mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 07:42:40 +00:00
allow setting service account email for keys (#1256)
This commit is contained in:
parent
1b6b9ed126
commit
9fd4d02b89
|
@ -2,6 +2,7 @@ package google
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/encryption"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
|
@ -17,10 +18,9 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
|
|||
Schema: map[string]*schema.Schema{
|
||||
// Required
|
||||
"service_account_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
ValidateFunc: validateRegexp(ServiceAccountLinkRegex),
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
// Optional
|
||||
"key_algorithm": &schema.Schema{
|
||||
|
@ -89,6 +89,9 @@ func resourceGoogleServiceAccountKeyCreate(d *schema.ResourceData, meta interfac
|
|||
config := meta.(*Config)
|
||||
|
||||
serviceAccount := d.Get("service_account_id").(string)
|
||||
if !strings.HasPrefix(serviceAccount, "projects/") {
|
||||
serviceAccount = "projects/-/serviceAccounts/" + serviceAccount
|
||||
}
|
||||
|
||||
r := &iam.CreateServiceAccountKeyRequest{
|
||||
KeyAlgorithm: d.Get("key_algorithm").(string),
|
||||
|
|
|
@ -34,6 +34,30 @@ func TestAccServiceAccountKey_basic(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestAccServiceAccountKey_fromEmail(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
resourceName := "google_service_account_key.acceptance"
|
||||
accountID := "a" + acctest.RandString(10)
|
||||
displayName := "Terraform Test"
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccServiceAccountKey_fromEmail(accountID, displayName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckGoogleServiceAccountKeyExists(resourceName),
|
||||
resource.TestCheckResourceAttrSet(resourceName, "public_key"),
|
||||
resource.TestCheckResourceAttrSet(resourceName, "valid_after"),
|
||||
resource.TestCheckResourceAttrSet(resourceName, "valid_before"),
|
||||
resource.TestCheckResourceAttrSet(resourceName, "private_key"),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccServiceAccountKey_pgp(t *testing.T) {
|
||||
t.Parallel()
|
||||
resourceName := "google_service_account_key.acceptance"
|
||||
|
@ -86,7 +110,21 @@ resource "google_service_account" "acceptance" {
|
|||
}
|
||||
|
||||
resource "google_service_account_key" "acceptance" {
|
||||
service_account_id = "${google_service_account.acceptance.id}"
|
||||
service_account_id = "${google_service_account.acceptance.name}"
|
||||
public_key_type = "TYPE_X509_PEM_FILE"
|
||||
}
|
||||
`, account, name)
|
||||
}
|
||||
|
||||
func testAccServiceAccountKey_fromEmail(account, name string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_service_account" "acceptance" {
|
||||
account_id = "%s"
|
||||
display_name = "%s"
|
||||
}
|
||||
|
||||
resource "google_service_account_key" "acceptance" {
|
||||
service_account_id = "${google_service_account.acceptance.email}"
|
||||
public_key_type = "TYPE_X509_PEM_FILE"
|
||||
}
|
||||
`, account, name)
|
||||
|
@ -100,7 +138,7 @@ resource "google_service_account" "acceptance" {
|
|||
}
|
||||
|
||||
resource "google_service_account_key" "acceptance" {
|
||||
service_account_id = "${google_service_account.acceptance.id}"
|
||||
service_account_id = "${google_service_account.acceptance.name}"
|
||||
public_key_type = "TYPE_X509_PEM_FILE"
|
||||
pgp_key = <<EOF
|
||||
%s
|
||||
|
|
|
@ -20,7 +20,7 @@ resource "google_service_account" "acceptance" {
|
|||
}
|
||||
|
||||
resource "google_service_account_key" "acceptance" {
|
||||
service_account_id = "${google_service_account.acceptance.id}"
|
||||
service_account_id = "${google_service_account.acceptance.name}"
|
||||
public_key_type = "TYPE_X509_PEM_FILE"
|
||||
}
|
||||
```
|
||||
|
@ -33,7 +33,7 @@ resource "google_service_account" "myaccount" {
|
|||
display_name = "My Service Account"
|
||||
}
|
||||
resource "google_service_account_key" "mykey" {
|
||||
service_account_id = "${google_service_account.myaccount.id}"
|
||||
service_account_id = "${google_service_account.myaccount.name}"
|
||||
}
|
||||
resource "kubernetes_secret" "google-application-credentials" {
|
||||
metadata {
|
||||
|
@ -54,7 +54,7 @@ resource "google_service_account" "acceptance" {
|
|||
}
|
||||
|
||||
resource "google_service_account_key" "acceptance" {
|
||||
service_account_id = "${google_service_account.acceptance.id}"
|
||||
service_account_id = "${google_service_account.acceptance.name}"
|
||||
pgp_key = "keybase:keybaseusername"
|
||||
public_key_type = "TYPE_X509_PEM_FILE"
|
||||
}
|
||||
|
@ -64,7 +64,9 @@ resource "google_service_account_key" "acceptance" {
|
|||
|
||||
The following arguments are supported:
|
||||
|
||||
* `service_account_id` - (Required) The Service account id of the Key Pair.
|
||||
* `service_account_id` - (Required) The Service account id of the Key Pair. This can be a string in the format
|
||||
`{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
|
||||
unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.
|
||||
|
||||
* `key_algorithm` - (Optional) The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
|
||||
Valid values are listed at
|
||||
|
|
Loading…
Reference in New Issue
Block a user