Data sources for google_access_context_manager

AlexanderFengFeng commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

It may be useful to have Data Source equivalents for some of the existing resources, particularly google_access_context_manager_access_policy, google_access_context_manager_access_level, and google_access_context_manager_service_perimeter.

For example, a google_access_context_manager_access_policy data source could be used to get the policy ID for an existing access policy based on the organization, meaning someone writing creating an access level or service perimeter for an existing policy could do so without having to find the policy ID (they would be finding it by the organization ID, which is arguably more accessible).

New or Affected Resource(s)

google_access_context_manager_access_policy
google_access_context_manager_access_level
google_access_context_manager_service_perimeter

Potential Terraform Configuration

data "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/123456789"
}

resource "google_access_context_manager_access_level" "access-level" {
  parent = "accessPolicies/${data.google_access_context_manager_access_policy.access-policy.name}"
  name   = "accessPolicies/${data.google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock"

  ...

  }
}

b/359675471

mvanholsteijn commented 3 years ago

The most important one AFAICS, is the datasource for google_access_context_manager_access_policy as this policy is a singleton.

A datasource for google_access_context_manager_access_level is not really required, as the id is the logical name that you gave it. In the example above, I can refer to the access level from any perimeter by specifying: accessPolicies/${data.google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock as a id.

Service perimeters are not referenced in any other resource, so a datasource is not very relevant.

ggtisc commented 2 months ago

This needs to be evaluated if it is worth adding new data-sources for the google_access_context_manager resources

hashicorp / terraform-provider-google