Update dataproc Batch and dataproc SessionTemplate resource to support authentication config. (#14534) (#23644)

[upstream:a706c4f9f294fcd7d020a6754f9dbbd862a7b2f6]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14534.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+dataproc: added `authentication_config` field to `google_dataproc_batch` and `google_dataproc_session_template` resource
+```

google/services/dataproc/resource_dataproc_batch.go

@@ -97,6 +97,24 @@ This value must be 4-63 characters. Valid characters are /[a-z][0-9]-/.`,
 							MaxItems:    1,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
+									"authentication_config": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										ForceNew:    true,
+										Description: `Authentication configuration for a workload is used to set the default identity for the workload execution.`,
+										MaxItems:    1,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"user_workload_authentication_type": {
+													Type:         schema.TypeString,
+													Optional:     true,
+													ForceNew:     true,
+													ValidateFunc: verify.ValidateEnum([]string{"SERVICE_ACCOUNT", "END_USER_CREDENTIALS", ""}),
+													Description:  `Authentication type for the user workload running in containers. Possible values: ["SERVICE_ACCOUNT", "END_USER_CREDENTIALS"]`,
+												},
+											},
+										},
+									},
 									"kms_key": {
 										Type:        schema.TypeString,
 										Optional:    true,
@@ -1244,6 +1262,8 @@ func flattenDataprocBatchEnvironmentConfigExecutionConfig(v interface{}, d *sche
 		flattenDataprocBatchEnvironmentConfigExecutionConfigNetworkUri(original["networkUri"], d, config)
 	transformed["subnetwork_uri"] =
 		flattenDataprocBatchEnvironmentConfigExecutionConfigSubnetworkUri(original["subnetworkUri"], d, config)
+	transformed["authentication_config"] =
+		flattenDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfig(original["authenticationConfig"], d, config)
 	return []interface{}{transformed}
 }
 func flattenDataprocBatchEnvironmentConfigExecutionConfigServiceAccount(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -1274,6 +1294,23 @@ func flattenDataprocBatchEnvironmentConfigExecutionConfigSubnetworkUri(v interfa
 	return v
 }
 
+func flattenDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["user_workload_authentication_type"] =
+		flattenDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(original["userWorkloadAuthenticationType"], d, config)
+	return []interface{}{transformed}
+}
+func flattenDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenDataprocBatchEnvironmentConfigPeripheralsConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return nil
@@ -1715,6 +1752,13 @@ func expandDataprocBatchEnvironmentConfigExecutionConfig(v interface{}, d tpgres
 		transformed["subnetworkUri"] = transformedSubnetworkUri
 	}
 
+	transformedAuthenticationConfig, err := expandDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfig(original["authentication_config"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedAuthenticationConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["authenticationConfig"] = transformedAuthenticationConfig
+	}
+
 	return transformed, nil
 }
 
@@ -1746,6 +1790,29 @@ func expandDataprocBatchEnvironmentConfigExecutionConfigSubnetworkUri(v interfac
 	return v, nil
 }
 
+func expandDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedUserWorkloadAuthenticationType, err := expandDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(original["user_workload_authentication_type"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedUserWorkloadAuthenticationType); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["userWorkloadAuthenticationType"] = transformedUserWorkloadAuthenticationType
+	}
+
+	return transformed, nil
+}
+
+func expandDataprocBatchEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandDataprocBatchEnvironmentConfigPeripheralsConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 {

google/services/dataproc/resource_dataproc_batch_generated_meta.yaml

@@ -13,6 +13,7 @@ fields:
   - field: 'creator'
   - field: 'effective_labels'
     provider_only: true
+  - field: 'environment_config.execution_config.authentication_config.user_workload_authentication_type'
   - field: 'environment_config.execution_config.kms_key'
   - field: 'environment_config.execution_config.network_tags'
   - field: 'environment_config.execution_config.network_uri'

google/services/dataproc/resource_dataproc_batch_generated_test.go

@@ -142,6 +142,9 @@ resource "google_dataproc_batch" "example_batch_spark" {
         network_uri = "default"
         service_account = "${data.google_project.project.number}[email protected]"
         staging_bucket = google_storage_bucket.bucket.name
+        authentication_config {
+          user_workload_authentication_type = "SERVICE_ACCOUNT"
+        }
       }
       peripherals_config {
         metastore_service = google_dataproc_metastore_service.ms.name

google/services/dataproc/resource_dataproc_session_template.go

@@ -78,6 +78,22 @@ projects/{project}/locations/{location}/sessionTemplates/{template_id}`,
 							MaxItems:    1,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
+									"authentication_config": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Description: `Authentication configuration for a workload is used to set the default identity for the workload execution.`,
+										MaxItems:    1,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"user_workload_authentication_type": {
+													Type:         schema.TypeString,
+													Optional:     true,
+													ValidateFunc: verify.ValidateEnum([]string{"SERVICE_ACCOUNT", "END_USER_CREDENTIALS", ""}),
+													Description:  `Authentication type for the user workload running in containers. Possible values: ["SERVICE_ACCOUNT", "END_USER_CREDENTIALS"]`,
+												},
+											},
+										},
+									},
 									"kms_key": {
 										Type:        schema.TypeString,
 										Optional:    true,
@@ -708,6 +724,8 @@ func flattenDataprocSessionTemplateEnvironmentConfigExecutionConfig(v interface{
 		flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigStagingBucket(original["stagingBucket"], d, config)
 	transformed["subnetwork_uri"] =
 		flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigSubnetworkUri(original["subnetworkUri"], d, config)
+	transformed["authentication_config"] =
+		flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfig(original["authenticationConfig"], d, config)
 	return []interface{}{transformed}
 }
 func flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigServiceAccount(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -734,6 +752,23 @@ func flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigSubnetworkUri
 	return v
 }
 
+func flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["user_workload_authentication_type"] =
+		flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(original["userWorkloadAuthenticationType"], d, config)
+	return []interface{}{transformed}
+}
+func flattenDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenDataprocSessionTemplateEnvironmentConfigPeripheralsConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return nil
@@ -968,6 +1003,13 @@ func expandDataprocSessionTemplateEnvironmentConfigExecutionConfig(v interface{}
 		transformed["subnetworkUri"] = transformedSubnetworkUri
 	}
 
+	transformedAuthenticationConfig, err := expandDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfig(original["authentication_config"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedAuthenticationConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["authenticationConfig"] = transformedAuthenticationConfig
+	}
+
 	return transformed, nil
 }
 
@@ -995,6 +1037,29 @@ func expandDataprocSessionTemplateEnvironmentConfigExecutionConfigSubnetworkUri(
 	return v, nil
 }
 
+func expandDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedUserWorkloadAuthenticationType, err := expandDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(original["user_workload_authentication_type"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedUserWorkloadAuthenticationType); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["userWorkloadAuthenticationType"] = transformedUserWorkloadAuthenticationType
+	}
+
+	return transformed, nil
+}
+
+func expandDataprocSessionTemplateEnvironmentConfigExecutionConfigAuthenticationConfigUserWorkloadAuthenticationType(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandDataprocSessionTemplateEnvironmentConfigPeripheralsConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 {

google/services/dataproc/resource_dataproc_session_template_generated_meta.yaml

@@ -11,6 +11,7 @@ fields:
   - field: 'creator'
   - field: 'effective_labels'
     provider_only: true
+  - field: 'environment_config.execution_config.authentication_config.user_workload_authentication_type'
   - field: 'environment_config.execution_config.kms_key'
   - field: 'environment_config.execution_config.network_tags'
   - field: 'environment_config.execution_config.service_account'

google/services/dataproc/resource_dataproc_session_template_generated_test.go

@@ -75,6 +75,9 @@ resource "google_dataproc_session_template" "example_session_templates_jupyter"
         subnetwork_uri = "%{subnetwork_name}"
         ttl            = "3600s"
         network_tags   = ["tag1"]
+        authentication_config {
+          user_workload_authentication_type = "END_USER_CREDENTIALS"
+        }
       }
     }
 
@@ -142,6 +145,9 @@ resource "google_dataproc_session_template" "dataproc_session_templates_jupyter_
 	subnetwork_uri = "%{subnetwork_name}"
         service_account = "${data.google_project.project.number}[email protected]"
         staging_bucket = google_storage_bucket.bucket.name
+        authentication_config {
+          user_workload_authentication_type = "SERVICE_ACCOUNT"
+        }
       }
       peripherals_config {
         metastore_service = google_dataproc_metastore_service.ms.name

website/docs/r/dataproc_batch.html.markdown

@@ -89,6 +89,9 @@ resource "google_dataproc_batch" "example_batch_spark" {
         network_uri = "default"
         service_account = "${data.google_project.project.number}[email protected]"
         staging_bucket = google_storage_bucket.bucket.name
+        authentication_config {
+          user_workload_authentication_type = "SERVICE_ACCOUNT"
+        }
       }
       peripherals_config {
         metastore_service = google_dataproc_metastore_service.ms.name
@@ -437,6 +440,19 @@ The following arguments are supported:
   (Optional)
   Subnetwork configuration for workload execution.
 
+* `authentication_config` -
+  (Optional)
+  Authentication configuration for a workload is used to set the default identity for the workload execution.
+  Structure is [documented below](#nested_environment_config_execution_config_authentication_config).
+
+
+<a name="nested_environment_config_execution_config_authentication_config"></a>The `authentication_config` block supports:
+
+* `user_workload_authentication_type` -
+  (Optional)
+  Authentication type for the user workload running in containers.
+  Possible values are: `SERVICE_ACCOUNT`, `END_USER_CREDENTIALS`.
+
 <a name="nested_environment_config_peripherals_config"></a>The `peripherals_config` block supports:
 
 * `metastore_service` -

website/docs/r/dataproc_session_template.html.markdown

@@ -50,6 +50,9 @@ resource "google_dataproc_session_template" "example_session_templates_jupyter"
         subnetwork_uri = "default"
         ttl            = "3600s"
         network_tags   = ["tag1"]
+        authentication_config {
+          user_workload_authentication_type = "END_USER_CREDENTIALS"
+        }
       }
     }
 
@@ -88,6 +91,9 @@ resource "google_dataproc_session_template" "dataproc_session_templates_jupyter_
 	subnetwork_uri = "default"
         service_account = "${data.google_project.project.number}[email protected]"
         staging_bucket = google_storage_bucket.bucket.name
+        authentication_config {
+          user_workload_authentication_type = "SERVICE_ACCOUNT"
+        }
       }
       peripherals_config {
         metastore_service = google_dataproc_metastore_service.ms.name
@@ -314,6 +320,19 @@ The following arguments are supported:
   (Optional)
   Subnetwork configuration for workload execution.
 
+* `authentication_config` -
+  (Optional)
+  Authentication configuration for a workload is used to set the default identity for the workload execution.
+  Structure is [documented below](#nested_environment_config_execution_config_authentication_config).
+
+
+<a name="nested_environment_config_execution_config_authentication_config"></a>The `authentication_config` block supports:
+
+* `user_workload_authentication_type` -
+  (Optional)
+  Authentication type for the user workload running in containers.
+  Possible values are: `SERVICE_ACCOUNT`, `END_USER_CREDENTIALS`.
+
 <a name="nested_environment_config_peripherals_config"></a>The `peripherals_config` block supports:
 
 * `metastore_service` -