feat(omni): add support for GCP imagePullServiceAccount

Author: claudiolor

castai/resource_edge_location.go

@@ -66,6 +66,7 @@ type awsModel struct {
 
 type gcpModel struct {
 	ProjectID                        types.String `tfsdk:"project_id"`
+	InstanceServiceAccount           types.String `tfsdk:"instance_service_account"`
 	ClientServiceAccountJSONBase64WO types.String `tfsdk:"client_service_account_json_base64_wo"`
 	NetworkName                      types.String `tfsdk:"network_name"`
 	SubnetName                       types.String `tfsdk:"subnet_name"`
@@ -108,7 +109,8 @@ func (m gcpModel) Equal(other *gcpModel) bool {
 	return m.ProjectID.Equal(other.ProjectID) &&
 		m.NetworkName.Equal(other.NetworkName) &&
 		m.SubnetName.Equal(other.SubnetName) &&
-		m.NetworkTags.Equal(other.NetworkTags)
+		m.NetworkTags.Equal(other.NetworkTags) &&
+		m.InstanceServiceAccount.Equal(other.InstanceServiceAccount)
 }
 
 func (m ociModel) credentials() types.String {
@@ -260,6 +262,10 @@ func (r *edgeLocationResource) Schema(_ context.Context, _ resource.SchemaReques
 						Required:    true,
 						Description: "GCP project ID where edges run",
 					},
+					"instance_service_account": schema.StringAttribute{
+						Optional:    true,
+						Description: "GCP service account email to be attached to edge instances. It can be used to grant permissions to access other GCP resources.",
+					},
 					"client_service_account_json_base64_wo": schema.StringAttribute{
 						Required:    true,
 						Sensitive:   true,
@@ -736,8 +742,14 @@ func (r *edgeLocationResource) toGCP(ctx context.Context, plan, config *gcpModel
 		return nil, diags
 	}
 
+	var instanceServiceAccount *string
+	if !plan.InstanceServiceAccount.IsNull() && plan.InstanceServiceAccount.ValueString() != "" {
+		instanceServiceAccount = lo.ToPtr(plan.InstanceServiceAccount.ValueString())
+	}
+
 	out := &omni.GCPParam{
-		ProjectId: plan.ProjectID.ValueString(),
+		ProjectId:              plan.ProjectID.ValueString(),
+		InstanceServiceAccount: instanceServiceAccount,
 		Credentials: &omni.GCPParamCredentials{
 			ClientServiceAccountJsonBase64: config.ClientServiceAccountJSONBase64WO.ValueString(),
 		},
@@ -759,12 +771,17 @@ func (r *edgeLocationResource) toGCPModel(ctx context.Context, config *omni.GCPP
 
 	gcp := &gcpModel{
 		ProjectID:                        types.StringValue(config.ProjectId),
+		InstanceServiceAccount:           types.StringNull(),
 		ClientServiceAccountJSONBase64WO: types.StringNull(),
 		NetworkName:                      types.StringNull(),
 		SubnetName:                       types.StringNull(),
 		NetworkTags:                      types.SetNull(types.StringType),
 	}
 
+	if config.InstanceServiceAccount != nil {
+		gcp.InstanceServiceAccount = types.StringValue(*config.InstanceServiceAccount)
+	}
+
 	if config.Networking != nil {
 		gcp.NetworkName = types.StringValue(config.Networking.NetworkName)
 		gcp.SubnetName = types.StringValue(config.Networking.SubnetName)

castai/resource_edge_location_test.go

@@ -101,6 +101,7 @@ func TestAccCloudAgnostic_ResourceEdgeLocationGCP(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "zones.1.id", "us-central1-b"),
 					resource.TestCheckResourceAttr(resourceName, "zones.1.name", "us-central1-b"),
 					resource.TestCheckResourceAttrSet(resourceName, "gcp.project_id"),
+					resource.TestCheckResourceAttr(resourceName, "gcp.instance_service_account", "custom-sa@test-project-123456.iam.gserviceaccount.com"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "credentials_revision", "1"),
 				),
@@ -302,11 +303,12 @@ resource "castai_edge_location" "test" {
 %[3]s
 
   gcp = {
-    project_id     = "test-project-123456"
+    project_id               = "test-project-123456"
+	instance_service_account = "custom-sa@test-project-123456.iam.gserviceaccount.com"
     %[5]s
-    network_name   = "test-network"
-    subnet_name    = "test-subnet"
-    network_tags   = [%[4]s]
+    network_name             = "test-network"
+    subnet_name              = "test-subnet"
+    network_tags             = [%[4]s]
   }
 }
 `, rName, description, zonesConfig, networkTagsConfig, gcpCredentials, organizationID))