Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow setting service account email for keys #1256

Merged
merged 1 commit into from
Mar 26, 2018
Merged

allow setting service account email for keys #1256

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions google/resource_google_service_account_key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package google

import (
"fmt"
"strings"

"github.com/hashicorp/terraform/helper/encryption"
"github.com/hashicorp/terraform/helper/schema"
Expand All @@ -17,10 +18,9 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
Schema: map[string]*schema.Schema{
// Required
"service_account_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateRegexp(ServiceAccountLinkRegex),
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
// Optional
"key_algorithm": &schema.Schema{
Expand Down Expand Up @@ -89,6 +89,9 @@ func resourceGoogleServiceAccountKeyCreate(d *schema.ResourceData, meta interfac
config := meta.(*Config)

serviceAccount := d.Get("service_account_id").(string)
if !strings.HasPrefix(serviceAccount, "projects/") {
serviceAccount = "projects/-/serviceAccounts/" + serviceAccount
}

r := &iam.CreateServiceAccountKeyRequest{
KeyAlgorithm: d.Get("key_algorithm").(string),
Expand Down
42 changes: 40 additions & 2 deletions google/resource_google_service_account_key_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,30 @@ func TestAccServiceAccountKey_basic(t *testing.T) {
})
}

func TestAccServiceAccountKey_fromEmail(t *testing.T) {
t.Parallel()

resourceName := "google_service_account_key.acceptance"
accountID := "a" + acctest.RandString(10)
displayName := "Terraform Test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccServiceAccountKey_fromEmail(accountID, displayName),
Check: resource.ComposeTestCheckFunc(
testAccCheckGoogleServiceAccountKeyExists(resourceName),
resource.TestCheckResourceAttrSet(resourceName, "public_key"),
resource.TestCheckResourceAttrSet(resourceName, "valid_after"),
resource.TestCheckResourceAttrSet(resourceName, "valid_before"),
resource.TestCheckResourceAttrSet(resourceName, "private_key"),
),
},
},
})
}

func TestAccServiceAccountKey_pgp(t *testing.T) {
t.Parallel()
resourceName := "google_service_account_key.acceptance"
Expand Down Expand Up @@ -86,7 +110,21 @@ resource "google_service_account" "acceptance" {
}

resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}"
service_account_id = "${google_service_account.acceptance.name}"
public_key_type = "TYPE_X509_PEM_FILE"
}
`, account, name)
}

func testAccServiceAccountKey_fromEmail(account, name string) string {
return fmt.Sprintf(`
resource "google_service_account" "acceptance" {
account_id = "%s"
display_name = "%s"
}

resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.email}"
public_key_type = "TYPE_X509_PEM_FILE"
}
`, account, name)
Expand All @@ -100,7 +138,7 @@ resource "google_service_account" "acceptance" {
}

resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}"
service_account_id = "${google_service_account.acceptance.name}"
public_key_type = "TYPE_X509_PEM_FILE"
pgp_key = <<EOF
%s
Expand Down
10 changes: 6 additions & 4 deletions website/docs/r/google_service_account_key.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ resource "google_service_account" "acceptance" {
}

resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}"
service_account_id = "${google_service_account.acceptance.name}"
public_key_type = "TYPE_X509_PEM_FILE"
}
```
Expand All @@ -33,7 +33,7 @@ resource "google_service_account" "myaccount" {
display_name = "My Service Account"
}
resource "google_service_account_key" "mykey" {
service_account_id = "${google_service_account.myaccount.id}"
service_account_id = "${google_service_account.myaccount.name}"
}
resource "kubernetes_secret" "google-application-credentials" {
metadata {
Expand All @@ -54,7 +54,7 @@ resource "google_service_account" "acceptance" {
}

resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}"
service_account_id = "${google_service_account.acceptance.name}"
pgp_key = "keybase:keybaseusername"
public_key_type = "TYPE_X509_PEM_FILE"
}
Expand All @@ -64,7 +64,9 @@ resource "google_service_account_key" "acceptance" {

The following arguments are supported:

* `service_account_id` - (Required) The Service account id of the Key Pair.
* `service_account_id` - (Required) The Service account id of the Key Pair. This can be a string in the format
`{ACCOUNT}` or `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`, where `{ACCOUNT}` is the email address or
unique id of the service account. If the `{ACCOUNT}` syntax is used, the project will be inferred from the account.

* `key_algorithm` - (Optional) The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm.
Valid values are listed at
Expand Down