public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-01 07:42:40 +00:00
Code Issues Projects Releases Wiki Activity

allow setting service account email for keys (#1256)

Browse Source
This commit is contained in:
Dana Hoffman 2018-03-26 15:44:34 -07:00 committed by GitHub
parent 1b6b9ed126
commit 9fd4d02b89
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 53 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
google/resource_google_service_account_key.go
View File

@ -2,6 +2,7 @@ package google
import ( import (
"fmt" "fmt"
"strings"
"github.com/hashicorp/terraform/helper/encryption" "github.com/hashicorp/terraform/helper/encryption"
"github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/schema"
@ -17,10 +18,9 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
// Required // Required
"service_account_id": &schema.Schema{ "service_account_id": &schema.Schema{
Type: schema.TypeString, Type: schema.TypeString,
Required: true, Required: true,
ForceNew: true, ForceNew: true,
ValidateFunc: validateRegexp(ServiceAccountLinkRegex),
}, },
// Optional // Optional
"key_algorithm": &schema.Schema{ "key_algorithm": &schema.Schema{
@ -89,6 +89,9 @@ func resourceGoogleServiceAccountKeyCreate(d *schema.ResourceData, meta interfac
config := meta.(*Config) config := meta.(*Config)
serviceAccount := d.Get("service_account_id").(string) serviceAccount := d.Get("service_account_id").(string)
if !strings.HasPrefix(serviceAccount, "projects/") {
serviceAccount = "projects/-/serviceAccounts/" + serviceAccount
}
r := &iam.CreateServiceAccountKeyRequest{ r := &iam.CreateServiceAccountKeyRequest{
KeyAlgorithm: d.Get("key_algorithm").(string), KeyAlgorithm: d.Get("key_algorithm").(string),

42
google/resource_google_service_account_key_test.go
View File

@ -34,6 +34,30 @@ func TestAccServiceAccountKey_basic(t *testing.T) {
}) })
} }
func TestAccServiceAccountKey_fromEmail(t *testing.T) {
t.Parallel()
resourceName := "google_service_account_key.acceptance"
accountID := "a" + acctest.RandString(10)
displayName := "Terraform Test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccServiceAccountKey_fromEmail(accountID, displayName),
Check: resource.ComposeTestCheckFunc(
testAccCheckGoogleServiceAccountKeyExists(resourceName),
resource.TestCheckResourceAttrSet(resourceName, "public_key"),
resource.TestCheckResourceAttrSet(resourceName, "valid_after"),
resource.TestCheckResourceAttrSet(resourceName, "valid_before"),
resource.TestCheckResourceAttrSet(resourceName, "private_key"),
),
},
},
})
}
func TestAccServiceAccountKey_pgp(t *testing.T) { func TestAccServiceAccountKey_pgp(t *testing.T) {
t.Parallel() t.Parallel()
resourceName := "google_service_account_key.acceptance" resourceName := "google_service_account_key.acceptance"
@ -86,7 +110,21 @@ resource "google_service_account" "acceptance" {
} }
resource "google_service_account_key" "acceptance" { resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}" service_account_id = "${google_service_account.acceptance.name}"
public_key_type = "TYPE_X509_PEM_FILE"
}
`, account, name)
}
func testAccServiceAccountKey_fromEmail(account, name string) string {
return fmt.Sprintf(`
resource "google_service_account" "acceptance" {
account_id = "%s"
display_name = "%s"
}
resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.email}"
public_key_type = "TYPE_X509_PEM_FILE" public_key_type = "TYPE_X509_PEM_FILE"
} }
`, account, name) `, account, name)
@ -100,7 +138,7 @@ resource "google_service_account" "acceptance" {
} }
resource "google_service_account_key" "acceptance" { resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}" service_account_id = "${google_service_account.acceptance.name}"
public_key_type = "TYPE_X509_PEM_FILE" public_key_type = "TYPE_X509_PEM_FILE"
pgp_key = <<EOF pgp_key = <<EOF
%s %s

10
website/docs/r/google_service_account_key.html.markdown
View File

@ -20,7 +20,7 @@ resource "google_service_account" "acceptance" {
} }
resource "google_service_account_key" "acceptance" { resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}" service_account_id = "${google_service_account.acceptance.name}"
public_key_type = "TYPE_X509_PEM_FILE" public_key_type = "TYPE_X509_PEM_FILE"
} }
``` ```
@ -33,7 +33,7 @@ resource "google_service_account" "myaccount" {
display_name = "My Service Account" display_name = "My Service Account"
} }
resource "google_service_account_key" "mykey" { resource "google_service_account_key" "mykey" {
service_account_id = "${google_service_account.myaccount.id}" service_account_id = "${google_service_account.myaccount.name}"
} }
resource "kubernetes_secret" "google-application-credentials" { resource "kubernetes_secret" "google-application-credentials" {
metadata { metadata {
@ -54,7 +54,7 @@ resource "google_service_account" "acceptance" {
} }
resource "google_service_account_key" "acceptance" { resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}" service_account_id = "${google_service_account.acceptance.name}"
pgp_key = "keybase:keybaseusername" pgp_key = "keybase:keybaseusername"
public_key_type = "TYPE_X509_PEM_FILE" public_key_type = "TYPE_X509_PEM_FILE"
} }
@ -64,7 +64,9 @@ resource "google_service_account_key" "acceptance" {
The following arguments are supported: The following arguments are supported:
* `service_account_id` - (Required) The Service account id of the Key Pair. * `service_account_id` - (Required) The Service account id of the Key Pair. This can be a string in the format
`{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
* `key_algorithm` - (Optional) The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. * `key_algorithm` - (Optional) The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
Valid values are listed at Valid values are listed at