Merge pull request GoogleCloudPlatform#3299 from jasonvigil/fix-apige…

…e-environment-conditional-iam-docs

fix: Update docs for ApigeeEnvironment conditional IAM support

scripts/generate-google3-docs/resource-reference/generated/resource-docs/apigee/apigeeenvironment.md

@@ -55,7 +55,7 @@ organizations.environments
 
 <tr>
     <td>IAMPolicy/IAMPartialPolicy Supports Conditions</td>
-    <td>Yes</td>
+    <td>No</td>
 </tr>
 <tr>
     <td>IAMPolicyMember Supports Conditions</td>

scripts/generate-google3-docs/resource-reference/generated/resource-docs/iam/iampartialpolicy.md

@@ -113,7 +113,7 @@ resources using `IAMPolicy`, `IAMPartialPolicy`, and `IAMPolicyMember` since
     </tr>
     <tr>
         <td><code>ApigeeEnvironment</code></td>
-        <td>Y</td>
+        <td></td>
     </tr>
     <tr>
         <td><code>ArtifactRegistryRepository</code></td>

scripts/generate-google3-docs/resource-reference/generated/resource-docs/iam/iampolicy.md

@@ -116,7 +116,7 @@ resources using `IAMPolicy`, `IAMPartialPolicy`, and `IAMPolicyMember` since
     </tr>
     <tr>
         <td><code>ApigeeEnvironment</code></td>
-        <td>Y</td>
+        <td></td>
         <td></td>
     </tr>
     <tr>

scripts/generate-google3-docs/resource-reference/main.go

@@ -372,6 +372,11 @@ func handleAnnotationsAndIAMSettingsForDCLBasedResource(r *resource, gvk schema.
 		SupportsAuditConfigs:     false, // No DCL-based resources support AuditConfigs.
 		ExternalReferenceFormats: []string{externalReferenceFormat},
 	}
+	// Apigee Environment does not support conditional IAM permissions
+	// Ref: https://b.corp.google.com/issues/378594862#comment6
+	if gvk.Group == "apigee.cnrm.cloud.google.com" && gvk.Kind == "ApigeeEnvironment" {
+		r.IAM.SupportsConditions = false
+	}
 	return nil
 }
 
@@ -669,7 +674,7 @@ func (d *DocGenerator) referencesSupportedByIAMPolicy() ([]iamPolicyReference, e
 		if externalReferenceFormat == "" { // Resource does not support IAM.
 			continue
 		}
-		refs = append(refs, iamPolicyReference{
+		r := iamPolicyReference{
 			Kind:       gvk.Kind,
 			IsDCLBased: true,
 			// DCL-based resources support conditions on IAMPolicy but do not support it
@@ -678,7 +683,13 @@ func (d *DocGenerator) referencesSupportedByIAMPolicy() ([]iamPolicyReference, e
 			SupportsConditions:       true,
 			SupportsAuditConfigs:     false, // No DCL-based resources support AuditConfigs.
 			ExternalReferenceFormats: []string{externalReferenceFormat},
-		})
+		}
+		// Apigee Environment does not support conditional IAM permissions
+		// Ref: https://b.corp.google.com/issues/378594862#comment6
+		if gvk.Group == "apigee.cnrm.cloud.google.com" && gvk.Kind == "ApigeeEnvironment" {
+			r.SupportsConditions = false
+		}
+		refs = append(refs, r)
 	}
 	for gvk, extOnlyType := range kcciamclient.ExternalOnlyTypes {
 		refs = append(refs, iamPolicyReference{

scripts/generate-google3-docs/resource-reference/templates/shared/iamsupport.tmpl

@@ -6,7 +6,7 @@
 {{ if.IAM.IsDCLBased}}
 <tr>
     <td>IAMPolicy/IAMPartialPolicy Supports Conditions</td>
-    <td>Yes</td>
+    {{ if.IAM.SupportsConditions}}<td>Yes</td>{{else}}<td>No</td>{{end}}
 </tr>
 <tr>
     <td>IAMPolicyMember Supports Conditions</td>