We don't need to set the ID to "" in read-modify-write helpers, because
once they're done, we read anyways to update state based on the changes.
And that read checks if the binding/member still exists, and does the
SetId("") if it doesn't.
This way, we stick with state only getting set based on the API state,
not by what we think the state will be.
Tests need to have unique names. Whoooops.
Also, the Elem property accepts an interface I guess, which means we
actually need the struct type repetition there.
Use the new projectIamPolicyReadModifyWrite helper to manage the RMW
loop for our policy member resource.
Handle the case of having a binding server-side that doesn't have the
member we expect more elegantly.
We were repeating that logic a lot, so this helper just reads a policy,
calls the passed modify function on the policy, then writes the policy
back and takes care of the optimistic concurrency logic for the caller.
So now all the caller has to do is the unique part, which is the modify
function.
Adds the google_project_iam_member resource, which just ensures that a
single member has a single role.
google_project_iam_member should not be used to grant permissions to a
role controlled by google_project_iam_binding or to a policy controlled
by google_project_iam_policy, as they'll fight for control.
Changing the role is ForceNew, because the role is part of the ID.
Make reads go through to the Binding functions, not the Policy
functions. That's embarrassing.
Add a resource that manages just a single binding within a Google
project's IAM Policy.
Note that this resource should not be used when
google_project_iam_policy is used, or they will fight over which is
correct.
This also required wrapping the error returned from setProjectIamPolicy,
as we need to test to see if it's a 409 error and retry, which can't be
done if we just use fmt.Errorf.
* Add scratch_disk property to google_compute_instance
* docs for scratch_disk
* limit scope of scratchDisks array by using bool, test formatting
* add slash back to disk check
* Add boot_disk property to google_compute_instance
* docs for boot_disk
* limit scope of bootDisk, use bool instead
* test formatting
* make device_name forcenew, add sha256 encryption key