fix(tags): import of tag resources failed with 403 error

config/externalname.go

@@ -5,6 +5,8 @@
 package config
 
 import (
+	"strings"
+
 	"github.com/crossplane/upjet/pkg/config"
 
 	"github.com/upbound/provider-gcp/config/common"
@@ -1020,18 +1022,32 @@ var terraformPluginSDKExternalNameConfigs = map[string]config.ExternalName{
 	// tags
 	//
 	// Imported by using the following tagBindings/{{name}}
-	"google_tags_tag_binding": config.IdentifierFromProvider,
+	// there is an exception here because terraform SDK wait for a 'name' without tagBindings/
+	"google_tags_tag_binding": NameAsIdentifierWithTrimExternalNamePrefix("tagBindings/"),
 	// Imported by using the following tagKeys/{{name}}
-	"google_tags_tag_key": config.IdentifierFromProvider,
+	// there is an exception here because terraform SDK wait for a 'name' without tagKeys/
+	"google_tags_tag_key": NameAsIdentifierWithTrimExternalNamePrefix("tagKeys/"),
 	// Imported by using the following tagValues/{{name}}
-	"google_tags_tag_value": config.IdentifierFromProvider,
+	// there is an exception here because terraform SDK wait for a 'name' without tagValues/
+	"google_tags_tag_value": NameAsIdentifierWithTrimExternalNamePrefix("tagValues/"),
 }
 
 // cliReconciledExternalNameConfigs contains all external name configurations
 // belonging to Terraform resources to be reconciled under the CLI-based
 // architecture for this provider.
 var cliReconciledExternalNameConfigs = map[string]config.ExternalName{}
 
+// NameAsIdentifierWithTrimExternalNamePrefix uses NameAsIdentifier but
+// trimLeft "prefix" from externalName. It allow to remove prefix in externalName
+// when Terraform provider need it
+func NameAsIdentifierWithTrimExternalNamePrefix(prefix string) config.ExternalName {
+	return config.NewExternalNameFrom(config.NameAsIdentifier, config.WithSetIdentifierArgumentsFn(
+		func(fn config.SetIdentifierArgumentsFn, base map[string]any, externalName string) {
+			externalName = strings.TrimLeft(externalName, prefix)
+			fn(base, externalName)
+		}))
+}
+
 // TemplatedStringAsIdentifierWithNoName uses TemplatedStringAsIdentifier but
 // without the name initializer. This allows it to be used in cases where the ID
 // is constructed with parameters and a provider-defined value, meaning no

config/tags/config.go

@@ -19,15 +19,18 @@ func Configure(p *config.Provider) {
 			TerraformName: "google_tags_tag_value",
 			Extractor:     common.ExtractResourceIDFuncPath,
 		}
+		config.MarkAsRequired(r.TerraformResource, "parent", "tag_value")
 	})
 	p.AddResourceConfigurator("google_tags_tag_key", func(r *config.Resource) {
 		r.UseAsync = true
+		config.MarkAsRequired(r.TerraformResource, "parent", "short_name")
 	})
 	p.AddResourceConfigurator("google_tags_tag_value", func(r *config.Resource) {
 		r.UseAsync = true
 		r.References["parent"] = config.Reference{
 			TerraformName: "google_tags_tag_key",
 			Extractor:     common.ExtractResourceIDFuncPath,
 		}
+		config.MarkAsRequired(r.TerraformResource, "parent", "short_name")
 	})
 }

examples/tags/v1beta1/tagbinding-observe.yaml

@@ -0,0 +1,13 @@
+apiVersion: tags.gcp.upbound.io/v1beta1
+kind: TagBinding
+metadata:
+  annotations:
+    meta.upbound.io/example-id: tags/v1beta1/tagbinding-observe
+    upjet.upbound.io/manual-intervention: "The resource requires a real external name"
+    crossplane.io/external-name: "&{tagBindingID}"
+  labels:
+    testing.upbound.io/example-name: binding-external
+  name: binding-external
+spec:
+  managementPolicies: ["Observe"]
+  forProvider: {}

examples/tags/v1beta1/tagbinding.yaml

@@ -3,16 +3,15 @@ kind: TagBinding
 metadata:
   annotations:
     meta.upbound.io/example-id: tags/v1beta1/tagbinding
-    upjet.upbound.io/manual-intervention: "The resource requires a real Project number"
   labels:
     testing.upbound.io/example-name: binding
   name: binding
 spec:
   forProvider:
-    parent: //cloudresourcemanager.googleapis.com/projects/&{project_number}
+    parent: //cloudresourcemanager.googleapis.com/projects/${data.cloudplatform_project.projectId}
     tagValueSelector:
       matchLabels:
-        testing.upbound.io/example-name: value
+        testing.upbound.io/example-name: binding-value
 
 ---
 
@@ -21,14 +20,13 @@ kind: TagKey
 metadata:
   annotations:
     meta.upbound.io/example-id: tags/v1beta1/tagbinding
-    upjet.upbound.io/manual-intervention: "The resource requires a real Project ID"
   labels:
-    testing.upbound.io/example-name: key
-  name: key
+    testing.upbound.io/example-name: binding-key
+  name: binding-key
 spec:
   forProvider:
     description: For keyname resources.
-    parent: projects/&{project_id}
+    parent: projects/${data.cloudplatform_project.projectId}
     shortName: keyname
 
 ---
@@ -38,14 +36,13 @@ kind: TagValue
 metadata:
   annotations:
     meta.upbound.io/example-id: tags/v1beta1/tagbinding
-    upjet.upbound.io/manual-intervention: "This resource is skipped because the TagBinding resource is skipped"
   labels:
-    testing.upbound.io/example-name: value
-  name: value
+    testing.upbound.io/example-name: binding-value
+  name: binding-value
 spec:
   forProvider:
     description: For valuename resources.
     parentSelector:
       matchLabels:
-        testing.upbound.io/example-name: key
+        testing.upbound.io/example-name: binding-key
     shortName: valuename

examples/tags/v1beta1/tagkey-observe.yaml

@@ -0,0 +1,13 @@
+apiVersion: tags.gcp.upbound.io/v1beta1
+kind: TagKey
+metadata:
+  annotations:
+    meta.upbound.io/example-id: tags/v1beta1/tagkey-observe
+    upjet.upbound.io/manual-intervention: "The resource requires a real external name"
+    crossplane.io/external-name: "tagKeys/281475435132414"
+  labels:
+    testing.upbound.io/example-name: key-external
+  name: key-external
+spec:
+  managementPolicies: ["Observe"]
+  forProvider: {}

examples/tags/v1beta1/tagkey.yaml

@@ -3,12 +3,11 @@ kind: TagKey
 metadata:
   annotations:
     meta.upbound.io/example-id: tags/v1beta1/tagkey
-    upjet.upbound.io/manual-intervention: "The resource requires a real Project ID"
   labels:
     testing.upbound.io/example-name: key
   name: key
 spec:
   forProvider:
     description: For keyname resources.
-    parent: projects/&{project_id}
+    parent: projects/${data.cloudplatform_project.projectId}
     shortName: keyname

examples/tags/v1beta1/tagvalue-observe.yaml

@@ -0,0 +1,13 @@
+apiVersion: tags.gcp.upbound.io/v1beta1
+kind: TagValue
+metadata:
+  annotations:
+    meta.upbound.io/example-id: tags/v1beta1/tagvalue-observe
+    upjet.upbound.io/manual-intervention: "The resource requires a real external name"
+    crossplane.io/external-name: "&{tagValueID}"
+  labels:
+    testing.upbound.io/example-name: value-external
+  name: value-external
+spec:
+  managementPolicies: ["Observe"]
+  forProvider: {}

examples/tags/v1beta1/tagvalue.yaml

@@ -3,7 +3,6 @@ kind: TagValue
 metadata:
   annotations:
     meta.upbound.io/example-id: tags/v1beta1/tagvalue
-    upjet.upbound.io/manual-intervention: "This resource is skipped because the dependent resource is skipped"
   labels:
     testing.upbound.io/example-name: value
   name: value
@@ -12,7 +11,7 @@ spec:
     description: For valuename resources.
     parentSelector:
       matchLabels:
-        testing.upbound.io/example-name: key
+        testing.upbound.io/example-name: value-key
     shortName: valuename
 
 ---
@@ -22,12 +21,11 @@ kind: TagKey
 metadata:
   annotations:
     meta.upbound.io/example-id: tags/v1beta1/tagvalue
-    upjet.upbound.io/manual-intervention: "The resource requires a real Project ID"
   labels:
-    testing.upbound.io/example-name: key
-  name: key
+    testing.upbound.io/example-name: value-key
+  name: value-key
 spec:
   forProvider:
     description: For keyname resources.
-    parent: projects/&{project_id}
+    parent: projects/${data.cloudplatform_project.projectId}
     shortName: keyname