ephemeral: add ephemeral_google_service_account_token
#12140
+257
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
BBBmau
force-pushed
the
support-service-account-token
branch
from
51639c8
to
8242932
Compare
|
recent commit addresses some issues, ephemeral resource is now working when running locally
ephemeral "google_test" "test" {
target_service_account = "[email protected]"
scopes = ["https://www.googleapis.com/auth/cloud-platform"]
lifetime = "10s"
}
POST /v1/projects/-/serviceAccounts/malvarezleon@hc-terraform-testing.iam.gserviceaccount.com:generateAccessToken?alt=json&prettyPrint=false HTTP/1.1
Host: iamcredentials.googleapis.com
User-Agent: google-api-go-client/0.5 Terraform/1.10.0-alpha20241023 (+https://www.terraform.io) Terraform-Plugin-SDK/terraform-plugin-framework terraform-provider-google/dev
Content-Length: 78
Content-Type: application/json
X-Goog-Api-Client: gl-go/1.23.2 gdcl/0.193.0
Accept-Encoding: gzip
{
"lifetime": "10s",
"scope": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
-----------------------------------------------------
2024/11/04 19:41:00 [DEBUG] Google API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/2.0 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Cache-Control: private
Content-Type: application/json; charset=UTF-8
Date: Tue, 05 Nov 2024 03:41:00 GMT
Server: scaffolding on HTTPServer2
Vary: Origin
Vary: X-Origin
Vary: Referer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
{
"accessToken": "ya29.c.c0ASRK0GZTgneHg5v4KBWZPZLdNFhNsehSCn8hpgW5R91nXQuACK3BoU-PFRmOjO7Pxu0WLoyVyCfso2OKHIO7tlZf38imfQ6WVBl7g8g4bg1WLQvVzSo7z0o_RNHKkfmI0xP5xcboXYXHyYf7jzrwEvBSeSYQDUzxxtHNnzQJmvsdD3GtrEKMpb1gTVv8mckZ59Gsn5MztgCd0THTNHZIkuQAsIeUfnVLoiv17Y8MTBTuQE-rSOPN7X51szH-HULI0efAlnNi7Sic8ws5qHi9FfHUNIxwy9LdHiya7d3-MViYsXL-Qf1VUsG9HLdj9uJric3E5k_yT7vTaG-EwKYw2hkefSQDpN5rPWD0G1XoqDvUOZc4GD1P2ZLvC2JsufcwFTKe9LxBoFZcsZF6fiXzqlzwHMZV9E_LiyWhNdqXtKb8s9w8u0d68B-xIptX6bYMlJoVEVqgs7T7rR9yDEWl9OjaWrtI-LK03vi99OG5AFn44h1676CzJwGclPNhGDdFxI1i1bgFu6nadfQ0OvGJfRTA5Gnn3LYEITnG3iChEuXHepxN2CqL6vQ_pKOVprt5GETTjTmBwBFPMFro4Q3hbQ49EthXzS5lTus6Avg2E625Pbbrutwk3JcreuQv_bwz2bbmFqp-pJ1MrZfO-yimq8mZBte0kxB_IVJgmjjbSvl96JkSr1Rurxn10XWZ7lSkyWM5oe51Mvzi2vvtd332yIcV-dWUZgmV-BvekbJmRVgzzvZbih0tbRucg0I7t201kSV-db7omY4aY-_dZXdx3tfS7j64ZQ0O_-uYFUe3_9kgq3gI1gap4MBeBwte19r8O_-yRw3OmQjlhXZikes_jx2w2qbQIQVq1ee4wU2w8uWBWr9oIrhjRx2rydIBn3SZJQ4foeXpYMdwFJ_h_d9zI-Jbgt9Uwh46ibhu1vUpJW2B-gFhUpyhdmF2mgWWOvnlY6F4ts2rQpF85rRyBgfsQStqZMftM0OQSyhZpgyeQq2VJRp2vZXdsvU",
"expireTime": "2024-11-05T03:41:10Z"
}
-----------------------------------------------------
2024/11/04 19:41:00 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/04 19:41:00 [DEBUG] Retry Transport: Returning after 1 attemptsstill missing tests, though the ability to test ephemeral resources / values is currently being worked on, this was pushed last friday and will be included in an example of how it can be tested can be viewed here: hashicorp/terraform-provider-corner@76f20a3 The echo provider can be found here: hashicorp/terraform-provider-corner@44d5ec0 |
BBBmau
commented
Nov 5, 2024
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go
Outdated
Show resolved
Hide resolved
This comment was marked as outdated.
This comment was marked as outdated.
1 similar comment
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
SarahFrench
reviewed
Nov 5, 2024
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go
Outdated
Show resolved
Hide resolved
BBBmau
force-pushed
the
support-service-account-token
branch
from
2cda8ad
to
a618711
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
BBBmau
force-pushed
the
support-service-account-token
branch
from
a618711
to
20c115f
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
Errors
|
Tests analyticsTotal tests: 0 Click here to see the affected service packages
🔴 Errors occurred during REPLAYING mode. Please fix them to complete your PR. View the build log |
SarahFrench
requested changes
Nov 6, 2024
There was a problem hiding this comment.
Please rebase your PR on the latest version of FEATURE-BRANCH-ephemeral-resource - this will pull in the dependency updates and fix the build errors showing in this PR.
Also, please move the validator code into the file discussed here.
SarahFrench
requested changes
Nov 6, 2024
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go
Show resolved
Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
SarahFrench
reviewed
Nov 6, 2024
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go
Outdated
Show resolved
Hide resolved
BBBmau
force-pushed
the
support-service-account-token
branch
from
b7d0840
to
79a87d0
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
|
tests pass locally however we should consider the === RUN TestEphemeralServiceAccountToken_basic
=== PAUSE TestEphemeralServiceAccountToken_basic
=== RUN TestEphemeralServiceAccountToken_withDelegates
=== PAUSE TestEphemeralServiceAccountToken_withDelegates
=== RUN TestEphemeralServiceAccountToken_withCustomLifetime
=== PAUSE TestEphemeralServiceAccountToken_withCustomLifetime
=== CONT TestEphemeralServiceAccountToken_basic
=== CONT TestEphemeralServiceAccountToken_withCustomLifetime
=== CONT TestEphemeralServiceAccountToken_withDelegates
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [DEBUG] Waiting for state to become: [success]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [DEBUG] Waiting for state to become: [success]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [INFO] Authenticating using configured Google JSON 'credentials'...
2024/11/06 16:47:14 [INFO] -- Scopes: [https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email]
2024/11/06 16:47:14 [DEBUG] Waiting for state to become: [success]
2024/11/06 16:47:15 [INFO] Terraform is using this identity: mauricio-alvarezleon@hc-terraform-testing.iam.gserviceaccount.com
2024/11/06 16:47:15 [DEBUG] Verifying projects/hc-terraform-testing/serviceAccounts/tf-bootstrap-sa-delegates@hc-terraform-testing.iam.gserviceaccount.com as bootstrapped service account.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [INFO] Terraform is using this identity: mauricio-alvarezleon@hc-terraform-testing.iam.gserviceaccount.com
2024/11/06 16:47:15 [DEBUG] Verifying projects/hc-terraform-testing/serviceAccounts/tf-bootstrap-sa-lifetime@hc-terraform-testing.iam.gserviceaccount.com as bootstrapped service account.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [INFO] Terraform is using this identity: mauricio-alvarezleon@hc-terraform-testing.iam.gserviceaccount.com
2024/11/06 16:47:15 [DEBUG] Verifying projects/hc-terraform-testing/serviceAccounts/tf-bootstrap-sa-basic@hc-terraform-testing.iam.gserviceaccount.com as bootstrapped service account.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:15 [DEBUG] Retry Transport: Returning after 1 attempts
2024/11/06 16:47:15 [DEBUG] Setting service account permissions.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:15 [DEBUG] Retry Transport: Returning after 1 attempts
2024/11/06 16:47:15 [DEBUG] Setting service account permissions.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:15 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:15 [DEBUG] Retry Transport: Returning after 1 attempts
2024/11/06 16:47:15 [DEBUG] Setting service account permissions.
2024/11/06 16:47:15 [INFO] Instantiating Google Cloud IAM client for path https://iam.googleapis.com/
2024/11/06 16:47:15 [DEBUG] Retry Transport: starting RoundTrip retry loop
2024/11/06 16:47:15 [DEBUG] Retry Transport: request attempt 0
2024/11/06 16:47:16 [DEBUG] Retry Transport: Stopping retries, last request was successful
2024/11/06 16:47:16 [DEBUG] Retry Transport: Returning after 1 attempts
--- PASS: TestEphemeralServiceAccountToken_basic (26.47s)
--- PASS: TestEphemeralServiceAccountToken_withDelegates (26.69s)
--- PASS: TestEphemeralServiceAccountToken_withCustomLifetime (26.79s)
PASS
ok github.com/hashicorp/terraform-provider-google/google/services/resourcemanager 31.149s |
Tests analyticsTotal tests: 4267 Click here to see the affected service packages
Action takenFound 235 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
This comment was marked as outdated.
This comment was marked as outdated.
SarahFrench
reviewed
Nov 7, 2024
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go
Outdated
Show resolved
Hide resolved
mmv1/third_party/terraform/services/resourcemanager/ephemeral_google_service_account_token.go
Outdated
Show resolved
Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
BBBmau
force-pushed
the
support-service-account-token
branch
from
877ec83
to
026fa25
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 4270 Click here to see the affected service packages
Action takenFound 7 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
SarahFrench
reviewed
Nov 12, 2024
There was a problem hiding this comment.
Here's a quick review about the acc tests - we don't need any setup as the setup is done by the acctest.BootstrapServiceAccount function creating service accounts and giving other service accounts permissions to make tokens for them. My suggestions are to remove the setup code and to simplify testAccEphemeralServiceAccountToken_withDelegates
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
...hird_party/terraform/services/resourcemanager/ephemeral_google_service_account_token_test.go
Outdated
Show resolved
Hide resolved
|
I'm still sussing out the stuff about not letting ephemeral resources handle Unknown values |
…google_service_account_token_test.go Co-authored-by: Sarah French <[email protected]>
…google_service_account_token_test.go Co-authored-by: Sarah French <[email protected]>
…google_service_account_token_test.go Co-authored-by: Sarah French <[email protected]>
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
2 similar comments
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 4270 Click here to see the affected service packages
Action takenFound 7 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
1 similar comment
Tests analyticsTotal tests: 4270 Click here to see the affected service packages
Action takenFound 7 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
Tests analyticsTotal tests: 4270 Click here to see the affected service packages
Action takenFound 8 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.