From 504822c2ff79bf5cc6b333433e23ef4b103d4d33 Mon Sep 17 00:00:00 2001 From: Nathan Herring Date: Sat, 30 May 2026 13:58:18 -0700 Subject: [PATCH 1/2] test: add multi-control acceptance test blocks --- ...loud_security_compliance_framework_test.go | 112 ++++-------------- 1 file changed, 24 insertions(+), 88 deletions(-) diff --git a/mmv1/third_party/terraform/services/cloudsecuritycompliance/resource_cloud_security_compliance_framework_test.go b/mmv1/third_party/terraform/services/cloudsecuritycompliance/resource_cloud_security_compliance_framework_test.go index 641ade64e93d..93a087964d53 100644 --- a/mmv1/third_party/terraform/services/cloudsecuritycompliance/resource_cloud_security_compliance_framework_test.go +++ b/mmv1/third_party/terraform/services/cloudsecuritycompliance/resource_cloud_security_compliance_framework_test.go @@ -22,59 +22,27 @@ resource "google_cloud_security_compliance_framework" "example" { description = "An Terraform description for the framework" cloud_control_details { - name = "organizations/%{org_id}/locations/global/cloudControls/builtin-assess-resource-availability" - major_revision_id = "1" + name = "organizations/%{org_id}/locations/global/cloudControls/builtin-cmek-key-in-use-for-bigquery-table" + major_revision_id = "1" parameters { name = "location" parameter_value { - string_value = "us-central1" - } - } - parameters { - name = "oneof-parameter" - parameter_value { - oneof_value { - name = "test-oneof" - parameter_value { - string_value = "test-value" - } - } - } - } - parameters { - name = "bool-parameter" - parameter_value { - oneof_value { - name = "bool-oneof" - parameter_value { - bool_value = true - } - } - } - } - parameters { - name = "number-parameter" - parameter_value { - oneof_value { - name = "number-oneof" - parameter_value { - number_value = 123.45 - } + string_list_value { + values = ["us-central1"] } } } + } + + cloud_control_details { + name = "organizations/%{org_id}/locations/global/cloudControls/builtin-assess-resource-availability" + major_revision_id = "1" + parameters { - name = "string-list-parameter" + name = "location" parameter_value { - oneof_value { - name = "string-list-oneof" - parameter_value { - string_list_value { - values = ["value1", "value2"] - } - } - } + string_value = "us-central1" } } } @@ -132,59 +100,27 @@ resource "google_cloud_security_compliance_framework" "example" { description = "An updated description for the framework with additional details" cloud_control_details { - name = "organizations/%{org_id}/locations/global/cloudControls/builtin-data-access-governance" + name = "organizations/%{org_id}/locations/global/cloudControls/builtin-cmek-key-in-use-for-bigquery-table" major_revision_id = "1" parameters { - name = "region" - parameter_value { - string_value = "eu" - } - } - parameters { - name = "oneof-parameter" - parameter_value { - oneof_value { - name = "updated-oneof" - parameter_value { - string_value = "updated-value" - } - } - } - } - parameters { - name = "bool-parameter" - parameter_value { - oneof_value { - name = "bool-oneof" - parameter_value { - bool_value = true - } - } - } - } - parameters { - name = "number-parameter" + name = "location" parameter_value { - oneof_value { - name = "number-oneof" - parameter_value { - number_value = 678.90 - } + string_list_value { + values = ["us-central1"] } } } + } + + cloud_control_details { + name = "organizations/%{org_id}/locations/global/cloudControls/builtin-assess-resource-availability" + major_revision_id = "1" + parameters { - name = "string-list-parameter" + name = "location" parameter_value { - oneof_value { - name = "string-list-oneof" - parameter_value { - string_list_value { - values = ["value3", "value4"] - } - } - } + string_value = "us-east1" } } } From 61e7e7a813141b2fa0a6ed3a18fa8afcc2b4a2b9 Mon Sep 17 00:00:00 2001 From: Nathan Herring Date: Tue, 26 May 2026 10:15:04 -0700 Subject: [PATCH 2/2] Convert google_cloud_security_compliance_framework cloud_control_details to TypeSet Refactors the cloud_control_details parameter inside the google_cloud_security_compliance_framework resource schema to be an unordered_list (TypeSet). This ignores the arbitrary element ordering returned by the backend REST API during read evaluations, completely eliminating continuous plan-drift index-swap warnings. This is a breaking change targeted at the TPG v6.0.0 release. Fixes https://github.com/hashicorp/terraform-provider-google/issues/27543 --- mmv1/products/cloudsecuritycompliance/Framework.yaml | 1 + mmv1/templates/terraform/resource.go.tmpl | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/mmv1/products/cloudsecuritycompliance/Framework.yaml b/mmv1/products/cloudsecuritycompliance/Framework.yaml index 64dbedb1df30..253b1e874c29 100644 --- a/mmv1/products/cloudsecuritycompliance/Framework.yaml +++ b/mmv1/products/cloudsecuritycompliance/Framework.yaml @@ -65,6 +65,7 @@ properties: output: true - name: cloudControlDetails type: Array + unordered_list: true description: |- The details of the cloud controls directly added without any grouping in the framework. diff --git a/mmv1/templates/terraform/resource.go.tmpl b/mmv1/templates/terraform/resource.go.tmpl index 5c1a05f39559..d0b97cb9f17e 100644 --- a/mmv1/templates/terraform/resource.go.tmpl +++ b/mmv1/templates/terraform/resource.go.tmpl @@ -141,7 +141,7 @@ func Resource{{ $.ResourceName -}}() *schema.Resource { {{- end }} }, {{- end }} -{{- if or (and (or $.HasProject $.HasRegion $.HasZone) (not $.ExcludeDefaultCdiff)) $.CustomDiff }} +{{- if or (and (or $.HasProject $.HasRegion $.HasZone) (not $.ExcludeDefaultCdiff)) $.CustomDiff $.UnorderedListProperties }} CustomizeDiff: customdiff.All( {{- if $.UnorderedListProperties }} {{- range $prop := $.UnorderedListProperties }}