diff --git a/mockgcp/mockserviceusage/serviceusagev1beta1.go b/mockgcp/mockserviceusage/serviceusagev1beta1.go index 1c25fe6274..041cf9e75a 100644 --- a/mockgcp/mockserviceusage/serviceusagev1beta1.go +++ b/mockgcp/mockserviceusage/serviceusagev1beta1.go @@ -65,6 +65,9 @@ func (s *ServiceUsageV1Beta1) GenerateServiceIdentity(ctx context.Context, req * case "secretmanager.googleapis.com": identity.Email = "service-" + strconv.FormatInt(name.Project.Number, 10) + "@gcp-sa-secretmanager.iam.gserviceaccount.com" identity.UniqueId = "123456789006" + case "bigquery.googleapis.com": + identity.Email = "bq-" + strconv.FormatInt(name.Project.Number, 10) + "@bigquery-encryption.iam.gserviceaccount.com" + identity.UniqueId = "123456789007" default: return nil, fmt.Errorf("generating serviceIdentity for service %q not implemented in mock", name.ServiceName) } diff --git a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/_http.log index 4e7cf5c240..fce8ce4de5 100644 --- a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/_http.log @@ -183,6 +183,33 @@ X-Xss-Protection: 0 --- +POST https://serviceusage.googleapis.com/v1beta1/projects/${projectId}/services/bigquery.googleapis.com:generateServiceIdentity?alt=json +Content-Type: application/json +User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "done": true, + "name": "operations/${operationID}", + "response": { + "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity", + "email": "bq-${projectNumber}@bigquery-encryption.iam.gserviceaccount.com", + "uniqueId": "12345678" + } +} + +--- + GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}:getIamPolicy?alt=json&options.requestedPolicyVersion=3&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager @@ -276,7 +303,7 @@ X-Xss-Protection: 0 --- -GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 404 Not Found @@ -312,7 +339,7 @@ Content-Type: application/json User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager { - "accountId": "bigquerydataset-dep", + "accountId": "iamsa-${uniqueId}", "serviceAccount": {} } @@ -328,9 +355,9 @@ X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 { - "email": "bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "email": "iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "etag": "abcdef0123A=", - "name": "projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "name": "projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "oauth2ClientId": "888888888888888888888", "projectId": "${projectId}", "uniqueId": "111111111111111111111" @@ -338,7 +365,7 @@ X-Xss-Protection: 0 --- -GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK @@ -353,9 +380,9 @@ X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 { - "email": "bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "email": "iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "etag": "abcdef0123A=", - "name": "projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "name": "projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "oauth2ClientId": "888888888888888888888", "projectId": "${projectId}", "uniqueId": "111111111111111111111" @@ -777,7 +804,7 @@ X-Xss-Protection: 0 --- -GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK @@ -792,9 +819,9 @@ X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 { - "email": "bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "email": "iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "etag": "abcdef0123A=", - "name": "projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "name": "projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "oauth2ClientId": "888888888888888888888", "projectId": "${projectId}", "uniqueId": "111111111111111111111" @@ -802,7 +829,7 @@ X-Xss-Protection: 0 --- -DELETE https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +DELETE https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK diff --git a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/dependencies.yaml b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/dependencies.yaml index 47a1531b49..4201ab4b56 100644 --- a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/dependencies.yaml +++ b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/dependencies.yaml @@ -31,6 +31,17 @@ spec: keyRingRef: name: kmskeyring-${uniqueId} --- +apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 +kind: ServiceIdentity +metadata: + name: serviceidentity-${uniqueId} + annotations: + cnrm.cloud.google.com/deletion-policy: "abandon" +spec: + projectRef: + external: ${projectId} + resourceID: bigquery.googleapis.com +--- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMPolicy metadata: @@ -50,4 +61,4 @@ kind: IAMServiceAccount metadata: annotations: cnrm.cloud.google.com/project-id: "${projectId}" - name: bigquerydataset-dep + name: iamsa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/update.yaml b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/update.yaml index 3fe9cae024..78d5cbb82a 100644 --- a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/update.yaml +++ b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset-direct/update.yaml @@ -38,5 +38,5 @@ spec: - role: READER domain: google.com - role: OWNER - userByEmail: bigquerydataset-dep@${projectId}.iam.gserviceaccount.com + userByEmail: iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com storageBillingModel: LOGICAL \ No newline at end of file diff --git a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/_http.log b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/_http.log index d94ab0ca3b..a2194aa957 100644 --- a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/_http.log @@ -183,6 +183,33 @@ X-Xss-Protection: 0 --- +POST https://serviceusage.googleapis.com/v1beta1/projects/${projectId}/services/bigquery.googleapis.com:generateServiceIdentity?alt=json +Content-Type: application/json +User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "done": true, + "name": "operations/${operationID}", + "response": { + "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity", + "email": "bq-${projectNumber}@bigquery-encryption.iam.gserviceaccount.com", + "uniqueId": "12345678" + } +} + +--- + GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}:getIamPolicy?alt=json&options.requestedPolicyVersion=3&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager @@ -276,7 +303,7 @@ X-Xss-Protection: 0 --- -GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 404 Not Found @@ -312,7 +339,7 @@ Content-Type: application/json User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager { - "accountId": "bigquerydataset-dep", + "accountId": "iamsa-${uniqueId}", "serviceAccount": {} } @@ -328,9 +355,9 @@ X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 { - "email": "bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "email": "iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "etag": "abcdef0123A=", - "name": "projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "name": "projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "oauth2ClientId": "888888888888888888888", "projectId": "${projectId}", "uniqueId": "111111111111111111111" @@ -338,7 +365,7 @@ X-Xss-Protection: 0 --- -GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK @@ -353,9 +380,9 @@ X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 { - "email": "bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "email": "iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "etag": "abcdef0123A=", - "name": "projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "name": "projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "oauth2ClientId": "888888888888888888888", "projectId": "${projectId}", "uniqueId": "111111111111111111111" @@ -698,7 +725,7 @@ X-Xss-Protection: 0 --- -GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK @@ -713,9 +740,9 @@ X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 { - "email": "bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "email": "iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "etag": "abcdef0123A=", - "name": "projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com", + "name": "projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com", "oauth2ClientId": "888888888888888888888", "projectId": "${projectId}", "uniqueId": "111111111111111111111" @@ -723,7 +750,7 @@ X-Xss-Protection: 0 --- -DELETE https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/bigquerydataset-dep@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +DELETE https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK diff --git a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/dependencies.yaml b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/dependencies.yaml index 9becb178c6..505163e0b1 100644 --- a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/dependencies.yaml +++ b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/dependencies.yaml @@ -29,6 +29,17 @@ spec: keyRingRef: name: kmskeyring-${uniqueId} --- +apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 +kind: ServiceIdentity +metadata: + name: serviceidentity-${uniqueId} + annotations: + cnrm.cloud.google.com/deletion-policy: "abandon" +spec: + projectRef: + external: ${projectId} + resourceID: bigquery.googleapis.com +--- apiVersion: iam.cnrm.cloud.google.com/v1beta1 kind: IAMPolicy metadata: @@ -48,4 +59,4 @@ kind: IAMServiceAccount metadata: annotations: cnrm.cloud.google.com/project-id: "${projectId}" - name: bigquerydataset-dep + name: iamsa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/update.yaml b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/update.yaml index 09d0b5fd4b..b9778fbeaf 100644 --- a/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/update.yaml +++ b/pkg/test/resourcefixture/testdata/basic/bigquery/v1beta1/bigquerydataset/fullybigquerydataset/update.yaml @@ -36,5 +36,5 @@ spec: - role: READER domain: google.com - role: OWNER - userByEmail: bigquerydataset-dep@${projectId}.iam.gserviceaccount.co + userByEmail: iamsa-${uniqueId}@${projectId}.iam.gserviceaccount.com storageBillingModel: LOGICAL