Support for "member" output attribute in google_iam_workload_identity_pool_provider

[haizaar]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

It will be great for google_iam_workload_identity_pool_provider to have a member output, similar to google_service_account. It will safe us constructing membership strings like we do today:

data "google_iam_policy" "terraform_sa_workload_identity_user" {
  binding {
    role = "roles/iam.workloadIdentityUser"

    members = [
      "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool_provider.gh_actions.name}",
    ]
  }
}

New or Affected Resource(s)

• google_iam_workload_identity_pool_provider

Potential Terraform Configuration

resource "google_iam_workload_identity_pool_provider" "gh_actions" {
}
data "google_iam_policy" "terraform_sa_workload_identity_user" {
  binding {
    role = "roles/iam.workloadIdentityUser"

    members = [
      google_iam_workload_identity_pool_provider.gh_actions.member,
    ]
  }
}

References

b/302672368