Apigee Deployment IAM Resource for specific API Authentication

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

Cloud IAM-based authorization with the VerifyIAM policy was released in Sept 2024 and requires granting Deployment IAM roles for specific API access.

Guide: https://cloud.google.com/apigee/docs/api-platform/security/iam/iam-overview

Deployment resource is not currently supported, but supporting only the IAM resource would be sufficient.

New or Affected Resource(s)

google_apigee_deployment_iam_policy
google_apigee_deployment_iam_binding
google_apigee_deployment_iam_member

Potential Terraform Configuration

resource "google_apigee_deployment_iam_binding" "binding" {
  org_id     = google_apigee_environment.apigee_environment.org_id
  env_id     = google_apigee_environment.apigee_environment.name
  deployment = "api"
  role       = "roles/apigee.deploymentInvoker"
  members = [
    "user:jane@example.com",
  ]
}

References

b/376066543

hashicorp / terraform-provider-google

Apigee Deployment IAM Resource for specific API Authentication #20053

Community Note

Description

New or Affected Resource(s)

Potential Terraform Configuration

References