mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-01 16:21:06 +00:00
allow setting service account email for keys (#1256)
This commit is contained in:
parent
1b6b9ed126
commit
9fd4d02b89
@ -2,6 +2,7 @@ package google
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/encryption"
|
"github.com/hashicorp/terraform/helper/encryption"
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
@ -17,10 +18,9 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
|
|||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
// Required
|
// Required
|
||||||
"service_account_id": &schema.Schema{
|
"service_account_id": &schema.Schema{
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Required: true,
|
Required: true,
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
ValidateFunc: validateRegexp(ServiceAccountLinkRegex),
|
|
||||||
},
|
},
|
||||||
// Optional
|
// Optional
|
||||||
"key_algorithm": &schema.Schema{
|
"key_algorithm": &schema.Schema{
|
||||||
@ -89,6 +89,9 @@ func resourceGoogleServiceAccountKeyCreate(d *schema.ResourceData, meta interfac
|
|||||||
config := meta.(*Config)
|
config := meta.(*Config)
|
||||||
|
|
||||||
serviceAccount := d.Get("service_account_id").(string)
|
serviceAccount := d.Get("service_account_id").(string)
|
||||||
|
if !strings.HasPrefix(serviceAccount, "projects/") {
|
||||||
|
serviceAccount = "projects/-/serviceAccounts/" + serviceAccount
|
||||||
|
}
|
||||||
|
|
||||||
r := &iam.CreateServiceAccountKeyRequest{
|
r := &iam.CreateServiceAccountKeyRequest{
|
||||||
KeyAlgorithm: d.Get("key_algorithm").(string),
|
KeyAlgorithm: d.Get("key_algorithm").(string),
|
||||||
|
@ -34,6 +34,30 @@ func TestAccServiceAccountKey_basic(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccServiceAccountKey_fromEmail(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
resourceName := "google_service_account_key.acceptance"
|
||||||
|
accountID := "a" + acctest.RandString(10)
|
||||||
|
displayName := "Terraform Test"
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
resource.TestStep{
|
||||||
|
Config: testAccServiceAccountKey_fromEmail(accountID, displayName),
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
testAccCheckGoogleServiceAccountKeyExists(resourceName),
|
||||||
|
resource.TestCheckResourceAttrSet(resourceName, "public_key"),
|
||||||
|
resource.TestCheckResourceAttrSet(resourceName, "valid_after"),
|
||||||
|
resource.TestCheckResourceAttrSet(resourceName, "valid_before"),
|
||||||
|
resource.TestCheckResourceAttrSet(resourceName, "private_key"),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestAccServiceAccountKey_pgp(t *testing.T) {
|
func TestAccServiceAccountKey_pgp(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
resourceName := "google_service_account_key.acceptance"
|
resourceName := "google_service_account_key.acceptance"
|
||||||
@ -86,7 +110,21 @@ resource "google_service_account" "acceptance" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "google_service_account_key" "acceptance" {
|
resource "google_service_account_key" "acceptance" {
|
||||||
service_account_id = "${google_service_account.acceptance.id}"
|
service_account_id = "${google_service_account.acceptance.name}"
|
||||||
|
public_key_type = "TYPE_X509_PEM_FILE"
|
||||||
|
}
|
||||||
|
`, account, name)
|
||||||
|
}
|
||||||
|
|
||||||
|
func testAccServiceAccountKey_fromEmail(account, name string) string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
resource "google_service_account" "acceptance" {
|
||||||
|
account_id = "%s"
|
||||||
|
display_name = "%s"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_service_account_key" "acceptance" {
|
||||||
|
service_account_id = "${google_service_account.acceptance.email}"
|
||||||
public_key_type = "TYPE_X509_PEM_FILE"
|
public_key_type = "TYPE_X509_PEM_FILE"
|
||||||
}
|
}
|
||||||
`, account, name)
|
`, account, name)
|
||||||
@ -100,7 +138,7 @@ resource "google_service_account" "acceptance" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "google_service_account_key" "acceptance" {
|
resource "google_service_account_key" "acceptance" {
|
||||||
service_account_id = "${google_service_account.acceptance.id}"
|
service_account_id = "${google_service_account.acceptance.name}"
|
||||||
public_key_type = "TYPE_X509_PEM_FILE"
|
public_key_type = "TYPE_X509_PEM_FILE"
|
||||||
pgp_key = <<EOF
|
pgp_key = <<EOF
|
||||||
%s
|
%s
|
||||||
|
@ -20,7 +20,7 @@ resource "google_service_account" "acceptance" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "google_service_account_key" "acceptance" {
|
resource "google_service_account_key" "acceptance" {
|
||||||
service_account_id = "${google_service_account.acceptance.id}"
|
service_account_id = "${google_service_account.acceptance.name}"
|
||||||
public_key_type = "TYPE_X509_PEM_FILE"
|
public_key_type = "TYPE_X509_PEM_FILE"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
@ -33,7 +33,7 @@ resource "google_service_account" "myaccount" {
|
|||||||
display_name = "My Service Account"
|
display_name = "My Service Account"
|
||||||
}
|
}
|
||||||
resource "google_service_account_key" "mykey" {
|
resource "google_service_account_key" "mykey" {
|
||||||
service_account_id = "${google_service_account.myaccount.id}"
|
service_account_id = "${google_service_account.myaccount.name}"
|
||||||
}
|
}
|
||||||
resource "kubernetes_secret" "google-application-credentials" {
|
resource "kubernetes_secret" "google-application-credentials" {
|
||||||
metadata {
|
metadata {
|
||||||
@ -54,7 +54,7 @@ resource "google_service_account" "acceptance" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "google_service_account_key" "acceptance" {
|
resource "google_service_account_key" "acceptance" {
|
||||||
service_account_id = "${google_service_account.acceptance.id}"
|
service_account_id = "${google_service_account.acceptance.name}"
|
||||||
pgp_key = "keybase:keybaseusername"
|
pgp_key = "keybase:keybaseusername"
|
||||||
public_key_type = "TYPE_X509_PEM_FILE"
|
public_key_type = "TYPE_X509_PEM_FILE"
|
||||||
}
|
}
|
||||||
@ -64,7 +64,9 @@ resource "google_service_account_key" "acceptance" {
|
|||||||
|
|
||||||
The following arguments are supported:
|
The following arguments are supported:
|
||||||
|
|
||||||
* `service_account_id` - (Required) The Service account id of the Key Pair.
|
* `service_account_id` - (Required) The Service account id of the Key Pair. This can be a string in the format
|
||||||
|
`{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
|
||||||
|
unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
|
||||||
|
|
||||||
* `key_algorithm` - (Optional) The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
|
* `key_algorithm` - (Optional) The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
|
||||||
Valid values are listed at
|
Valid values are listed at
|
||||||
|
Loading…
Reference in New Issue
Block a user