diff --git a/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment.go b/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment.go index bb8091b997ce..5c2b6ca0895d 100644 --- a/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment.go +++ b/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment.go @@ -3,6 +3,7 @@ package apigee import ( "fmt" "log" + "strings" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -140,6 +141,23 @@ func resourceApigeeSharedflowDeploymentRead(d *schema.ResourceData, meta interfa } log.Printf("[DEBUG] ApigeeSharedflowDeployment deployStartTime %s", res["deployStartTime"]) + // org_id is not returned by the API; it is derived from the resource ID + // (set by Create or by the import parser) and stays in state untouched. + if err := d.Set("environment", flattenApigeeSharedflowDeploymentEnvironment(res["environment"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedflowDeployment: %s", err) + } + // The API uses `apiProxy` for both API proxy and shared flow deployments + // to identify the deployed artifact. + if err := d.Set("sharedflow_id", flattenApigeeSharedflowDeploymentSharedflowId(res["apiProxy"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedflowDeployment: %s", err) + } + if err := d.Set("revision", flattenApigeeSharedflowDeploymentRevision(res["revision"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedflowDeployment: %s", err) + } + if err := d.Set("service_account", flattenApigeeSharedflowDeploymentServiceAccount(res["serviceAccount"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedflowDeployment: %s", err) + } + return nil } @@ -263,7 +281,19 @@ func flattenApigeeSharedflowDeploymentRevision(v interface{}, d *schema.Resource } func flattenApigeeSharedflowDeploymentServiceAccount(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { - return v + // The Apigee API may return service accounts as a full resource name + // (e.g. "projects/-/serviceAccounts/sa@project.iam.gserviceaccount.com") + // while the schema documents (and Create accepts) the bare email form. + // Strip the prefix when present so a Read after a Create using the bare + // email does not show drift. + if v == nil { + return v + } + s, ok := v.(string) + if !ok { + return v + } + return strings.TrimPrefix(s, "projects/-/serviceAccounts/") } func init() { diff --git a/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment_test.go b/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment_test.go index 747804b3eea8..29a50391bc12 100644 --- a/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment_test.go +++ b/mmv1/third_party/terraform/services/apigee/resource_apigee_sharedflow_deployment_test.go @@ -135,11 +135,18 @@ resource "google_apigee_sharedflow" "test_apigee_sharedflow" { depends_on = [google_apigee_organization.apigee_org] } +resource "google_service_account" "sharedflow_sa" { + account_id = "tf-test-sf-sa%{random_suffix}" + display_name = "TF Test Sharedflow SA" + project = google_project.project.project_id +} + resource "google_apigee_sharedflow_deployment" "sharedflow_deployment_test" { - environment = google_apigee_environment.apigee_environment.name - org_id = google_apigee_sharedflow.test_apigee_sharedflow.org_id - revision = google_apigee_sharedflow.test_apigee_sharedflow.revision[length(google_apigee_sharedflow.test_apigee_sharedflow.revision)-1] - sharedflow_id = google_apigee_sharedflow.test_apigee_sharedflow.name + environment = google_apigee_environment.apigee_environment.name + org_id = google_apigee_sharedflow.test_apigee_sharedflow.org_id + revision = google_apigee_sharedflow.test_apigee_sharedflow.revision[length(google_apigee_sharedflow.test_apigee_sharedflow.revision)-1] + sharedflow_id = google_apigee_sharedflow.test_apigee_sharedflow.name + service_account = google_service_account.sharedflow_sa.email } `, context) }