Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support non default service accounts for AppEngine Flex #11813

Closed
ranjithkumar-glean opened this issue Jun 3, 2022 · 7 comments · Fixed by GoogleCloudPlatform/magic-modules#6391, hashicorp/terraform-provider-google-beta#4653, #12463 or GoogleCloudPlatform/terraform-validator#949
Closed

Support non default service accounts for AppEngine Flex #11813

ranjithkumar-glean opened this issue Jun 3, 2022 · 7 comments · Fixed by GoogleCloudPlatform/magic-modules#6391, hashicorp/terraform-provider-google-beta#4653, #12463 or GoogleCloudPlatform/terraform-validator#949
Labels
enhancement size/s
Milestone
Goals

Comments

@ranjithkumar-glean
Copy link

ranjithkumar-glean commented Jun 3, 2022
edited by SarahFrench
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Currently there is no field for providing user managed/non default service account in https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_flexible_app_version.
Would be great if we can add support for non default service account like https://cloud.google.com/sdk/gcloud/reference/app/deploy#--service-account. This is blocking our development.

New or Affected Resource(s)

  • app_engine_flexible_app_version

Potential Terraform Configuration

# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.

want terraform configuration to contain an optional service_account attribute, with default as default appengine service account.

References
@rileykarson rileykarson added this to the Goals milestone Jun 6, 2022
@edwardsPaul421
Copy link

I opened the same issue: #11596
Would be really happy if you add this feature, also blocking our development...

In addition, as you can see: https://cloud.google.com/appengine/docs/flexible/nodejs/user-managed-service-accounts user managed service has moved from preview to stable version in 2022-06-06

@SarahFrench
Copy link
Member

Hi all! I had a look into this and it looks like you can only set a non-default service account via the gcloud CLI (as linked above in this PR), and the API doesn't have the ability to set non-default service accounts yet - REST API reference here. What we can manage in the provider is limited by what is exposed by the API.

Do either of you have a workaround for this issue? I saw that the service account can be specified in app.yaml - does this help?

@edwardsPaul421
Copy link

Hi all! I had a look into this and it looks like you can only set a non-default service account via the gcloud CLI (as linked above in this PR), and the API doesn't have the ability to set non-default service accounts yet - REST API reference here. What we can manage in the provider is limited by what is exposed by the API.

Do either of you have a workaround for this issue? I saw that the service account can be specified in app.yaml - does this help?

Hey Sarah,
I have been trying to use the app_yaml_path flag and to specify the service account in it.
But unfortunately, It didn't work for me (Maybe I used it wrong), but non of the configuration that I wrote in the .yaml file was applied.

@SarahFrench
Copy link
Member

Just to follow this up - I went back to look at the API documentation and it appears that the page was updated on 2022-07-27 and now lists serviceAccount as something that can be set via the API 🎉

@edwardsPaul421
Copy link

Just to follow this up - I went back to look at the API documentation and it appears that the page was updated on 2022-07-27 and now lists serviceAccount as something that can be set via the API tada

@rileykarson Could you please add it to the backlog? I'm sure it will help a lot of people.

@SarahFrench SarahFrench mentioned this issue Aug 3, 2022
Closed
@ranjithkumar-glean ranjithkumar-glean mentioned this issue Aug 8, 2022
Merged
5 tasks
@ranjithkumar-glean
Copy link
Author

@SarahFrench i opened a PR to fix this GoogleCloudPlatform/magic-modules#6391.
first PR, so not really sure on the workflow. Can you take a look?

This was referenced Sep 2, 2022
Merged
Merged
Merged
@csimard01 csimard01 mentioned this issue Sep 20, 2022
Closed
@roaks3 roaks3 mentioned this issue Sep 20, 2022
Closed
@github-actions
Copy link

github-actions bot commented Oct 4, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 4, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement size/s
Projects
None yet
Milestone
Goals
4 participants
@rileykarson @SarahFrench @edwardsPaul421 @ranjithkumar-glean