feat: (storage) added timeouts for bucket_iam resources (#15062) (#10726)

modular-magician · web-flow · commit 62101a830a50 · 2025-09-15T11:05:10.000-07:00
[upstream:ad70e38c215b03f7082f98235988119a8b39040d]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/15062.txt b/.changelog/15062.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+storage: added support for `timeouts`  to  `google_storage_bucket_iam_binding`, `google_storage_bucket_iam_member`, `google_storage_bucket_iam_policy` resources
+```
diff --git a/google-beta/provider/provider_mmv1_resources.go b/google-beta/provider/provider_mmv1_resources.go
@@ -1813,9 +1813,9 @@ var handwrittenIAMResources = map[string]*schema.Resource{
 	"google_storage_managed_folder_iam_binding":  tpgiamresource.ResourceIamBinding(storage.StorageManagedFolderIamSchema, storage.StorageManagedFolderIamUpdaterProducer, storage.StorageManagedFolderIdParseFunc),
 	"google_storage_managed_folder_iam_member":   tpgiamresource.ResourceIamMember(storage.StorageManagedFolderIamSchema, storage.StorageManagedFolderIamUpdaterProducer, storage.StorageManagedFolderIdParseFunc),
 	"google_storage_managed_folder_iam_policy":   tpgiamresource.ResourceIamPolicy(storage.StorageManagedFolderIamSchema, storage.StorageManagedFolderIamUpdaterProducer, storage.StorageManagedFolderIdParseFunc),
-	"google_storage_bucket_iam_binding":          tpgiamresource.ResourceIamBinding(storage.StorageBucketIamSchema, storage.StorageBucketIamUpdaterProducer, storage.StorageBucketIdParseFunc),
-	"google_storage_bucket_iam_member":           tpgiamresource.ResourceIamMember(storage.StorageBucketIamSchema, storage.StorageBucketIamUpdaterProducer, storage.StorageBucketIdParseFunc),
-	"google_storage_bucket_iam_policy":           tpgiamresource.ResourceIamPolicy(storage.StorageBucketIamSchema, storage.StorageBucketIamUpdaterProducer, storage.StorageBucketIdParseFunc),
+	"google_storage_bucket_iam_binding":          tpgiamresource.ResourceIamBinding(storage.StorageBucketIamSchema, storage.StorageBucketIamUpdaterProducer, storage.StorageBucketIdParseFunc, tpgiamresource.IamCreateTimeOut(20)),
+	"google_storage_bucket_iam_member":           tpgiamresource.ResourceIamMember(storage.StorageBucketIamSchema, storage.StorageBucketIamUpdaterProducer, storage.StorageBucketIdParseFunc, tpgiamresource.IamCreateTimeOut(20)),
+	"google_storage_bucket_iam_policy":           tpgiamresource.ResourceIamPolicy(storage.StorageBucketIamSchema, storage.StorageBucketIamUpdaterProducer, storage.StorageBucketIdParseFunc, tpgiamresource.IamCreateTimeOut(20)),
 	"google_organization_iam_binding":            tpgiamresource.ResourceIamBinding(resourcemanager.IamOrganizationSchema, resourcemanager.NewOrganizationIamUpdater, resourcemanager.OrgIdParseFunc),
 	"google_organization_iam_member":             tpgiamresource.ResourceIamMember(resourcemanager.IamOrganizationSchema, resourcemanager.NewOrganizationIamUpdater, resourcemanager.OrgIdParseFunc),
 	"google_organization_iam_policy":             tpgiamresource.ResourceIamPolicy(resourcemanager.IamOrganizationSchema, resourcemanager.NewOrganizationIamUpdater, resourcemanager.OrgIdParseFunc),
diff --git a/google-beta/services/storage/iam_storage_bucket_test.go b/google-beta/services/storage/iam_storage_bucket_test.go
@@ -373,6 +373,9 @@ resource "google_storage_bucket_iam_member" "foo" {
   bucket = google_storage_bucket.default.name
   role = "%{role}"
   member = "user:admin@hashicorptest.com"
+  timeouts {
+    create = "5m"
+  }
 }
 `, context)
 }
@@ -399,6 +402,9 @@ data "google_iam_policy" "foo" {
 resource "google_storage_bucket_iam_policy" "foo" {
   bucket = google_storage_bucket.default.name
   policy_data = data.google_iam_policy.foo.policy_data
+  timeouts {
+    create = "5m"
+  }
 }
 
 data "google_storage_bucket_iam_policy" "foo" {
@@ -440,6 +446,9 @@ resource "google_storage_bucket_iam_binding" "foo" {
   bucket = google_storage_bucket.default.name
   role = "%{role}"
   members = ["user:admin@hashicorptest.com"]
+  timeouts {
+    create = "5m"
+  }
 }
 `, context)
 }
diff --git a/google-beta/tpgiamresource/iam.go b/google-beta/tpgiamresource/iam.go
@@ -485,6 +485,7 @@ type IamSettings struct {
 	EnableBatching     bool
 	StateUpgraders     []schema.StateUpgrader
 	SchemaVersion      int
+	CreateTimeOut      int64
 }
 
 func NewIamSettings(options ...func(*IamSettings)) *IamSettings {
@@ -521,6 +522,12 @@ func IamWithSchemaVersion(version int) func(*IamSettings) {
 	}
 }
 
+func IamCreateTimeOut(createTimeout int64) func(s *IamSettings) {
+	return func(s *IamSettings) {
+		s.CreateTimeOut = createTimeout
+	}
+}
+
 // Util to deref and print auditConfigs
 func DebugPrintAuditConfigs(bs []*cloudresourcemanager.AuditConfig) string {
 	v, _ := json.MarshalIndent(bs, "", "\t")
diff --git a/google-beta/tpgiamresource/resource_iam_binding.go b/google-beta/tpgiamresource/resource_iam_binding.go
@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"
 
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
@@ -81,8 +82,9 @@ var iamBindingSchema = map[string]*schema.Schema{
 
 func ResourceIamBinding(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser ResourceIdParserFunc, options ...func(*IamSettings)) *schema.Resource {
 	settings := NewIamSettings(options...)
+	createTimeOut := time.Duration(settings.CreateTimeOut) * time.Minute
 
-	return &schema.Resource{
+	resource := &schema.Resource{
 		Create: resourceIamBindingCreateUpdate(newUpdaterFunc, settings.EnableBatching),
 		Read:   resourceIamBindingRead(newUpdaterFunc),
 		Update: resourceIamBindingCreateUpdate(newUpdaterFunc, settings.EnableBatching),
@@ -99,6 +101,12 @@ func ResourceIamBinding(parentSpecificSchema map[string]*schema.Schema, newUpdat
 		},
 		UseJSONNumber: true,
 	}
+	if createTimeOut > 0 {
+		resource.Timeouts = &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(createTimeOut),
+		}
+	}
+	return resource
 }
 
 func resourceIamBindingCreateUpdate(newUpdaterFunc NewResourceIamUpdaterFunc, enableBatching bool) func(*schema.ResourceData, interface{}) error {
diff --git a/google-beta/tpgiamresource/resource_iam_member.go b/google-beta/tpgiamresource/resource_iam_member.go
@@ -22,6 +22,7 @@ import (
 	"log"
 	"regexp"
 	"strings"
+	"time"
 
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
@@ -188,7 +189,9 @@ func iamMemberImport(newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser
 func ResourceIamMember(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser ResourceIdParserFunc, options ...func(*IamSettings)) *schema.Resource {
 	settings := NewIamSettings(options...)
 
-	return &schema.Resource{
+	createTimeOut := time.Duration(settings.CreateTimeOut) * time.Minute
+
+	resourceSchema := &schema.Resource{
 		Create: resourceIamMemberCreate(newUpdaterFunc, settings.EnableBatching),
 		Read:   resourceIamMemberRead(newUpdaterFunc),
 		Delete: resourceIamMemberDelete(newUpdaterFunc, settings.EnableBatching),
@@ -205,6 +208,13 @@ func ResourceIamMember(parentSpecificSchema map[string]*schema.Schema, newUpdate
 		},
 		UseJSONNumber: true,
 	}
+
+	if createTimeOut > 0 {
+		resourceSchema.Timeouts = &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(createTimeOut),
+		}
+	}
+	return resourceSchema
 }
 
 func getResourceIamMember(d *schema.ResourceData) *cloudresourcemanager.Binding {
diff --git a/google-beta/tpgiamresource/resource_iam_policy.go b/google-beta/tpgiamresource/resource_iam_policy.go
@@ -17,12 +17,12 @@
 package tpgiamresource
 
 import (
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-
 	"encoding/json"
 	"errors"
 	"fmt"
+	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
 
@@ -58,8 +58,9 @@ func iamPolicyImport(resourceIdParser ResourceIdParserFunc) schema.StateFunc {
 
 func ResourceIamPolicy(parentSpecificSchema map[string]*schema.Schema, newUpdaterFunc NewResourceIamUpdaterFunc, resourceIdParser ResourceIdParserFunc, options ...func(*IamSettings)) *schema.Resource {
 	settings := NewIamSettings(options...)
+	createTimeOut := time.Duration(settings.CreateTimeOut) * time.Minute
 
-	return &schema.Resource{
+	resourceSchema := &schema.Resource{
 		Create: ResourceIamPolicyCreate(newUpdaterFunc),
 		Read:   ResourceIamPolicyRead(newUpdaterFunc),
 		Update: ResourceIamPolicyUpdate(newUpdaterFunc),
@@ -77,6 +78,12 @@ func ResourceIamPolicy(parentSpecificSchema map[string]*schema.Schema, newUpdate
 		},
 		UseJSONNumber: true,
 	}
+	if createTimeOut > 0 {
+		resourceSchema.Timeouts = &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(createTimeOut),
+		}
+	}
+	return resourceSchema
 }
 
 func ResourceIamPolicyCreate(newUpdaterFunc NewResourceIamUpdaterFunc) schema.CreateFunc {
diff --git a/website/docs/r/storage_bucket_iam.html.markdown b/website/docs/r/storage_bucket_iam.html.markdown
@@ -51,6 +51,9 @@ data "google_iam_policy" "admin" {
 resource "google_storage_bucket_iam_policy" "policy" {
   bucket = google_storage_bucket.default.name
   policy_data = data.google_iam_policy.admin.policy_data
+  timeouts {
+    create = "5m"
+  }
 }
 ```
 
@@ -75,6 +78,9 @@ data "google_iam_policy" "admin" {
 resource "google_storage_bucket_iam_policy" "policy" {
   bucket = google_storage_bucket.default.name
   policy_data = data.google_iam_policy.admin.policy_data
+  timeouts {
+    create = "5m"
+  }
 }
 ```
 ## google_storage_bucket_iam_binding
@@ -86,6 +92,9 @@ resource "google_storage_bucket_iam_binding" "binding" {
   members = [
     "user:jane@example.com",
   ]
+  timeouts {
+    create = "5m"
+  }
 }
 ```
 
@@ -104,6 +113,9 @@ resource "google_storage_bucket_iam_binding" "binding" {
     description = "Expiring at midnight of 2019-12-31"
     expression  = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
   }
+  timeouts {
+    create = "5m"
+  }
 }
 ```
 ## google_storage_bucket_iam_member
@@ -113,6 +125,9 @@ resource "google_storage_bucket_iam_member" "member" {
   bucket = google_storage_bucket.default.name
   role = "roles/storage.admin"
   member = "user:jane@example.com"
+  timeouts {
+    create = "5m"
+  }
 }
 ```
 
@@ -129,6 +144,9 @@ resource "google_storage_bucket_iam_member" "member" {
     description = "Expiring at midnight of 2019-12-31"
     expression  = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
   }
+  timeouts {
+    create = "5m"
+  }
 }
 ```
 
@@ -180,6 +198,13 @@ exported:
 
 * `etag` - (Computed) The etag of the IAM policy.
 
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+
 ## Import
 
 For all import syntaxes, the "resource in question" can take any of the following forms:

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+storage: added support for `timeouts` to `google_storage_bucket_iam_binding`, `google_storage_bucket_iam_member`, `google_storage_bucket_iam_policy` resources
	`3`	+```
Original file line number	Diff line number	Diff line change
`@@ -373,6 +373,9 @@ resource "google_storage_bucket_iam_member" "foo" {`
`373`	`373`	`bucket = google_storage_bucket.default.name`
`374`	`374`	`role = "%{role}"`
`375`	`375`	`member = "user:admin@hashicorptest.com"`
	`376`	`+ timeouts {`
	`377`	`+ create = "5m"`
	`378`	`+ }`
`376`	`379`	`}`
`377`	`380`	`, context)
`378`	`381`	`}`
`@@ -399,6 +402,9 @@ data "google_iam_policy" "foo" {`
`399`	`402`	`resource "google_storage_bucket_iam_policy" "foo" {`
`400`	`403`	`bucket = google_storage_bucket.default.name`
`401`	`404`	`policy_data = data.google_iam_policy.foo.policy_data`
	`405`	`+ timeouts {`
	`406`	`+ create = "5m"`
	`407`	`+ }`
`402`	`408`	`}`
`403`	`409`
`404`	`410`	`data "google_storage_bucket_iam_policy" "foo" {`
`@@ -440,6 +446,9 @@ resource "google_storage_bucket_iam_binding" "foo" {`
`440`	`446`	`bucket = google_storage_bucket.default.name`
`441`	`447`	`role = "%{role}"`
`442`	`448`	`members = ["user:admin@hashicorptest.com"]`
	`449`	`+ timeouts {`
	`450`	`+ create = "5m"`
	`451`	`+ }`
`443`	`452`	`}`
`444`	`453`	`, context)
`445`	`454`	`}`
Original file line number	Diff line number	Diff line change
`@@ -485,6 +485,7 @@ type IamSettings struct {`
`485`	`485`	`EnableBatching bool`
`486`	`486`	`StateUpgraders []schema.StateUpgrader`
`487`	`487`	`SchemaVersion int`
	`488`	`+ CreateTimeOut int64`
`488`	`489`	`}`
`489`	`490`
`490`	`491`	`func NewIamSettings(options ...func(IamSettings)) IamSettings {`
`@@ -521,6 +522,12 @@ func IamWithSchemaVersion(version int) func(*IamSettings) {`
`521`	`522`	`}`
`522`	`523`	`}`
`523`	`524`
	`525`	`+func IamCreateTimeOut(createTimeout int64) func(s *IamSettings) {`
	`526`	`+ return func(s *IamSettings) {`
	`527`	`+ s.CreateTimeOut = createTimeout`
	`528`	`+ }`
	`529`	`+}`
	`530`	`+`
`524`	`531`	`// Util to deref and print auditConfigs`
`525`	`532`	`func DebugPrintAuditConfigs(bs []*cloudresourcemanager.AuditConfig) string {`
`526`	`533`	`v, _ := json.MarshalIndent(bs, "", "\t")`