Add Ability to enable multi-tenancy in Identity Platform

[kahunacohen]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

I would like to be able to enable multi-tenancy in identity platform without having to either enable it via the GUI or call an external script. As far as I can see this is not possible. In fact in the docs for google_identity_platform_tenant it says, "You must via the Cloud Console prior to creating tenants."

I would be happy to contribute a PR if this is something that can/or should be done.

New or Affected Resource(s)

• google_identity_platform_config

Potential Terraform Configuration

This would enable multi-tenancy:

resource google_identity_platform_config "auth"{
  ..
  allow_tenants: true
}

References

b/299600650

[kelseysunhaha]

社区笔记

• 请通过对原始问题添加 👍反应来对此问题进行投票，以帮助社区和维护者优先考虑此请求
• 请不要留下“+1”或“我也是”评论，它们会给问题关注者带来额外的噪音，并且无助于优先考虑请求
• 如果您有兴趣解决此问题或已提交拉取请求，请发表评论。如果问题被分配给“modular-magician”用户，则它要么正在自动生成，要么计划很快自动生成。如果问题被分配给某个用户，则该用户声称对该问题负责。如果问题被分配给“hashibot”，则社区成员已经声明了该问题。

描述

我希望能够在身份平台中启用多租户，而不必通过 GUI 启用它或调用外部脚本。据我所知这是不可能的。事实上，在它的文档中google_identity_platform_tenant说：“您必须在创建租户之前通过云控制台。”

如果这是可以/或应该做的事情，我很乐意贡献一份 PR。

新的或受影响的资源

• google_identity_platform_config

潜在的 Terraform 配置

这将启用多租户：

resource google_identity_platform_config "auth"{
  ..
  allow_tenants: true
}

参考

好的呀

[rileykarson]

Note: We need to confirm if this is possible, this used to be a Console-only step & may still be.

[kahunacohen]

I am able to call an api endpoint and enable it...

[DanielRieske]

The API does seem to have an option to enable this, I would love to pick this up and test it out, but unsure if an external contribution is accepted at this point.

https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config#MultiTenantConfig

[rileykarson]

We continue to be glad to accept contributions / help folks make changes to the provider! https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart is Console-only but that's not uncommon for instructions pages even when there's an API available.

[kahunacohen]

I'll see what I can do.

[DanielRieske]

@kahunacohen Let me know if I can assist in any way

[kahunacohen]

@kahunacohen Let me know if I can assist in any way

Thanks, I'm working on setting up the dev environment. I'll ping you with any questions.

[kahunacohen]

@DanielRieske the docs say to start by forking the magic modules repo, but they don't say whether to use the google repo or the hashicorp repo. I see that there's a hashicorp repo that's forked from the google repo...

[DanielRieske]

They mean this magic-modules repository, the Hashicorp terraform-provider-google and terraform-provider-google-beta repositories are generated from magic-modules

[rileykarson]

hashicorp/magic-modules is a shared development fork used by HashiCorp engineers to stage PRs, similar to a personal fork like mine (rileykarson/magic-modules). The upstream you contribute against is GoogleCloudPlatform/magic-modules, which will automatically apply those changes against hashicorp/terraform-provider-google and hashicorp/terraform-provider-google-beta once your PR is merged.

[gleichda]

@hao-nan-li This one can be closed. I had a formatting issue in the comment so the issues did not get closed.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.