Skip to content

Commit

Permalink
Add google_project_service_identity (#2430)
Browse files Browse the repository at this point in the history
Co-authored-by: Riley Karson <[email protected]>
Co-authored-by: Dana Hoffman <[email protected]>
  • Loading branch information
3 people authored Aug 27, 2020
1 parent a6c7358 commit 5c732a7
Show file tree
Hide file tree
Showing 4 changed files with 197 additions and 0 deletions.
1 change: 1 addition & 0 deletions google-beta/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -1090,6 +1090,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
"google_kms_crypto_key_iam_member": ResourceIamMember(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc),
"google_kms_crypto_key_iam_policy": ResourceIamPolicy(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc),
"google_monitoring_dashboard": resourceMonitoringDashboard(),
"google_project_service_identity": resourceProjectServiceIdentity(),
"google_service_networking_connection": resourceServiceNetworkingConnection(),
"google_spanner_instance_iam_binding": ResourceIamBinding(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),
"google_spanner_instance_iam_member": ResourceIamMember(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),
Expand Down
90 changes: 90 additions & 0 deletions google-beta/resource_project_service_identity.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
package google

import (
"fmt"
"log"
"time"

"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
)

func resourceProjectServiceIdentity() *schema.Resource {
return &schema.Resource{
Create: resourceProjectServiceIdentityCreate,
Read: resourceProjectServiceIdentityRead,
Delete: resourceProjectServiceIdentityDelete,

Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(20 * time.Minute),
Read: schema.DefaultTimeout(10 * time.Minute),
Delete: schema.DefaultTimeout(20 * time.Minute),
},

Schema: map[string]*schema.Schema{
"service": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"project": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
},
},
}
}

func resourceProjectServiceIdentityCreate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)

url, err := replaceVars(d, config, "{{ServiceUsageBasePath}}projects/{{project}}/services/{{service}}:generateServiceIdentity")
if err != nil {
return err
}

project, err := getProject(d, config)
if err != nil {
return err
}

billingProject := project

// err == nil indicates that the billing_project value was found
if bp, err := getBillingProject(d, config); err == nil {
billingProject = bp
}

res, err := sendRequestWithTimeout(config, "POST", billingProject, url, nil, d.Timeout(schema.TimeoutCreate))
if err != nil {
return fmt.Errorf("Error creating Service Identity: %s", err)
}

err = serviceUsageOperationWaitTime(
config, res, project, "Creating Service Identity",
d.Timeout(schema.TimeoutCreate))

if err != nil {
return err
}

id, err := replaceVars(d, config, "projects/{{project}}/services/{{service}}")
if err != nil {
return fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)

log.Printf("[DEBUG] Finished creating Service Identity %q: %#v", d.Id(), res)
return nil
}

// There is no read endpoint for this API.
func resourceProjectServiceIdentityRead(d *schema.ResourceData, meta interface{}) error {
return nil
}

// There is no delete endpoint for this API.
func resourceProjectServiceIdentityDelete(d *schema.ResourceData, meta interface{}) error {
return nil
}
37 changes: 37 additions & 0 deletions google-beta/resource_project_service_identity_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package google

import (
"testing"

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
)

func TestAccProjectServiceIdentity_basic(t *testing.T) {
t.Parallel()

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testGoogleProjectServiceIdentity_basic(),
},
},
})
}

func testGoogleProjectServiceIdentity_basic() string {
return `
data "google_project" "project" {}
resource "google_project_service_identity" "hc_sa" {
project = data.google_project.project.project_id
service = "healthcare.googleapis.com"
}
resource "google_project_iam_member" "hc_sa_bq_jobuser" {
project = google_project_service_identity.hc_sa.project
role = "roles/bigquery.jobUser"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
}`
}
69 changes: 69 additions & 0 deletions website/docs/r/project_service_identity.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
---
subcategory: "Cloud Platform"
layout: "google"
page_title: "Google: google_project_service_identity"
sidebar_current: "docs-google-project-service-identity"
description: |-
Generate service identity for a service.
---

# google\_project\_service\_identity

~> **Warning:** These resources are in beta, and should be used with the terraform-provider-google-beta provider.
See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

Generate service identity for a service.

~> **Note**: Once created, this resource cannot be updated or destroyed. These
actions are a no-op.

To get more information about Service Identity, see:

* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services/generateServiceIdentity)

## Example Usage - Service Identity Basic


```hcl
data "google_project" "project" {}
resource "google_project_service_identity" "hc_sa" {
provider = google-beta
project = data.google_project.project.project_id
service = "healthcare.googleapis.com"
}
resource "google_project_iam_member" "hc_sa_bq_jobuser" {
project = google_project_service_identity.hc_sa.project
role = "roles/bigquery.jobUser"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
}
```

## Argument Reference

The following arguments are supported:


* `service` -
(Required)
The service to generate identity for.


- - -

* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.


## Timeouts

This resource provides the following
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:

- `create` - Default is 20 minutes.

## User Project Overrides

This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override).

0 comments on commit 5c732a7

Please sign in to comment.