diff --git a/.changelog/6638.txt b/.changelog/6638.txt new file mode 100644 index 00000000000..88417a6681f --- /dev/null +++ b/.changelog/6638.txt @@ -0,0 +1,12 @@ +```release-note:enhancement +appengine: added `member` field to `google_app_engine_default_service_account` datasource +``` +```release-note:enhancement +bigquery: added `member` field to `google_bigquery_default_service_account` datasource +``` +```release-note:enhancement +storage: added `member` field to `google_storage_project_service_account` and `google_storage_transfer_project_service_account` datasource +``` +```release-note:enhancement +serviceaccount: added `member` field to `google_service_account` resource and datasource +``` diff --git a/google/data_source_google_app_engine_default_service_account.go b/google/data_source_google_app_engine_default_service_account.go index 92bd7a5fc1c..7857cc7d9e6 100644 --- a/google/data_source_google_app_engine_default_service_account.go +++ b/google/data_source_google_app_engine_default_service_account.go @@ -31,6 +31,10 @@ func dataSourceGoogleAppEngineDefaultServiceAccount() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "member": { + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -75,6 +79,9 @@ func dataSourceGoogleAppEngineDefaultServiceAccountRead(d *schema.ResourceData, if err := d.Set("display_name", sa.DisplayName); err != nil { return fmt.Errorf("Error setting display_name: %s", err) } + if err := d.Set("member", "serviceAccount:"+sa.Email); err != nil { + return fmt.Errorf("Error setting member: %s", err) + } return nil } diff --git a/google/data_source_google_app_engine_default_service_account_test.go b/google/data_source_google_app_engine_default_service_account_test.go index b6c3931292f..240407856be 100644 --- a/google/data_source_google_app_engine_default_service_account_test.go +++ b/google/data_source_google_app_engine_default_service_account_test.go @@ -23,6 +23,7 @@ func TestAccDataSourceGoogleAppEngineDefaultServiceAccount_basic(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "unique_id"), resource.TestCheckResourceAttrSet(resourceName, "name"), resource.TestCheckResourceAttrSet(resourceName, "display_name"), + resource.TestCheckResourceAttrSet(resourceName, "member"), ), }, }, diff --git a/google/data_source_google_bigquery_default_service_account.go b/google/data_source_google_bigquery_default_service_account.go index 6395bd5d232..6c62f3f29c2 100644 --- a/google/data_source_google_bigquery_default_service_account.go +++ b/google/data_source_google_bigquery_default_service_account.go @@ -2,6 +2,7 @@ package google import ( "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -18,6 +19,10 @@ func dataSourceGoogleBigqueryDefaultServiceAccount() *schema.Resource { Optional: true, Computed: true, }, + "member": { + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -46,5 +51,8 @@ func dataSourceGoogleBigqueryDefaultServiceAccountRead(d *schema.ResourceData, m if err := d.Set("project", project); err != nil { return fmt.Errorf("Error setting project: %s", err) } + if err := d.Set("member", "serviceAccount:"+projectResource.Email); err != nil { + return fmt.Errorf("Error setting member: %s", err) + } return nil } diff --git a/google/data_source_google_bigquery_default_service_account_test.go b/google/data_source_google_bigquery_default_service_account_test.go index 67f63c725d3..093b0d1f635 100644 --- a/google/data_source_google_bigquery_default_service_account_test.go +++ b/google/data_source_google_bigquery_default_service_account_test.go @@ -19,6 +19,7 @@ func TestAccDataSourceGoogleBigqueryDefaultServiceAccount_basic(t *testing.T) { Config: testAccCheckGoogleBigqueryDefaultServiceAccount_basic, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet(resourceName, "email"), + resource.TestCheckResourceAttrSet(resourceName, "member"), ), }, }, diff --git a/google/data_source_google_service_account.go b/google/data_source_google_service_account.go index 0840c2af340..88dd8b00c57 100644 --- a/google/data_source_google_service_account.go +++ b/google/data_source_google_service_account.go @@ -35,6 +35,10 @@ func dataSourceGoogleServiceAccount() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "member": { + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -75,6 +79,9 @@ func dataSourceGoogleServiceAccountRead(d *schema.ResourceData, meta interface{} if err := d.Set("display_name", sa.DisplayName); err != nil { return fmt.Errorf("Error setting display_name: %s", err) } + if err := d.Set("member", "serviceAccount:"+sa.Email); err != nil { + return fmt.Errorf("Error setting member: %s", err) + } return nil } diff --git a/google/data_source_google_service_account_test.go b/google/data_source_google_service_account_test.go index ac9c91cf16d..034911e0614 100644 --- a/google/data_source_google_service_account_test.go +++ b/google/data_source_google_service_account_test.go @@ -26,6 +26,7 @@ func TestAccDatasourceGoogleServiceAccount_basic(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "unique_id"), resource.TestCheckResourceAttrSet(resourceName, "name"), resource.TestCheckResourceAttrSet(resourceName, "display_name"), + resource.TestCheckResourceAttrSet(resourceName, "member"), ), }, }, diff --git a/google/data_source_google_storage_project_service_account.go b/google/data_source_google_storage_project_service_account.go index 3cfcfe5a8ce..42e4d558462 100644 --- a/google/data_source_google_storage_project_service_account.go +++ b/google/data_source_google_storage_project_service_account.go @@ -2,6 +2,7 @@ package google import ( "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -24,6 +25,10 @@ func dataSourceGoogleStorageProjectServiceAccount() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "member": { + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -57,6 +62,9 @@ func dataSourceGoogleStorageProjectServiceAccountRead(d *schema.ResourceData, me if err := d.Set("email_address", serviceAccount.EmailAddress); err != nil { return fmt.Errorf("Error setting email_address: %s", err) } + if err := d.Set("member", "serviceAccount:"+serviceAccount.EmailAddress); err != nil { + return fmt.Errorf("Error setting member: %s", err) + } d.SetId(serviceAccount.EmailAddress) diff --git a/google/data_source_google_storage_project_service_account_test.go b/google/data_source_google_storage_project_service_account_test.go index e73b85759ee..ea941564028 100644 --- a/google/data_source_google_storage_project_service_account_test.go +++ b/google/data_source_google_storage_project_service_account_test.go @@ -19,6 +19,7 @@ func TestAccDataSourceGoogleStorageProjectServiceAccount_basic(t *testing.T) { Config: testAccCheckGoogleStorageProjectServiceAccount_basic, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet(resourceName, "email_address"), + resource.TestCheckResourceAttrSet(resourceName, "member"), ), }, }, diff --git a/google/data_source_google_storage_transfer_project_service_account.go b/google/data_source_google_storage_transfer_project_service_account.go index 5562196b70a..9932db21f0d 100644 --- a/google/data_source_google_storage_transfer_project_service_account.go +++ b/google/data_source_google_storage_transfer_project_service_account.go @@ -23,6 +23,10 @@ func dataSourceGoogleStorageTransferProjectServiceAccount() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "member": { + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -54,5 +58,8 @@ func dataSourceGoogleStorageTransferProjectServiceAccountRead(d *schema.Resource if err := d.Set("project", project); err != nil { return fmt.Errorf("Error setting project: %s", err) } + if err := d.Set("member", "serviceAccount:"+serviceAccount.AccountEmail); err != nil { + return fmt.Errorf("Error setting member: %s", err) + } return nil } diff --git a/google/data_source_google_storage_transfer_project_service_account_test.go b/google/data_source_google_storage_transfer_project_service_account_test.go index e1a7d790d86..35a25350546 100644 --- a/google/data_source_google_storage_transfer_project_service_account_test.go +++ b/google/data_source_google_storage_transfer_project_service_account_test.go @@ -21,6 +21,7 @@ func TestAccDataSourceGoogleStorageTransferProjectServiceAccount_basic(t *testin resource.TestCheckResourceAttrSet(resourceName, "id"), resource.TestCheckResourceAttrSet(resourceName, "email"), resource.TestCheckResourceAttrSet(resourceName, "subject_id"), + resource.TestCheckResourceAttrSet(resourceName, "member"), ), }, }, diff --git a/google/resource_google_service_account.go b/google/resource_google_service_account.go index 332147efcfe..d96f8ce874e 100644 --- a/google/resource_google_service_account.go +++ b/google/resource_google_service_account.go @@ -69,6 +69,11 @@ func resourceGoogleServiceAccount() *schema.Resource { ForceNew: true, Description: `The ID of the project that the service account will be created in. Defaults to the provider project configuration.`, }, + "member": { + Type: schema.TypeString, + Computed: true, + Description: `The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.`, + }, }, UseJSONNumber: true, } @@ -181,6 +186,9 @@ func resourceGoogleServiceAccountRead(d *schema.ResourceData, meta interface{}) if err := d.Set("disabled", sa.Disabled); err != nil { return fmt.Errorf("Error setting disabled: %s", err) } + if err := d.Set("member", "serviceAccount:"+sa.Email); err != nil { + return fmt.Errorf("Error setting member: %s", err) + } return nil } diff --git a/google/resource_google_service_account_test.go b/google/resource_google_service_account_test.go index 88aa1143a56..af9ff77e3fe 100644 --- a/google/resource_google_service_account_test.go +++ b/google/resource_google_service_account_test.go @@ -30,6 +30,8 @@ func TestAccServiceAccount_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "google_service_account.acceptance", "project", project), + resource.TestCheckResourceAttr( + "google_service_account.acceptance", "member", "serviceAccount:"+expectedEmail), ), }, { @@ -103,6 +105,8 @@ func TestAccServiceAccount_Disabled(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "google_service_account.acceptance", "project", project), + resource.TestCheckResourceAttr( + "google_service_account.acceptance", "member", "serviceAccount:"+expectedEmail), ), }, { diff --git a/website/docs/d/app_engine_default_service_account.html.markdown b/website/docs/d/app_engine_default_service_account.html.markdown index 9c1ac339076..b35498290a0 100644 --- a/website/docs/d/app_engine_default_service_account.html.markdown +++ b/website/docs/d/app_engine_default_service_account.html.markdown @@ -38,3 +38,5 @@ The following attributes are exported: * `name` - The fully-qualified name of the service account. * `display_name` - The display name for the service account. + +* `member` - The Identity of the service account in the form `serviceAccount:{email}`. This value is often used to refer to the service account in order to grant IAM permissions. diff --git a/website/docs/d/bigquery_default_service_account.html.markdown b/website/docs/d/bigquery_default_service_account.html.markdown index 717b0a3f1a4..3be3a60668a 100644 --- a/website/docs/d/bigquery_default_service_account.html.markdown +++ b/website/docs/d/bigquery_default_service_account.html.markdown @@ -42,3 +42,5 @@ The following attributes are exported: * `email` - The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions. + +* `member` - The Identity of the service account in the form `serviceAccount:{email}`. This value is often used to refer to the service account in order to grant IAM permissions. diff --git a/website/docs/d/service_account.html.markdown b/website/docs/d/service_account.html.markdown index 7b4829eb004..7dfc362dcd1 100644 --- a/website/docs/d/service_account.html.markdown +++ b/website/docs/d/service_account.html.markdown @@ -69,3 +69,5 @@ exported: * `name` - The fully-qualified name of the service account. * `display_name` - The display name for the service account. + +* `member` - The Identity of the service account in the form `serviceAccount:{email}`. This value is often used to refer to the service account in order to grant IAM permissions. diff --git a/website/docs/d/storage_project_service_account.html.markdown b/website/docs/d/storage_project_service_account.html.markdown index 14f38c70e75..39c49918579 100644 --- a/website/docs/d/storage_project_service_account.html.markdown +++ b/website/docs/d/storage_project_service_account.html.markdown @@ -96,3 +96,5 @@ The following attributes are exported: * `email_address` - The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions. + +* `member` - The Identity of the service account in the form `serviceAccount:{email_address}`. This value is often used to refer to the service account in order to grant IAM permissions. diff --git a/website/docs/d/storage_transfer_project_service_account.html.markdown b/website/docs/d/storage_transfer_project_service_account.html.markdown index f4a198e47b5..4593d6d4639 100644 --- a/website/docs/d/storage_transfer_project_service_account.html.markdown +++ b/website/docs/d/storage_transfer_project_service_account.html.markdown @@ -33,3 +33,4 @@ The following attributes are exported: * `email` - Email address of the default service account used by Storage Transfer Jobs running in this project. * `subject_id` - Unique identifier for the service account. +* `member` - The Identity of the service account in the form `serviceAccount:{email}`. This value is often used to refer to the service account in order to grant IAM permissions. diff --git a/website/docs/r/google_service_account.html.markdown b/website/docs/r/google_service_account.html.markdown index eff0a9c9b6b..8dfa4a2865a 100644 --- a/website/docs/r/google_service_account.html.markdown +++ b/website/docs/r/google_service_account.html.markdown @@ -67,6 +67,8 @@ exported: * `unique_id` - The unique id of the service account. +* `member` - The Identity of the service account in the form `serviceAccount:{email}`. This value is often used to refer to the service account in order to grant IAM permissions. + ## Timeouts This resource provides the following