mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-06-29 06:42:36 +00:00
328 lines
21 KiB
Go
328 lines
21 KiB
Go
package google
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/hashicorp/terraform/helper/mutexkv"
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
|
|
googleoauth "golang.org/x/oauth2/google"
|
|
)
|
|
|
|
// Global MutexKV
|
|
var mutexKV = mutexkv.NewMutexKV()
|
|
|
|
// Provider returns a terraform.ResourceProvider.
|
|
func Provider() terraform.ResourceProvider {
|
|
return &schema.Provider{
|
|
Schema: map[string]*schema.Schema{
|
|
"credentials": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
|
"GOOGLE_CREDENTIALS",
|
|
"GOOGLE_CLOUD_KEYFILE_JSON",
|
|
"GCLOUD_KEYFILE_JSON",
|
|
}, nil),
|
|
ValidateFunc: validateCredentials,
|
|
},
|
|
|
|
"access_token": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
|
"GOOGLE_OAUTH_ACCESS_TOKEN",
|
|
}, nil),
|
|
ConflictsWith: []string{"credentials"},
|
|
},
|
|
|
|
"project": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
|
"GOOGLE_PROJECT",
|
|
"GOOGLE_CLOUD_PROJECT",
|
|
"GCLOUD_PROJECT",
|
|
"CLOUDSDK_CORE_PROJECT",
|
|
}, nil),
|
|
},
|
|
|
|
"region": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
|
"GOOGLE_REGION",
|
|
"GCLOUD_REGION",
|
|
"CLOUDSDK_COMPUTE_REGION",
|
|
}, nil),
|
|
},
|
|
|
|
"zone": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
|
"GOOGLE_ZONE",
|
|
"GCLOUD_ZONE",
|
|
"CLOUDSDK_COMPUTE_ZONE",
|
|
}, nil),
|
|
},
|
|
"scopes": {
|
|
Type: schema.TypeList,
|
|
Optional: true,
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
},
|
|
},
|
|
|
|
DataSourcesMap: map[string]*schema.Resource{
|
|
"google_active_folder": dataSourceGoogleActiveFolder(),
|
|
"google_billing_account": dataSourceGoogleBillingAccount(),
|
|
"google_dns_managed_zone": dataSourceDnsManagedZone(),
|
|
"google_client_config": dataSourceGoogleClientConfig(),
|
|
"google_client_openid_userinfo": dataSourceGoogleClientOpenIDUserinfo(),
|
|
"google_cloudfunctions_function": dataSourceGoogleCloudFunctionsFunction(),
|
|
"google_compute_address": dataSourceGoogleComputeAddress(),
|
|
"google_compute_backend_service": dataSourceGoogleComputeBackendService(),
|
|
"google_compute_default_service_account": dataSourceGoogleComputeDefaultServiceAccount(),
|
|
"google_compute_forwarding_rule": dataSourceGoogleComputeForwardingRule(),
|
|
"google_compute_image": dataSourceGoogleComputeImage(),
|
|
"google_compute_instance": dataSourceGoogleComputeInstance(),
|
|
"google_compute_global_address": dataSourceGoogleComputeGlobalAddress(),
|
|
"google_compute_instance_group": dataSourceGoogleComputeInstanceGroup(),
|
|
"google_compute_lb_ip_ranges": dataSourceGoogleComputeLbIpRanges(),
|
|
"google_compute_network": dataSourceGoogleComputeNetwork(),
|
|
"google_compute_node_types": dataSourceGoogleComputeNodeTypes(),
|
|
"google_compute_regions": dataSourceGoogleComputeRegions(),
|
|
"google_compute_region_instance_group": dataSourceGoogleComputeRegionInstanceGroup(),
|
|
"google_compute_subnetwork": dataSourceGoogleComputeSubnetwork(),
|
|
"google_compute_zones": dataSourceGoogleComputeZones(),
|
|
"google_compute_vpn_gateway": dataSourceGoogleComputeVpnGateway(),
|
|
"google_compute_ssl_policy": dataSourceGoogleComputeSslPolicy(),
|
|
"google_container_cluster": dataSourceGoogleContainerCluster(),
|
|
"google_container_engine_versions": dataSourceGoogleContainerEngineVersions(),
|
|
"google_container_registry_repository": dataSourceGoogleContainerRepo(),
|
|
"google_container_registry_image": dataSourceGoogleContainerImage(),
|
|
"google_iam_policy": dataSourceGoogleIamPolicy(),
|
|
"google_iam_role": dataSourceGoogleIamRole(),
|
|
"google_kms_secret": dataSourceGoogleKmsSecret(),
|
|
"google_kms_key_ring": dataSourceGoogleKmsKeyRing(),
|
|
"google_kms_crypto_key": dataSourceGoogleKmsCryptoKey(),
|
|
"google_folder": dataSourceGoogleFolder(),
|
|
"google_folder_organization_policy": dataSourceGoogleFolderOrganizationPolicy(),
|
|
"google_netblock_ip_ranges": dataSourceGoogleNetblockIpRanges(),
|
|
"google_organization": dataSourceGoogleOrganization(),
|
|
"google_project": dataSourceGoogleProject(),
|
|
"google_projects": dataSourceGoogleProjects(),
|
|
"google_project_organization_policy": dataSourceGoogleProjectOrganizationPolicy(),
|
|
"google_project_services": dataSourceGoogleProjectServices(),
|
|
"google_service_account": dataSourceGoogleServiceAccount(),
|
|
"google_service_account_access_token": dataSourceGoogleServiceAccountAccessToken(),
|
|
"google_service_account_key": dataSourceGoogleServiceAccountKey(),
|
|
"google_storage_bucket_object": dataSourceGoogleStorageBucketObject(),
|
|
"google_storage_object_signed_url": dataSourceGoogleSignedUrl(),
|
|
"google_storage_project_service_account": dataSourceGoogleStorageProjectServiceAccount(),
|
|
"google_storage_transfer_project_service_account": dataSourceGoogleStorageTransferProjectServiceAccount(),
|
|
"google_tpu_tensorflow_versions": dataSourceTpuTensorflowVersions(),
|
|
},
|
|
|
|
ResourcesMap: ResourceMap(),
|
|
|
|
ConfigureFunc: providerConfigure,
|
|
}
|
|
}
|
|
|
|
func ResourceMap() map[string]*schema.Resource {
|
|
resourceMap, _ := ResourceMapWithErrors()
|
|
return resourceMap
|
|
}
|
|
|
|
func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
|
|
return mergeResourceMaps(
|
|
GeneratedAccessContextManagerResourcesMap,
|
|
GeneratedAppEngineResourcesMap,
|
|
GeneratedComputeResourcesMap,
|
|
GeneratedCloudBuildResourcesMap,
|
|
GeneratedCloudSchedulerResourcesMap,
|
|
GeneratedDnsResourcesMap,
|
|
GeneratedFilestoreResourcesMap,
|
|
GeneratedFirestoreResourcesMap,
|
|
GeneratedPubsubResourcesMap,
|
|
GeneratedRedisResourcesMap,
|
|
GeneratedResourceManagerResourcesMap,
|
|
GeneratedSourceRepoResourcesMap,
|
|
GeneratedSpannerResourcesMap,
|
|
GeneratedSqlResourcesMap,
|
|
GeneratedStorageResourcesMap,
|
|
GeneratedTpuResourcesMap,
|
|
GeneratedMonitoringResourcesMap,
|
|
map[string]*schema.Resource{
|
|
"google_app_engine_application": resourceAppEngineApplication(),
|
|
"google_bigquery_dataset": resourceBigQueryDataset(),
|
|
"google_bigquery_table": resourceBigQueryTable(),
|
|
"google_bigtable_instance": resourceBigtableInstance(),
|
|
"google_bigtable_table": resourceBigtableTable(),
|
|
"google_billing_account_iam_binding": ResourceIamBindingWithImport(IamBillingAccountSchema, NewBillingAccountIamUpdater, BillingAccountIdParseFunc),
|
|
"google_billing_account_iam_member": ResourceIamMemberWithImport(IamBillingAccountSchema, NewBillingAccountIamUpdater, BillingAccountIdParseFunc),
|
|
"google_billing_account_iam_policy": ResourceIamPolicyWithImport(IamBillingAccountSchema, NewBillingAccountIamUpdater, BillingAccountIdParseFunc),
|
|
"google_cloudfunctions_function": resourceCloudFunctionsFunction(),
|
|
"google_cloudiot_registry": resourceCloudIoTRegistry(),
|
|
"google_composer_environment": resourceComposerEnvironment(),
|
|
"google_compute_attached_disk": resourceComputeAttachedDisk(),
|
|
"google_compute_instance": resourceComputeInstance(),
|
|
"google_compute_instance_from_template": resourceComputeInstanceFromTemplate(),
|
|
"google_compute_instance_group": resourceComputeInstanceGroup(),
|
|
"google_compute_instance_group_manager": resourceComputeInstanceGroupManager(),
|
|
"google_compute_instance_iam_binding": ResourceIamBindingWithImport(IamComputeInstanceSchema, NewComputeInstanceIamUpdater, ComputeInstanceIdParseFunc),
|
|
"google_compute_instance_iam_member": ResourceIamMemberWithImport(IamComputeInstanceSchema, NewComputeInstanceIamUpdater, ComputeInstanceIdParseFunc),
|
|
"google_compute_instance_iam_policy": ResourceIamPolicyWithImport(IamComputeInstanceSchema, NewComputeInstanceIamUpdater, ComputeInstanceIdParseFunc),
|
|
"google_compute_instance_template": resourceComputeInstanceTemplate(),
|
|
"google_compute_network_peering": resourceComputeNetworkPeering(),
|
|
"google_compute_project_metadata": resourceComputeProjectMetadata(),
|
|
"google_compute_project_metadata_item": resourceComputeProjectMetadataItem(),
|
|
"google_compute_region_instance_group_manager": resourceComputeRegionInstanceGroupManager(),
|
|
"google_compute_router_interface": resourceComputeRouterInterface(),
|
|
"google_compute_router_nat": resourceComputeRouterNat(),
|
|
"google_compute_router_peer": resourceComputeRouterPeer(),
|
|
"google_compute_security_policy": resourceComputeSecurityPolicy(),
|
|
"google_compute_shared_vpc_host_project": resourceComputeSharedVpcHostProject(),
|
|
"google_compute_shared_vpc_service_project": resourceComputeSharedVpcServiceProject(),
|
|
"google_compute_subnetwork_iam_binding": ResourceIamBindingWithImport(IamComputeSubnetworkSchema, NewComputeSubnetworkIamUpdater, ComputeSubnetworkIdParseFunc),
|
|
"google_compute_subnetwork_iam_member": ResourceIamMemberWithImport(IamComputeSubnetworkSchema, NewComputeSubnetworkIamUpdater, ComputeSubnetworkIdParseFunc),
|
|
"google_compute_subnetwork_iam_policy": ResourceIamPolicyWithImport(IamComputeSubnetworkSchema, NewComputeSubnetworkIamUpdater, ComputeSubnetworkIdParseFunc),
|
|
"google_compute_target_pool": resourceComputeTargetPool(),
|
|
"google_container_cluster": resourceContainerCluster(),
|
|
"google_container_node_pool": resourceContainerNodePool(),
|
|
"google_dataflow_job": resourceDataflowJob(),
|
|
"google_dataproc_cluster": resourceDataprocCluster(),
|
|
"google_dataproc_cluster_iam_binding": ResourceIamBindingWithImport(IamDataprocClusterSchema, NewDataprocClusterUpdater, DataprocClusterIdParseFunc),
|
|
"google_dataproc_cluster_iam_member": ResourceIamMemberWithImport(IamDataprocClusterSchema, NewDataprocClusterUpdater, DataprocClusterIdParseFunc),
|
|
"google_dataproc_cluster_iam_policy": ResourceIamPolicyWithImport(IamDataprocClusterSchema, NewDataprocClusterUpdater, DataprocClusterIdParseFunc),
|
|
"google_dataproc_job": resourceDataprocJob(),
|
|
"google_dataproc_job_iam_binding": ResourceIamBindingWithImport(IamDataprocJobSchema, NewDataprocJobUpdater, DataprocJobIdParseFunc),
|
|
"google_dataproc_job_iam_member": ResourceIamMemberWithImport(IamDataprocJobSchema, NewDataprocJobUpdater, DataprocJobIdParseFunc),
|
|
"google_dataproc_job_iam_policy": ResourceIamPolicyWithImport(IamDataprocJobSchema, NewDataprocJobUpdater, DataprocJobIdParseFunc),
|
|
"google_dns_record_set": resourceDnsRecordSet(),
|
|
"google_endpoints_service": resourceEndpointsService(),
|
|
"google_folder": resourceGoogleFolder(),
|
|
"google_folder_iam_binding": ResourceIamBindingWithImport(IamFolderSchema, NewFolderIamUpdater, FolderIdParseFunc),
|
|
"google_folder_iam_member": ResourceIamMemberWithImport(IamFolderSchema, NewFolderIamUpdater, FolderIdParseFunc),
|
|
"google_folder_iam_policy": ResourceIamPolicyWithImport(IamFolderSchema, NewFolderIamUpdater, FolderIdParseFunc),
|
|
"google_folder_organization_policy": resourceGoogleFolderOrganizationPolicy(),
|
|
"google_logging_billing_account_sink": resourceLoggingBillingAccountSink(),
|
|
"google_logging_billing_account_exclusion": ResourceLoggingExclusion(BillingAccountLoggingExclusionSchema, NewBillingAccountLoggingExclusionUpdater, billingAccountLoggingExclusionIdParseFunc),
|
|
"google_logging_metric": resourceLoggingMetric(),
|
|
"google_logging_organization_sink": resourceLoggingOrganizationSink(),
|
|
"google_logging_organization_exclusion": ResourceLoggingExclusion(OrganizationLoggingExclusionSchema, NewOrganizationLoggingExclusionUpdater, organizationLoggingExclusionIdParseFunc),
|
|
"google_logging_folder_sink": resourceLoggingFolderSink(),
|
|
"google_logging_folder_exclusion": ResourceLoggingExclusion(FolderLoggingExclusionSchema, NewFolderLoggingExclusionUpdater, folderLoggingExclusionIdParseFunc),
|
|
"google_logging_project_sink": resourceLoggingProjectSink(),
|
|
"google_logging_project_exclusion": ResourceLoggingExclusion(ProjectLoggingExclusionSchema, NewProjectLoggingExclusionUpdater, projectLoggingExclusionIdParseFunc),
|
|
"google_kms_key_ring": resourceKmsKeyRing(),
|
|
"google_kms_key_ring_iam_binding": ResourceIamBindingWithImport(IamKmsKeyRingSchema, NewKmsKeyRingIamUpdater, KeyRingIdParseFunc),
|
|
"google_kms_key_ring_iam_member": ResourceIamMemberWithImport(IamKmsKeyRingSchema, NewKmsKeyRingIamUpdater, KeyRingIdParseFunc),
|
|
"google_kms_key_ring_iam_policy": ResourceIamPolicyWithImport(IamKmsKeyRingSchema, NewKmsKeyRingIamUpdater, KeyRingIdParseFunc),
|
|
"google_kms_crypto_key": resourceKmsCryptoKey(),
|
|
"google_kms_crypto_key_iam_binding": ResourceIamBindingWithImport(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc),
|
|
"google_kms_crypto_key_iam_member": ResourceIamMemberWithImport(IamKmsCryptoKeySchema, NewKmsCryptoKeyIamUpdater, CryptoIdParseFunc),
|
|
"google_spanner_instance_iam_binding": ResourceIamBindingWithImport(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),
|
|
"google_spanner_instance_iam_member": ResourceIamMemberWithImport(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),
|
|
"google_spanner_instance_iam_policy": ResourceIamPolicyWithImport(IamSpannerInstanceSchema, NewSpannerInstanceIamUpdater, SpannerInstanceIdParseFunc),
|
|
"google_spanner_database_iam_binding": ResourceIamBindingWithImport(IamSpannerDatabaseSchema, NewSpannerDatabaseIamUpdater, SpannerDatabaseIdParseFunc),
|
|
"google_spanner_database_iam_member": ResourceIamMemberWithImport(IamSpannerDatabaseSchema, NewSpannerDatabaseIamUpdater, SpannerDatabaseIdParseFunc),
|
|
"google_spanner_database_iam_policy": ResourceIamPolicyWithImport(IamSpannerDatabaseSchema, NewSpannerDatabaseIamUpdater, SpannerDatabaseIdParseFunc),
|
|
"google_sql_database_instance": resourceSqlDatabaseInstance(),
|
|
"google_sql_ssl_cert": resourceSqlSslCert(),
|
|
"google_sql_user": resourceSqlUser(),
|
|
"google_organization_iam_binding": ResourceIamBindingWithImport(IamOrganizationSchema, NewOrganizationIamUpdater, OrgIdParseFunc),
|
|
"google_organization_iam_custom_role": resourceGoogleOrganizationIamCustomRole(),
|
|
"google_organization_iam_member": ResourceIamMemberWithImport(IamOrganizationSchema, NewOrganizationIamUpdater, OrgIdParseFunc),
|
|
"google_organization_iam_policy": ResourceIamPolicyWithImport(IamOrganizationSchema, NewOrganizationIamUpdater, OrgIdParseFunc),
|
|
"google_organization_policy": resourceGoogleOrganizationPolicy(),
|
|
"google_project": resourceGoogleProject(),
|
|
"google_project_iam_policy": resourceGoogleProjectIamPolicy(),
|
|
"google_project_iam_binding": ResourceIamBindingWithImport(IamProjectSchema, NewProjectIamUpdater, ProjectIdParseFunc),
|
|
"google_project_iam_member": ResourceIamMemberWithImport(IamProjectSchema, NewProjectIamUpdater, ProjectIdParseFunc),
|
|
"google_project_iam_audit_config": ResourceIamAuditConfigWithImport(IamProjectSchema, NewProjectIamUpdater, ProjectIdParseFunc),
|
|
"google_project_service": resourceGoogleProjectService(),
|
|
"google_project_iam_custom_role": resourceGoogleProjectIamCustomRole(),
|
|
"google_project_organization_policy": resourceGoogleProjectOrganizationPolicy(),
|
|
"google_project_usage_export_bucket": resourceProjectUsageBucket(),
|
|
"google_project_services": resourceGoogleProjectServices(),
|
|
"google_pubsub_topic_iam_binding": ResourceIamBindingWithImport(IamPubsubTopicSchema, NewPubsubTopicIamUpdater, PubsubTopicIdParseFunc),
|
|
"google_pubsub_topic_iam_member": ResourceIamMemberWithImport(IamPubsubTopicSchema, NewPubsubTopicIamUpdater, PubsubTopicIdParseFunc),
|
|
"google_pubsub_topic_iam_policy": ResourceIamPolicyWithImport(IamPubsubTopicSchema, NewPubsubTopicIamUpdater, PubsubTopicIdParseFunc),
|
|
"google_pubsub_subscription_iam_binding": ResourceIamBindingWithImport(IamPubsubSubscriptionSchema, NewPubsubSubscriptionIamUpdater, PubsubSubscriptionIdParseFunc),
|
|
"google_pubsub_subscription_iam_member": ResourceIamMemberWithImport(IamPubsubSubscriptionSchema, NewPubsubSubscriptionIamUpdater, PubsubSubscriptionIdParseFunc),
|
|
"google_pubsub_subscription_iam_policy": ResourceIamPolicyWithImport(IamPubsubSubscriptionSchema, NewPubsubSubscriptionIamUpdater, PubsubSubscriptionIdParseFunc),
|
|
"google_runtimeconfig_config": resourceRuntimeconfigConfig(),
|
|
"google_runtimeconfig_variable": resourceRuntimeconfigVariable(),
|
|
"google_service_account": resourceGoogleServiceAccount(),
|
|
"google_service_account_iam_binding": ResourceIamBindingWithImport(IamServiceAccountSchema, NewServiceAccountIamUpdater, ServiceAccountIdParseFunc),
|
|
"google_service_account_iam_member": ResourceIamMemberWithImport(IamServiceAccountSchema, NewServiceAccountIamUpdater, ServiceAccountIdParseFunc),
|
|
"google_service_account_iam_policy": ResourceIamPolicyWithImport(IamServiceAccountSchema, NewServiceAccountIamUpdater, ServiceAccountIdParseFunc),
|
|
"google_service_account_key": resourceGoogleServiceAccountKey(),
|
|
"google_storage_bucket": resourceStorageBucket(),
|
|
"google_storage_bucket_acl": resourceStorageBucketAcl(),
|
|
// Legacy roles such as roles/storage.legacyBucketReader are automatically added
|
|
// when creating a bucket. For this reason, it is better not to add the authoritative
|
|
// google_storage_bucket_iam_policy resource.
|
|
"google_storage_bucket_iam_binding": ResourceIamBinding(IamStorageBucketSchema, NewStorageBucketIamUpdater),
|
|
"google_storage_bucket_iam_member": ResourceIamMember(IamStorageBucketSchema, NewStorageBucketIamUpdater),
|
|
"google_storage_bucket_iam_policy": ResourceIamPolicy(IamStorageBucketSchema, NewStorageBucketIamUpdater),
|
|
"google_storage_bucket_object": resourceStorageBucketObject(),
|
|
"google_storage_object_acl": resourceStorageObjectAcl(),
|
|
"google_storage_default_object_acl": resourceStorageDefaultObjectAcl(),
|
|
"google_storage_notification": resourceStorageNotification(),
|
|
"google_storage_transfer_job": resourceStorageTransferJob(),
|
|
},
|
|
)
|
|
}
|
|
|
|
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
|
config := Config{
|
|
Project: d.Get("project").(string),
|
|
Region: d.Get("region").(string),
|
|
Zone: d.Get("zone").(string),
|
|
}
|
|
|
|
// Add credential source
|
|
if v, ok := d.GetOk("access_token"); ok {
|
|
config.AccessToken = v.(string)
|
|
} else if v, ok := d.GetOk("credentials"); ok {
|
|
config.Credentials = v.(string)
|
|
}
|
|
|
|
scopes := d.Get("scopes").([]interface{})
|
|
if len(scopes) > 0 {
|
|
config.Scopes = make([]string, len(scopes), len(scopes))
|
|
}
|
|
for i, scope := range scopes {
|
|
config.Scopes[i] = scope.(string)
|
|
}
|
|
|
|
if err := config.LoadAndValidate(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &config, nil
|
|
}
|
|
|
|
func validateCredentials(v interface{}, k string) (warnings []string, errors []error) {
|
|
if v == nil || v.(string) == "" {
|
|
return
|
|
}
|
|
creds := v.(string)
|
|
// if this is a path and we can stat it, assume it's ok
|
|
if _, err := os.Stat(creds); err == nil {
|
|
return
|
|
}
|
|
if _, err := googleoauth.CredentialsFromJSON(context.Background(), []byte(creds)); err != nil {
|
|
errors = append(errors,
|
|
fmt.Errorf("JSON credentials in %q are not valid: %s", creds, err))
|
|
}
|
|
|
|
return
|
|
}
|