Add member property to google_project_service_identity (#11130) (#18695)

modular-magician · web-flow · commit 3819ded82ccc · 2024-07-10T09:58:12.000-07:00
[upstream:1bd899b3cb5a2ec3d7e3128090509d61098b43a3]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/11130.txt b/.changelog/11130.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resourcemanager: added the `member` property to `google_project_service_identity`
+```
diff --git a/website/docs/r/apigee_instance.html.markdown b/website/docs/r/apigee_instance.html.markdown
@@ -189,7 +189,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {
   crypto_key_id = google_kms_crypto_key.apigee_key.id
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 
-  member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"
+  member = google_project_service_identity.apigee_sa.member
 }
 
 resource "google_apigee_organization" "apigee_org" {
diff --git a/website/docs/r/apigee_nat_address.html.markdown b/website/docs/r/apigee_nat_address.html.markdown
@@ -77,7 +77,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {
   crypto_key_id = google_kms_crypto_key.apigee_key.id
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 
-  member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"
+  member = google_project_service_identity.apigee_sa.member
 }
 
 resource "google_apigee_organization" "apigee_org" {
diff --git a/website/docs/r/apigee_organization.html.markdown b/website/docs/r/apigee_organization.html.markdown
@@ -120,7 +120,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {
   crypto_key_id = google_kms_crypto_key.apigee_key.id
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 
-  member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"
+  member = google_project_service_identity.apigee_sa.member
 }
 
 resource "google_apigee_organization" "org" {
@@ -167,7 +167,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {
   crypto_key_id = google_kms_crypto_key.apigee_key.id
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 
-  member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"
+  member = google_project_service_identity.apigee_sa.member
 }
 
 resource "google_apigee_organization" "org" {
diff --git a/website/docs/r/cloudfunctions2_function.html.markdown b/website/docs/r/cloudfunctions2_function.html.markdown
@@ -780,7 +780,7 @@ resource "google_kms_crypto_key_iam_binding" "gcf_cmek_keyuser" {
     "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com",
     "serviceAccount:service-${data.google_project.project.number}@gs-project-accounts.iam.gserviceaccount.com",
     "serviceAccount:service-${data.google_project.project.number}@serverless-robot-prod.iam.gserviceaccount.com",
-    "serviceAccount:${google_project_service_identity.ea_sa.email}",
+    google_project_service_identity.ea_sa.member,
   ]
 
   depends_on = [
diff --git a/website/docs/r/network_security_tls_inspection_policy.html.markdown b/website/docs/r/network_security_tls_inspection_policy.html.markdown
@@ -200,7 +200,7 @@ resource "google_privateca_ca_pool_iam_member" "default" {
   provider = google-beta
   ca_pool  = google_privateca_ca_pool.default.id
   role     = "roles/privateca.certificateManager"
-  member   = "serviceAccount:${google_project_service_identity.ns_sa.email}"
+  member   = google_project_service_identity.ns_sa.member
 }
 
 resource "google_certificate_manager_trust_config" "default" {
diff --git a/website/docs/r/privateca_certificate_authority.html.markdown b/website/docs/r/privateca_certificate_authority.html.markdown
@@ -207,13 +207,13 @@ resource "google_kms_crypto_key_iam_member" "privateca_sa_keyuser_signerverifier
   crypto_key_id = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"
   role          = "roles/cloudkms.signerVerifier"
 
-  member = "serviceAccount:${google_project_service_identity.privateca_sa.email}"
+  member = google_project_service_identity.privateca_sa.member
 }
 
 resource "google_kms_crypto_key_iam_member" "privateca_sa_keyuser_viewer" {
   crypto_key_id = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"
   role          = "roles/viewer"
-  member = "serviceAccount:${google_project_service_identity.privateca_sa.email}"
+  member = google_project_service_identity.privateca_sa.member
 }
 
 resource "google_privateca_certificate_authority" "default" {
diff --git a/website/docs/r/project_service_identity.html.markdown b/website/docs/r/project_service_identity.html.markdown
@@ -37,7 +37,7 @@ resource "google_project_service_identity" "hc_sa" {
 resource "google_project_iam_member" "hc_sa_bq_jobuser" {
   project = data.google_project.project.project_id
   role    = "roles/bigquery.jobUser"
-  member  = "serviceAccount:${google_project_service_identity.hc_sa.email}"
+  member  = google_project_service_identity.hc_sa.member
 }
 ```
 
@@ -59,6 +59,7 @@ The following arguments are supported:
 In addition to the arguments listed above, the following computed attributes are exported:
 
 * `email` - The email address of the Google managed service account.
+* `member` - The Identity of the Google managed service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.
 
 ## Import
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+resourcemanager: added the `member` property to `google_project_service_identity`
	`3`	+```
Original file line number	Diff line number	Diff line change
`@@ -189,7 +189,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {`
`189`	`189`	`crypto_key_id = google_kms_crypto_key.apigee_key.id`
`190`	`190`	`role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"`
`191`	`191`
`192`		`- member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"`
	`192`	`+ member = google_project_service_identity.apigee_sa.member`
`193`	`193`	`}`
`194`	`194`
`195`	`195`	`resource "google_apigee_organization" "apigee_org" {`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {`
`77`	`77`	`crypto_key_id = google_kms_crypto_key.apigee_key.id`
`78`	`78`	`role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"`
`79`	`79`
`80`		`- member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"`
	`80`	`+ member = google_project_service_identity.apigee_sa.member`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`resource "google_apigee_organization" "apigee_org" {`
Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {`
`120`	`120`	`crypto_key_id = google_kms_crypto_key.apigee_key.id`
`121`	`121`	`role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"`
`122`	`122`
`123`		`- member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"`
	`123`	`+ member = google_project_service_identity.apigee_sa.member`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`resource "google_apigee_organization" "org" {`
`@@ -167,7 +167,7 @@ resource "google_kms_crypto_key_iam_member" "apigee_sa_keyuser" {`
`167`	`167`	`crypto_key_id = google_kms_crypto_key.apigee_key.id`
`168`	`168`	`role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"`
`169`	`169`
`170`		`- member = "serviceAccount:${google_project_service_identity.apigee_sa.email}"`
	`170`	`+ member = google_project_service_identity.apigee_sa.member`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`resource "google_apigee_organization" "org" {`
Original file line number	Diff line number	Diff line change
`@@ -780,7 +780,7 @@ resource "google_kms_crypto_key_iam_binding" "gcf_cmek_keyuser" {`
`780`	`780`	`"serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com",`
`781`	`781`	`"serviceAccount:service-${data.google_project.project.number}@gs-project-accounts.iam.gserviceaccount.com",`
`782`	`782`	`"serviceAccount:service-${data.google_project.project.number}@serverless-robot-prod.iam.gserviceaccount.com",`
`783`		`- "serviceAccount:${google_project_service_identity.ea_sa.email}",`
	`783`	`+ google_project_service_identity.ea_sa.member,`
`784`	`784`	`]`
`785`	`785`
`786`	`786`	`depends_on = [`
Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,7 @@ resource "google_privateca_ca_pool_iam_member" "default" {`
`200`	`200`	`provider = google-beta`
`201`	`201`	`ca_pool = google_privateca_ca_pool.default.id`
`202`	`202`	`role = "roles/privateca.certificateManager"`
`203`		`- member = "serviceAccount:${google_project_service_identity.ns_sa.email}"`
	`203`	`+ member = google_project_service_identity.ns_sa.member`
`204`	`204`	`}`
`205`	`205`
`206`	`206`	`resource "google_certificate_manager_trust_config" "default" {`
Original file line number	Diff line number	Diff line change
`@@ -207,13 +207,13 @@ resource "google_kms_crypto_key_iam_member" "privateca_sa_keyuser_signerverifier`
`207`	`207`	`crypto_key_id = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"`
`208`	`208`	`role = "roles/cloudkms.signerVerifier"`
`209`	`209`
`210`		`- member = "serviceAccount:${google_project_service_identity.privateca_sa.email}"`
	`210`	`+ member = google_project_service_identity.privateca_sa.member`
`211`	`211`	`}`
`212`	`212`
`213`	`213`	`resource "google_kms_crypto_key_iam_member" "privateca_sa_keyuser_viewer" {`
`214`	`214`	`crypto_key_id = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"`
`215`	`215`	`role = "roles/viewer"`
`216`		`- member = "serviceAccount:${google_project_service_identity.privateca_sa.email}"`
	`216`	`+ member = google_project_service_identity.privateca_sa.member`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`resource "google_privateca_certificate_authority" "default" {`