don't support datastream api in module shared_vpc_access

[SergiiGlad]

TL;DR

When I create a project with datastream.googleapis.com in activate_apis, the shared_vpc_access module tries to grant roles/compute.networkAdmin using the resource google_project_iam_member "datastream_network_admin". However, enabling the datastream.googleapis.com API does not create the service account sa-datastream. As a result, I encounter an error. Regarding documentation https://cloud.google.com/datastream/docs/create-a-private-connectivity-configuration#shared-vpc. Datastream service accounts are created when you perform one of the following: You create a Datastream resource, such as a connection profile or a stream. You create a private connectivity configuration, select your shared VPC and click Create Datastream Service Account. The service account is created in the host project.

Expected behavior

Module shared_vpc_access grants permission networkAdmin to DataStream sa.

Observed behavior

Error service account doesn't exist

Terraform Configuration

module "project"
source = "terraform-google-modules/project-factory/google"
version = "15.0.0"

name = join("-", [local.lbu, local.env, local stage, Local-appref])
org id = local.org_id
folder_id = local.folder_id
billing_account = local.billing_account_id

labels = local.labels
svpc_host_project_id = local. infra_project_id
shared voc sunets = [for name, net in module.shared_vpc.subnets : net.id]
disable_services_on_destroy = false
random_project_id = true
activate_apis = [ "datastream.googleapis.com" ]
grant_services_security_admin_role = local.is_cluster # role granted to GKE service account
depends_on = [module. shared_vpc, ]
}

Terraform Version

1.6.4
TPG google 5.22
TPG google-beat 5.22

Additional information

No response

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days