Export email output in service_identity (#3924) (#2447)

* expose email

* fix member

* fix member

* unnecessary google-beta

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/3924.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+google_project_service_identity: add `email` output.
+```

google-beta/resource_project_service_identity.go

@@ -32,6 +32,10 @@ func resourceProjectServiceIdentity() *schema.Resource {
 				Computed: true,
 				ForceNew: true,
 			},
+			"email": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -61,21 +65,31 @@ func resourceProjectServiceIdentityCreate(d *schema.ResourceData, meta interface
 		return fmt.Errorf("Error creating Service Identity: %s", err)
 	}
 
-	err = serviceUsageOperationWaitTime(
-		config, res, project, "Creating Service Identity",
+	var opRes map[string]interface{}
+	err = serviceUsageOperationWaitTimeWithResponse(
+		config, res, &opRes, project, "Creating Service Identity",
 		d.Timeout(schema.TimeoutCreate))
-
 	if err != nil {
 		return err
 	}
 
+	log.Printf("[DEBUG] Finished creating Service Identity %q: %#v", d.Id(), res)
+
 	id, err := replaceVars(d, config, "projects/{{project}}/services/{{service}}")
 	if err != nil {
 		return fmt.Errorf("Error constructing id: %s", err)
 	}
 	d.SetId(id)
 
-	log.Printf("[DEBUG] Finished creating Service Identity %q: %#v", d.Id(), res)
+	emailVal, ok := opRes["email"]
+	if !ok {
+		return fmt.Errorf("response %v missing 'email'", opRes)
+	}
+	email, ok := emailVal.(string)
+	if !ok {
+		return fmt.Errorf("unexpected type for email: got %T, want string", email)
+	}
+	d.Set("email", email)
 	return nil
 }
 

google-beta/resource_project_service_identity_test.go

@@ -25,13 +25,13 @@ func testGoogleProjectServiceIdentity_basic() string {
 data "google_project" "project" {}
 
 resource "google_project_service_identity" "hc_sa" {
-	project = data.google_project.project.project_id
-	service = "healthcare.googleapis.com"
+  project = data.google_project.project.project_id
+  service = "healthcare.googleapis.com"
 }
 
 resource "google_project_iam_member" "hc_sa_bq_jobuser" {
-	project = google_project_service_identity.hc_sa.project
-	role    = "roles/bigquery.jobUser"
-	member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
+  project = data.google_project.project.project_id
+  role    = "roles/bigquery.jobUser"
+  member  = "serviceAccount:${google_project_service_identity.hc_sa.email}"
 }`
 }

website/docs/r/project_service_identity.html.markdown

@@ -23,7 +23,6 @@ To get more information about Service Identity, see:
 
 ## Example Usage - Service Identity Basic
 
-
 ```hcl
 data "google_project" "project" {}
 
@@ -35,34 +34,37 @@ resource "google_project_service_identity" "hc_sa" {
 }
 
 resource "google_project_iam_member" "hc_sa_bq_jobuser" {
-    project = google_project_service_identity.hc_sa.project
-    role    = "roles/bigquery.jobUser"
-    member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-healthcare.iam.gserviceaccount.com"
+  project = data.google_project.project.project_id
+  role    = "roles/bigquery.jobUser"
+  member  = "serviceAccount:${google_project_service_identity.hc_sa.email}"
 }
 ```
 
 ## Argument Reference
 
 The following arguments are supported:
 
-
 * `service` -
   (Required)
   The service to generate identity for.
 
-
 - - -
 
 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.
 
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `email` - The email address of the Google managed service account.
 
 ## Timeouts
 
 This resource provides the following
 [Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
 
-- `create` - Default is 20 minutes.
+* `create` - Default is 20 minutes.
 
 ## User Project Overrides