GoogleCloudPlatform · slevenick · Mar 11, 2025 · Mar 7, 2025
diff --git a/mmv1/products/integrations/AuthConfig.yaml b/mmv1/products/integrations/AuthConfig.yaml
@@ -66,43 +66,59 @@ examples:
     primary_resource_id: 'username_and_password_example'
     vars:
       auth_config_name: 'test-authconfig-username-and-password'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
   - name: 'integrations_auth_config_oauth2_authorization_code'
     primary_resource_id: 'oauth2_authotization_code_example'
     vars:
       auth_config_name: 'test-authconfig-oauth2-authorization-code'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
   - name: 'integrations_auth_config_oauth2_client_credentials'
     primary_resource_id: 'oauth2_client_credentials_example'
     vars:
       auth_config_name: 'test-authconfig-oauth2-client-credentials'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
   - name: 'integrations_auth_config_jwt'
     primary_resource_id: 'jwt_example'
     vars:
       auth_config_name: 'test-authconfig-jwt'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
   - name: 'integrations_auth_config_auth_token'
     primary_resource_id: 'auth_token_example'
     vars:
       auth_config_name: 'test-authconfig-auth-token'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
   - name: 'integrations_auth_config_service_account'
     primary_resource_id: 'service_account_example'
     vars:
       auth_config_name: 'test-authconfig-service-account'
       service_account_id: 'sa'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
   - name: 'integrations_auth_config_oidc_token'
     primary_resource_id: 'oidc_token_example'
     vars:
       auth_config_name: 'test-authconfig-oidc-token'
       service_account_id: 'sa'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
   - name: 'integrations_auth_config_client_certificate_only'
     primary_resource_id: 'client_certificate_example'
     vars:
       auth_config_name: 'test-authconfig-client-certificate'
+    test_vars_overrides:
+      client: 'acctest.BootstrapIntegrationsClient(t, "us-east4")'
     exclude_docs: true
 parameters:
   - name: 'location'

diff --git a/mmv1/products/integrations/Client.yaml b/mmv1/products/integrations/Client.yaml
@@ -45,7 +45,12 @@ examples:
     primary_resource_id: 'example'
     vars:
       key_ring_name: 'my-keyring'
+      crypto_key_name: 'my-crypto-key'
       service_account_id: 'service-acc'
+    test_vars_overrides:
+      key_ring_name: '"tftest-shared-keyring-1"'
+      crypto_key_name: '"tftest-shared-key-1"'
+      kms_key: 'acctest.BootstrapKMSKeyInLocation(t, "us-east1")'
     skip_vcr: true
 parameters:
   - name: 'location'

diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_auth_token.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_auth_token.tf.tmpl
@@ -1,9 +1,5 @@
-resource "google_integrations_client" "client" {
-  location = "us-west2"
-}
-
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "us-west2"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -13,5 +9,4 @@ resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
             token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
         }
     }
-    depends_on = [google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_client_certificate_only.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_client_certificate_only.tf.tmpl
@@ -1,9 +1,5 @@
-resource "google_integrations_client" "client" {
-  location = "us-west3"
-}
-
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "us-west3"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -59,5 +55,4 @@ UwKadZbfwbVF5ipu59UxfVE3lipf/mYePDqMkHVWv/8p+OnnJt9uKnyW8VSOu5uk
 EOT
         passphrase = ""
     }
-    depends_on = [google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_jwt.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_jwt.tf.tmpl
@@ -1,9 +1,5 @@
-resource "google_integrations_client" "client" {
-  location = "us-west4"
-}
-
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "us-west4"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -14,5 +10,4 @@ resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
             secret = "secret"
         }
     }
-    depends_on = [google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_oauth2_authorization_code.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_oauth2_authorization_code.tf.tmpl
@@ -1,9 +1,5 @@
-resource "google_integrations_client" "client" {
-  location = "asia-east1"
-}
-
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "asia-east1"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -16,5 +12,4 @@ resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
             token_endpoint = "https://authorization-server.com/token"
         }
     }
-    depends_on = [google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_oauth2_client_credentials.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_oauth2_client_credentials.tf.tmpl
@@ -1,9 +1,5 @@
-resource "google_integrations_client" "client" {
-  location = "southamerica-east1"
-}
-
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "southamerica-east1"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -30,5 +26,4 @@ resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
             }
         }
     }
-    depends_on = [google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_oidc_token.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_oidc_token.tf.tmpl
@@ -1,14 +1,10 @@
-resource "google_integrations_client" "client" {
-  location = "us-south1"
-}
-
 resource "google_service_account" "service_account" {
   account_id   = "{{index $.Vars "service_account_id"}}"
   display_name = "Service Account"
 }
 
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "us-south1"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -18,5 +14,4 @@ resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
             audience = "https://us-south1-project.cloudfunctions.net/functionA 1234987819200.apps.googleusercontent.com"
         }
     }
-    depends_on = [google_service_account.service_account, google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_service_account.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_service_account.tf.tmpl
@@ -1,14 +1,10 @@
-resource "google_integrations_client" "client" {
-  location = "northamerica-northeast1"
-}
-
 resource "google_service_account" "service_account" {
   account_id   = "{{index $.Vars "service_account_id"}}"
   display_name = "Service Account"
 }
 
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "northamerica-northeast1"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -18,5 +14,4 @@ resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
             scope = "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/adexchange.buyer https://www.googleapis.com/auth/admob.readonly"
         }
     }
-    depends_on = [google_service_account.service_account, google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_auth_config_username_and_password.tf.tmpl b/mmv1/templates/terraform/examples/integrations_auth_config_username_and_password.tf.tmpl
@@ -1,9 +1,5 @@
-resource "google_integrations_client" "client" {
-  location = "northamerica-northeast2"
-}
-
 resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
-    location = "northamerica-northeast2"
+    location = "us-east4"
     display_name = "{{index $.Vars "auth_config_name"}}"
     description = "Test auth config created via terraform"
     decrypted_credential {
@@ -13,5 +9,4 @@ resource "google_integrations_auth_config" "{{$.PrimaryResourceId}}" {
             password = "test-password"
         }
     }
-    depends_on = [google_integrations_client.client]
 }
diff --git a/mmv1/templates/terraform/examples/integrations_client_full.tf.tmpl b/mmv1/templates/terraform/examples/integrations_client_full.tf.tmpl
@@ -1,19 +1,18 @@
-data "google_project" "test_project" {
+data "google_project" "default" {
 }
 
-resource "google_kms_key_ring" "keyring" {
+data "google_kms_key_ring" "keyring" {
   name     = "{{index $.Vars "key_ring_name"}}"
   location = "us-east1"
 }
 
-resource "google_kms_crypto_key" "cryptokey" {
-  name = "crypto-key-example"
-  key_ring = google_kms_key_ring.keyring.id
-  rotation_period = "7776000s"
+data "google_kms_crypto_key" "cryptokey" {
+  name = "{{index $.Vars "crypto_key_name"}}"
+  key_ring = data.google_kms_key_ring.keyring.id
 }
 
-resource "google_kms_crypto_key_version" "test_key" {
-  crypto_key = google_kms_crypto_key.cryptokey.id
+data "google_kms_crypto_key_version" "test_key" {
+  crypto_key = data.google_kms_crypto_key.cryptokey.id
 }
 
 resource "google_service_account" "service_account" {
@@ -27,9 +26,9 @@ resource "google_integrations_client" "{{$.PrimaryResourceId}}" {
   run_as_service_account = google_service_account.service_account.email
   cloud_kms_config {
     kms_location = "us-east1"
-    kms_ring = basename(google_kms_key_ring.keyring.id)
-    key = basename(google_kms_crypto_key.cryptokey.id)
-    key_version = basename(google_kms_crypto_key_version.test_key.id)
-    kms_project_id = data.google_project.test_project.project_id
+    kms_ring = basename(data.google_kms_key_ring.keyring.id)
+    key = basename(data.google_kms_crypto_key.cryptokey.id)
+    key_version = basename(data.google_kms_crypto_key_version.test_key.id)
+    kms_project_id = data.google_project.default.project_id
   }
 }
diff --git a/mmv1/third_party/terraform/acctest/bootstrap_test_utils.go.tmpl b/mmv1/third_party/terraform/acctest/bootstrap_test_utils.go.tmpl
@@ -2194,3 +2194,80 @@ func BootstrapSharedTestTagValue(t *testing.T, testId string, tagKey string) str
 
 	return sharedTagValue
 }
+
+type BootstrapClient struct {
+	ProjectID string
+	Region    string
+	IsGMEK    bool
+}
+
+func BootstrapIntegrationsClient(t *testing.T, locationID string) BootstrapClient {
+	config := BootstrapConfig(t)
+	if config == nil {
+		return BootstrapClient{}
+	}
+
+	projectID := envvar.GetTestProjectFromEnv()
+	parent := fmt.Sprintf("projects/%s/locations/%s", projectID, locationID)
+
+	baseURL := fmt.Sprintf("%s%s", config.IntegrationsBasePath, parent)
+
+	resp, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "GET",
+		Project:   projectID,
+		RawURL:    fmt.Sprintf("%s/clients", baseURL),
+		UserAgent: config.UserAgent,
+		Timeout:   2 * time.Minute,
+	})
+	if err != nil && !transport_tpg.IsGoogleApiErrorWithCode(err, 404) {
+		t.Fatalf("Error getting client: %s", err)
+	}
+	if clientVal, ok := resp["client"]; ok {
+		// examine client and deprovision if needed
+		client, ok := clientVal.(map[string]any)
+		if !ok {
+			t.Fatalf("Error reading client from response")
+		}
+
+		shouldDeprovision := true
+		if isGmekVal, ok := client["isGmek"]; ok {
+			if isGmek, ok := isGmekVal.(bool); ok {
+				shouldDeprovision = !isGmek
+			}
+		}
+
+		if shouldDeprovision {
+			_, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+				Config:    config,
+				Method:    "POST",
+				Project:   projectID,
+				RawURL:    fmt.Sprintf("%s/clients:deprovision", baseURL),
+				UserAgent: config.UserAgent,
+				Timeout:   2 * time.Minute,
+			})
+			if err != nil {
+				t.Fatalf("Unable to deprovision client: %s", err)
+			}
+		}
+	}
+
+	// Provision client
+	_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "POST",
+		Project:   projectID,
+		RawURL:    fmt.Sprintf("%s/clients:provision", baseURL),
+		UserAgent: config.UserAgent,
+		Timeout:   2 * time.Minute,
+	})
+	if err != nil {
+		t.Fatalf("Unable to provision client: %s", err)
+	}
+
+	return BootstrapClient{
+		ProjectID: projectID,
+		Region:    locationID,
+		IsGMEK:    true,
+	}
+}