[datadog_integration_gcp_sts] Add IsPerProjectQuotaEnabled field (#2999)

* add is per project quota enabled to terraform

* Update docs/resources/integration_gcp_sts.md

Co-authored-by: DeForest Richards <[email protected]>

* update doc

---------

Co-authored-by: DeForest Richards <[email protected]>

Author: tedkahwaji

datadog/fwprovider/resource_datadog_integration_gcp_sts.go

@@ -47,6 +47,7 @@ type integrationGcpStsModel struct {
 	IsCspmEnabled                     types.Bool                    `tfsdk:"is_cspm_enabled"`
 	IsSecurityCommandCenterEnabled    types.Bool                    `tfsdk:"is_security_command_center_enabled"`
 	IsResourceChangeCollectionEnabled types.Bool                    `tfsdk:"is_resource_change_collection_enabled"`
+	IsPerProjectQuotaEnabled          types.Bool                    `tfsdk:"is_per_project_quota_enabled"`
 	ResourceCollectionEnabled         types.Bool                    `tfsdk:"resource_collection_enabled"`
 }
 
@@ -131,6 +132,11 @@ func (r *integrationGcpStsResource) Schema(_ context.Context, _ resource.SchemaR
 				Optional:    true,
 				Computed:    true,
 			},
+			"is_per_project_quota_enabled": schema.BoolAttribute{
+				Description: "When enabled, Datadog includes the `X-Goog-User-Project` header to attribute Google Cloud billing and quota usage to the monitored project instead of the default service account project.",
+				Optional:    true,
+				Computed:    true,
+			},
 			"resource_collection_enabled": schema.BoolAttribute{
 				Description: "When enabled, Datadog scans for all resources in your GCP environment.",
 				Optional:    true,
@@ -329,6 +335,9 @@ func (r *integrationGcpStsResource) updateState(ctx context.Context, state *inte
 	if isResourceChangeCollectionEnabled, ok := attributes.GetIsResourceChangeCollectionEnabledOk(); ok {
 		state.IsResourceChangeCollectionEnabled = types.BoolValue(*isResourceChangeCollectionEnabled)
 	}
+	if isPerProjectQuotaEnabled, ok := attributes.GetIsPerProjectQuotaEnabledOk(); ok {
+		state.IsPerProjectQuotaEnabled = types.BoolValue(*isPerProjectQuotaEnabled)
+	}
 	if resourceCollectionEnabled, ok := attributes.GetResourceCollectionEnabledOk(); ok {
 		state.ResourceCollectionEnabled = types.BoolValue(*resourceCollectionEnabled)
 	}
@@ -383,6 +392,9 @@ func (r *integrationGcpStsResource) buildIntegrationGcpStsRequestBody(ctx contex
 	if !state.ResourceCollectionEnabled.IsUnknown() {
 		attributes.SetResourceCollectionEnabled(state.ResourceCollectionEnabled.ValueBool())
 	}
+	if !state.IsPerProjectQuotaEnabled.IsUnknown() {
+		attributes.SetIsPerProjectQuotaEnabled(state.IsPerProjectQuotaEnabled.ValueBool())
+	}
 
 	return attributes, diags
 }

datadog/tests/cassettes/TestAccIntegrationGcpStsBasic.freeze

@@ -1 +1 @@
-2024-11-07T13:41:37.228942-05:00
+2025-05-01T19:18:24.377047-04:00

datadog/tests/cassettes/TestAccIntegrationGcpStsBasic.yaml

@@ -1 +1 @@
-2024-11-07T13:41:47.58081-05:00
+2025-05-01T19:18:42.446099-04:00

datadog/tests/cassettes/TestAccIntegrationGcpStsDefault.freeze

@@ -35,6 +35,8 @@ func TestAccIntegrationGcpStsBasic(t *testing.T) {
 						"datadog_integration_gcp_sts.foo", "is_security_command_center_enabled", "false"),
 					resource.TestCheckResourceAttr(
 						"datadog_integration_gcp_sts.foo", "is_resource_change_collection_enabled", "false"),
+					resource.TestCheckResourceAttr(
+						"datadog_integration_gcp_sts.foo", "is_per_project_quota_enabled", "false"),
 					resource.TestCheckResourceAttr(
 						"datadog_integration_gcp_sts.foo", "resource_collection_enabled", "false"),
 					resource.TestCheckTypeSetElemAttr(
@@ -75,6 +77,8 @@ func TestAccIntegrationGcpStsBasic(t *testing.T) {
 						"datadog_integration_gcp_sts.foo", "is_security_command_center_enabled", "true"),
 					resource.TestCheckResourceAttr(
 						"datadog_integration_gcp_sts.foo", "is_resource_change_collection_enabled", "true"),
+					resource.TestCheckResourceAttr(
+						"datadog_integration_gcp_sts.foo", "is_per_project_quota_enabled", "true"),
 					resource.TestCheckResourceAttr(
 						"datadog_integration_gcp_sts.foo", "resource_collection_enabled", "true"),
 					resource.TestCheckNoResourceAttr(
@@ -138,6 +142,7 @@ resource "datadog_integration_gcp_sts" "foo" {
     resource_collection_enabled = "false"
     is_security_command_center_enabled = "false"
 	is_resource_change_collection_enabled = "false"
+	is_per_project_quota_enabled          = "false"
     account_tags = ["a:tag", "another:one", "and:another"]
 }`, uniq)
 }
@@ -151,6 +156,7 @@ resource "datadog_integration_gcp_sts" "foo" {
     resource_collection_enabled = "true"
     is_security_command_center_enabled = "true"
 	is_resource_change_collection_enabled = "true"
+    is_per_project_quota_enabled          = "true"
 }`, uniq)
 }
 

datadog/tests/cassettes/TestAccIntegrationGcpStsDefault.yaml

@@ -52,6 +52,7 @@ resource "datadog_integration_gcp_sts" "foo" {
 - `cloud_run_revision_filters` (Set of String) Tags to filter which Cloud Run revisions are imported into Datadog. Only revisions that meet specified criteria are monitored.
 - `host_filters` (Set of String) Your Host Filters.
 - `is_cspm_enabled` (Boolean) Whether Datadog collects cloud security posture management resources from your GCP project. If enabled, requires `resource_collection_enabled` to also be enabled.
+- `is_per_project_quota_enabled` (Boolean) When enabled, Datadog includes the `X-Goog-User-Project` header to attribute Google Cloud billing and quota usage to the monitored project instead of the default service account project.
 - `is_resource_change_collection_enabled` (Boolean) When enabled, Datadog scans for all resource change data in your Google Cloud environment.
 - `is_security_command_center_enabled` (Boolean) When enabled, Datadog will attempt to collect Security Command Center Findings. Note: This requires additional permissions on the service account. Defaults to `false`.
 - `metric_namespace_configs` (Set of Object) Configuration for a GCP metric namespace. (see [below for nested schema](#nestedatt--metric_namespace_configs))