Add workload identity pool managed identity. (#14048) (#3950)

[upstream:5c950742071115adea135fc70e9dc6e91843edc7]

Signed-off-by: Modular Magician <magic-modules@google.com>

Author: modular-magician

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/hashicorp/hcl/v2 v2.23.0
 	github.com/hashicorp/terraform-json v0.24.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.36.0
-	github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250522195330-6585c943ebd5
+	github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250522220853-5898ecd202ab
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.10.0

go.sum

@@ -162,8 +162,8 @@ github.com/hashicorp/terraform-plugin-sdk/v2 v2.36.0 h1:7/iejAPyCRBhqAg3jOx+4UcA
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.36.0/go.mod h1:TiQwXAjFrgBf5tg5rvBRz8/ubPULpU0HjSaVi5UoJf8=
 github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c=
 github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0=
-github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250522195330-6585c943ebd5 h1:nESgoz+YWdEm8Tc8vwz5Wi//SDwwLe++C3oQs8jvdgE=
-github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250522195330-6585c943ebd5/go.mod h1:QS9dytYA/BzNKhKt9T+jLFuZzhpGYs9PcVcugNkJ8Aw=
+github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250522220853-5898ecd202ab h1:XqUUzgg8l9NFF7icc1gk/dHCLA0HZK/CFIrA3tlN21Q=
+github.com/hashicorp/terraform-provider-google-beta v1.20.1-0.20250522220853-5898ecd202ab/go.mod h1:QS9dytYA/BzNKhKt9T+jLFuZzhpGYs9PcVcugNkJ8Aw=
 github.com/hashicorp/terraform-registry-address v0.2.4 h1:JXu/zHB2Ymg/TGVCRu10XqNa4Sh2bWcqCNyKWjnCPJA=
 github.com/hashicorp/terraform-registry-address v0.2.4/go.mod h1:tUNYTVyCtU4OIGXXMDp7WNcJ+0W1B4nmstVDgHMjfAU=
 github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=

tfplan2cai/converters/google/resources/services/iambeta/iambeta_workload_identity_pool_managed_identity.go

@@ -0,0 +1,129 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This code is generated by Magic Modules using the following:
+//
+//     Configuration: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iambeta/WorkloadIdentityPoolManagedIdentity.yaml
+//     Template:      https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/tgc/resource_converter.go.tmpl
+//
+//     DO NOT EDIT this file directly. Any changes made to this file will be
+//     overwritten during the next generation cycle.
+//
+// ----------------------------------------------------------------------------
+
+package iambeta
+
+import (
+	"fmt"
+	"reflect"
+	"regexp"
+	"strings"
+
+	"github.com/GoogleCloudPlatform/terraform-google-conversion/v6/tfplan2cai/converters/google/resources/cai"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+const workloadIdentityPoolManagedIdentityIdRegexp = `^[0-9a-z-]+$`
+
+func ValidateWorkloadIdentityPoolManagedIdentityId(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+
+	if !regexp.MustCompile(workloadIdentityPoolManagedIdentityIdRegexp).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q must contain only lowercase letters (a-z), numbers (0-9), or dashes (-)", k))
+	}
+
+	if len(value) < 2 {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot be less than 2 characters", k))
+		return
+	}
+
+	if len(value) > 63 {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot be greater than 63 characters", k))
+	}
+
+	isLowerAlphaNumeric := func(r byte) bool {
+		return (r >= '0' && r <= '9') || (r >= 'a' && r <= 'z')
+	}
+
+	firstChar := value[0]
+	if !isLowerAlphaNumeric(firstChar) {
+		errors = append(errors, fmt.Errorf(
+			"%q must start with an alphanumeric character", k))
+	}
+
+	lastChar := value[len(value)-1]
+	if !isLowerAlphaNumeric(lastChar) {
+		errors = append(errors, fmt.Errorf(
+			"%q must end with an alphanumeric character", k))
+	}
+
+	if strings.HasPrefix(value, "gcp-") {
+		errors = append(errors, fmt.Errorf(
+			"%q (%q) can not start with \"gcp-\"", k, value))
+	}
+
+	return
+}
+
+const IAMBetaWorkloadIdentityPoolManagedIdentityAssetType string = "iam.googleapis.com/WorkloadIdentityPoolManagedIdentity"
+
+func ResourceConverterIAMBetaWorkloadIdentityPoolManagedIdentity() cai.ResourceConverter {
+	return cai.ResourceConverter{
+		AssetType: IAMBetaWorkloadIdentityPoolManagedIdentityAssetType,
+		Convert:   GetIAMBetaWorkloadIdentityPoolManagedIdentityCaiObject,
+	}
+}
+
+func GetIAMBetaWorkloadIdentityPoolManagedIdentityCaiObject(d tpgresource.TerraformResourceData, config *transport_tpg.Config) ([]cai.Asset, error) {
+	name, err := cai.AssetName(d, config, "//iam.googleapis.com/projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}")
+	if err != nil {
+		return []cai.Asset{}, err
+	}
+	if obj, err := GetIAMBetaWorkloadIdentityPoolManagedIdentityApiObject(d, config); err == nil {
+		return []cai.Asset{{
+			Name: name,
+			Type: IAMBetaWorkloadIdentityPoolManagedIdentityAssetType,
+			Resource: &cai.AssetResource{
+				Version:              "v1",
+				DiscoveryDocumentURI: "https://www.googleapis.com/discovery/v1/apis/iam/v1/rest",
+				DiscoveryName:        "WorkloadIdentityPoolManagedIdentity",
+				Data:                 obj,
+			},
+		}}, nil
+	} else {
+		return []cai.Asset{}, err
+	}
+}
+
+func GetIAMBetaWorkloadIdentityPoolManagedIdentityApiObject(d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]interface{}, error) {
+	obj := make(map[string]interface{})
+	descriptionProp, err := expandIAMBetaWorkloadIdentityPoolManagedIdentityDescription(d.Get("description"), d, config)
+	if err != nil {
+		return nil, err
+	} else if v, ok := d.GetOkExists("description"); !tpgresource.IsEmptyValue(reflect.ValueOf(descriptionProp)) && (ok || !reflect.DeepEqual(v, descriptionProp)) {
+		obj["description"] = descriptionProp
+	}
+	disabledProp, err := expandIAMBetaWorkloadIdentityPoolManagedIdentityDisabled(d.Get("disabled"), d, config)
+	if err != nil {
+		return nil, err
+	} else if v, ok := d.GetOkExists("disabled"); !tpgresource.IsEmptyValue(reflect.ValueOf(disabledProp)) && (ok || !reflect.DeepEqual(v, disabledProp)) {
+		obj["disabled"] = disabledProp
+	}
+
+	return obj, nil
+}
+
+func expandIAMBetaWorkloadIdentityPoolManagedIdentityDescription(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandIAMBetaWorkloadIdentityPoolManagedIdentityDisabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}