to the provider and associated IAM resources are added at the same time there are missing test detector messages like this: https://github.com/GoogleCloudPlatform/magic-modules/pull/10757#issuecomment-2123420422

The PR author doesn't have power to update the IAM resource tests because they are generated, and the PR reviewer needs to know context about IAM resource generation.

I imagine that generated IAM resource tests don't include conditions because they aren't available for all IAM resources, which is fair enough! If that is the case it would be good to come up with a way to either stop the missing test detector flagging condition arguments in IAM resources, or enable conditions to be conditionally included in generated IAM acc tests.

References

No response

[SarahFrench]

See also this list: https://github.com/GoogleCloudPlatform/magic-modules/pull/10757#issuecomment-2124753717

[melinath]

We should be able to detect whether a resource supports IAM conditions at generation time using the presence / absence of iam_conditions_request_type. For example, see:

• https://github.com/GoogleCloudPlatform/magic-modules/blob/90d184014297ccf2c1d06fd6fc01c539832ce638/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.erb#L205
• https://github.com/GoogleCloudPlatform/magic-modules/blob/90d184014297ccf2c1d06fd6fc01c539832ce638/mmv1/templates/terraform/resource_iam.html.markdown.erb#L74
• https://github.com/GoogleCloudPlatform/magic-modules/blob/90d184014297ccf2c1d06fd6fc01c539832ce638/mmv1/templates/terraform/iam_policy.go.erb#L197

[melinath]

Weirdly we still add the conditions field to the IAM resources regardless - we just don't document them.

[melinath]

Unfortunately the missing test detector does not run at generation time, and I don't think we have a great way to introspect whether conditions are supported. So the best option really might be to just ignore the conditions field in the missing test detector, since we know they're generated if supported.

Alternatively, the "real" fix would be to not support the fields unless conditions are supported - but that would be a breaking change and a much larger one as well.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

[melinath]

@trodge it looks like the omission isn't working - https://github.com/GoogleCloudPlatform/magic-modules/pull/12181#issuecomment-2475029873