Send billing_project for every request when set (#5086) (#3539)

modular-magician · web-flow · commit 710609bc45bc · 2021-08-18T14:23:13.000-05:00
Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/5086.txt b/.changelog/5086.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+provider: added support for `billing_project` across all resources. If `user_project_override` is set to `true` and a `billing_project` is set, the `X-Goog-User-Project` header will be sent for all resources.
+```
diff --git a/google-beta/config.go b/google-beta/config.go
@@ -397,6 +397,7 @@ func (c *Config) LoadAndValidate(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
+
 	// Userinfo is fetched before request logging is enabled to reduce additional noise.
 	err = c.logGoogleIdentities()
 	if err != nil {
@@ -419,6 +420,12 @@ func (c *Config) LoadAndValidate(ctx context.Context) error {
 		headerTransport.Set("X-Goog-Request-Reason", c.RequestReason)
 	}
 
+	// Ensure $userProject is set for all HTTP requests using the client if specified by the provider config
+	// See https://cloud.google.com/apis/docs/system-parameters
+	if c.UserProjectOverride && c.BillingProject != "" {
+		headerTransport.Set("X-Goog-User-Project", c.BillingProject)
+	}
+
 	// Set final transport value.
 	client.Transport = headerTransport
 
diff --git a/google-beta/resource_gke_hub_feature_membership_test.go b/google-beta/resource_gke_hub_feature_membership_test.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"testing"
 
-	dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
+	"github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
 	gkehub "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/gkehub/beta"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
diff --git a/website/docs/guides/provider_reference.html.markdown b/website/docs/guides/provider_reference.html.markdown
@@ -121,15 +121,18 @@ authenticate HTTP requests to GCP APIs. This is an alternative to `credentials`,
 and ignores the `scopes` field. If both are specified, `access_token` will be
 used over the `credentials` field.
 
-* `user_project_override` - (Optional) Defaults to false. If true, uses the
-resource project for preconditions, quota, and billing, instead of the project
-the credentials belong to. Not all resources support this- see the
-documentation for each resource to learn whether it does.
-
-* `billing_project` - (Optional) This fields specifies a project that's used for
-preconditions, quota, and billing for requests. All resources that support user project
-overrides will use this project instead of the resource's project (if available). This
-field is ignored if `user_project_override` is set to false or unset.
+* `user_project_override` - (Optional) Defaults to `false`. Controls the quota
+project used in requests to GCP APIs for the purpose of preconditions, quota,
+and billing. If `false`, the quota project is determined by the API and may be
+the project associated with your credentials, or the resource project. If `true`,
+most resources in the provider will explicitly supply their resource project, as
+described in their documentation. Otherwise, a `billing_project` value must be
+supplied.
+
+* `billing_project` - (Optional) A quota project to send in `user_project_override`,
+used for all requests sent from the provider. If set on a resource that supports
+sending the resource project, this value will supersede the resource project.
+This field is ignored if `user_project_override` is set to false or unset.
 
 * `{{service}}_custom_endpoint` - (Optional) The endpoint for a service's APIs,
 such as `compute_custom_endpoint`. Defaults to the production GCP endpoint for
@@ -212,13 +215,6 @@ following ordered by precedence.
 
 ---
 
-* `billing_project` - (Optional) This fields allows Terraform to set X-Goog-User-Project
-for APIs that require a billing project to be specified like Access Context Manager APIs if
-User ADCs are being used. This can also be
-specified using the `GOOGLE_BILLING_PROJECT` environment variable.
-
----
-
 * `region` - (Optional) The default region to manage resources in. If another
 region is specified on a regional resource, it will take precedence.
 Alternatively, this can be specified using the `GOOGLE_REGION` environment
@@ -450,18 +446,30 @@ to create the resource.  This may help in those cases.
 
 ---
 
-* `user_project_override` - (Optional) Defaults to false. If true, uses the
-resource project for preconditions, quota, and billing, instead of the project
-the credentials belong to. Not all resources support this- see the
-documentation for each resource to learn whether it does. Alternatively, this can
-be specified using the `USER_PROJECT_OVERRIDE` environment variable.
-
-When set to false, the project the credentials belong to will be billed for the
-request, and quota / API enablement checks will be done against that project.
-For service account credentials, this is the project the service account was
-created in. For credentials that come from the gcloud tool, this is a project
-owned by Google. In order to properly use credentials that come from gcloud
-with Terraform, it is recommended to set this property to true.
-
-When set to true, the caller must have `serviceusage.services.use` permission
-on the resource project.
+* `user_project_override` - (Optional) Defaults to `false`. Controls the quota
+project used in requests to GCP APIs for the purpose of preconditions, quota,
+and billing. If `false`, the quota project is determined by the API and may be
+the project associated with your credentials, or the resource project. If `true`,
+most resources in the provider will explicitly supply their resource project, as
+described in their documentation. Otherwise, a `billing_project` value must be
+supplied. Alternatively, this can be specified using the `USER_PROJECT_OVERRIDE`
+environment variable.
+
+Service account credentials are associated with the project the service account
+was created in. Credentials that come from the gcloud tool are associated with a
+project owned by Google. In order to properly use credentials that come from
+gcloud with Terraform, it is recommended to set this property to true.
+
+`user_project_override` uses the `X-Goog-User-Project`
+[system parameter](https://cloud.google.com/apis/docs/system-parameters). When
+set to true, the caller must have `serviceusage.services.use` permission on the
+quota project.
+
+---
+
+* `billing_project` - (Optional) A quota project to send in `user_project_override`,
+used for all requests sent from the provider. If set on a resource that supports
+sending the resource project, this value will supersede the resource project.
+This field is ignored if `user_project_override` is set to false or unset.
+Alternatively, this can be specified using the `GOOGLE_BILLING_PROJECT`
+environment variable.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+provider: added support for `billing_project` across all resources. If `user_project_override` is set to `true` and a `billing_project` is set, the `X-Goog-User-Project` header will be sent for all resources.
	`3`	+```