diff --git a/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool.go.erb b/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool.go.erb index 21b8289e000d..498f9d27fd79 100644 --- a/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool.go.erb +++ b/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool.go.erb @@ -8,7 +8,7 @@ import ( func dataSourceIAMBetaWorkloadIdentityPool() *schema.Resource { - dsSchema := (resourceIAMBetaWorkloadIdentityPool().Schema) + dsSchema := datasourceSchemaFromResourceSchema(resourceIAMBetaWorkloadIdentityPool().Schema) addRequiredFieldsToSchema(dsSchema, "workload_identity_pool_id") addOptionalFieldsToSchema(dsSchema, "project") diff --git a/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool_provider.go.erb b/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool_provider.go.erb new file mode 100644 index 000000000000..698bd8f0615b --- /dev/null +++ b/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool_provider.go.erb @@ -0,0 +1,33 @@ +<% autogen_exception -%> +package google + +<% unless version == 'ga' -%> +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceIAMBetaWorkloadIdentityPoolProvider() *schema.Resource { + + dsSchema := datasourceSchemaFromResourceSchema(resourceIAMBetaWorkloadIdentityPoolProvider().Schema) + addRequiredFieldsToSchema(dsSchema, "workload_identity_pool_id") + addRequiredFieldsToSchema(dsSchema, "workload_identity_pool_provider_id") + addOptionalFieldsToSchema(dsSchema, "project") + + return &schema.Resource{ + Read: dataSourceIAMBetaWorkloadIdentityPoolProviderRead, + Schema: dsSchema, + } +} + +func dataSourceIAMBetaWorkloadIdentityPoolProviderRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + id, err := replaceVars(d, config, "projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + return resourceIAMBetaWorkloadIdentityPoolProviderRead(d, meta) + +} +<% end -%> diff --git a/third_party/terraform/tests/data_source_iam_beta_workload_identity_pool_provider_test.go.erb b/third_party/terraform/tests/data_source_iam_beta_workload_identity_pool_provider_test.go.erb new file mode 100644 index 000000000000..b556c3c8db73 --- /dev/null +++ b/third_party/terraform/tests/data_source_iam_beta_workload_identity_pool_provider_test.go.erb @@ -0,0 +1,61 @@ +<% autogen_exception -%> +package google + +<% unless version == 'ga' -%> +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceIAMBetaWorkloadIdentityPoolProvider_basic(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckIAMBetaWorkloadIdentityPoolProviderDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataSourceIAMBetaWorkloadIdentityPoolProviderBasic(context), + Check: resource.ComposeTestCheckFunc( + checkDataSourceStateMatchesResourceState("data.google_iam_workload_identity_pool_provider.foo", "google_iam_workload_identity_pool_provider.bar"), + ), + }, + }, + }) +} + +func testAccDataSourceIAMBetaWorkloadIdentityPoolProviderBasic(context map[string]interface{}) string { + return Nprintf(` +resource "google_iam_workload_identity_pool" "pool" { + workload_identity_pool_id = "pool-%{random_suffix}" +} + +resource "google_iam_workload_identity_pool_provider" "bar" { + workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id + workload_identity_pool_provider_id = "bar-provider-%{random_suffix}" + display_name = "Name of provider" + description = "OIDC identity pool provider for automated test" + disabled = true + attribute_condition = "\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups" + attribute_mapping = { + "google.subject" = "assertion.sub" + } + oidc { + allowed_audiences = ["https://example.com/gcp-oidc-federation"] + issuer_uri = "https://sts.windows.net/azure-tenant-id" + } + } + +data "google_iam_workload_identity_pool_provider" "foo" { + workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id + workload_identity_pool_provider_id = google_iam_workload_identity_pool_provider.bar.workload_identity_pool_provider_id +} +`, context) +} +<% end -%> diff --git a/third_party/terraform/utils/provider.go.erb b/third_party/terraform/utils/provider.go.erb index 34b351501658..a453db36566b 100644 --- a/third_party/terraform/utils/provider.go.erb +++ b/third_party/terraform/utils/provider.go.erb @@ -225,6 +225,7 @@ func Provider() *schema.Provider { "google_iam_testable_permissions": dataSourceGoogleIamTestablePermissions(), <% unless version == 'ga' -%> "google_iam_workload_identity_pool": dataSourceIAMBetaWorkloadIdentityPool(), + "google_iam_workload_identity_pool_provider": dataSourceIAMBetaWorkloadIdentityPoolProvider(), <% end -%> "google_kms_crypto_key": dataSourceGoogleKmsCryptoKey(), "google_kms_crypto_key_version": dataSourceGoogleKmsCryptoKeyVersion(), diff --git a/third_party/terraform/website/docs/d/iam_workload_identity_pool_provider.markdown b/third_party/terraform/website/docs/d/iam_workload_identity_pool_provider.markdown new file mode 100644 index 000000000000..14bc63f7c955 --- /dev/null +++ b/third_party/terraform/website/docs/d/iam_workload_identity_pool_provider.markdown @@ -0,0 +1,41 @@ +--- +subcategory: "Cloud IAM" +layout: "google" +page_title: "Google: google_iam_workload_identity_pool_provider" +sidebar_current: "docs-google-datasource-iam-workload-identity-pool-provider" +description: |- + Get a IAM workload identity pool provider from Google Cloud +--- + +# google\_iam\_workload_\identity\_pool\_provider + +Get a IAM workload identity provider from Google Cloud by its id. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +## Example Usage + +```tf +data "google_iam_workload_identity_pool_provider" "foo" { + workload_identity_pool_id = "foo-pool" + workload_identity_pool_provider_id = "bar-provider" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `workload_identity_pool_id` - (Required) The id of the pool which is the + final component of the pool resource name. +* `workload_identity_pool_provider_id` - (Required) The id of the provider which is the + final component of the resource name. + +- - - + +* `project` - (Optional) The project in which the resource belongs. If it + is not provided, the provider project is used. + +## Attributes Reference +See [google_iam_workload_identity_pool_provider](https://www.terraform.io/docs/providers/google/r/iam_workload_identity_pool_provider.html) resource for details of all the available attributes.