Merge pull request #141 from Scalr/feature/SCALRCORE-20644

SCALRCORE-20644 Provider configurations > API > Google Provider

docs/resources/scalr_provider_configuration.md

@@ -100,12 +100,17 @@ resource "scalr_provider_configuration" "kubernetes" {
 * `export_shell_variables` - (Optional) Export provider variables into the run environment. This option is available only for built in providers.
 * `aws` - (Optional) Settings for the aws provider configuraiton. Exactly one of the following attributes must be set: `aws`, `google`, `azurerm`, `scalr`, `custom`.
    The `aws` block supports the following:
-  * `secret_key` - (Optional) AWS secret key. 
-  * `access_key` - (Optional) AWS access key.
+  * `account_type` - (Required) The type of AWS accoutn, available options: `regular`, `gov-cloud`, `cn-cloud`.
+  * `credentials_type` - (Required) The type of AWS credentials, available options: `access_keys`, `role_delegation`.
+  * `trusted_entity_type` - (Optional) Trusted entity type, available options: `aws_account`, `aws_service`. This option is required with `role_delegation` credentials type.
+  * `role_arn` - (Optional) Amazon Resource Name (ARN) of the IAM Role to assume. This option is required with `role_delegation` credentials type.
+  * `external_id` - (Optional) External identifier to use when assuming the role. This option is required with `role_delegation` credentials type.
+  * `secret_key` - (Optional) AWS secret key. This option is required with `access_keys` credentials type.
+  * `access_key` - (Optional) AWS access key.This option is required with `access_keys` credentials type.
 * `google` - (Optional) Settings for the google provider configuraiton. Exactly one of the following attributes must be set: `aws`, `google`, `azurerm`, `scalr`, `custom`.
    The `google` block supports the following:
   * `project` - (Optional) The default project to manage resources in. If another project is specified on a resource, it will take precedence.
-  * `credentials` - (Optional) Either the path to or the contents of a service account key file in JSON format. You can manage key files using the Cloud Console. If not provided, the application default credentials will be used.
+  * `credentials` - (Required) Service account key file in JSON format.
 * `azurerm` - (Optional) Settings for the azurerm provider configuraiton. Exactly one of the following attributes must be set: `aws`, `google`, `azurerm`, `scalr`, `custom`.
    The `azurerm` block supports the following:
   * `client_id` - (Optional) The Client ID which should be used.

go.mod

@@ -5,7 +5,7 @@ require (
 	github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734
-	github.com/scalr/go-scalr v0.0.0-20220610083404-307bf1c7bcec
+	github.com/scalr/go-scalr v0.0.0-20220616132445-6d6376eb80a6
 )
 
 require (

go.sum

@@ -300,14 +300,8 @@ github.com/posener/complete v1.2.1 h1:LrvDIY//XNo65Lq84G/akBuMGlawHvGBABv8f/ZN6D
 github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/scalr/go-scalr v0.0.0-20220608124001-8936d4d98f86 h1:0ziZdhPEalwKqOcq4Kf+t5NjXyJXK6M0NHu3nLQmUQA=
-github.com/scalr/go-scalr v0.0.0-20220608124001-8936d4d98f86/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE=
-github.com/scalr/go-scalr v0.0.0-20220610071601-40c2b86eaf33 h1:ROaWdvdEhj36Vzf5gzr42hB+ssOeNrf/vqfKJ6q47/M=
-github.com/scalr/go-scalr v0.0.0-20220610071601-40c2b86eaf33/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE=
-github.com/scalr/go-scalr v0.0.0-20220610073755-2b143580ecae h1:Jzb504ZRtsU0hDKo0j9qkpALIFtAltngM/PmG6GlAxQ=
-github.com/scalr/go-scalr v0.0.0-20220610073755-2b143580ecae/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE=
-github.com/scalr/go-scalr v0.0.0-20220610083404-307bf1c7bcec h1:HiWxRqJ8MAuXV+Kski2QSWotxCzF+Z2P+9R8iCWJeyw=
-github.com/scalr/go-scalr v0.0.0-20220610083404-307bf1c7bcec/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE=
+github.com/scalr/go-scalr v0.0.0-20220616132445-6d6376eb80a6 h1:W6E+G4BwY70FyqD69eYtjxsuvUjoBBC45uSjUG+taA4=
+github.com/scalr/go-scalr v0.0.0-20220616132445-6d6376eb80a6/go.mod h1:xMnwfer9UxugeNITZjTpQBwQ/4bw6/JdyDLpGdmyorE=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=

scalr/resource_scalr_provider_configuration.go

@@ -106,7 +106,7 @@ func resourceScalrProviderConfiguration() *schema.Resource {
 						},
 						"credentials": {
 							Type:      schema.TypeString,
-							Optional:  true,
+							Required:  true,
 							Sensitive: true,
 						},
 					},
@@ -256,12 +256,10 @@ func resourceScalrProviderConfigurationCreate(d *schema.ResourceData, meta inter
 	} else if _, ok := d.GetOk("google"); ok {
 		configurationOptions.ProviderName = scalr.String("google")
 
+		configurationOptions.GoogleCredentials = scalr.String(d.Get("google.0.credentials").(string))
 		if v, ok := d.GetOk("google.0.project"); ok {
 			configurationOptions.GoogleProject = scalr.String(v.(string))
 		}
-		if v, ok := d.GetOk("google.0.credentials"); ok {
-			configurationOptions.GoogleCredentials = scalr.String(v.(string))
-		}
 
 	} else if _, ok := d.GetOk("azurerm"); ok {
 		configurationOptions.ProviderName = scalr.String("azurerm")
@@ -370,15 +368,16 @@ func resourceScalrProviderConfigurationRead(d *schema.ResourceData, meta interfa
 
 		d.Set("aws", []map[string]interface{}{aws})
 	case "google":
+		google := make(map[string]interface{})
+
 		stateGoogleParameters := d.Get("google").([]interface{})[0].(map[string]interface{})
-		stateCredentials := stateGoogleParameters["credentials"].(string)
+		google["credentials"] = stateGoogleParameters["credentials"].(string)
 
-		d.Set("google", []map[string]interface{}{
-			{
-				"project":     providerConfiguration.GoogleProject,
-				"credentials": stateCredentials,
-			},
-		})
+		if len(providerConfiguration.GoogleProject) > 0 {
+			google["project"] = providerConfiguration.GoogleProject
+		}
+
+		d.Set("google", []map[string]interface{}{google})
 	case "scalr":
 		stateScalrParameters := d.Get("scalr").([]interface{})[0].(map[string]interface{})
 		stateToken := stateScalrParameters["token"].(string)
@@ -483,12 +482,10 @@ func resourceScalrProviderConfigurationUpdate(d *schema.ResourceData, meta inter
 				return fmt.Errorf("'access_key' and 'secret_key' fields are required for 'access_keys' credentials type of aws provider configuration")
 			}
 		} else if _, ok := d.GetOk("google"); ok {
+			configurationOptions.GoogleCredentials = scalr.String(d.Get("google.0.credentials").(string))
 			if v, ok := d.GetOk("google.0.project"); ok {
 				configurationOptions.GoogleProject = scalr.String(v.(string))
 			}
-			if v, ok := d.GetOk("google.0.credentials"); ok {
-				configurationOptions.GoogleCredentials = scalr.String(v.(string))
-			}
 		} else if _, ok := d.GetOk("scalr"); ok {
 			configurationOptions.ScalrHostname = scalr.String(d.Get("scalr.0.hostname").(string))
 			configurationOptions.ScalrToken = scalr.String(d.Get("scalr.0.token").(string))

scalr/resource_scalr_provider_configuration_test.go

@@ -185,42 +185,40 @@ func TestAccProviderConfiguration_google(t *testing.T) {
 	var providerConfiguration scalr.ProviderConfiguration
 	rName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
 	rNewName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
+	credentials, project := getGoogleTestingCreds(t)
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckProviderConfigurationResourceDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccScalrProviderConfigurationGoogleConfig(rName),
+				Config: testAccScalrProviderConfigurationGoogleConfig(rName, credentials, project),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckProviderConfigurationExists("scalr_provider_configuration.google", &providerConfiguration),
-					testAccCheckProviderConfigurationGoogleValues(&providerConfiguration, rName),
+					testAccCheckProviderConfigurationGoogleValues(&providerConfiguration, rName, project),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "name", rName),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "export_shell_variables", "false"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "aws.#", "0"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.#", "1"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "azurerm.#", "0"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "custom.#", "0"),
-					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "scalr.#", "0"),
-					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.0.project", "my-project"),
-					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.0.credentials", "my-credentials"),
+					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.0.project", project),
 				),
 			},
 			{
-				Config: testAccScalrProviderConfigurationGoogleUpdatedConfig(rNewName),
+				Config: testAccScalrProviderConfigurationGoogleUpdatedConfig(rNewName, credentials, project),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckProviderConfigurationExists("scalr_provider_configuration.google", &providerConfiguration),
-					testAccCheckProviderConfigurationGoogleUpdatedValues(&providerConfiguration, rNewName),
+					testAccCheckProviderConfigurationGoogleUpdatedValues(&providerConfiguration, rNewName, project),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "name", rNewName),
-					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "export_shell_variables", "false"),
+					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "export_shell_variables", "true"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "aws.#", "0"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.#", "1"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "azurerm.#", "0"),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "custom.#", "0"),
+					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.0.project", project),
 					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "scalr.#", "0"),
-					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.0.project", "my-new-project"),
-					resource.TestCheckResourceAttr("scalr_provider_configuration.google", "google.0.credentials", "my-new-credentials"),
 				),
 			},
 		},
@@ -421,7 +419,7 @@ func testAccCheckProviderConfigurationScalrUpdatedValues(providerConfiguration *
 	}
 }
 
-func testAccCheckProviderConfigurationGoogleValues(providerConfiguration *scalr.ProviderConfiguration, name string) resource.TestCheckFunc {
+func testAccCheckProviderConfigurationGoogleValues(providerConfiguration *scalr.ProviderConfiguration, name, project string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if providerConfiguration.Name != name {
 			return fmt.Errorf("bad name, expected \"%s\", got: %#v", name, providerConfiguration.Name)
@@ -432,23 +430,23 @@ func testAccCheckProviderConfigurationGoogleValues(providerConfiguration *scalr.
 		if providerConfiguration.ExportShellVariables != false {
 			return fmt.Errorf("bad export shell variables, expected \"%t\", got: %#v", false, providerConfiguration.ExportShellVariables)
 		}
-		if providerConfiguration.GoogleProject != "my-project" {
-			return fmt.Errorf("bad google project, expected \"%s\", got: %#v", "my-project", providerConfiguration.GoogleProject)
+		if providerConfiguration.GoogleProject != project {
+			return fmt.Errorf("bad google project, expected \"%s\", got: %#v", project, providerConfiguration.GoogleProject)
 		}
 		return nil
 	}
 }
 
-func testAccCheckProviderConfigurationGoogleUpdatedValues(providerConfiguration *scalr.ProviderConfiguration, name string) resource.TestCheckFunc {
+func testAccCheckProviderConfigurationGoogleUpdatedValues(providerConfiguration *scalr.ProviderConfiguration, name, project string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if providerConfiguration.Name != name {
 			return fmt.Errorf("bad name, expected \"%s\", got: %#v", name, providerConfiguration.Name)
 		}
-		if providerConfiguration.ExportShellVariables != false {
-			return fmt.Errorf("bad export shell variables, expected \"%t\", got: %#v", false, providerConfiguration.ExportShellVariables)
+		if providerConfiguration.ExportShellVariables != true {
+			return fmt.Errorf("bad export shell variables, expected \"%t\", got: %#v", true, providerConfiguration.ExportShellVariables)
 		}
-		if providerConfiguration.GoogleProject != "my-new-project" {
-			return fmt.Errorf("bad google project, expected \"%s\", got: %#v", "my-new-project", providerConfiguration.GoogleProject)
+		if providerConfiguration.GoogleProject != project {
+			return fmt.Errorf("bad google project, expected \"%s\", got: %#v", project, providerConfiguration.GoogleProject)
 		}
 		return nil
 	}
@@ -555,6 +553,16 @@ func getAwsTestingCreds(t *testing.T) (accessKeyId, secretAccessKey, roleArn, ex
 	return
 }
 
+func getGoogleTestingCreds(t *testing.T) (credentials, project string) {
+	credentials = os.Getenv("TEST_GOOGLE_CREDENTIALS")
+	project = os.Getenv("TEST_GOOGLE_PROJECT")
+	if len(credentials) == 0 ||
+		len(project) == 0 {
+		t.Skip("Please set TEST_GOOGLE_CREDENTIALS, TEST_GOOGLE_PROJECT env variables to run this test.")
+	}
+	return
+}
+
 func testAccScalrProviderConfigurationCustomConfig(name string) string {
 	return fmt.Sprintf(`
 resource "scalr_provider_configuration" "kubernetes" {
@@ -664,30 +672,35 @@ resource "scalr_provider_configuration" "aws" {
 `, name, defaultAccount, accessKeyId, secretAccessKey, roleArn, externalId)
 }
 
-func testAccScalrProviderConfigurationGoogleConfig(name string) string {
+func testAccScalrProviderConfigurationGoogleConfig(name, credentials, project string) string {
 	return fmt.Sprintf(`
 resource "scalr_provider_configuration" "google" {
   name       = "%s"
   account_id = "%s"
   google {
-    project     = "my-project"
-    credentials = "my-credentials"
+    project     = "%s"
+    credentials = <<-EOT
+%s
+EOT
   }
 }
-`, name, defaultAccount)
+`, name, defaultAccount, project, credentials)
 }
 
-func testAccScalrProviderConfigurationGoogleUpdatedConfig(name string) string {
+func testAccScalrProviderConfigurationGoogleUpdatedConfig(name, credentials, project string) string {
 	return fmt.Sprintf(`
 resource "scalr_provider_configuration" "google" {
   name       = "%s"
   account_id = "%s"
+  export_shell_variables = true
   google {
-    project     = "my-new-project"
-    credentials = "my-new-credentials"
+    project     = "%s"
+    credentials = <<-EOT
+%s
+EOT
   }
 }
-`, name, defaultAccount)
+`, name, defaultAccount, project, credentials)
 }
 
 func testAccScalrProviderConfigurationAzurermConfig(name string) string {