GoogleCloudPlatform · rileykarson · Nov 6, 2020 · Oct 20, 2020 · Oct 22, 2020 · Oct 22, 2020
diff --git a/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool.go.erb b/third_party/terraform/data_sources/data_source_iam_beta_workload_identity_pool.go.erb
@@ -8,7 +8,7 @@ import (
 
 func dataSourceIAMBetaWorkloadIdentityPool() *schema.Resource {
 
-	dsSchema := (resourceIAMBetaWorkloadIdentityPool().Schema)
+	dsSchema := datasourceSchemaFromResourceSchema(resourceIAMBetaWorkloadIdentityPool().Schema)
 	addRequiredFieldsToSchema(dsSchema, "workload_identity_pool_id")
 	addOptionalFieldsToSchema(dsSchema, "project")
 

diff --git a/..._party/terraform/data_sources/data_source_iam_beta_workload_identity_pool_provider.go.erb b/..._party/terraform/data_sources/data_source_iam_beta_workload_identity_pool_provider.go.erb
@@ -0,0 +1,33 @@
+<% autogen_exception -%>
+package google
+
+<% unless version == 'ga' -%>
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceIAMBetaWorkloadIdentityPoolProvider() *schema.Resource {
+
+	dsSchema := datasourceSchemaFromResourceSchema(resourceIAMBetaWorkloadIdentityPoolProvider().Schema)
+	addRequiredFieldsToSchema(dsSchema, "workload_identity_pool_id")
+	addRequiredFieldsToSchema(dsSchema, "workload_identity_pool_provider_id")
+	addOptionalFieldsToSchema(dsSchema, "project")
+
+	return &schema.Resource{
+		Read:   dataSourceIAMBetaWorkloadIdentityPoolProviderRead,
+		Schema: dsSchema,
+	}
+}
+
+func dataSourceIAMBetaWorkloadIdentityPoolProviderRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	id, err := replaceVars(d, config, "projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+	return resourceIAMBetaWorkloadIdentityPoolProviderRead(d, meta)
+
+}
+<% end -%>
diff --git a/third_party/terraform/tests/data_source_iam_beta_workload_identity_pool_provider_test.go.erb b/third_party/terraform/tests/data_source_iam_beta_workload_identity_pool_provider_test.go.erb
@@ -0,0 +1,61 @@
+<% autogen_exception -%>
+package google
+
+<% unless version == 'ga' -%>
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceIAMBetaWorkloadIdentityPoolProvider_basic(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMBetaWorkloadIdentityPoolProviderDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceIAMBetaWorkloadIdentityPoolProviderBasic(context),
+				Check: resource.ComposeTestCheckFunc(
+					checkDataSourceStateMatchesResourceState("data.google_iam_workload_identity_pool_provider.foo", "google_iam_workload_identity_pool_provider.bar"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceIAMBetaWorkloadIdentityPoolProviderBasic(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_iam_workload_identity_pool" "pool" {
+	workload_identity_pool_id = "pool-%{random_suffix}"
+}
+
+resource "google_iam_workload_identity_pool_provider" "bar" {
+	workload_identity_pool_id          = "pool-%{random_suffix}"
+	workload_identity_pool_provider_id = "bar-provider-%{random_suffix}"
+	display_name                       = "Name of provider"
+	description                        = "OIDC identity pool provider for automated test"
+	disabled                           = true
+	attribute_condition                = "\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"
+	attribute_mapping                  = {
+		"google.subject" = "assertion.sub"
+	}
+	oidc {
+		allowed_audiences = ["https://example.com/gcp-oidc-federation"]
+		issuer_uri        = "https://sts.windows.net/azure-tenant-id"
+	}
+  }
+
+data "google_iam_workload_identity_pool_provider" "foo" {
+	workload_identity_pool_id          = google_iam_workload_identity_pool.pool.workload_identity_pool_id
+	workload_identity_pool_provider_id = google_iam_workload_identity_pool_provider.bar.workload_identity_pool_provider_id
+}
+`, context)
+}
+<% end -%>
diff --git a/third_party/terraform/utils/provider.go.erb b/third_party/terraform/utils/provider.go.erb
@@ -225,6 +225,7 @@ func Provider() *schema.Provider {
 			"google_iam_testable_permissions":                  dataSourceGoogleIamTestablePermissions(),
 			<% unless version == 'ga' -%>
 			"google_iam_workload_identity_pool":                dataSourceIAMBetaWorkloadIdentityPool(),
+			"google_iam_workload_identity_pool_provider":       dataSourceIAMBetaWorkloadIdentityPoolProvider(),
 			<% end -%>
 			"google_kms_crypto_key":                            dataSourceGoogleKmsCryptoKey(),
 			"google_kms_crypto_key_version":                    dataSourceGoogleKmsCryptoKeyVersion(),

diff --git a/third_party/terraform/website/docs/d/iam_workload_identity_pool_provider.markdown b/third_party/terraform/website/docs/d/iam_workload_identity_pool_provider.markdown
@@ -0,0 +1,41 @@
+---
+subcategory: "Cloud IAM"
+layout: "google"
+page_title: "Google: google_iam_workload_identity_pool_provider"
+sidebar_current: "docs-google-datasource-iam-workload-identity-pool-provider"
+description: |-
+  Get a IAM workload identity pool provider from Google Cloud
+---
+
+# google\_iam\_workload_\identity\_pool\_provider
+
+Get a IAM workload identity provider from Google Cloud by its id.
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+## Example Usage
+
+```tf
+data "google_iam_workload_identity_pool_provider" "foo" {
+  workload_identity_pool_id          = "foo-pool"
+  workload_identity_pool_provider_id = "bar-provider"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `workload_identity_pool_id` - (Required) The id of the pool which is the
+    final component of the pool resource name.
+* `workload_identity_pool_provider_id` - (Required) The id of the provider which is the
+    final component of the resource name.
+
+- - -
+
+* `project` - (Optional) The project in which the resource belongs. If it
+    is not provided, the provider project is used.
+
+## Attributes Reference
+See [google_iam_workload_identity_pool_provider](https://www.terraform.io/docs/providers/google/r/iam_workload_identity_pool_provider.html) resource for details of all the available attributes.