mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 07:42:40 +00:00
Export data.google_compute_default_service_account.name (#2778)
This commit is contained in:
parent
b6a7f25db3
commit
ccf676022e
|
@ -1,6 +1,7 @@
|
||||||
package google
|
package google
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -8,13 +9,25 @@ func dataSourceGoogleComputeDefaultServiceAccount() *schema.Resource {
|
||||||
return &schema.Resource{
|
return &schema.Resource{
|
||||||
Read: dataSourceGoogleComputeDefaultServiceAccountRead,
|
Read: dataSourceGoogleComputeDefaultServiceAccountRead,
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
|
"project": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
"email": {
|
"email": {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
},
|
},
|
||||||
"project": {
|
"unique_id": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
"name": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
"display_name": {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Optional: true,
|
|
||||||
Computed: true,
|
Computed: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -31,11 +44,25 @@ func dataSourceGoogleComputeDefaultServiceAccountRead(d *schema.ResourceData, me
|
||||||
|
|
||||||
projectCompResource, err := config.clientCompute.Projects.Get(project).Do()
|
projectCompResource, err := config.clientCompute.Projects.Get(project).Do()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return handleNotFoundError(err, d, "GCE service account not found")
|
return handleNotFoundError(err, d, "GCE default service account")
|
||||||
}
|
}
|
||||||
|
|
||||||
d.SetId(projectCompResource.DefaultServiceAccount)
|
serviceAccountName, err := serviceAccountFQN(projectCompResource.DefaultServiceAccount, d, config)
|
||||||
d.Set("email", projectCompResource.DefaultServiceAccount)
|
if err != nil {
|
||||||
d.Set("project", project)
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
sa, err := config.clientIAM.Projects.ServiceAccounts.Get(serviceAccountName).Do()
|
||||||
|
if err != nil {
|
||||||
|
return handleNotFoundError(err, d, fmt.Sprintf("Service Account %q", serviceAccountName))
|
||||||
|
}
|
||||||
|
|
||||||
|
d.SetId(sa.Name)
|
||||||
|
d.Set("email", sa.Email)
|
||||||
|
d.Set("unique_id", sa.UniqueId)
|
||||||
|
d.Set("project", sa.ProjectId)
|
||||||
|
d.Set("name", sa.Name)
|
||||||
|
d.Set("display_name", sa.DisplayName)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,9 @@ func TestAccDataSourceGoogleComputeDefaultServiceAccount_basic(t *testing.T) {
|
||||||
Check: resource.ComposeTestCheckFunc(
|
Check: resource.ComposeTestCheckFunc(
|
||||||
resource.TestCheckResourceAttrSet(resourceName, "id"),
|
resource.TestCheckResourceAttrSet(resourceName, "id"),
|
||||||
resource.TestCheckResourceAttrSet(resourceName, "email"),
|
resource.TestCheckResourceAttrSet(resourceName, "email"),
|
||||||
|
resource.TestCheckResourceAttrSet(resourceName, "unique_id"),
|
||||||
|
resource.TestCheckResourceAttrSet(resourceName, "name"),
|
||||||
|
resource.TestCheckResourceAttrSet(resourceName, "display_name"),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -32,3 +32,9 @@ The following arguments are supported:
|
||||||
The following attributes are exported:
|
The following attributes are exported:
|
||||||
|
|
||||||
* `email` - Email address of the default service account used by VMs running in this project
|
* `email` - Email address of the default service account used by VMs running in this project
|
||||||
|
|
||||||
|
* `unique_id` - The unique id of the service account.
|
||||||
|
|
||||||
|
* `name` - The fully-qualified name of the service account.
|
||||||
|
|
||||||
|
* `display_name` - The display name for the service account.
|
||||||
|
|
|
@ -39,8 +39,8 @@ resource "google_service_account" "sa" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_service_account_iam_policy" "admin-account-iam" {
|
resource "google_service_account_iam_policy" "admin-account-iam" {
|
||||||
service_account_id = "${google_service_account.sa.name}"
|
service_account_id = "${google_service_account.sa.name}"
|
||||||
policy_data = "${data.google_iam_policy.admin.policy_data}"
|
policy_data = "${data.google_iam_policy.admin.policy_data}"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -66,6 +66,8 @@ resource "google_service_account_iam_binding" "admin-account-iam" {
|
||||||
## google\_service\_account\_iam\_member
|
## google\_service\_account\_iam\_member
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
|
data "google_compute_default_service_account" "default" { }
|
||||||
|
|
||||||
resource "google_service_account" "sa" {
|
resource "google_service_account" "sa" {
|
||||||
account_id = "my-service-account"
|
account_id = "my-service-account"
|
||||||
display_name = "A service account that Jane can use"
|
display_name = "A service account that Jane can use"
|
||||||
|
@ -76,6 +78,13 @@ resource "google_service_account_iam_member" "admin-account-iam" {
|
||||||
role = "roles/iam.serviceAccountUser"
|
role = "roles/iam.serviceAccountUser"
|
||||||
member = "user:jane@example.com"
|
member = "user:jane@example.com"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Allow SA service account use the default GCE account
|
||||||
|
resource "google_service_account_iam_member" "gce-default-account-iam" {
|
||||||
|
service_account_id = "${data.google_compute_default_service_account.default.name}"
|
||||||
|
role = "roles/iam.serviceAccountUser"
|
||||||
|
member = "serviceAccount:${google_service_account.sa.email}"
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## Argument Reference
|
## Argument Reference
|
||||||
|
|
Loading…
Reference in New Issue
Block a user