From ee9dcab0403b44a173f74ef87980125d5905f7a6 Mon Sep 17 00:00:00 2001 From: umairidris Date: Thu, 27 Aug 2020 09:33:34 -0700 Subject: [PATCH 1/3] Add google_project_service_identity --- .../resource_project_service_identity.go | 90 +++++++++++++++++++ .../resource_project_service_identity_test.go | 38 ++++++++ third_party/terraform/utils/provider.go.erb | 1 + .../r/project_service_identity.html.markdown | 69 ++++++++++++++ 4 files changed, 198 insertions(+) create mode 100644 third_party/terraform/resources/resource_project_service_identity.go create mode 100644 third_party/terraform/tests/resource_project_service_identity_test.go create mode 100644 third_party/terraform/website/docs/r/project_service_identity.html.markdown diff --git a/third_party/terraform/resources/resource_project_service_identity.go b/third_party/terraform/resources/resource_project_service_identity.go new file mode 100644 index 000000000000..2aace6f3fa4d --- /dev/null +++ b/third_party/terraform/resources/resource_project_service_identity.go @@ -0,0 +1,90 @@ +package google + +import ( + "fmt" + "log" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" +) + +func resourceProjectServiceIdentity() *schema.Resource { + return &schema.Resource{ + Create: resourceProjectServiceIdentityCreate, + Read: resourceProjectServiceIdentityRead, + Delete: resourceProjectServiceIdentityDelete, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(20 * time.Minute), + Read: schema.DefaultTimeout(10 * time.Minute), + Delete: schema.DefaultTimeout(20 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "service": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "project": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + }, + }, + } +} + +func resourceProjectServiceIdentityCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + url, err := replaceVars(d, config, "{{ServiceUsageBasePath}}projects/{{project}}/services/{{service}}:generateServiceIdentity") + if err != nil { + return err + } + + project, err := getProject(d, config) + if err != nil { + return err + } + + billingProject := project + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := sendRequestWithTimeout(config, "POST", billingProject, url, nil, d.Timeout(schema.TimeoutCreate)) + if err != nil { + return fmt.Errorf("Error creating Service Identity: %s", err) + } + + err = serviceUsageOperationWaitTime( + config, res, project, "Creating Service Identity", + d.Timeout(schema.TimeoutCreate)) + + if err != nil { + return err + } + + id, err := replaceVars(d, config, "projects/{{project}}/services/{{service}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + log.Printf("[DEBUG] Finished creating Service Identity %q: %#v", d.Id(), res) + return nil +} + +// There is no read endpoint for this API. +func resourceProjectServiceIdentityRead(d *schema.ResourceData, meta interface{}) error { + return nil +} + +// There is no delete endpoint for this API. +func resourceProjectServiceIdentityDelete(d *schema.ResourceData, meta interface{}) error { + return nil +} diff --git a/third_party/terraform/tests/resource_project_service_identity_test.go b/third_party/terraform/tests/resource_project_service_identity_test.go new file mode 100644 index 000000000000..dfdc9cdd29e3 --- /dev/null +++ b/third_party/terraform/tests/resource_project_service_identity_test.go @@ -0,0 +1,38 @@ +package google + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" +) + +func TestAccProjectServiceIdentity_basic(t *testing.T) { + t.Parallel() + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckHealthcareDatasetDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testGoogleProjectServiceIdentity_basic(), + }, + }, + }) +} + +func testGoogleProjectServiceIdentity_basic() string { + return ` +data "google_project" "project" {} + +resource "google_project_service_identity" "hc_sa" { + project = data.google_project.project.project_id + service = "healthcare.googleapis.com" +} + +resource "google_project_iam_member" "hc_sa_bq_jobuser" { + project = google_project_service_identity.hc_sa.project + role = "roles/bigquery.jobUser" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com" +}` +} diff --git a/third_party/terraform/utils/provider.go.erb b/third_party/terraform/utils/provider.go.erb index 92b212785747..794caf547535 100644 --- a/third_party/terraform/utils/provider.go.erb +++ b/third_party/terraform/utils/provider.go.erb @@ -385,6 +385,7 @@ end # products.each do "google_kms_crypto_key_iam_member": ResourceIamMember(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc), "google_kms_crypto_key_iam_policy": ResourceIamPolicy(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc), "google_monitoring_dashboard": resourceMonitoringDashboard(), + "google_project_service_identity": resourceProjectServiceIdentity(), "google_service_networking_connection": resourceServiceNetworkingConnection(), "google_spanner_instance_iam_binding": ResourceIamBinding(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc), "google_spanner_instance_iam_member": ResourceIamMember(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc), diff --git a/third_party/terraform/website/docs/r/project_service_identity.html.markdown b/third_party/terraform/website/docs/r/project_service_identity.html.markdown new file mode 100644 index 000000000000..ac276cb503c7 --- /dev/null +++ b/third_party/terraform/website/docs/r/project_service_identity.html.markdown @@ -0,0 +1,69 @@ +--- +subcategory: "Cloud Platform" +layout: "google" +page_title: "Google: google_project_service_identity" +sidebar_current: "docs-google-project-service-identity" +description: |- + Generate service identity for a service. +--- + +# google\_project\_service\_identity + +~> **Warning:** These resources are in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +Generate service identity for a service. + +~> **Note**: Once created, this resource cannot be updated or destroyed. These +actions are a no-op. + +To get more information about Service Identity, see: + +* [API documentation](https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services/generateServiceIdentity) + +## Example Usage - Service Identity Basic + + +```hcl +data "google_project" "project" {} + +resource "google_project_service_identity" "hc_sa" { + provider = google-beta + + project = data.google_project.project.project_id + service = "healthcare.googleapis.com" +} + +resource "google_project_iam_member" "hc_sa_bq_jobuser" { + project = google_project_service_identity.hc_sa.project + role = "roles/bigquery.jobUser" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com" +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `service` - + (Required) + The service to generate identity for. + + +- - - + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 20 minutes. + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). From ccecda28dfca5e8cfa5b140517551cb793f93e57 Mon Sep 17 00:00:00 2001 From: Riley Karson Date: Thu, 27 Aug 2020 09:37:32 -0700 Subject: [PATCH 2/3] Remove CheckDestroy --- .../terraform/tests/resource_project_service_identity_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/third_party/terraform/tests/resource_project_service_identity_test.go b/third_party/terraform/tests/resource_project_service_identity_test.go index dfdc9cdd29e3..0c8473e566ba 100644 --- a/third_party/terraform/tests/resource_project_service_identity_test.go +++ b/third_party/terraform/tests/resource_project_service_identity_test.go @@ -12,7 +12,6 @@ func TestAccProjectServiceIdentity_basic(t *testing.T) { vcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckHealthcareDatasetDestroyProducer(t), Steps: []resource.TestStep{ { Config: testGoogleProjectServiceIdentity_basic(), From 98e6d7df5027b95d8392b977e6d093ada8a3c091 Mon Sep 17 00:00:00 2001 From: Riley Karson Date: Thu, 27 Aug 2020 10:02:13 -0700 Subject: [PATCH 3/3] Wrap files in beta guards --- ...ce_identity.go => resource_project_service_identity.go.erb} | 3 +++ ...y_test.go => resource_project_service_identity_test.go.erb} | 3 +++ third_party/terraform/utils/provider.go.erb | 2 ++ 3 files changed, 8 insertions(+) rename third_party/terraform/resources/{resource_project_service_identity.go => resource_project_service_identity.go.erb} (97%) rename third_party/terraform/tests/{resource_project_service_identity_test.go => resource_project_service_identity_test.go.erb} (93%) diff --git a/third_party/terraform/resources/resource_project_service_identity.go b/third_party/terraform/resources/resource_project_service_identity.go.erb similarity index 97% rename from third_party/terraform/resources/resource_project_service_identity.go rename to third_party/terraform/resources/resource_project_service_identity.go.erb index 2aace6f3fa4d..1a9f08967013 100644 --- a/third_party/terraform/resources/resource_project_service_identity.go +++ b/third_party/terraform/resources/resource_project_service_identity.go.erb @@ -1,5 +1,7 @@ +<% autogen_exception -%> package google +<% unless version == 'ga' -%> import ( "fmt" "log" @@ -88,3 +90,4 @@ func resourceProjectServiceIdentityRead(d *schema.ResourceData, meta interface{} func resourceProjectServiceIdentityDelete(d *schema.ResourceData, meta interface{}) error { return nil } +<% end -%> diff --git a/third_party/terraform/tests/resource_project_service_identity_test.go b/third_party/terraform/tests/resource_project_service_identity_test.go.erb similarity index 93% rename from third_party/terraform/tests/resource_project_service_identity_test.go rename to third_party/terraform/tests/resource_project_service_identity_test.go.erb index 0c8473e566ba..16afe1d76afa 100644 --- a/third_party/terraform/tests/resource_project_service_identity_test.go +++ b/third_party/terraform/tests/resource_project_service_identity_test.go.erb @@ -1,5 +1,7 @@ +<% autogen_exception -%> package google +<% unless version == 'ga' -%> import ( "testing" @@ -35,3 +37,4 @@ resource "google_project_iam_member" "hc_sa_bq_jobuser" { member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com" }` } +<% end -%> diff --git a/third_party/terraform/utils/provider.go.erb b/third_party/terraform/utils/provider.go.erb index 794caf547535..f468596c57a6 100644 --- a/third_party/terraform/utils/provider.go.erb +++ b/third_party/terraform/utils/provider.go.erb @@ -385,7 +385,9 @@ end # products.each do "google_kms_crypto_key_iam_member": ResourceIamMember(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc), "google_kms_crypto_key_iam_policy": ResourceIamPolicy(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc), "google_monitoring_dashboard": resourceMonitoringDashboard(), + <% unless version == 'ga' -%> "google_project_service_identity": resourceProjectServiceIdentity(), + <% end -%> "google_service_networking_connection": resourceServiceNetworkingConnection(), "google_spanner_instance_iam_binding": ResourceIamBinding(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc), "google_spanner_instance_iam_member": ResourceIamMember(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),