Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ephemeral: add ephemeral_google_service_account_access_token #12140

Open
wants to merge 22 commits into
base: FEATURE-BRANCH-ephemeral-resource
Choose a base branch
from
Open

ephemeral: add ephemeral_google_service_account_access_token #12140

wants to merge 22 commits into from
+340 −1

Conversation

BBBmau
Copy link
Collaborator

@BBBmau BBBmau commented Oct 25, 2024
edited by SarahFrench
Loading

An ephemeral resource that mimics the google_service_account_access_token data source

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

@modular-magician

This comment was marked as outdated.

Sign in to view
@modular-magician

This comment was marked as outdated.

Sign in to view
@BBBmau BBBmau force-pushed the support-service-account-token branch from 51639c8 to 8242932 Compare November 5, 2024 03:52
@BBBmau
Copy link
Collaborator Author

BBBmau commented Nov 5, 2024

recent commit addresses some issues, ephemeral resource is now working when running locally

tfconfig:

ephemeral "google_test" "test" {
  target_service_account = "malvarezleon@hc-terraform-testing.iam.gserviceaccount.com"
  scopes = ["https://www.googleapis.com/auth/cloud-platform"]

  lifetime = "10s"
}

debug output:

 POST /v1/projects/-/serviceAccounts/malvarezleon@hc-terraform-testing.iam.gserviceaccount.com:generateAccessToken?alt=json&prettyPrint=false HTTP/1.1
 Host: iamcredentials.googleapis.com
 User-Agent: google-api-go-client/0.5 Terraform/1.10.0-alpha20241023 (+https://www.terraform.io) Terraform-Plugin-SDK/terraform-plugin-framework terraform-provider-google/dev
 Content-Length: 78
 Content-Type: application/json
 X-Goog-Api-Client: gl-go/1.23.2 gdcl/0.193.0
 Accept-Encoding: gzip

 {
  "lifetime": "10s",
  "scope": [
   "https://www.googleapis.com/auth/cloud-platform"
  ]
 }

 -----------------------------------------------------
 2024/11/04 19:41:00 [DEBUG] Google API Response Details:
 ---[ RESPONSE ]--------------------------------------
 HTTP/2.0 200 OK
 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
 Cache-Control: private
 Content-Type: application/json; charset=UTF-8
 Date: Tue, 05 Nov 2024 03:41:00 GMT
 Server: scaffolding on HTTPServer2
 Vary: Origin
 Vary: X-Origin
 Vary: Referer
 X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
 X-Xss-Protection: 0

 {
  "accessToken": "ya29.c.c0ASRK0GZTgneHg5v4KBWZPZLdNFhNsehSCn8hpgW5R91nXQuACK3BoU-PFRmOjO7Pxu0WLoyVyCfso2OKHIO7tlZf38imfQ6WVBl7g8g4bg1WLQvVzSo7z0o_RNHKkfmI0xP5xcboXYXHyYf7jzrwEvBSeSYQDUzxxtHNnzQJmvsdD3GtrEKMpb1gTVv8mckZ59Gsn5MztgCd0THTNHZIkuQAsIeUfnVLoiv17Y8MTBTuQE-rSOPN7X51szH-HULI0efAlnNi7Sic8ws5qHi9FfHUNIxwy9LdHiya7d3-MViYsXL-Qf1VUsG9HLdj9uJric3E5k_yT7vTaG-EwKYw2hkefSQDpN5rPWD0G1XoqDvUOZc4GD1P2ZLvC2JsufcwFTKe9LxBoFZcsZF6fiXzqlzwHMZV9E_LiyWhNdqXtKb8s9w8u0d68B-xIptX6bYMlJoVEVqgs7T7rR9yDEWl9OjaWrtI-LK03vi99OG5AFn44h1676CzJwGclPNhGDdFxI1i1bgFu6nadfQ0OvGJfRTA5Gnn3LYEITnG3iChEuXHepxN2CqL6vQ_pKOVprt5GETTjTmBwBFPMFro4Q3hbQ49EthXzS5lTus6Avg2E625Pbbrutwk3JcreuQv_bwz2bbmFqp-pJ1MrZfO-yimq8mZBte0kxB_IVJgmjjbSvl96JkSr1Rurxn10XWZ7lSkyWM5oe51Mvzi2vvtd332yIcV-dWUZgmV-BvekbJmRVgzzvZbih0tbRucg0I7t201kSV-db7omY4aY-_dZXdx3tfS7j64ZQ0O_-uYFUe3_9kgq3gI1gap4MBeBwte19r8O_-yRw3OmQjlhXZikes_jx2w2qbQIQVq1ee4wU2w8uWBWr9oIrhjRx2rydIBn3SZJQ4foeXpYMdwFJ_h_d9zI-Jbgt9Uwh46ibhu1vUpJW2B-gFhUpyhdmF2mgWWOvnlY6F4ts2rQpF85rRyBgfsQStqZMftM0OQSyhZpgyeQq2VJRp2vZXdsvU",
  "expireTime": "2024-11-05T03:41:10Z"
 }
 -----------------------------------------------------
 2024/11/04 19:41:00 [DEBUG] Retry Transport: Stopping retries, last request was successful
 2024/11/04 19:41:00 [DEBUG] Retry Transport: Returning after 1 attempts

still missing tests, though the ability to test ephemeral resources / values is currently being worked on, this was pushed last friday and will be included in terraform-plugin-testing

an example of how it can be tested can be viewed here: hashicorp/terraform-provider-corner@76f20a3

The echo provider can be found here: hashicorp/terraform-provider-corner@44d5ec0

@modular-magician

This comment was marked as outdated.

Sign in to view
1 similar comment
@modular-magician

This comment was marked as outdated.

Sign in to view
@modular-magician

This comment was marked as outdated.

Sign in to view
@modular-magician

This comment was marked as outdated.

Sign in to view
@BBBmau BBBmau force-pushed the support-service-account-token branch from 2cda8ad to a618711 Compare November 5, 2024 23:55
@modular-magician

This comment was marked as outdated.

Sign in to view
@modular-magician

This comment was marked as outdated.

Sign in to view
@BBBmau BBBmau force-pushed the support-service-account-token branch from a618711 to 20c115f Compare November 6, 2024 00:36
@modular-magician

This comment was marked as outdated.

Sign in to view
@modular-magician

This comment was marked as outdated.

Sign in to view
@BBBmau BBBmau marked this pull request as ready for review November 6, 2024 01:00
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 379 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 3 files changed, 379 insertions(+), 1 deletion(-))

Errors

google provider:

  • The diff processor failed to build. This is usually due to the downstream provider failing to compile.

google-beta provider:

  • The diff processor failed to build. This is usually due to the downstream provider failing to compile.

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 0
Passed tests: 0
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

All service packages are affected

🔴 Errors occurred during REPLAYING mode. Please fix them to complete your PR.

View the build log

SarahFrench
SarahFrench requested changes Nov 6, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase your PR on the latest version of FEATURE-BRANCH-ephemeral-resource - this will pull in the dependency updates and fix the build errors showing in this PR.

Also, please move the validator code into the file discussed here.

SarahFrench
SarahFrench requested changes Nov 6, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow up to previous review

mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go Outdated Show resolved Hide resolved
@BBBmau BBBmau mentioned this pull request Nov 6, 2024
Open
@BBBmau BBBmau force-pushed the support-service-account-token branch from b7d0840 to 79a87d0 Compare November 7, 2024 00:12
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 380 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 3 files changed, 380 insertions(+), 1 deletion(-))

@BBBmau BBBmau mentioned this pull request Nov 7, 2024
Merged
@BBBmau
Copy link
Collaborator Author

BBBmau commented Nov 7, 2024

tests pass locally however we should consider the fwvalidators package PR before continuing:

=== RUN   TestEphemeralServiceAccountToken_basic
=== PAUSE TestEphemeralServiceAccountToken_basic
=== RUN   TestEphemeralServiceAccountToken_withDelegates
=== PAUSE TestEphemeralServiceAccountToken_withDelegates
=== RUN   TestEphemeralServiceAccountToken_withCustomLifetime
=== PAUSE TestEphemeralServiceAccountToken_withCustomLifetime
=== CONT  TestEphemeralServiceAccountToken_basic
=== CONT  TestEphemeralServiceAccountToken_withCustomLifetime
=== CONT  TestEphemeralServiceAccountToken_withDelegates
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [DEBUG] Waiting for state to become: [success]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [DEBUG] Waiting for state to become: [success]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO]   -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [DEBUG] Waiting for state to become: [success]
2024/11/06 16:47:15 [INFO] Terraform is using this identity: mauricio-alvarezleon@hc-terraform-testing.iam.gserviceaccount.com
2024/11/06 16:47:15 [DEBUG] Verifying projects/hc-terraform-testing/serviceAccounts/tf-bootstrap-sa-delegates@hc-terraform-testing.iam.gserviceaccount.com as bootstrapped service account.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [INFO] Terraform is using this identity: mauricio-alvarezleon@hc-terraform-testing.iam.gserviceaccount.com
2024/11/06 16:47:15 [DEBUG] Verifying projects/hc-terraform-testing/serviceAccounts/tf-bootstrap-sa-lifetime@hc-terraform-testing.iam.gserviceaccount.com as bootstrapped service account.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [INFO] Terraform is using this identity: mauricio-alvarezleon@hc-terraform-testing.iam.gserviceaccount.com
2024/11/06 16:47:15 [DEBUG] Verifying projects/hc-terraform-testing/serviceAccounts/tf-bootstrap-sa-basic@hc-terraform-testing.iam.gserviceaccount.com as bootstrapped service account.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:15 [DEBUG] Retry Transport: Returning after 1 attempts
2024/11/06 16:47:15 [DEBUG] Setting service account permissions.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:15 [DEBUG] Retry Transport: Returning after 1 attempts
2024/11/06 16:47:15 [DEBUG] Setting service account permissions.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:15 [DEBUG] Retry Transport: Returning after 1 attempts
2024/11/06 16:47:15 [DEBUG] Setting service account permissions.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:16 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:16 [DEBUG] Retry Transport: Returning after 1 attempts
--- PASS: TestEphemeralServiceAccountToken_basic (26.47s)
--- PASS: TestEphemeralServiceAccountToken_withDelegates (26.69s)
--- PASS: TestEphemeralServiceAccountToken_withCustomLifetime (26.79s)
PASS
ok      github.com/hashicorp/terraform-provider-google/google/services/resourcemanager  31.149s

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 4267
Passed tests: 3615
Skipped tests: 417
Affected tests: 235

Click here to see the affected service packages

All service packages are affected

Action taken

Found 235 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
  • TestAccBackupDRBackupVault_fullUpdate
  • TestAccComputeFirewallPolicyAssociation_basic
  • TestAccComputeProjectMetadata_basic
  • TestAccContainerClusterCustomServiceAccount_withAutopilot
  • TestAccContainerClusterDatasource_regional
  • TestAccContainerClusterDatasource_zonal
  • TestAccContainerCluster_WithCPAFeatures
  • TestAccContainerCluster_additional_pod_ranges_config_on_create
  • TestAccContainerCluster_additional_pod_ranges_config_on_update
  • TestAccContainerCluster_autopilot_minimal
  • TestAccContainerCluster_autopilot_net_admin
  • TestAccContainerCluster_autoprovisioningDefaultsManagement
  • TestAccContainerCluster_autoprovisioningDefaultsUpgradeSettings
  • TestAccContainerCluster_autoprovisioningLocations
  • TestAccContainerCluster_backend
  • TestAccContainerCluster_basic
  • TestAccContainerCluster_customPlacementPolicy
  • TestAccContainerCluster_deleteExclusionWindow
  • TestAccContainerCluster_deleteMaintenanceExclusionOptions
  • TestAccContainerCluster_enableCiliumPolicies_withAutopilot
  • TestAccContainerCluster_errorAutopilotLocation
  • TestAccContainerCluster_errorNoClusterCreated
  • TestAccContainerCluster_misc
  • TestAccContainerCluster_network
  • TestAccContainerCluster_networkingModeRoutes
  • TestAccContainerCluster_nodeAutoprovisioning
  • TestAccContainerCluster_nodeAutoprovisioningDefaults
  • TestAccContainerCluster_nodeAutoprovisioningDefaultsBootDiskKmsKey
  • TestAccContainerCluster_nodeAutoprovisioningDefaultsDiskSizeGb
  • TestAccContainerCluster_nodeAutoprovisioningDefaultsDiskType
  • TestAccContainerCluster_nodeAutoprovisioningDefaultsImageType
  • TestAccContainerCluster_nodeAutoprovisioningDefaultsShieldedInstance
  • TestAccContainerCluster_nodeAutoprovisioningNetworkTags
  • TestAccContainerCluster_privateRegistry
  • TestAccContainerCluster_regional
  • TestAccContainerCluster_regionalWithNodeLocations
  • TestAccContainerCluster_regionalWithNodePool
  • TestAccContainerCluster_stackType_withDualStack
  • TestAccContainerCluster_stackType_withSingleStack
  • TestAccContainerCluster_storagePoolsWithNodeConfig
  • TestAccContainerCluster_storagePoolsWithNodePool
  • TestAccContainerCluster_updateMaintenanceExclusionOptions
  • TestAccContainerCluster_updateVersion
  • TestAccContainerCluster_withAdditiveVPC
  • TestAccContainerCluster_withAdvancedDatapath
  • TestAccContainerCluster_withAdvancedMachineFeaturesInNodePool
  • TestAccContainerCluster_withAuthenticatorGroupsConfig
  • TestAccContainerCluster_withAutopilot
  • TestAccContainerCluster_withAutopilotGcpFilestoreCsiDriver
  • TestAccContainerCluster_withAutopilotKubeletConfig
  • TestAccContainerCluster_withAutopilotNetworkTags
  • TestAccContainerCluster_withAutopilotResourceManagerTags
  • TestAccContainerCluster_withAutopilot_withNodePoolDefaults
  • TestAccContainerCluster_withAutoscalingProfile
  • TestAccContainerCluster_withBinaryAuthorizationEnabledBool
  • TestAccContainerCluster_withBinaryAuthorizationEvaluationModeAutopilot
  • TestAccContainerCluster_withBinaryAuthorizationEvaluationModeClassic
  • TestAccContainerCluster_withBootDiskKmsKey
  • TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork
  • TestAccContainerCluster_withConfidentialBootDisk
  • TestAccContainerCluster_withConfidentialBootDiskNodeConfig
  • TestAccContainerCluster_withConfidentialNodes
  • TestAccContainerCluster_withCostManagementConfig
  • TestAccContainerCluster_withDNSConfig
  • TestAccContainerCluster_withDatabaseEncryption
  • TestAccContainerCluster_withDeletionProtection
  • TestAccContainerCluster_withEnableKubernetesAlpha
  • TestAccContainerCluster_withEnableKubernetesBetaAPIs
  • TestAccContainerCluster_withEnableKubernetesBetaAPIsOnExistingCluster
  • TestAccContainerCluster_withEnablePrivateEndpointToggle
  • TestAccContainerCluster_withExternalIpsConfig
  • TestAccContainerCluster_withFQDNNetworkPolicy
  • TestAccContainerCluster_withFilteredNotificationConfig
  • TestAccContainerCluster_withFlexiblePodCIDR
  • TestAccContainerCluster_withGatewayApiConfig
  • TestAccContainerCluster_withGcpPublicCidrsAccessEnabledToggle
  • TestAccContainerCluster_withILBSubsetting
  • TestAccContainerCluster_withIPAllocationPolicy_existingSecondaryRanges
  • TestAccContainerCluster_withIPAllocationPolicy_specificIPRanges
  • TestAccContainerCluster_withIPAllocationPolicy_specificSizes
  • TestAccContainerCluster_withIdentityServiceConfig
  • TestAccContainerCluster_withInsecureKubeletReadonlyPortEnabledDefaultsUpdates
  • TestAccContainerCluster_withInsecureKubeletReadonlyPortEnabledInNodePool
  • TestAccContainerCluster_withIntraNodeVisibility
  • TestAccContainerCluster_withLoggingVariantInNodeConfig
  • TestAccContainerCluster_withLoggingVariantInNodePool
  • TestAccContainerCluster_withLoggingVariantUpdates
  • TestAccContainerCluster_withMaintenanceExclusionOptions
  • TestAccContainerCluster_withMaintenanceExclusionWindow
  • TestAccContainerCluster_withMaintenanceWindow
  • TestAccContainerCluster_withMasterAuthConfig_NoCert
  • TestAccContainerCluster_withMasterAuthorizedNetworksConfig
  • TestAccContainerCluster_withMasterAuthorizedNetworksDisabled
  • TestAccContainerCluster_withMeshCertificatesConfig
  • TestAccContainerCluster_withMonitoringConfig
  • TestAccContainerCluster_withMonitoringConfigAdvancedDatapathObservabilityConfig
  • TestAccContainerCluster_withMultiNetworking
  • TestAccContainerCluster_withNetworkPolicyEnabled
  • TestAccContainerCluster_withNodeConfigFastSocket
  • TestAccContainerCluster_withNodeConfigGcfsConfig
  • TestAccContainerCluster_withNodeConfigKubeletConfigSettingsUpdates
  • TestAccContainerCluster_withNodeConfigLinuxNodeConfig
  • TestAccContainerCluster_withNodeConfigReservationAffinity
  • TestAccContainerCluster_withNodeConfigReservationAffinitySpecific
  • TestAccContainerCluster_withNodeConfigScopeAlias
  • TestAccContainerCluster_withNodeConfigShieldedInstanceConfig
  • TestAccContainerCluster_withNodePoolAutoscaling
  • TestAccContainerCluster_withNodePoolBasic
  • TestAccContainerCluster_withNodePoolCIA
  • TestAccContainerCluster_withNodePoolDefaults
  • TestAccContainerCluster_withNodePoolMultiple
  • TestAccContainerCluster_withNodePoolNodeConfig
  • TestAccContainerCluster_withNodePoolResize
  • TestAccContainerCluster_withNodePoolUpdateVersion
  • TestAccContainerCluster_withNotificationConfig
  • TestAccContainerCluster_withPrivateClusterConfigBasic
  • TestAccContainerCluster_withPrivateClusterConfigGlobalAccessEnabledOnly
  • TestAccContainerCluster_withPrivateClusterConfigMissingCidrBlock_withAutopilot
  • TestAccContainerCluster_withPrivateClusterConfigPrivateEndpointSubnetwork
  • TestAccContainerCluster_withPrivateEndpointSubnetwork
  • TestAccContainerCluster_withProtectConfig
  • TestAccContainerCluster_withRecurringMaintenanceWindow
  • TestAccContainerCluster_withReleaseChannelEnabled
  • TestAccContainerCluster_withReleaseChannelEnabledDefaultVersion
  • TestAccContainerCluster_withResourceUsageExportConfig
  • TestAccContainerCluster_withSecretManagerConfig
  • TestAccContainerCluster_withSecurityPostureConfig
  • TestAccContainerCluster_withShieldedNodes
  • TestAccContainerCluster_withSoleTenantGroup
  • TestAccContainerCluster_withTPUConfig
  • TestAccContainerCluster_withTelemetryEnabled
  • TestAccContainerCluster_withTpu
  • TestAccContainerCluster_withVersion
  • TestAccContainerCluster_withWorkloadALTSConfig
  • TestAccContainerCluster_withWorkloadALTSConfigAutopilot
  • TestAccContainerCluster_withWorkloadIdentityConfig
  • TestAccContainerCluster_withWorkloadIdentityConfigAutopilot
  • TestAccContainerCluster_with_PodCIDROverprovisionDisabled
  • TestAccContainerCluster_withoutConfidentialBootDisk
  • TestAccContainerNodePool_EmptyGuestAccelerator
  • TestAccContainerNodePool_autoscaling
  • TestAccContainerNodePool_basic
  • TestAccContainerNodePool_basicWithClusterId
  • TestAccContainerNodePool_compactPlacement
  • TestAccContainerNodePool_concurrent
  • TestAccContainerNodePool_customPlacementPolicy
  • TestAccContainerNodePool_enableQueuedProvisioning
  • TestAccContainerNodePool_ephemeralStorageConfig
  • TestAccContainerNodePool_ephemeralStorageLocalSsdConfig
  • TestAccContainerNodePool_fastSocket
  • TestAccContainerNodePool_gcfsConfig
  • TestAccContainerNodePool_gvnic
  • TestAccContainerNodePool_localNvmeSsdBlockConfig
  • TestAccContainerNodePool_maxPodsPerNode
  • TestAccContainerNodePool_nestedVirtualization
  • TestAccContainerNodePool_nodeLocations
  • TestAccContainerNodePool_regionalAutoscaling
  • TestAccContainerNodePool_regionalClusters
  • TestAccContainerNodePool_resize
  • TestAccContainerNodePool_resourceManagerTags
  • TestAccContainerNodePool_secondaryBootDisks
  • TestAccContainerNodePool_shieldedInstanceConfig
  • TestAccContainerNodePool_storagePools
  • TestAccContainerNodePool_threadsPerCore
  • TestAccContainerNodePool_totalSize
  • TestAccContainerNodePool_version
  • TestAccContainerNodePool_withCgroupMode
  • TestAccContainerNodePool_withConfidentialBootDisk
  • TestAccContainerNodePool_withConfidentialNodes
  • TestAccContainerNodePool_withEnablePrivateNodesToggle
  • TestAccContainerNodePool_withGPU
  • TestAccContainerNodePool_withHostMaintenancePolicy
  • TestAccContainerNodePool_withHugepageConfig
  • TestAccContainerNodePool_withKubeletConfig
  • TestAccContainerNodePool_withLinuxNodeConfig
  • TestAccContainerNodePool_withLoggingVariantUpdates
  • TestAccContainerNodePool_withMachineAndDiskUpdate
  • TestAccContainerNodePool_withMachineDiskStoragePoolsUpdate
  • TestAccContainerNodePool_withManagement
  • TestAccContainerNodePool_withMultiNicNetworkConfig
  • TestAccContainerNodePool_withNetworkConfig
  • TestAccContainerNodePool_withNodeConfig
  • TestAccContainerNodePool_withNodeConfigScopeAlias
  • TestAccContainerNodePool_withReservationAffinity
  • TestAccContainerNodePool_withReservationAffinitySpecific
  • TestAccContainerNodePool_withSandboxConfig
  • TestAccContainerNodePool_withSoleTenantConfig
  • TestAccContainerNodePool_withTaintsUpdate
  • TestAccContainerNodePool_withUpgradeSettings
  • TestAccContainerNodePool_withWorkloadIdentityConfig
  • TestAccContainerNodePool_withoutConfidentialBootDisk
  • TestAccDNSManagedZone_dnsManagedZonePrivateGkeExample
  • TestAccDNSManagedZone_privateUpdate
  • TestAccDNSResponsePolicy_update
  • TestAccDataprocCluster_withNodeGroupAffinity
  • TestAccGKEBackupBackupPlanIamBindingGenerated
  • TestAccGKEBackupBackupPlanIamMemberGenerated
  • TestAccGKEBackupBackupPlanIamPolicyGenerated
  • TestAccGKEBackupBackupPlan_gkebackupBackupplanAutopilotExample
  • TestAccGKEBackupBackupPlan_gkebackupBackupplanBasicExample
  • TestAccGKEBackupBackupPlan_gkebackupBackupplanCmekExample
  • TestAccGKEBackupBackupPlan_gkebackupBackupplanFullExample
  • TestAccGKEBackupBackupPlan_gkebackupBackupplanPermissiveExample
  • TestAccGKEBackupBackupPlan_gkebackupBackupplanRpoDailyWindowExample
  • TestAccGKEBackupBackupPlan_gkebackupBackupplanRpoWeeklyWindowExample
  • TestAccGKEBackupBackupPlan_update
  • TestAccGKEBackupRestorePlanIamBindingGenerated
  • TestAccGKEBackupRestorePlanIamMemberGenerated
  • TestAccGKEBackupRestorePlanIamPolicyGenerated
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanAllClusterResourcesExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanAllNamespacesExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanGitopsModeExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanProtectedApplicationExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanRenameNamespaceExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanRestoreOrderExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanRollbackNamespaceExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanSecondTransformationExample
  • TestAccGKEBackupRestorePlan_gkebackupRestoreplanVolumeResExample
  • TestAccGKEBackupRestorePlan_update
  • TestAccGKEHub2MembershipBinding_gkehubMembershipBindingBasicExample
  • TestAccGKEHub2MembershipRBACRoleBinding_gkehubMembershipRbacRoleBindingBasicExample
  • TestAccGKEHubMembershipIamBindingGenerated
  • TestAccGKEHubMembershipIamMemberGenerated
  • TestAccGKEHubMembershipIamPolicyGenerated
  • TestAccGKEHubMembership_gkehubMembershipBasicExample
  • TestAccGKEHubMembership_gkehubMembershipIssuerExample
  • TestAccGKEHubMembership_gkehubMembershipRegionalExample
  • TestAccPubsubSubscriptionBigQuery_serviceAccount
  • TestAccRedisCluster_createClusterWithNodeType
  • TestAccRedisCluster_createUpdateDeletionProtection
  • TestAccRedisCluster_updateRedisConfigs
  • TestAccRedisCluster_updateReplicaCount
  • TestAccRedisCluster_updateShardCount
  • TestAccSpannerInstance_basicWithAutoscalingUsingNodeConfigUpdate
  • TestAccSpannerInstance_basicWithAutoscalingUsingProcessingUnitConfigUpdate

Get to know how VCR tests work

@modular-magician

This comment was marked as outdated.

Sign in to view
SarahFrench
SarahFrench reviewed Nov 7, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here are some more review comments, mainly:

  • Requesting testing of the new validators
  • Requested changes to the acc test using delegates

...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go Outdated Show resolved Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go Outdated Show resolved Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go Outdated Show resolved Hide resolved
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go Outdated Show resolved Hide resolved
@BBBmau @SarahFrench
Update mmv1/third_party/terraform/services/resourcemanager/ephemeral_…
8f98503 
…google_service_account_token_test.go

Co-authored-by: Sarah French <15078782+SarahFrench@users.noreply.github.com>
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))

2 similar comments
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))

@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 4270
Passed tests: 3846
Skipped tests: 417
Affected tests: 7

Click here to see the affected service packages

All service packages are affected

Action taken

Found 7 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
  • TestAccCloudRunService_cloudRunServiceMulticontainerExample
  • TestAccCloudbuildv2Connection_GlePrivConnection
  • TestAccCloudbuildv2Connection_GlePrivUpdateConnection
  • TestAccContainerCluster_withSecretManagerConfig
  • TestAccEphemeralServiceAccountToken_basic
  • TestAccEphemeralServiceAccountToken_withCustomLifetime
  • TestAccEphemeralServiceAccountToken_withDelegates

Get to know how VCR tests work

1 similar comment
@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 4270
Passed tests: 3846
Skipped tests: 417
Affected tests: 7

Click here to see the affected service packages

All service packages are affected

Action taken

Found 7 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
  • TestAccCloudRunService_cloudRunServiceMulticontainerExample
  • TestAccCloudbuildv2Connection_GlePrivConnection
  • TestAccCloudbuildv2Connection_GlePrivUpdateConnection
  • TestAccContainerCluster_withSecretManagerConfig
  • TestAccEphemeralServiceAccountToken_basic
  • TestAccEphemeralServiceAccountToken_withCustomLifetime
  • TestAccEphemeralServiceAccountToken_withDelegates

Get to know how VCR tests work

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 4270
Passed tests: 3845
Skipped tests: 417
Affected tests: 8

Click here to see the affected service packages

All service packages are affected

Action taken

Found 8 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
  • TestAccCloudRunService_cloudRunServiceMulticontainerExample
  • TestAccCloudbuildv2Connection_GlePrivConnection
  • TestAccCloudbuildv2Connection_GlePrivUpdateConnection
  • TestAccComputeRegionPerInstanceConfig_removeInstanceOnDestroy
  • TestAccContainerCluster_withSecretManagerConfig
  • TestAccEphemeralServiceAccountToken_basic
  • TestAccEphemeralServiceAccountToken_withCustomLifetime
  • TestAccEphemeralServiceAccountToken_withDelegates

Get to know how VCR tests work

@modular-magician
Copy link
Collaborator

🔴 Tests failed during RECORDING mode:
TestAccCloudRunService_cloudRunServiceMulticontainerExample [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivConnection [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivUpdateConnection [Error message] [Debug log]
TestAccContainerCluster_withSecretManagerConfig [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_basic [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withCustomLifetime [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withDelegates [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

@modular-magician
Copy link
Collaborator

🔴 Tests failed during RECORDING mode:
TestAccCloudRunService_cloudRunServiceMulticontainerExample [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivConnection [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivUpdateConnection [Error message] [Debug log]
TestAccContainerCluster_withSecretManagerConfig [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_basic [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withCustomLifetime [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withDelegates [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

@modular-magician
Copy link
Collaborator

🟢 Tests passed during RECORDING mode:
TestAccComputeRegionPerInstanceConfig_removeInstanceOnDestroy [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

🔴 Tests failed during RECORDING mode:
TestAccCloudRunService_cloudRunServiceMulticontainerExample [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivConnection [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivUpdateConnection [Error message] [Debug log]
TestAccContainerCluster_withSecretManagerConfig [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_basic [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withCustomLifetime [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withDelegates [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

@BBBmau BBBmau mentioned this pull request Nov 13, 2024
Draft
SarahFrench added a commit to SarahFrench/terraform-provider-google that referenced this pull request Nov 13, 2024
@SarahFrench
Apply changes from GoogleCloudPlatform/magic-modules#12140
582d765
@SarahFrench SarahFrench changed the title ephemeral: add ephemeral_google_service_account_token ephemeral: add ephemeral_google_service_account_access_token Nov 13, 2024
SarahFrench
SarahFrench reviewed Nov 13, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this'll be the final review! The big thing is fixing the name, and the rest is making sure the code is easier to understand for people to understand if they're new to the plugin-framework (and weren't involved in this PR).

mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go Outdated Show resolved Hide resolved
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
SarahFrench
SarahFrench reviewed Nov 14, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just realised - this PR should also include some handwritten documentation for google_service_account_access_token! However Registry support for docs is currently in progress.

I think you can use the docs for the existing data source as a starting point : google_service_account_access_token. We'll need to get confirmation about the new folder name in this folder

mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 3 files changed, 261 insertions(+), 1 deletion(-))

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 4270
Passed tests: 3843
Skipped tests: 417
Affected tests: 10

Click here to see the affected service packages

All service packages are affected

Action taken

Found 10 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
  • TestAccBackupDRBackupVault_fullUpdate
  • TestAccCloudRunService_cloudRunServiceMulticontainerExample
  • TestAccCloudbuildv2Connection_GlePrivConnection
  • TestAccCloudbuildv2Connection_GlePrivUpdateConnection
  • TestAccComputeRegionPerInstanceConfig_removeInstanceOnDestroy
  • TestAccContainerCluster_withFleetConfig
  • TestAccContainerCluster_withSecretManagerConfig
  • TestAccEphemeralServiceAccountToken_basic
  • TestAccEphemeralServiceAccountToken_withCustomLifetime
  • TestAccEphemeralServiceAccountToken_withDelegates

Get to know how VCR tests work

@modular-magician
Copy link
Collaborator

🟢 Tests passed during RECORDING mode:
TestAccBackupDRBackupVault_fullUpdate [Debug log]
TestAccComputeRegionPerInstanceConfig_removeInstanceOnDestroy [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

🔴 Tests failed during RECORDING mode:
TestAccCloudRunService_cloudRunServiceMulticontainerExample [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivConnection [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivUpdateConnection [Error message] [Debug log]
TestAccContainerCluster_withFleetConfig [Error message] [Debug log]
TestAccContainerCluster_withSecretManagerConfig [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_basic [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withCustomLifetime [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withDelegates [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

SarahFrench
SarahFrench reviewed Nov 14, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#12140 (comment)

SarahFrench
SarahFrench reviewed Nov 15, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One final, final, final review and we can merge this to the feature branch. We should check the docs example in future but that should block merging the feature branch to main, not this PR.

mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go Outdated Show resolved Hide resolved
..._party/terraform/website/docs/ephemeral-resources/service_account_access_token.html.markdown
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

..._party/terraform/website/docs/ephemeral-resources/service_account_access_token.html.markdown
Comment on lines +35 to +60
provider "google" {
}

data "google_client_config" "default" {
provider = google
}

ephemeral "google_service_account_access_token" "default" {
provider = google
target_service_account = "service_B@projectB.iam.gserviceaccount.com"
scopes = ["userinfo-email", "cloud-platform"]
lifetime = "300s"
}

provider "google" {
alias = "impersonated"
access_token = ephemeral.google_service_account_access_token.default.access_token
}

data "google_client_openid_userinfo" "me" {
provider = google.impersonated
}

output "target-email" {
value = data.google_client_openid_userinfo.me.email
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once the plan time bug is fixed we should test this - I'll make a jira ticket for that (non blocking on this PR)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TFECO-8280

@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 4 files changed, 344 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 4 files changed, 344 insertions(+), 1 deletion(-))

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 4270
Passed tests: 3843
Skipped tests: 417
Affected tests: 10

Click here to see the affected service packages

All service packages are affected

Action taken

Found 10 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
  • TestAccBackupDRBackupVault_fullUpdate
  • TestAccCloudRunService_cloudRunServiceMulticontainerExample
  • TestAccCloudbuildv2Connection_GlePrivConnection
  • TestAccCloudbuildv2Connection_GlePrivUpdateConnection
  • TestAccComputeRegionPerInstanceConfig_removeInstanceOnDestroy
  • TestAccContainerCluster_withFleetConfig
  • TestAccContainerCluster_withSecretManagerConfig
  • TestAccEphemeralServiceAccountToken_basic
  • TestAccEphemeralServiceAccountToken_withCustomLifetime
  • TestAccEphemeralServiceAccountToken_withDelegates

Get to know how VCR tests work

@modular-magician
Copy link
Collaborator

🟢 Tests passed during RECORDING mode:
TestAccBackupDRBackupVault_fullUpdate [Debug log]
TestAccComputeRegionPerInstanceConfig_removeInstanceOnDestroy [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

🔴 Tests failed during RECORDING mode:
TestAccCloudRunService_cloudRunServiceMulticontainerExample [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivConnection [Error message] [Debug log]
TestAccCloudbuildv2Connection_GlePrivUpdateConnection [Error message] [Debug log]
TestAccContainerCluster_withFleetConfig [Error message] [Debug log]
TestAccContainerCluster_withSecretManagerConfig [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_basic [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withCustomLifetime [Error message] [Debug log]
TestAccEphemeralServiceAccountToken_withDelegates [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

SarahFrench
SarahFrench approved these changes Nov 15, 2024
View reviewed changes
Copy link
Collaborator

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SarahFrench SarahFrench SarahFrench approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BBBmau @modular-magician @SarahFrench