Feature Request: datadog_integration_gcp should be able to take the base64 encoded private_key to populate every required field

DataDog / terraform-provider-datadog

Terraform Datadog provider

Mozilla Public License 2.0

393 stars 373 forks source link

Terraform Version

v0.12.24

Affected Resource(s)

datadog_integration_gcp

Terraform Configuration Files


resource "google_service_account" "datadog" {
  account_id   = "datadog"
  display_name = "Datadog service account (GCP Integration)"
}

resource "google_service_account_key" "datadog_key" {
  service_account_id = google_service_account.datadog.id
}

resource "google_project_iam_member" "datadog_compute-viewer-role" {
  role    = "roles/compute.viewer"
  member  = "serviceAccount:${google_service_account.datadog.email}"
}

resource "google_project_iam_member" "datadog_monitoring-viewer-role" {
  role    = "roles/monitoring.viewer"
  member  = "serviceAccount:${google_service_account.datadog.email}"
}

resource "google_project_iam_member" "datadog_cloudasset-viewer-role" {
  role    = "roles/cloudasset.viewer"
  member  = "serviceAccount:${google_service_account.datadog.email}"
}

locals {
  datadog_decoded_key = jsondecode(base64decode(google_service_account_key.datadog_key.private_key))
}

resource "datadog_integration_gcp" "datadog_integration_gcp_1" {
  project_id     = local.datadog_decoded_key["project_id"]
  private_key_id = local.datadog_decoded_key["private_key_id"]
  private_key    = local.datadog_decoded_key["private_key"]
  client_email   = local.datadog_decoded_key["client_email"]
  client_id      = local.datadog_decoded_key["client_id"]
}

Debug Output

N/A

Panic Output

N/A

Expected Behavior

We should be able to pass private_key to the Datadog provider as it contains every single required information required to configure the GCP integration. As demonstrated by the previous HCL example, google_service_account_key.datadog_key.private_key contains everything needed.

Actual Behavior

Passing the private_key in private_key will not fail but will create an invalid GCP integration as it expected the certificate. (No errors available on Datadog UI unless you try to create an archive, "This integration is working properly." when viewing the Integration page)

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

terraform apply

Important Factoids

N/A

References

N/A

resource "google_service_account" "datadog" { account_id = "datadog" display_name = "Datadog service account (GCP Integration)" } resource "google_service_account_key" "datadog_key" { service_account_id = google_service_account.datadog.id } resource "google_project_iam_member" "datadog_compute-viewer-role" { role = "roles/compute.viewer" member = "serviceAccount:${google_service_account.datadog.email}" } resource "google_project_iam_member" "datadog_monitoring-viewer-role" { role = "roles/monitoring.viewer" member = "serviceAccount:${google_service_account.datadog.email}" } resource "google_project_iam_member" "datadog_cloudasset-viewer-role" { role = "roles/cloudasset.viewer" member = "serviceAccount:${google_service_account.datadog.email}" } # Output the private key in base64 format resource "null_resource" "output_private_key" { triggers = { private_key = google_service_account_key.datadog_key.private_key } provisioner "local-exec" { command = <<EOT echo '${google_service_account_key.datadog_key.private_key}' | base64 -d > datadog_private_key.pem EOT } } # Data source for the decoded private key data "external" "decode_private_key" { program = ["bash", "-c", "cat datadog_private_key.pem | jq -Rs 'split(\"\\n\") | .[1:-1] | join(\"\")'"] } resource "datadog_integration_gcp" "datadog_integration_gcp_1" { project_id = local.datadog_decoded_key["project_id"] private_key_id = local.datadog_decoded_key["private_key_id"] private_key = data.external.decode_private_key.result client_email = local.datadog_decoded_key["client_email"] client_id = local.datadog_decoded_key["client_id"] }

DataDog / terraform-provider-datadog