Promote workload identity federation data sources to ga (#12899) (#21408)

[upstream:49eabe66bfbb062663622d972c5081851faa415e]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/12899.txt

@@ -0,0 +1,3 @@
+```release-note: enhancement
+iambeta: Promoted data sources `google_iam_workload_identity_pool` and `google_iam_workload_identity_pool_provider` to GA
+```

google/provider/provider_mmv1_resources.go

@@ -260,6 +260,8 @@ var handwrittenDatasources = map[string]*schema.Resource{
 	"google_iam_policy":                                    resourcemanager.DataSourceGoogleIamPolicy(),
 	"google_iam_role":                                      resourcemanager.DataSourceGoogleIamRole(),
 	"google_iam_testable_permissions":                      resourcemanager.DataSourceGoogleIamTestablePermissions(),
+	"google_iam_workload_identity_pool":                    iambeta.DataSourceIAMBetaWorkloadIdentityPool(),
+	"google_iam_workload_identity_pool_provider":           iambeta.DataSourceIAMBetaWorkloadIdentityPoolProvider(),
 	"google_iap_client":                                    iap.DataSourceGoogleIapClient(),
 	"google_kms_crypto_key":                                kms.DataSourceGoogleKmsCryptoKey(),
 	"google_kms_crypto_keys":                               kms.DataSourceGoogleKmsCryptoKeys(),

google/services/iambeta/data_source_iam_workload_identity_pool.go

@@ -1,3 +1,44 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 package iambeta
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DataSourceIAMBetaWorkloadIdentityPool() *schema.Resource {
+
+	dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceIAMBetaWorkloadIdentityPool().Schema)
+	tpgresource.AddRequiredFieldsToSchema(dsSchema, "workload_identity_pool_id")
+	tpgresource.AddOptionalFieldsToSchema(dsSchema, "project")
+
+	return &schema.Resource{
+		Read:   dataSourceIAMBetaWorkloadIdentityPoolRead,
+		Schema: dsSchema,
+	}
+}
+
+func dataSourceIAMBetaWorkloadIdentityPoolRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+
+	id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+	err = resourceIAMBetaWorkloadIdentityPoolRead(d, meta)
+	if err != nil {
+		return err
+	}
+
+	if d.Id() == "" {
+		return fmt.Errorf("%s not found", id)
+	}
+
+	return nil
+}

google/services/iambeta/data_source_iam_workload_identity_pool_provider.go

@@ -1,3 +1,45 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 package iambeta
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DataSourceIAMBetaWorkloadIdentityPoolProvider() *schema.Resource {
+
+	dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceIAMBetaWorkloadIdentityPoolProvider().Schema)
+	tpgresource.AddRequiredFieldsToSchema(dsSchema, "workload_identity_pool_id")
+	tpgresource.AddRequiredFieldsToSchema(dsSchema, "workload_identity_pool_provider_id")
+	tpgresource.AddOptionalFieldsToSchema(dsSchema, "project")
+
+	return &schema.Resource{
+		Read:   dataSourceIAMBetaWorkloadIdentityPoolProviderRead,
+		Schema: dsSchema,
+	}
+}
+
+func dataSourceIAMBetaWorkloadIdentityPoolProviderRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+
+	id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+	err = resourceIAMBetaWorkloadIdentityPoolProviderRead(d, meta)
+	if err != nil {
+		return err
+	}
+
+	if d.Id() == "" {
+		return fmt.Errorf("%s not found", id)
+	}
+
+	return nil
+}

google/services/iambeta/data_source_iam_workload_identity_pool_provider_test.go

@@ -1,3 +1,61 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 package iambeta_test
+
+import (
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccDataSourceIAMBetaWorkloadIdentityPoolProvider_basic(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckIAMBetaWorkloadIdentityPoolProviderDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceIAMBetaWorkloadIdentityPoolProviderBasic(context),
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckDataSourceStateMatchesResourceState("data.google_iam_workload_identity_pool_provider.foo", "google_iam_workload_identity_pool_provider.bar"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceIAMBetaWorkloadIdentityPoolProviderBasic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_iam_workload_identity_pool" "pool" {
+	workload_identity_pool_id = "pool-%{random_suffix}"
+}
+
+resource "google_iam_workload_identity_pool_provider" "bar" {
+	workload_identity_pool_id          = google_iam_workload_identity_pool.pool.workload_identity_pool_id
+	workload_identity_pool_provider_id = "bar-provider-%{random_suffix}"
+	display_name                       = "Name of provider"
+	description                        = "OIDC identity pool provider for automated test"
+	disabled                           = true
+	attribute_condition                = "\"e968c2ef-047c-498d-8d79-16ca1b61e77e\" in assertion.groups"
+	attribute_mapping                  = {
+		"google.subject" = "assertion.sub"
+	}
+	oidc {
+		allowed_audiences = ["https://example.com/gcp-oidc-federation"]
+		issuer_uri        = "https://sts.windows.net/azure-tenant-id"
+	}
+  }
+
+data "google_iam_workload_identity_pool_provider" "foo" {
+	workload_identity_pool_id          = google_iam_workload_identity_pool.pool.workload_identity_pool_id
+	workload_identity_pool_provider_id = google_iam_workload_identity_pool_provider.bar.workload_identity_pool_provider_id
+}
+`, context)
+}

google/services/iambeta/data_source_iam_workload_identity_pool_test.go

@@ -1,3 +1,47 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 package iambeta_test
+
+import (
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccDataSourceIAMBetaWorkloadIdentityPool_basic(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckIAMBetaWorkloadIdentityPoolDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceIAMBetaWorkloadIdentityPoolBasic(context),
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckDataSourceStateMatchesResourceState("data.google_iam_workload_identity_pool.foo", "google_iam_workload_identity_pool.bar"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceIAMBetaWorkloadIdentityPoolBasic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_iam_workload_identity_pool" "bar" {
+	workload_identity_pool_id = "bar-pool-%{random_suffix}"
+	display_name              = "Name of pool"
+	description               = "Identity pool for automated test"
+	disabled                  = true
+}
+
+data "google_iam_workload_identity_pool" "foo" {
+	workload_identity_pool_id = google_iam_workload_identity_pool.bar.workload_identity_pool_id
+}
+`, context)
+}

google/services/iambeta/resource_iam_workload_identity_pool_id_test.go

@@ -1,3 +1,36 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 package iambeta_test
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-provider-google/google/services/iambeta"
+	"github.com/hashicorp/terraform-provider-google/google/verify"
+)
+
+func TestValidateIAMBetaWorkloadIdentityPoolId(t *testing.T) {
+	x := []verify.StringValidationTestCase{
+		// No errors
+		{TestName: "basic", Value: "foobar"},
+		{TestName: "with numbers", Value: "foobar123"},
+		{TestName: "short", Value: "foos"},
+		{TestName: "long", Value: "12345678901234567890123456789012"},
+		{TestName: "has a hyphen", Value: "foo-bar"},
+
+		// With errors
+		{TestName: "empty", Value: "", ExpectError: true},
+		{TestName: "starts with a gcp-", Value: "gcp-foobar", ExpectError: true},
+		{TestName: "with uppercase", Value: "fooBar", ExpectError: true},
+		{TestName: "has an slash", Value: "foo/bar", ExpectError: true},
+		{TestName: "has an backslash", Value: "foo\bar", ExpectError: true},
+		{TestName: "too short", Value: "foo", ExpectError: true},
+		{TestName: "too long", Value: strings.Repeat("f", 33), ExpectError: true},
+	}
+
+	es := verify.TestStringValidationCases(x, iambeta.ValidateWorkloadIdentityPoolId)
+	if len(es) > 0 {
+		t.Errorf("Failed to validate WorkloadIdentityPool names: %v", es)
+	}
+}

google/services/iambeta/resource_iam_workload_identity_pool_provider_id_test.go

@@ -1,3 +1,36 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 package iambeta_test
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-provider-google/google/services/iambeta"
+	"github.com/hashicorp/terraform-provider-google/google/verify"
+)
+
+func TestValidateIAMBetaWorkloadIdentityPoolProviderId(t *testing.T) {
+	x := []verify.StringValidationTestCase{
+		// No errors
+		{TestName: "basic", Value: "foobar"},
+		{TestName: "with numbers", Value: "foobar123"},
+		{TestName: "short", Value: "foos"},
+		{TestName: "long", Value: "12345678901234567890123456789012"},
+		{TestName: "has a hyphen", Value: "foo-bar"},
+
+		// With errors
+		{TestName: "empty", Value: "", ExpectError: true},
+		{TestName: "starts with a gcp-", Value: "gcp-foobar", ExpectError: true},
+		{TestName: "with uppercase", Value: "fooBar", ExpectError: true},
+		{TestName: "has an slash", Value: "foo/bar", ExpectError: true},
+		{TestName: "has an backslash", Value: "foo\bar", ExpectError: true},
+		{TestName: "too short", Value: "foo", ExpectError: true},
+		{TestName: "too long", Value: strings.Repeat("f", 33), ExpectError: true},
+	}
+
+	es := verify.TestStringValidationCases(x, iambeta.ValidateWorkloadIdentityPoolProviderId)
+	if len(es) > 0 {
+		t.Errorf("Failed to validate WorkloadIdentityPoolProvider names: %v", es)
+	}
+}