From 70d9c1da0a7c047f6c01fb74d6ecfb5bb554ade2 Mon Sep 17 00:00:00 2001 From: The Magician Date: Fri, 13 Dec 2024 12:34:09 -0800 Subject: [PATCH] fix: update spanner terraform doc (#12564) (#20693) [upstream:ee0266255be4fd1cf6032a52cc1aba003cea8f36] Signed-off-by: Modular Magician --- .changelog/12564.txt | 3 +++ website/docs/r/spanner_instance_iam.html.markdown | 2 ++ 2 files changed, 5 insertions(+) create mode 100644 .changelog/12564.txt diff --git a/.changelog/12564.txt b/.changelog/12564.txt new file mode 100644 index 00000000000..bed9fed18b0 --- /dev/null +++ b/.changelog/12564.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +spanner: updated document for IAM policy for Spanner Databases on federated identities +``` \ No newline at end of file diff --git a/website/docs/r/spanner_instance_iam.html.markdown b/website/docs/r/spanner_instance_iam.html.markdown index f093e8d0878..f5745dfc9e7 100644 --- a/website/docs/r/spanner_instance_iam.html.markdown +++ b/website/docs/r/spanner_instance_iam.html.markdown @@ -73,6 +73,8 @@ The following arguments are supported: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **principal:{principal}**: Federated single identity. For example, principal://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/subject/ns/NAMESPACE/sa/SERVICEACCOUNT + * **principalSet:{principalSet}**: Federated identity group. For example, principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/namespace/NAMESPACE * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.