Add support for the metricsGcpServiceAccountEmail field in ConfigManagement Fleet-level default config (#12681) (#9147)

[upstream:a61293e29fee5b53fe684d2e80c70dd9e5353e93]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

Diff for: .changelog/12681.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+gkehub2: added support for `fleet_default_member_config.config_management.config_sync.metrics_gcp_service_account_email` field to `google_gke_hub_feature` resource
+```

Diff for: google-beta/services/gkehub2/resource_gke_hub_feature.go

@@ -138,6 +138,11 @@ func ResourceGKEHub2Feature() *schema.Resource {
 														},
 													},
 												},
+												"metrics_gcp_service_account_email": {
+													Type:        schema.TypeString,
+													Optional:    true,
+													Description: `The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount 'default' in the namespace 'config-management-monitoring' should be bound to the GSA.`,
+												},
 												"oci": {
 													Type:        schema.TypeList,
 													Optional:    true,
@@ -1375,6 +1380,8 @@ func flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSync(v i
 		flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncEnabled(original["enabled"], d, config)
 	transformed["prevent_drift"] =
 		flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncPreventDrift(original["preventDrift"], d, config)
+	transformed["metrics_gcp_service_account_email"] =
+		flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncMetricsGcpServiceAccountEmail(original["metricsGcpServiceAccountEmail"], d, config)
 	transformed["git"] =
 		flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncGit(original["git"], d, config)
 	transformed["oci"] =
@@ -1393,6 +1400,10 @@ func flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncPrev
 	return v
 }
 
+func flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncMetricsGcpServiceAccountEmail(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncGit(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return nil
@@ -2301,6 +2312,13 @@ func expandGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSync(v in
 		transformed["preventDrift"] = transformedPreventDrift
 	}
 
+	transformedMetricsGcpServiceAccountEmail, err := expandGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncMetricsGcpServiceAccountEmail(original["metrics_gcp_service_account_email"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedMetricsGcpServiceAccountEmail); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["metricsGcpServiceAccountEmail"] = transformedMetricsGcpServiceAccountEmail
+	}
+
 	transformedGit, err := expandGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncGit(original["git"], d, config)
 	if err != nil {
 		return nil, err
@@ -2330,6 +2348,10 @@ func expandGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncPreve
 	return v, nil
 }
 
+func expandGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncMetricsGcpServiceAccountEmail(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncGit(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {

Diff for: google-beta/services/gkehub2/resource_gke_hub_feature_generated_meta.yaml

@@ -17,6 +17,7 @@ fields:
   - field: 'fleet_default_member_config.configmanagement.config_sync.git.sync_repo'
   - field: 'fleet_default_member_config.configmanagement.config_sync.git.sync_rev'
   - field: 'fleet_default_member_config.configmanagement.config_sync.git.sync_wait_secs'
+  - field: 'fleet_default_member_config.configmanagement.config_sync.metrics_gcp_service_account_email'
   - field: 'fleet_default_member_config.configmanagement.config_sync.oci.gcp_service_account_email'
   - field: 'fleet_default_member_config.configmanagement.config_sync.oci.policy_dir'
   - field: 'fleet_default_member_config.configmanagement.config_sync.oci.secret_type'

Diff for: google-beta/services/gkehub2/resource_gke_hub_feature_test.go

@@ -579,6 +579,7 @@ resource "google_gke_hub_feature" "feature" {
         enabled = true
         prevent_drift = true
         source_format = "unstructured"
+        metrics_gcp_service_account_email = "[email protected]"
         oci {
           sync_repo = "us-central1-docker.pkg.dev/corp-gke-build-artifacts/acm/configs:latest"
           policy_dir = "/acm/nonprod-root/"

Diff for: website/docs/r/gke_hub_feature.html.markdown

@@ -504,6 +504,10 @@ The following arguments are supported:
   (Optional)
   Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.
 
+* `metrics_gcp_service_account_email` -
+  (Optional)
+  The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA.
+
 * `git` -
   (Optional)
   Git repo configuration for the cluster