Open Sayrus opened 3 years ago
resource "google_service_account" "datadog" {
account_id = "datadog"
display_name = "Datadog service account (GCP Integration)"
}
resource "google_service_account_key" "datadog_key" {
service_account_id = google_service_account.datadog.id
}
resource "google_project_iam_member" "datadog_compute-viewer-role" {
role = "roles/compute.viewer"
member = "serviceAccount:${google_service_account.datadog.email}"
}
resource "google_project_iam_member" "datadog_monitoring-viewer-role" {
role = "roles/monitoring.viewer"
member = "serviceAccount:${google_service_account.datadog.email}"
}
resource "google_project_iam_member" "datadog_cloudasset-viewer-role" {
role = "roles/cloudasset.viewer"
member = "serviceAccount:${google_service_account.datadog.email}"
}
# Output the private key in base64 format
resource "null_resource" "output_private_key" {
triggers = {
private_key = google_service_account_key.datadog_key.private_key
}
provisioner "local-exec" {
command = <<EOT
echo '${google_service_account_key.datadog_key.private_key}' | base64 -d > datadog_private_key.pem
EOT
}
}
# Data source for the decoded private key
data "external" "decode_private_key" {
program = ["bash", "-c", "cat datadog_private_key.pem | jq -Rs 'split(\"\\n\") | .[1:-1] | join(\"\")'"]
}
resource "datadog_integration_gcp" "datadog_integration_gcp_1" {
project_id = local.datadog_decoded_key["project_id"]
private_key_id = local.datadog_decoded_key["private_key_id"]
private_key = data.external.decode_private_key.result
client_email = local.datadog_decoded_key["client_email"]
client_id = local.datadog_decoded_key["client_id"]
}
Terraform Version
v0.12.24
Affected Resource(s)
Terraform Configuration Files
Debug Output
N/A
Panic Output
N/A
Expected Behavior
We should be able to pass
private_key
to the Datadog provider as it contains every single required information required to configure the GCP integration. As demonstrated by the previous HCL example,google_service_account_key.datadog_key.private_key
contains everything needed.Actual Behavior
Passing the private_key in private_key will not fail but will create an invalid GCP integration as it expected the certificate. (No errors available on Datadog UI unless you try to create an archive, "This integration is working properly." when viewing the Integration page)
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
Important Factoids
N/A
References
N/A