Access Approval custom signing key support (#5865) (#11407)

Signed-off-by: Modular Magician <[email protected]>
hashicorp · Apr 4, 2022 · d7b522e · d7b522e
1 parent 3ccc8a3
commit d7b522e
Show file tree

Hide file tree

Showing 21 changed files with 1,093 additions and 2 deletions.
diff --git a/.changelog/5865.txt b/.changelog/5865.txt
@@ -0,0 +1,12 @@
+```release-note:enhancement
+access approval: added `active_key_version`, `ancestor_has_active_key_version`, and `invalid_key_version` fields to `google_folder_access_approval_settings`, `google_organization_access_approval_settings`, and `google_project_access_approval_settings` resources
+```
+```release-note:new-datasource
+`google_access_approval_folder_service_account`
+```
+```release-note:new-datasource
+`google_access_approval_organization_service_account`
+```
+```release-note:new-datasource
+`google_access_approval_project_service_account`
+```
diff --git a/google/data_source_access_approval_folder_service_account.go b/google/data_source_access_approval_folder_service_account.go
@@ -0,0 +1,62 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceAccessApprovalFolderServiceAccount() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAccessApprovalFolderServiceAccountRead,
+		Schema: map[string]*schema.Schema{
+			"folder_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"account_email": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAccessApprovalFolderServiceAccountRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	userAgent, err := generateUserAgentString(d, config.userAgent)
+	if err != nil {
+		return err
+	}
+
+	url, err := replaceVars(d, config, "{{AccessApprovalBasePath}}folders/{{folder_id}}/serviceAccount")
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := getBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	res, err := sendRequest(config, "GET", billingProject, url, userAgent, nil)
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("AccessApprovalFolderServiceAccount %q", d.Id()))
+	}
+
+	if err := d.Set("name", res["name"]); err != nil {
+		return fmt.Errorf("Error setting name: %s", err)
+	}
+	if err := d.Set("account_email", res["accountEmail"]); err != nil {
+		return fmt.Errorf("Error setting account_email: %s", err)
+	}
+	d.SetId(res["name"].(string))
+
+	return nil
+}
diff --git a/google/data_source_access_approval_folder_service_account_test.go b/google/data_source_access_approval_folder_service_account_test.go
@@ -0,0 +1,56 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceAccessApprovalFolderServiceAccount_basic(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"org_id":        getTestOrgFromEnv(t),
+		"random_suffix": randString(t, 10),
+	}
+
+	resourceName := "data.google_access_approval_folder_service_account.aa_account"
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"time": {},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAccessApprovalFolderServiceAccount_basic(context),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceName, "account_email"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAccessApprovalFolderServiceAccount_basic(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_folder" "my_folder" {
+  display_name = "tf-test-my-folder%{random_suffix}"
+  parent       = "organizations/%{org_id}"
+}
+
+# Wait after folder creation to limit eventual consistency errors.
+resource "time_sleep" "wait_120_seconds" {
+  depends_on = [google_folder.my_folder]
+
+  create_duration = "120s"
+}
+
+data "google_access_approval_folder_service_account" "aa_account" {
+  folder_id = google_folder.my_folder.folder_id
+
+  depends_on = [time_sleep.wait_120_seconds]
+}
+`, context)
+}
diff --git a/google/data_source_access_approval_organization_service_account.go b/google/data_source_access_approval_organization_service_account.go
@@ -0,0 +1,62 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceAccessApprovalOrganizationServiceAccount() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAccessApprovalOrganizationServiceAccountRead,
+		Schema: map[string]*schema.Schema{
+			"organization_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"account_email": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAccessApprovalOrganizationServiceAccountRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	userAgent, err := generateUserAgentString(d, config.userAgent)
+	if err != nil {
+		return err
+	}
+
+	url, err := replaceVars(d, config, "{{AccessApprovalBasePath}}organizations/{{organization_id}}/serviceAccount")
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := getBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	res, err := sendRequest(config, "GET", billingProject, url, userAgent, nil)
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("AccessApprovalOrganizationServiceAccount %q", d.Id()))
+	}
+
+	if err := d.Set("name", res["name"]); err != nil {
+		return fmt.Errorf("Error setting name: %s", err)
+	}
+	if err := d.Set("account_email", res["accountEmail"]); err != nil {
+		return fmt.Errorf("Error setting account_email: %s", err)
+	}
+	d.SetId(res["name"].(string))
+
+	return nil
+}
diff --git a/google/data_source_access_approval_organization_service_account_test.go b/google/data_source_access_approval_organization_service_account_test.go
@@ -0,0 +1,38 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceAccessApprovalOrganizationServiceAccount_basic(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"org_id": getTestOrgFromEnv(t),
+	}
+
+	resourceName := "data.google_access_approval_organization_service_account.aa_account"
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAccessApprovalOrganizationServiceAccount_basic(context),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceName, "account_email"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAccessApprovalOrganizationServiceAccount_basic(context map[string]interface{}) string {
+	return Nprintf(`
+data "google_access_approval_organization_service_account" "aa_account" {
+  organization_id = "%{org_id}"
+}
+`, context)
+}
diff --git a/google/data_source_access_approval_project_service_account.go b/google/data_source_access_approval_project_service_account.go
@@ -0,0 +1,62 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceAccessApprovalProjectServiceAccount() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAccessApprovalProjectServiceAccountRead,
+		Schema: map[string]*schema.Schema{
+			"project_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"account_email": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAccessApprovalProjectServiceAccountRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	userAgent, err := generateUserAgentString(d, config.userAgent)
+	if err != nil {
+		return err
+	}
+
+	url, err := replaceVars(d, config, "{{AccessApprovalBasePath}}projects/{{project_id}}/serviceAccount")
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := getBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	res, err := sendRequest(config, "GET", billingProject, url, userAgent, nil)
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("AccessApprovalProjectServiceAccount %q", d.Id()))
+	}
+
+	if err := d.Set("name", res["name"]); err != nil {
+		return fmt.Errorf("Error setting name: %s", err)
+	}
+	if err := d.Set("account_email", res["accountEmail"]); err != nil {
+		return fmt.Errorf("Error setting account_email: %s", err)
+	}
+	d.SetId(res["name"].(string))
+
+	return nil
+}
diff --git a/google/data_source_access_approval_project_service_account_test.go b/google/data_source_access_approval_project_service_account_test.go
@@ -0,0 +1,38 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceAccessApprovalProjectServiceAccount_basic(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"project_id": getTestProjectFromEnv(),
+	}
+
+	resourceName := "data.google_access_approval_project_service_account.aa_account"
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAccessApprovalProjectServiceAccount_basic(context),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceName, "account_email"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAccessApprovalProjectServiceAccount_basic(context map[string]interface{}) string {
+	return Nprintf(`
+data "google_access_approval_project_service_account" "aa_account" {
+  project_id = "%{project_id}"
+}
+`, context)
+}
diff --git a/google/provider.go b/google/provider.go
@@ -717,6 +717,9 @@ func Provider() *schema.Provider {
 
 		DataSourcesMap: map[string]*schema.Resource{
 			// ####### START datasources ###########
+			"google_access_approval_folder_service_account":       dataSourceAccessApprovalFolderServiceAccount(),
+			"google_access_approval_organization_service_account": dataSourceAccessApprovalOrganizationServiceAccount(),
+			"google_access_approval_project_service_account":      dataSourceAccessApprovalProjectServiceAccount(),
 			"google_active_folder":                                dataSourceGoogleActiveFolder(),
 			"google_app_engine_default_service_account":           dataSourceGoogleAppEngineDefaultServiceAccount(),
 			"google_billing_account":                              dataSourceGoogleBillingAccount(),