From d793342b7686c4a186cabf665dd7e2ec57c3acdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ruben=20H=C3=B6nle?= Date: Fri, 23 May 2025 14:53:47 +0200 Subject: [PATCH] chore(docs): add guide how to create service account in empty org (#862) relates to #855 --- docs/guides/stackit_org_service_account.md | 15 +++++++++++++++ docs/resources/resourcemanager_project.md | 3 +++ .../services/resourcemanager/project/resource.go | 5 ++++- .../guides/stackit_org_service_account.md.tmpl | 15 +++++++++++++++ 4 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 docs/guides/stackit_org_service_account.md create mode 100644 templates/guides/stackit_org_service_account.md.tmpl diff --git a/docs/guides/stackit_org_service_account.md b/docs/guides/stackit_org_service_account.md new file mode 100644 index 00000000..e75ad7ef --- /dev/null +++ b/docs/guides/stackit_org_service_account.md @@ -0,0 +1,15 @@ +--- +page_title: "Creating projects in empty organization via Terraform" +--- +# Creating projects in empty organization via Terraform + +Consider the following situation: You're starting with an empty STACKIT organization and want to create projects +in this organization using the `stackit_resourcemanager_project` resource. Unfortunately it's not possible to create +a service account on organization level which can be used for authentication in the STACKIT Terraform provider. +The following steps will help you to get started: + +1. Using the STACKIT portal, create a dummy project in your organization which will hold your service account, let's name it e.g. "dummy-service-account-project". +2. In this "dummy-service-account-project", create a service account. Create and save a service account key to use for authentication for the STACKIT Terraform provider later as described in the docs. Now copy the e-mail address of the service account you just created. +3. Here comes the important part: Navigate to your organization, open it and select "Access". Click on the "Grant access" button and paste the e-mail address of your service account. Be careful to grant the service account enough permissions to create projects in your organization, e.g. by assigning the "owner" role to it. + +*This problem was brought up initially in [this](https://github.com/stackitcloud/terraform-provider-stackit/issues/855) issue on GitHub.* diff --git a/docs/resources/resourcemanager_project.md b/docs/resources/resourcemanager_project.md index ea0a70bc..cfc1de4f 100644 --- a/docs/resources/resourcemanager_project.md +++ b/docs/resources/resourcemanager_project.md @@ -4,12 +4,15 @@ page_title: "stackit_resourcemanager_project Resource - stackit" subcategory: "" description: |- Resource Manager project resource schema. To use this resource, it is required that you set the service account email in the provider configuration. + -> In case you're getting started with an empty STACKIT organization and want to use this resource to create projects in it, check out this guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/stackit_org_service_account for how to create a service account which you can use for authentication in the STACKIT Terraform provider. --- # stackit_resourcemanager_project (Resource) Resource Manager project resource schema. To use this resource, it is required that you set the service account email in the provider configuration. +-> In case you're getting started with an empty STACKIT organization and want to use this resource to create projects in it, check out [this guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/stackit_org_service_account) for how to create a service account which you can use for authentication in the STACKIT Terraform provider. + ## Example Usage ```terraform diff --git a/stackit/internal/services/resourcemanager/project/resource.go b/stackit/internal/services/resourcemanager/project/resource.go index 45b55271..e4f37309 100644 --- a/stackit/internal/services/resourcemanager/project/resource.go +++ b/stackit/internal/services/resourcemanager/project/resource.go @@ -91,7 +91,10 @@ func (r *projectResource) Configure(ctx context.Context, req resource.ConfigureR // Schema defines the schema for the resource. func (r *projectResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { descriptions := map[string]string{ - "main": "Resource Manager project resource schema. To use this resource, it is required that you set the service account email in the provider configuration.", + "main": fmt.Sprintf("%s\n\n%s", + "Resource Manager project resource schema. To use this resource, it is required that you set the service account email in the provider configuration.", + "-> In case you're getting started with an empty STACKIT organization and want to use this resource to create projects in it, check out [this guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/stackit_org_service_account) for how to create a service account which you can use for authentication in the STACKIT Terraform provider.", + ), "id": "Terraform's internal resource ID. It is structured as \"`container_id`\".", "project_id": "Project UUID identifier. This is the ID that can be used in most of the other resources to identify the project.", "container_id": "Project container ID. Globally unique, user-friendly identifier.", diff --git a/templates/guides/stackit_org_service_account.md.tmpl b/templates/guides/stackit_org_service_account.md.tmpl new file mode 100644 index 00000000..e75ad7ef --- /dev/null +++ b/templates/guides/stackit_org_service_account.md.tmpl @@ -0,0 +1,15 @@ +--- +page_title: "Creating projects in empty organization via Terraform" +--- +# Creating projects in empty organization via Terraform + +Consider the following situation: You're starting with an empty STACKIT organization and want to create projects +in this organization using the `stackit_resourcemanager_project` resource. Unfortunately it's not possible to create +a service account on organization level which can be used for authentication in the STACKIT Terraform provider. +The following steps will help you to get started: + +1. Using the STACKIT portal, create a dummy project in your organization which will hold your service account, let's name it e.g. "dummy-service-account-project". +2. In this "dummy-service-account-project", create a service account. Create and save a service account key to use for authentication for the STACKIT Terraform provider later as described in the docs. Now copy the e-mail address of the service account you just created. +3. Here comes the important part: Navigate to your organization, open it and select "Access". Click on the "Grant access" button and paste the e-mail address of your service account. Be careful to grant the service account enough permissions to create projects in your organization, e.g. by assigning the "owner" role to it. + +*This problem was brought up initially in [this](https://github.com/stackitcloud/terraform-provider-stackit/issues/855) issue on GitHub.*