Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add google_project_service_identity #2430

Merged
merged 16 commits into from
Aug 27, 2020
1 change: 1 addition & 0 deletions google-beta/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -1080,6 +1080,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
"google_kms_crypto_key_iam_member": ResourceIamMember(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc),
"google_kms_crypto_key_iam_policy": ResourceIamPolicy(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc),
"google_monitoring_dashboard": resourceMonitoringDashboard(),
"google_project_service_identity": resourceProjectServiceIdentity(),
"google_service_networking_connection": resourceServiceNetworkingConnection(),
"google_spanner_instance_iam_binding": ResourceIamBinding(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),
"google_spanner_instance_iam_member": ResourceIamMember(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),
Expand Down
90 changes: 90 additions & 0 deletions google-beta/resource_project_service_identity.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
package google

import (
"fmt"
"log"
"time"

"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
)

func resourceProjectServiceIdentity() *schema.Resource {
return &schema.Resource{
Create: resourceProjectServiceIdentityCreate,
Read: resourceProjectServiceIdentityRead,
Delete: resourceProjectServiceIdentityDelete,

Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(20 * time.Minute),
Read: schema.DefaultTimeout(10 * time.Minute),
Delete: schema.DefaultTimeout(20 * time.Minute),
},

Schema: map[string]*schema.Schema{
"service": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"project": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
},
},
}
}

func resourceProjectServiceIdentityCreate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)

url, err := replaceVars(d, config, "{{ServiceUsageBasePath}}projects/{{project}}/services/{{service}}:generateServiceIdentity")
rileykarson marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
return err
}

project, err := getProject(d, config)
if err != nil {
return err
}

billingProject := project

// err == nil indicates that the billing_project value was found
if bp, err := getBillingProject(d, config); err == nil {
billingProject = bp
}

res, err := sendRequestWithTimeout(config, "POST", billingProject, url, nil, d.Timeout(schema.TimeoutCreate))
umairidris marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
return fmt.Errorf("Error creating Service Identity: %s", err)
}

err = serviceUsageOperationWaitTime(
config, res, project, "Creating Service Identity",
d.Timeout(schema.TimeoutCreate))

if err != nil {
return err
}

id, err := replaceVars(d, config, "projects/{{project}}/services/{{service}}")
if err != nil {
return fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)

log.Printf("[DEBUG] Finished creating Service Identity %q: %#v", d.Id(), res)
return nil
}

// There is no read endpoint for this API.
func resourceProjectServiceIdentityRead(d *schema.ResourceData, meta interface{}) error {
return nil
}

// There is no delete endpoint for this API.
func resourceProjectServiceIdentityDelete(d *schema.ResourceData, meta interface{}) error {
return nil
}
37 changes: 37 additions & 0 deletions google-beta/resource_project_service_identity_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package google

import (
"testing"

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
)

func TestAccProjectServiceIdentity_basic(t *testing.T) {
t.Parallel()

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testGoogleProjectServiceIdentity_basic(),
},
},
})
}

func testGoogleProjectServiceIdentity_basic() string {
return `
data "google_project" "project" {}
resource "google_project_service_identity" "hc_sa" {
project = data.google_project.project.project_id
service = "healthcare.googleapis.com"
}
resource "google_project_iam_member" "hc_sa_bq_jobuser" {
project = google_project_service_identity.hc_sa.project
role = "roles/bigquery.jobUser"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
umairidris marked this conversation as resolved.
Show resolved Hide resolved
}`
}
69 changes: 69 additions & 0 deletions website/docs/r/project_service_identity.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
---
subcategory: "Cloud Platform"
layout: "google"
page_title: "Google: google_project_service_identity"
sidebar_current: "docs-google-project-service-identity"
description: |-
Generate service identity for a service.
---

# google\_project\_service\_identity

~> **Warning:** These resources are in beta, and should be used with the terraform-provider-google-beta provider.
See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

Generate service identity for a service.

~> **Note**: Once created, this resource cannot be updated or destroyed. These
actions are a no-op.

To get more information about Service Identity, see:

* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services/generateServiceIdentity)

## Example Usage - Service Identity Basic


```hcl
data "google_project" "project" {}
resource "google_project_service_identity" "hc_sa" {
provider = google-beta
project = data.google_project.project.project_id
service = "healthcare.googleapis.com"
}
resource "google_project_iam_member" "hc_sa_bq_jobuser" {
project = google_project_service_identity.hc_sa.project
role = "roles/bigquery.jobUser"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
}
```

## Argument Reference

The following arguments are supported:


* `service` -
(Required)
The service to generate identity for.


- - -

* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.


## Timeouts

This resource provides the following
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:

- `create` - Default is 20 minutes.

## User Project Overrides

This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override).