Add IAM resources google_identity_platform_tenant_iam_* to manage access to resources on a tenant level

[MaStFAU]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

When working with multiple tenants, it is not a secure setup to give service accounts access to all tenants. According to the docs, it is possible to manage access control per tenant via the console: https://cloud.google.com/identity-platform/docs/multi-tenancy-access-control

However, so far there is no resource google_identity_platform_tenant_iam_member to manage access on a resource level.

New or Affected Resource(s)

• google_identity_platform_tenant_iam_member

Potential Terraform Configuration

resource "google_identity_platform_tenant_iam_member" "default" {
  project = "my-gcp-project"
  tenant_id = "tenant-kg7dk"
  member    = "serviceAccount:customer-instance-service-account@my-gcp-project.iam.gserviceaccount.com"
  role      = "roles/firebase.sdkAdminServiceAgent"
}

References

https://cloud.google.com/identity-platform/docs/multi-tenancy-access-control

b/356160000

[MaStFAU]

Just saw this is a duplicate of #8684

Any chance this will be implemented soon? It is quite important from a security perspective.