Export data.google_compute_default_service_account.name (#2778)

google/data_source_google_compute_default_service_account.go

@@ -1,6 +1,7 @@
 package google
 
 import (
+	"fmt"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -8,13 +9,25 @@ func dataSourceGoogleComputeDefaultServiceAccount() *schema.Resource {
 	return &schema.Resource{
 		Read: dataSourceGoogleComputeDefaultServiceAccountRead,
 		Schema: map[string]*schema.Schema{
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
 			"email": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"project": {
+			"unique_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"display_name": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 		},
@@ -31,11 +44,25 @@ func dataSourceGoogleComputeDefaultServiceAccountRead(d *schema.ResourceData, me
 
 	projectCompResource, err := config.clientCompute.Projects.Get(project).Do()
 	if err != nil {
-		return handleNotFoundError(err, d, "GCE service account not found")
+		return handleNotFoundError(err, d, "GCE default service account")
 	}
 
-	d.SetId(projectCompResource.DefaultServiceAccount)
-	d.Set("email", projectCompResource.DefaultServiceAccount)
-	d.Set("project", project)
+	serviceAccountName, err := serviceAccountFQN(projectCompResource.DefaultServiceAccount, d, config)
+	if err != nil {
+		return err
+	}
+
+	sa, err := config.clientIAM.Projects.ServiceAccounts.Get(serviceAccountName).Do()
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("Service Account %q", serviceAccountName))
+	}
+
+	d.SetId(sa.Name)
+	d.Set("email", sa.Email)
+	d.Set("unique_id", sa.UniqueId)
+	d.Set("project", sa.ProjectId)
+	d.Set("name", sa.Name)
+	d.Set("display_name", sa.DisplayName)
+
 	return nil
 }

google/data_source_google_compute_default_service_account_test.go

@@ -20,6 +20,9 @@ func TestAccDataSourceGoogleComputeDefaultServiceAccount_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttrSet(resourceName, "email"),
+					resource.TestCheckResourceAttrSet(resourceName, "unique_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "name"),
+					resource.TestCheckResourceAttrSet(resourceName, "display_name"),
 				),
 			},
 		},

website/docs/d/google_compute_default_service_account.html.markdown

@@ -32,3 +32,9 @@ The following arguments are supported:
 The following attributes are exported:
 
 * `email` - Email address of the default service account used by VMs running in this project
+
+* `unique_id` - The unique id of the service account.
+
+* `name` - The fully-qualified name of the service account.
+
+* `display_name` - The display name for the service account.

website/docs/r/google_service_account_iam.html.markdown

@@ -39,8 +39,8 @@ resource "google_service_account" "sa" {
 }
 
 resource "google_service_account_iam_policy" "admin-account-iam" {
-	service_account_id = "${google_service_account.sa.name}"
-	policy_data = "${data.google_iam_policy.admin.policy_data}"
+  service_account_id = "${google_service_account.sa.name}"
+  policy_data        = "${data.google_iam_policy.admin.policy_data}"
 }
 ```
 
@@ -66,6 +66,8 @@ resource "google_service_account_iam_binding" "admin-account-iam" {
 ## google\_service\_account\_iam\_member
 
 ```hcl
+data "google_compute_default_service_account" "default" { }
+
 resource "google_service_account" "sa" {
   account_id   = "my-service-account"
   display_name = "A service account that Jane can use"
@@ -76,6 +78,13 @@ resource "google_service_account_iam_member" "admin-account-iam" {
   role               = "roles/iam.serviceAccountUser"
   member             = "user:jane@example.com"
 }
+
+# Allow SA service account use the default GCE account
+resource "google_service_account_iam_member" "gce-default-account-iam" {
+  service_account_id = "${data.google_compute_default_service_account.default.name}"
+  role               = "roles/iam.serviceAccountUser"
+  member             = "serviceAccount:${google_service_account.sa.email}"
+}
 ```
 
 ## Argument Reference