Add workload identity pool managed identity. (#14048) (#22979)

modular-magician · web-flow · commit f143725d5157 · 2025-05-22T16:07:53.000-07:00
[upstream:5c950742071115adea135fc70e9dc6e91843edc7]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/14048.txt b/.changelog/14048.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_iam_workload_identity_pool_managed_identity` (beta)
+```
diff --git a/website/docs/r/iam_workload_identity_pool_managed_identity.html.markdown b/website/docs/r/iam_workload_identity_pool_managed_identity.html.markdown
@@ -0,0 +1,206 @@
+---
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This code is generated by Magic Modules using the following:
+#
+#     Configuration: https:#github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iambeta/WorkloadIdentityPoolManagedIdentity.yaml
+#     Template:      https:#github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/resource.html.markdown.tmpl
+#
+#     DO NOT EDIT this file directly. Any changes made to this file will be
+#     overwritten during the next generation cycle.
+#
+# ----------------------------------------------------------------------------
+subcategory: "Cloud IAM"
+description: |-
+  Represents a managed identity for a workload identity pool namespace.
+---
+
+# google_iam_workload_identity_pool_managed_identity
+
+Represents a managed identity for a workload identity pool namespace.
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+To get more information about WorkloadIdentityPoolManagedIdentity, see:
+
+* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.namespaces.managedIdentities)
+* How-to Guides
+    * [Configure managed workload identity authentication for Compute Engine](https://cloud.google.com/iam/docs/create-managed-workload-identities)
+    * [Configure managed workload identity authentication for GKE](https://cloud.google.com/iam/docs/create-managed-workload-identities-gke)
+
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=iam_workload_identity_pool_managed_identity_basic&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Iam Workload Identity Pool Managed Identity Basic
+
+
+```hcl
+resource "google_iam_workload_identity_pool" "pool" {
+  provider = google-beta
+
+  workload_identity_pool_id = "example-pool"
+  mode                      = "TRUST_DOMAIN"
+}
+
+resource "google_iam_workload_identity_pool_namespace" "ns" {
+  provider = google-beta
+
+  workload_identity_pool_id           = google_iam_workload_identity_pool.pool.workload_identity_pool_id
+  workload_identity_pool_namespace_id = "example-namespace"
+}
+
+resource "google_iam_workload_identity_pool_managed_identity" "example" {
+  provider = google-beta
+
+  workload_identity_pool_id                  = google_iam_workload_identity_pool.pool.workload_identity_pool_id
+  workload_identity_pool_namespace_id        = google_iam_workload_identity_pool_namespace.ns.workload_identity_pool_namespace_id
+  workload_identity_pool_managed_identity_id = "example-managed-identity"
+}
+```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=iam_workload_identity_pool_managed_identity_full&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Iam Workload Identity Pool Managed Identity Full
+
+
+```hcl
+resource "google_iam_workload_identity_pool" "pool" {
+  provider = google-beta
+
+  workload_identity_pool_id = "example-pool"
+  mode                      = "TRUST_DOMAIN"
+}
+
+resource "google_iam_workload_identity_pool_namespace" "ns" {
+  provider = google-beta
+
+  workload_identity_pool_id           = google_iam_workload_identity_pool.pool.workload_identity_pool_id
+  workload_identity_pool_namespace_id = "example-namespace"
+}
+
+resource "google_iam_workload_identity_pool_managed_identity" "example" {
+  provider = google-beta
+
+  workload_identity_pool_id                  = google_iam_workload_identity_pool.pool.workload_identity_pool_id
+  workload_identity_pool_namespace_id        = google_iam_workload_identity_pool_namespace.ns.workload_identity_pool_namespace_id
+  workload_identity_pool_managed_identity_id = "example-managed-identity"
+  description                                = "Example Managed Identity in a Workload Identity Pool Namespace"
+  disabled                                   = true
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `workload_identity_pool_id` -
+  (Required)
+  The ID to use for the pool, which becomes the final component of the resource name. This
+  value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
+  `gcp-` is reserved for use by Google, and may not be specified.
+
+* `workload_identity_pool_namespace_id` -
+  (Required)
+  The ID to use for the namespace. This value must:
+  * contain at most 63 characters
+  * contain only lowercase alphanumeric characters or `-`
+  * start with an alphanumeric character
+  * end with an alphanumeric character
+  
+  The prefix `gcp-` will be reserved for future uses.
+
+* `workload_identity_pool_managed_identity_id` -
+  (Required)
+  The ID to use for the managed identity. This value must:
+  * contain at most 63 characters
+  * contain only lowercase alphanumeric characters or `-`
+  * start with an alphanumeric character
+  * end with an alphanumeric character
+  
+  The prefix `gcp-` will be reserved for future uses.
+
+
+- - -
+
+
+* `description` -
+  (Optional)
+  A description of the managed identity. Cannot exceed 256 characters.
+
+* `disabled` -
+  (Optional)
+  Whether the managed identity is disabled. If disabled, credentials may no longer be issued for
+  the identity, however existing credentials will still be accepted until they expire.
+
+* `project` - (Optional) The ID of the project in which the resource belongs.
+    If it is not provided, the provider project is used.
+
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}`
+
+* `name` -
+  The resource name of the managed identity as
+  `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/namespaces/{workload_identity_pool_namespace_id}/managedIdentities/{workload_identity_pool_managed_identity_id}`.
+
+* `state` -
+  The current state of the managed identity.
+  * `ACTIVE`: The managed identity is active.
+  * `DELETED`: The managed identity is soft-deleted. Soft-deleted managed identities are
+  permanently deleted after approximately 30 days. You can restore a soft-deleted managed
+  identity using UndeleteWorkloadIdentityPoolManagedIdentity. You cannot reuse the ID of a
+  soft-deleted managed identity until it is permanently deleted.
+
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+- `update` - Default is 20 minutes.
+- `delete` - Default is 20 minutes.
+
+## Import
+
+
+WorkloadIdentityPoolManagedIdentity can be imported using any of these accepted formats:
+
+* `projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}`
+* `{{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}`
+* `{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}`
+
+
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import WorkloadIdentityPoolManagedIdentity using one of the formats above. For example:
+
+```tf
+import {
+  id = "projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}"
+  to = google_iam_workload_identity_pool_managed_identity.default
+}
+```
+
+When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), WorkloadIdentityPoolManagedIdentity can be imported using one of the formats above. For example:
+
+```
+$ terraform import google_iam_workload_identity_pool_managed_identity.default projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/namespaces/{{workload_identity_pool_namespace_id}}/managedIdentities/{{workload_identity_pool_managed_identity_id}}
+$ terraform import google_iam_workload_identity_pool_managed_identity.default {{project}}/{{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}
+$ terraform import google_iam_workload_identity_pool_managed_identity.default {{workload_identity_pool_id}}/{{workload_identity_pool_namespace_id}}/{{workload_identity_pool_managed_identity_id}}
+```
+
+## User Project Overrides
+
+This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:new-resource
	`2`	+`google_iam_workload_identity_pool_managed_identity` (beta)
	`3`	+```