-
Notifications
You must be signed in to change notification settings - Fork 261
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add google_project_service_identity (#2430)
Co-authored-by: Riley Karson <[email protected]> Co-authored-by: Dana Hoffman <[email protected]>
- Loading branch information
1 parent
a6c7358
commit 5c732a7
Showing
4 changed files
with
197 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
package google | ||
|
||
import ( | ||
"fmt" | ||
"log" | ||
"time" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
) | ||
|
||
func resourceProjectServiceIdentity() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: resourceProjectServiceIdentityCreate, | ||
Read: resourceProjectServiceIdentityRead, | ||
Delete: resourceProjectServiceIdentityDelete, | ||
|
||
Timeouts: &schema.ResourceTimeout{ | ||
Create: schema.DefaultTimeout(20 * time.Minute), | ||
Read: schema.DefaultTimeout(10 * time.Minute), | ||
Delete: schema.DefaultTimeout(20 * time.Minute), | ||
}, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"service": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
}, | ||
"project": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Computed: true, | ||
ForceNew: true, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceProjectServiceIdentityCreate(d *schema.ResourceData, meta interface{}) error { | ||
config := meta.(*Config) | ||
|
||
url, err := replaceVars(d, config, "{{ServiceUsageBasePath}}projects/{{project}}/services/{{service}}:generateServiceIdentity") | ||
if err != nil { | ||
return err | ||
} | ||
|
||
project, err := getProject(d, config) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
billingProject := project | ||
|
||
// err == nil indicates that the billing_project value was found | ||
if bp, err := getBillingProject(d, config); err == nil { | ||
billingProject = bp | ||
} | ||
|
||
res, err := sendRequestWithTimeout(config, "POST", billingProject, url, nil, d.Timeout(schema.TimeoutCreate)) | ||
if err != nil { | ||
return fmt.Errorf("Error creating Service Identity: %s", err) | ||
} | ||
|
||
err = serviceUsageOperationWaitTime( | ||
config, res, project, "Creating Service Identity", | ||
d.Timeout(schema.TimeoutCreate)) | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
id, err := replaceVars(d, config, "projects/{{project}}/services/{{service}}") | ||
if err != nil { | ||
return fmt.Errorf("Error constructing id: %s", err) | ||
} | ||
d.SetId(id) | ||
|
||
log.Printf("[DEBUG] Finished creating Service Identity %q: %#v", d.Id(), res) | ||
return nil | ||
} | ||
|
||
// There is no read endpoint for this API. | ||
func resourceProjectServiceIdentityRead(d *schema.ResourceData, meta interface{}) error { | ||
return nil | ||
} | ||
|
||
// There is no delete endpoint for this API. | ||
func resourceProjectServiceIdentityDelete(d *schema.ResourceData, meta interface{}) error { | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package google | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/helper/resource" | ||
) | ||
|
||
func TestAccProjectServiceIdentity_basic(t *testing.T) { | ||
t.Parallel() | ||
|
||
vcrTest(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testGoogleProjectServiceIdentity_basic(), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testGoogleProjectServiceIdentity_basic() string { | ||
return ` | ||
data "google_project" "project" {} | ||
resource "google_project_service_identity" "hc_sa" { | ||
project = data.google_project.project.project_id | ||
service = "healthcare.googleapis.com" | ||
} | ||
resource "google_project_iam_member" "hc_sa_bq_jobuser" { | ||
project = google_project_service_identity.hc_sa.project | ||
role = "roles/bigquery.jobUser" | ||
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com" | ||
}` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
--- | ||
subcategory: "Cloud Platform" | ||
layout: "google" | ||
page_title: "Google: google_project_service_identity" | ||
sidebar_current: "docs-google-project-service-identity" | ||
description: |- | ||
Generate service identity for a service. | ||
--- | ||
|
||
# google\_project\_service\_identity | ||
|
||
~> **Warning:** These resources are in beta, and should be used with the terraform-provider-google-beta provider. | ||
See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. | ||
|
||
Generate service identity for a service. | ||
|
||
~> **Note**: Once created, this resource cannot be updated or destroyed. These | ||
actions are a no-op. | ||
|
||
To get more information about Service Identity, see: | ||
|
||
* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services/generateServiceIdentity) | ||
|
||
## Example Usage - Service Identity Basic | ||
|
||
|
||
```hcl | ||
data "google_project" "project" {} | ||
resource "google_project_service_identity" "hc_sa" { | ||
provider = google-beta | ||
project = data.google_project.project.project_id | ||
service = "healthcare.googleapis.com" | ||
} | ||
resource "google_project_iam_member" "hc_sa_bq_jobuser" { | ||
project = google_project_service_identity.hc_sa.project | ||
role = "roles/bigquery.jobUser" | ||
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
|
||
* `service` - | ||
(Required) | ||
The service to generate identity for. | ||
|
||
|
||
- - - | ||
|
||
* `project` - (Optional) The ID of the project in which the resource belongs. | ||
If it is not provided, the provider project is used. | ||
|
||
|
||
## Timeouts | ||
|
||
This resource provides the following | ||
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: | ||
|
||
- `create` - Default is 20 minutes. | ||
|
||
## User Project Overrides | ||
|
||
This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). |