From 08450c14617f6b516a2facdf52bfab83556fe966 Mon Sep 17 00:00:00 2001 From: Walter Fender Date: Fri, 15 Mar 2024 22:03:05 +0000 Subject: [PATCH] Backport Add provider attribute universe_domain Backporting https://github.com/GoogleCloudPlatform/magic-modules/pull/8657 Add provider attribute universe_domain provider: added `universe_domain` attribute as a provider attribute --- .../google-beta/envvar/envvar_utils.go | 10 ++ .../google-beta/fwmodels/provider_model.go | 1 + .../fwprovider/framework_provider.go | 4 +- .../fwtransport/framework_config.go | 3 + .../google-beta/provider/provider.go | 44 +++++++ .../universe/universe_domain_compute_test.go | 107 ++++++++++++++++++ .../universe/universe_domain_pubsub_test.go | 99 ++++++++++++++++ .../universe/universe_domain_storage_test.go | 71 ++++++++++++ .../provider/universe/universe_domain_util.go | 3 + .../google-beta/tpgresource/field_helpers.go | 14 +++ .../google-beta/tpgresource/utils.go | 7 ++ .../google-beta/transport/config.go | 35 ++++-- .../guides/provider_reference.html.markdown | 4 + 13 files changed, 394 insertions(+), 8 deletions(-) create mode 100644 third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_compute_test.go create mode 100644 third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_pubsub_test.go create mode 100644 third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_storage_test.go create mode 100644 third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_util.go diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/envvar/envvar_utils.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/envvar/envvar_utils.go index 6d3591363d..407a33d340 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/envvar/envvar_utils.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/envvar/envvar_utils.go @@ -76,6 +76,10 @@ var OrgTargetEnvVars = []string{ "GOOGLE_ORG_2", } +var UniverseDomainEnvVars = []string{ + "GOOGLE_UNIVERSE_DOMAIN", +} + // This is the billing account that will be charged for the infrastructure used during testing. For // that reason, it is also the billing account used for creating new projects. var BillingAccountEnvVars = []string{ @@ -113,6 +117,12 @@ func GetTestCredsFromEnv() string { return transport_tpg.MultiEnvSearch(CredsEnvVars) } +// Returns googleapis.com if there's no universe set. +func GetTestUniverseDomainFromEnv(t *testing.T) string { + SkipIfEnvNotSet(t, IdentityUserEnvVars...) + return transport_tpg.MultiEnvSearch(UniverseDomainEnvVars) +} + // AccTestPreCheck ensures at least one of the region env variables is set. func GetTestRegionFromEnv() string { return transport_tpg.MultiEnvSearch(RegionEnvVars) diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwmodels/provider_model.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwmodels/provider_model.go index 08043e0c0d..807596be01 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwmodels/provider_model.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwmodels/provider_model.go @@ -22,6 +22,7 @@ type ProviderModel struct { UserProjectOverride types.Bool `tfsdk:"user_project_override"` RequestTimeout types.String `tfsdk:"request_timeout"` RequestReason types.String `tfsdk:"request_reason"` + UniverseDomain types.String `tfsdk:"universe_domain"` // Generated Products AccessApprovalCustomEndpoint types.String `tfsdk:"access_approval_custom_endpoint"` diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwprovider/framework_provider.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwprovider/framework_provider.go index 99104b780c..4a297da453 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwprovider/framework_provider.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwprovider/framework_provider.go @@ -112,7 +112,9 @@ func (p *FrameworkProvider) Schema(_ context.Context, _ provider.SchemaRequest, "request_reason": schema.StringAttribute{ Optional: true, }, - + "universe_domain": schema.StringAttribute{ + Optional: true, + }, // Generated Products "access_approval_custom_endpoint": &schema.StringAttribute{ Optional: true, diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwtransport/framework_config.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwtransport/framework_config.go index 26e6aaf123..98abd90150 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwtransport/framework_config.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/fwtransport/framework_config.go @@ -45,6 +45,7 @@ type FrameworkProviderConfig struct { RequestBatcherServiceUsage *transport_tpg.RequestBatcher Scopes types.List TokenSource oauth2.TokenSource + UniverseDomain types.String UserAgent string UserProjectOverride types.Bool @@ -337,6 +338,8 @@ func (p *FrameworkProviderConfig) LoadAndValidateFramework(ctx context.Context, p.Zone = data.Zone p.UserProjectOverride = data.UserProjectOverride p.PollInterval = 10 * time.Second + p.Project = data.Project + p.UniverseDomain = data.UniverseDomain p.RequestBatcherServiceUsage = transport_tpg.NewRequestBatcher("Service Usage", ctx, batchingConfig) p.RequestBatcherIam = transport_tpg.NewRequestBatcher("IAM", ctx, batchingConfig) } diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/provider.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/provider.go index 2c1aa87ee9..0157240417 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/provider.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/provider.go @@ -4,8 +4,10 @@ package provider import ( "context" + "encoding/json" "fmt" "os" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -208,6 +210,11 @@ func Provider() *schema.Provider { Elem: &schema.Schema{Type: schema.TypeString}, }, + "universe_domain": { + Type: schema.TypeString, + Optional: true, + }, + "batching": { Type: schema.TypeList, Optional: true, @@ -1991,6 +1998,43 @@ func ProviderConfigure(ctx context.Context, d *schema.ResourceData, p *schema.Pr }) } + // set universe_domain based on the service account key file. + if config.Credentials != "" { + contents, _, err := verify.PathOrContents(config.Credentials) + if err != nil { + return nil, diag.FromErr(fmt.Errorf("error loading service account credentials: %s", err)) + } + var content map[string]any + + if err := json.Unmarshal([]byte(contents), &content); err != nil { + return nil, diag.FromErr(err) + } + + if content["universe_domain"] != nil { + config.UniverseDomain = content["universe_domain"].(string) + } + } + + // Check if the user provided a value from the universe_domain field + if v, ok := d.GetOk("universe_domain"); ok { + if config.UniverseDomain == "" { + config.UniverseDomain = v.(string) + } else if v.(string) != config.UniverseDomain { + if _, err := os.Stat(config.Credentials); err == nil { + return nil, diag.FromErr(fmt.Errorf("'%s' does not match the universe domain '%s' already set in the credential file '%s'. The 'universe_domain' provider configuration can not be used to override the universe domain that is defined in the active credential. Set the 'universe_domain' provider configuration when universe domain information is not already available in the credential, e.g. when authenticating with a JWT token.", v, config.UniverseDomain, config.Credentials)) + } else { + return nil, diag.FromErr(fmt.Errorf("'%s' does not match the universe domain '%s' supplied directly to Terraform. The 'universe_domain' provider configuration can not be used to override the universe domain that is defined in the active credential. Set the 'universe_domain' provider configuration when universe domain information is not already available in the credential, e.g. when authenticating with a JWT token.", v, config.UniverseDomain)) + } + } + } + + // Replace hostname by the universe_domain field. + if config.UniverseDomain != "" && config.UniverseDomain != "googleapis.com" { + for key, basePath := range transport_tpg.DefaultBasePaths { + transport_tpg.DefaultBasePaths[key] = strings.ReplaceAll(basePath, "googleapis.com", config.UniverseDomain) + } + } + // Given that impersonate_service_account is a secondary auth method, it has // no conflicts to worry about. We pull the env var in a DefaultFunc. if v, ok := d.GetOk("impersonate_service_account"); ok { diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_compute_test.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_compute_test.go new file mode 100644 index 0000000000..51a2f1048b --- /dev/null +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_compute_test.go @@ -0,0 +1,107 @@ +package universe_test + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func TestAccUniverseDomainDisk(t *testing.T) { + // Skip this test in all env since this can only run in specific test project. + t.Skip() + + universeDomain := envvar.GetTestUniverseDomainFromEnv(t) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckComputeDiskDestroyProducer(t), + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccUniverseDomain_basic_disk(universeDomain), + }, + }, + }) +} + +func TestAccDefaultUniverseDomainDisk(t *testing.T) { + universeDomain := "googleapis.com" + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckComputeDiskDestroyProducer(t), + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccUniverseDomain_basic_disk(universeDomain), + }, + }, + }) +} + +func testAccUniverseDomain_basic_disk(universeDomain string) string { + return fmt.Sprintf(` +provider "google" { + universe_domain = "%s" +} + +resource "google_compute_instance_template" "instance_template" { + name = "demo-this" + machine_type = "n1-standard-1" +// boot disk + disk { + disk_size_gb = 20 + } + network_interface { + network = "default" + } +} +`, universeDomain) +} + +func testAccCheckComputeDiskDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_compute_disk" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := acctest.GoogleProviderConfig(t) + + url, err := tpgresource.ReplaceVarsForTest(config, rs, "{{ComputeBasePath}}projects/{{project}}/zones/{{zone}}/disks/{{name}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: config.UserAgent, + }) + if err == nil { + return fmt.Errorf("ComputeDisk still exists at %s", url) + } + } + + return nil + } +} diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_pubsub_test.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_pubsub_test.go new file mode 100644 index 0000000000..ac1bbbffec --- /dev/null +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_pubsub_test.go @@ -0,0 +1,99 @@ +package universe_test + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func TestAccUniverseDomainPubSub(t *testing.T) { + // Skip this test in all env since this can only run in specific test project. + t.Skip() + + universeDomain := envvar.GetTestUniverseDomainFromEnv(t) + topic := fmt.Sprintf("tf-test-topic-%s", acctest.RandString(t, 10)) + subscription := fmt.Sprintf("tf-test-sub-%s", acctest.RandString(t, 10)) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckPubsubSubscriptionDestroyProducer(t), + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccUniverseDomain_basic_pubsub(universeDomain, topic, subscription), + }, + }, + }) +} + +func testAccUniverseDomain_basic_pubsub(universeDomain, topic, subscription string) string { + return fmt.Sprintf(` +provider "google" { + universe_domain = "%s" +} + +resource "google_pubsub_topic" "foo" { + name = "%s" +} + +resource "google_pubsub_subscription" "foo" { + name = "%s" + topic = google_pubsub_topic.foo.id + + message_retention_duration = "1200s" + retain_acked_messages = true + ack_deadline_seconds = 20 + expiration_policy { + ttl = "" + } + enable_message_ordering = false +} +`, universeDomain, topic, subscription) +} + +func testAccCheckPubsubSubscriptionDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_pubsub_subscription" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := acctest.GoogleProviderConfig(t) + + url, err := tpgresource.ReplaceVarsForTest(config, rs, "{{PubsubBasePath}}projects/{{project}}/subscriptions/{{name}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: config.UserAgent, + }) + if err == nil { + return fmt.Errorf("PubsubSubscription still exists at %s", url) + } + } + + return nil + } +} diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_storage_test.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_storage_test.go new file mode 100644 index 0000000000..934b3e83ef --- /dev/null +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_storage_test.go @@ -0,0 +1,71 @@ +package universe_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccUniverseDomainStorage(t *testing.T) { + // Skip this test in all env since this can only run in specific test project. + // Location field from `google_storage_bucket` needs to be changed depending on the universe. + t.Skip() + + universeDomain := envvar.GetTestUniverseDomainFromEnv(t) + bucketName := acctest.TestBucketName(t) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccStorageBucketDestroyProducer(t), + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccUniverseDomain_bucket(universeDomain, bucketName), + }, + }, + }) +} + +func testAccUniverseDomain_bucket(universeDomain string, bucketName string) string { + return fmt.Sprintf(` +provider "google" { + universe_domain = "%s" +} + +resource "google_storage_bucket" "foo" { + name = "%s" + location = "US" +} + +data "google_storage_bucket" "bar" { + name = google_storage_bucket.foo.name + depends_on = [ + google_storage_bucket.foo, + ] +} +`, universeDomain, bucketName) +} + +func testAccStorageBucketDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + config := acctest.GoogleProviderConfig(t) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "google_storage_bucket" { + continue + } + + _, err := config.NewStorageClient(config.UserAgent).Buckets.Get(rs.Primary.ID).Do() + if err == nil { + return fmt.Errorf("Bucket still exists") + } + } + + return nil + } +} diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_util.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_util.go new file mode 100644 index 0000000000..3a44bb0b1c --- /dev/null +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/provider/universe/universe_domain_util.go @@ -0,0 +1,3 @@ +// Temp file to resolve no non-test file in directory error. + +package universe diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/field_helpers.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/field_helpers.go index 8bbbfe1016..c7a9babb67 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/field_helpers.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/field_helpers.go @@ -247,6 +247,20 @@ func GetProjectFromSchema(projectSchemaField string, d TerraformResourceData, co return "", fmt.Errorf("%s: required field is not set", projectSchemaField) } +func GetUniverseDomainFromSchema(universeSchemaField string, d TerraformResourceData, config *transport_tpg.Config) (string, error) { + res, ok := d.GetOk(universeSchemaField) + if ok && universeSchemaField != "" { + return res.(string), nil + } + if config.UniverseDomain != "" { + return config.UniverseDomain, nil + } + if config.UniverseDomain == "" { + return "googleapis.com", nil + } + return "", fmt.Errorf("%s: Error getting the provider field ", universeSchemaField) +} + func GetBillingProjectFromSchema(billingProjectSchemaField string, d TerraformResourceData, config *transport_tpg.Config) (string, error) { res, ok := d.GetOk(billingProjectSchemaField) if ok && billingProjectSchemaField != "" { diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/utils.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/utils.go index b91257ceea..08ddfabe49 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/utils.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource/utils.go @@ -84,6 +84,13 @@ func GetProject(d TerraformResourceData, config *transport_tpg.Config) (string, return GetProjectFromSchema("project", d, config) } +// GetUniverse reads the "universe_domain" field from the given resource data and falls +// back to the provider's value if not given. If the provider's value is not +// given, an error is returned. +func GetUniverseDomain(d TerraformResourceData, config *transport_tpg.Config) (string, error) { + return GetUniverseDomainFromSchema("universe_domain", d, config) +} + // GetBillingProject reads the "billing_project" field from the given resource data and falls // back to the provider's value if not given. If no value is found, an error is returned. func GetBillingProject(d TerraformResourceData, config *transport_tpg.Config) (string, error) { diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/transport/config.go b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/transport/config.go index 99d877b0dc..83aad38cb1 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/transport/config.go +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/google-beta/transport/config.go @@ -25,6 +25,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/sirupsen/logrus" "google.golang.org/api/option" + "google.golang.org/api/option/internaloption" "github.com/hashicorp/terraform-provider-google-beta/google-beta/verify" @@ -167,6 +168,7 @@ type Config struct { Region string BillingProject string Zone string + UniverseDomain string Scopes []string BatchingConfig *BatchingConfig UserProjectOverride bool @@ -2059,14 +2061,24 @@ func (c *Config) GetCredentials(clientScopes []string, initialCredentialsOnly bo return *creds, nil } - creds, err := transport.Creds(c.Context, option.WithCredentialsJSON([]byte(contents)), option.WithScopes(clientScopes...)) - if err != nil { - return googleoauth.Credentials{}, fmt.Errorf("unable to parse credentials from '%s': %s", contents, err) + if c.UniverseDomain != "" && c.UniverseDomain != "googleapis.com" { + creds, err := transport.Creds(c.Context, option.WithCredentialsJSON([]byte(contents)), option.WithScopes(clientScopes...), internaloption.EnableJwtWithScope()) + if err != nil { + return googleoauth.Credentials{}, fmt.Errorf("unable to parse credentials from '%s': %s", contents, err) + } + log.Printf("[INFO] Authenticating with %s using configured Google JSON 'credentials'...", c.UniverseDomain) + log.Printf("[INFO] -- Scopes: %s", clientScopes) + log.Printf("[INFO] -- Sending EnableJwtWithScope option") + return *creds, nil + } else { + creds, err := transport.Creds(c.Context, option.WithCredentialsJSON([]byte(contents)), option.WithScopes(clientScopes...)) + if err != nil { + return googleoauth.Credentials{}, fmt.Errorf("unable to parse credentials from '%s': %s", contents, err) + } + log.Printf("[INFO] Authenticating using configured Google JSON 'credentials'...") + log.Printf("[INFO] -- Scopes: %s", clientScopes) + return *creds, nil } - - log.Printf("[INFO] Authenticating using configured Google JSON 'credentials'...") - log.Printf("[INFO] -- Scopes: %s", clientScopes) - return *creds, nil } if c.ImpersonateServiceAccount != "" && !initialCredentialsOnly { @@ -2081,6 +2093,15 @@ func (c *Config) GetCredentials(clientScopes []string, initialCredentialsOnly bo log.Printf("[INFO] Authenticating using DefaultClient...") log.Printf("[INFO] -- Scopes: %s", clientScopes) + + if c.UniverseDomain != "" && c.UniverseDomain != "googleapis.com" { + log.Printf("[INFO] -- Sending JwtWithScope option") + creds, err := transport.Creds(context.Background(), option.WithScopes(clientScopes...), internaloption.EnableJwtWithScope()) + if err != nil { + return googleoauth.Credentials{}, fmt.Errorf("Attempted to load application default credentials since neither `credentials` nor `access_token` was set in the provider block. No credentials loaded. To use your gcloud credentials, run 'gcloud auth application-default login'. Original error: %w", err) + } + return *creds, nil + } creds, err := transport.Creds(context.Background(), option.WithScopes(clientScopes...)) if err != nil { return googleoauth.Credentials{}, fmt.Errorf("Attempted to load application default credentials since neither `credentials` nor `access_token` was set in the provider block. No credentials loaded. To use your gcloud credentials, run 'gcloud auth application-default login'. Original error: %w", err) diff --git a/third_party/github.com/hashicorp/terraform-provider-google-beta/website/docs/guides/provider_reference.html.markdown b/third_party/github.com/hashicorp/terraform-provider-google-beta/website/docs/guides/provider_reference.html.markdown index ae8f9a5ec2..0c3c20048e 100644 --- a/third_party/github.com/hashicorp/terraform-provider-google-beta/website/docs/guides/provider_reference.html.markdown +++ b/third_party/github.com/hashicorp/terraform-provider-google-beta/website/docs/guides/provider_reference.html.markdown @@ -287,6 +287,10 @@ being considered a breaking change. --- +* `universe_domain` - (Optional) Specify the GCP universe to deploy in. + +--- + * `batching` - (Optional) Controls batching for specific GCP request types where users have encountered quota or speed issues using many resources of the same type, typically `google_project_service`.