hashicorp · dadgar · Oct 17, 2023 · Oct 13, 2023 · Oct 16, 2023 · Oct 16, 2023
@@ -0,0 +1,12 @@
+
+```release-note:feature
+Add `hcp_service_principal` resource.
+```
+
+```release-note:feature
+Add `hcp_service_principal` data source.
+```
+
+```release-note:feature
+Add `hcp_service_principal_key` resource.
+```
@@ -0,0 +1,30 @@
+---
+page_title: "hcp_service_principal Data Source - terraform-provider-hcp"
+subcategory: "Cloud Platform"
+description: |-
+  The service principal data source retrieves the given service principal.
+---
+
+# hcp_service_principal (Data Source)
+
+The service principal data source retrieves the given service principal.
+
+## Example Usage
+
+```terraform
+data "hcp_service_principal" "example" {
+  resource_name = var.service_principal
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `resource_name` (String) The service principal's resource name in format `iam/project/<project_id>/service-principal/<name>` or `iam/organization/<organization_id>/service-principal/<name>`
+
+### Read-Only
+
+- `name` (String) The service principal's name
+- `resource_id` (String) The service principal's unique identitier
@@ -0,0 +1,71 @@
+---
+page_title: "Resource hcp_service_principal - terraform-provider-hcp"
+subcategory: "Cloud Platform"
+description: |-
+  The service principal resource manages a HCP Service Principal.
+  The user or service account that is running Terraform when creating a hcp_service_principal resource must have roles/Admin on the parent resource; either the project or organization.
+---
+
+# hcp_service_principal (Resource)
+
+The service principal resource manages a HCP Service Principal.
+
+The user or service account that is running Terraform when creating a `hcp_service_principal` resource must have `roles/Admin` on the parent resource; either the project or organization.
+
+## Example Usage: Create in provider configured project
+
+```terraform
+resource "hcp_service_principal" "example" {
+  name = "example-sp"
+}
+```
+
+## Example Usage: Create in new project
+
+```terraform
+resource "hcp_project" "my_proj" {
+  name = "example"
+}
+
+resource "hcp_service_principal" "example" {
+  name   = "example-sp"
+  parent = hcp_project.my_proj.resource_name
+}
+```
+
+## Example Usage: Create organization service principal
+
+```terraform
+data "hcp_organization" "my_org" {
+}
+
+resource "hcp_service_principal" "example" {
+  name   = "example-sp"
+  parent = data.hcp_organization.my_org.resource_name
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The service principal's name.
+
+### Optional
+
+- `parent` (String) The parent location to create the service principal under. If unspecified, the service principal will be created in the project the provider is configured with. If specified, the accepted values are "project/<project_id>" or "organization/<organization_id>"
+
+### Read-Only
+
+- `resource_id` (String) The service principal's unique identitier
+- `resource_name` (String) The service principal's resource name in the format `iam/project/<project_id>/service-principal/<name>` or `iam/organization/<organization_id>/service-principal/<name>`
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Service Principals can be imported by specifying the resource name
+terraform import hcp_service_principal.example iam/project/840e3701-55b6-4f86-8c17-b1fe397303c5/service-principal/my-sp
+```
@@ -0,0 +1,62 @@
+---
+page_title: "Resource hcp_service_principal_key - terraform-provider-hcp"
+subcategory: "Cloud Platform"
+description: |-
+  The service principal key resource manages a service principal key.
+  The user or service account that is running Terraform when creating a hcp_service_principal_key resource must have roles/Admin on the parent resource; either the project or organization.
+---
+
+# hcp_service_principal_key (Resource)
+
+The service principal key resource manages a service principal key.
+
+The user or service account that is running Terraform when creating a `hcp_service_principal_key` resource must have `roles/Admin` on the parent resource; either the project or organization.
+
+## Example Usage: Creating a new key
+
+```terraform
+resource "hcp_service_principal" "example" {
+  name = "example-sp"
+}
+
+resource "hcp_service_principal_key" "key" {
+  service_principal = hcp_service_principal.example.resource_name
+}
+```
+
+## Example Usage: Creating and regularly rotating a key
+
+```terraform
+resource "hcp_service_principal" "example" {
+  name = "example-sp"
+}
+
+# Note this requires the Terraform to be run regularly
+resource "time_rotating" "key_rotation" {
+  rotation_days = 14
+}
+
+resource "hcp_service_principal_key" "key" {
+  service_principal = hcp_service_principal.example.resource_name
+  rotation_triggers {
+    rotation_time = time_rotating.key_rotation.rotation_rfc3339
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `service_principal` (String) The service principal's resource name for which a key should be created.
+
+### Optional
+
+- `rotate_triggers` (Map of String) A map of arbitrary string key/value pairs that will force recreation of the key when they change, enabling key based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.
+
+### Read-Only
+
+- `client_id` (String) The generated service principal client_id.
+- `client_secret` (String, Sensitive) The generated service principal client_secret.
+- `resource_name` (String) The service principal key's resource name.
@@ -0,0 +1,3 @@
+data "hcp_service_principal" "example" {
+  resource_name = var.service_principal
+}
@@ -0,0 +1,3 @@
+# Service Principals can be imported by specifying the resource name
+terraform import hcp_service_principal.example iam/project/840e3701-55b6-4f86-8c17-b1fe397303c5/service-principal/my-sp
+
@@ -0,0 +1,3 @@
+resource "hcp_service_principal" "example" {
+  name = "example-sp"
+}
@@ -0,0 +1,8 @@
+resource "hcp_project" "my_proj" {
+  name = "example"
+}
+
+resource "hcp_service_principal" "example" {
+  name   = "example-sp"
+  parent = hcp_project.my_proj.resource_name
+}
@@ -0,0 +1,7 @@
+data "hcp_organization" "my_org" {
+}
+
+resource "hcp_service_principal" "example" {
+  name   = "example-sp"
+  parent = data.hcp_organization.my_org.resource_name
+}
@@ -0,0 +1,7 @@
+resource "hcp_service_principal" "example" {
+  name = "example-sp"
+}
+
+resource "hcp_service_principal_key" "key" {
+  service_principal = hcp_service_principal.example.resource_name
+}
@@ -0,0 +1,15 @@
+resource "hcp_service_principal" "example" {
+  name = "example-sp"
+}
+
+# Note this requires the Terraform to be run regularly
+resource "time_rotating" "key_rotation" {
+  rotation_days = 14
+}
+
+resource "hcp_service_principal_key" "key" {
+  service_principal = hcp_service_principal.example.resource_name
+  rotation_triggers {
+    rotation_time = time_rotating.key_rotation.rotation_rfc3339
+  }
+}
@@ -33,6 +33,9 @@ import (
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-resource-manager/stable/2019-12-10/client/organization_service"
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-resource-manager/stable/2019-12-10/client/project_service"
 
+	cloud_service_principals "github.com/hashicorp/hcp-sdk-go/clients/cloud-iam/stable/2019-12-10/client"
+	"github.com/hashicorp/hcp-sdk-go/clients/cloud-iam/stable/2019-12-10/client/service_principals_service"
+
 	cloud_vault "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/client"
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/client/vault_service"
 
@@ -46,16 +49,17 @@ import (
 type Client struct {
 	Config ClientConfig
 
-	Billing      billing_account_service.ClientService
-	Boundary     boundary_service.ClientService
-	Consul       consul_service.ClientService
-	Network      network_service.ClientService
-	Operation    operation_service.ClientService
-	Organization organization_service.ClientService
-	Packer       packer_service.ClientService
-	Project      project_service.ClientService
-	Vault        vault_service.ClientService
-	VaultSecrets secret_service.ClientService
+	Billing           billing_account_service.ClientService
+	Boundary          boundary_service.ClientService
+	Consul            consul_service.ClientService
+	Network           network_service.ClientService
+	Operation         operation_service.ClientService
+	Organization      organization_service.ClientService
+	Packer            packer_service.ClientService
+	Project           project_service.ClientService
+	ServicePrincipals service_principals_service.ClientService
+	Vault             vault_service.ClientService
+	VaultSecrets      secret_service.ClientService
 }
 
 // ClientConfig specifies configuration for the client that interacts with HCP
@@ -94,16 +98,17 @@ func NewClient(config ClientConfig) (*Client, error) {
 	client := &Client{
 		Config: config,
 
-		Billing:      cloud_billing.New(httpClient, nil).BillingAccountService,
-		Boundary:     cloud_boundary.New(httpClient, nil).BoundaryService,
-		Consul:       cloud_consul.New(httpClient, nil).ConsulService,
-		Network:      cloud_network.New(httpClient, nil).NetworkService,
-		Operation:    cloud_operation.New(httpClient, nil).OperationService,
-		Organization: cloud_resource_manager.New(httpClient, nil).OrganizationService,
-		Packer:       cloud_packer.New(httpClient, nil).PackerService,
-		Project:      cloud_resource_manager.New(httpClient, nil).ProjectService,
-		Vault:        cloud_vault.New(httpClient, nil).VaultService,
-		VaultSecrets: cloud_vault_secrets.New(httpClient, nil).SecretService,
+		Billing:           cloud_billing.New(httpClient, nil).BillingAccountService,
+		Boundary:          cloud_boundary.New(httpClient, nil).BoundaryService,
+		Consul:            cloud_consul.New(httpClient, nil).ConsulService,
+		Network:           cloud_network.New(httpClient, nil).NetworkService,
+		Operation:         cloud_operation.New(httpClient, nil).OperationService,
+		Organization:      cloud_resource_manager.New(httpClient, nil).OrganizationService,
+		Packer:            cloud_packer.New(httpClient, nil).PackerService,
+		Project:           cloud_resource_manager.New(httpClient, nil).ProjectService,
+		ServicePrincipals: cloud_service_principals.New(httpClient, nil).ServicePrincipalsService,
+		Vault:             cloud_vault.New(httpClient, nil).VaultService,
+		VaultSecrets:      cloud_vault_secrets.New(httpClient, nil).SecretService,
 	}
 
 	return client, nil
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Service Principals can be imported by specifying the resource name
		terraform import hcp_service_principal.example iam/project/840e3701-55b6-4f86-8c17-b1fe397303c5/service-principal/my-sp