Add support for GCS managed folders

mmv1/products/storage/ManagedFolder.yaml

@@ -0,0 +1,104 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Resource
+name: 'ManagedFolder'
+kind: 'storage#managedFolder'
+base_url: 'b/{{bucket}}/managedFolders'
+self_link: 'b/{{bucket}}/managedFolders/{{%name}}'
+id_format: '{{bucket}}/{{name}}'
+has_self_link: true
+immutable: true
+skip_sweeper: true # Skipping sweeper since this is a child resource.
+description: |
+  A Google Cloud Storage Managed Folder.
+
+  You can apply Identity and Access Management (IAM) policies to
+  managed folders to grant principals access only to the objects
+  within the managed folder, which lets you more finely control access
+  for specific data sets and tables within a bucket. You can nest
+  managed folders up to 15 levels deep, including the parent managed
+  folder.
+
+  Managed folders can only be created in buckets that have uniform
+  bucket-level access enabled.
+references: !ruby/object:Api::Resource::ReferenceLinks
+  guides:
+    'Official Documentation': 'https://cloud.google.com/storage/docs/managed-folders'
+  api: 'https://cloud.google.com/storage/docs/json_api/v1/managedFolder'
+iam_policy: !ruby/object:Api::Resource::IamPolicy
+  allowed_iam_role: 'roles/storage.objectViewer'
+  admin_iam_role: 'roles/storage.admin'
+  parent_resource_attribute: 'managed_folder'
+  base_url: 'b/{{bucket}}/managedFolders/{{%managed_folder}}'
+  import_format:
+    - '{{bucket}}/managedFolders/{{%managed_folder}}'
+    - '{{managed_folder}}'
+  iam_conditions_request_type: :QUERY_PARAM
+  method_name_separator: '/'
+  fetch_iam_policy_method: 'iam'
+  fetch_iam_policy_verb: :GET
+  set_iam_policy_method: 'iam'
+  set_iam_policy_verb: :PUT
+  wrapped_policy_obj: false
+  skip_import_test: true
+  custom_diff_suppress: 'templates/terraform/iam/storage_managed_folder_diff_suppress.go.erb'
+  example_config_body: 'templates/terraform/iam/example_config_body/storage_managed_folder.tf.erb'
+import_format:
+  - '{{bucket}}/managedFolders/{{%name}}'
+  - '{{bucket}}/{{%name}}'
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'storage_managed_folder_basic'
+    primary_resource_id: 'folder'
+    vars:
+      bucket_name: 'my-bucket'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'storage_managed_folder_nested'
+    primary_resource_id: 'folder'
+    vars:
+      bucket_name: 'my-bucket'
+parameters:
+  - !ruby/object:Api::Type::ResourceRef
+    name: 'bucket'
+    resource: 'Bucket'
+    imports: 'name'
+    description: 'The name of the bucket that contains the managed folder.'
+    required: true
+  - !ruby/object:Api::Type::String
+    name: 'name'
+    description: |
+      The name of the managed folder expressed as a path. For example, `example_dir/example_dir2/`.
+      Must include trailing `/`.
+    required: true
+    # API returns values with trailing slashes, even if not provided.
+    # Enforcing trailing slashes prevents diffs and ensures consistent
+    # output.
+    validation: !ruby/object:Provider::Terraform::Validation
+      regex: '/$'
+properties:
+  - !ruby/object:Api::Type::String
+    name: createTime
+    description: |
+      Output only. The timestamp at which this managed folder was created.
+    output: true
+  - !ruby/object:Api::Type::String
+    name: updateTime
+    description: |
+      Output only. The timestamp at which this managed folder was most recently updated.
+    output: true
+  - !ruby/object:Api::Type::String
+    name: metageneration
+    description: |
+      Output only. The metadata generation of the managed folder.
+    output: true

mmv1/templates/terraform/examples/storage_managed_folder_basic.tf.erb

@@ -0,0 +1,10 @@
+resource "google_storage_bucket" "bucket" {
+  name                        = "<%= ctx[:vars]['bucket_name'] %>"
+  location                    = "EU"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_managed_folder" "<%= ctx[:primary_resource_id] %>" {
+  bucket = google_storage_bucket.bucket.name
+  name   = "managed-folder-1/"
+}

mmv1/templates/terraform/examples/storage_managed_folder_nested.tf.erb

@@ -0,0 +1,15 @@
+resource "google_storage_bucket" "bucket" {
+  name                        = "<%= ctx[:vars]['bucket_name'] %>"
+  location                    = "EU"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_managed_folder" "parent" {
+  bucket = google_storage_bucket.bucket.name
+  name   = "parent/"
+}
+
+resource "google_storage_managed_folder" "<%= ctx[:primary_resource_id] %>" {
+  bucket = google_storage_bucket.bucket.name
+  name   = "${google_storage_managed_folder.parent.name}nested/"
+}

mmv1/templates/terraform/iam/example_config_body/storage_managed_folder.tf.erb

@@ -0,0 +1,2 @@
+  bucket         = google_storage_managed_folder.folder.bucket
+  managed_folder = google_storage_managed_folder.folder.name

mmv1/templates/terraform/iam/storage_managed_folder_diff_suppress.go.erb

@@ -0,0 +1,14 @@
+func <%= object.resource_name -%>DiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
+	// Standard IAM policies use the expanded base URL for the
+	// resource's last parameter. Managed folders have a unique
+	// endpoint format
+	// ('b/{{bucket}}/managedFolders/{{%managed_folder}}'), so we
+	// adjust extraction to correctly identify the folder name.
+
+	oldParts := strings.SplitN(old, "/managedFolders/", 2)
+	if len(oldParts) == 2 {
+		oldFolderName := oldParts[1] + "/"
+		return oldFolderName == new
+	}
+	return false
+}