Add support for Dataproc Metastore Service gRPC scoped roles

[gmspinheiro]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The goal should be to add similar resources to google_dataproc_metastore_service_iam, but applied to: backups, databases and tables. I had a look into the google-beta provider and I couldn't find anything similar.

New or Affected Resource(s)

• google_dataproc_metastore_backup_iam_policy
• google_dataproc_metastore_backup_iam_binding
• google_dataproc_metastore_backup_iam_member
• google_dataproc_metastore_database_iam_policy
• google_dataproc_metastore_database_iam_binding
• google_dataproc_metastore_database_iam_member
• google_dataproc_metastore_table_iam_policy
• google_dataproc_metastore_table_iam_binding
• google_dataproc_metastore_table_iam_member

Potential Terraform Configuration

# Example of a database "admin" type grant using _member
resource "google_dataproc_metastore_database_iam_member" "member" {
  project = google_dataproc_metastore_service.default.project
  location = google_dataproc_metastore_service.default.location
  service_id = google_dataproc_metastore_service.default.service_id
  database = "example"
  role = "roles/metastore.metadataOwner"
  member = "user:jane@example.com"
}

References

Looking into the documentation, the beta roles should be considered - https://cloud.google.com/dataproc-metastore/docs/iam-roles.

The gcloud beta cli version supports adding policies at these different scopes:

• backups - https://cloud.google.com/sdk/gcloud/reference/beta/metastore/services/backups
• databases - https://cloud.google.com/sdk/gcloud/reference/beta/metastore/services/databases
• tables - https://cloud.google.com/sdk/gcloud/reference/beta/metastore/services/databases/tables

b/299600951

[melinath]

Note: backups seems to be a real resource in that it has create and delete methods (but it is not supported by Terraform right now.)

databases and databases.tables are not real resources. For those two, we could still add support for IAM as described on https://googlecloudplatform.github.io/magic-modules/develop/resource/#add-iam-support in the "Handwritten" tab.