modular-apprentice
diff --git a/‎mmv1/products/identityplatform/Config.yaml‎
Lines changed: 1 addition & 0 deletions b/‎mmv1/products/identityplatform/Config.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎mmv1/third_party/terraform/fwprovider/framework_provider_mmv1_resources.go‎
Lines changed: 1 addition & 0 deletions b/‎mmv1/third_party/terraform/fwprovider/framework_provider_mmv1_resources.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎mmv1/third_party/terraform/services/identityplatform/resource_identity_platform_config_test.go‎
Lines changed: 93 additions & 1 deletion b/‎mmv1/third_party/terraform/services/identityplatform/resource_identity_platform_config_test.go‎
Lines changed: 93 additions & 1 deletion
diff --git a/‎mmv1/third_party/terraform/services/resourcemanager/list_google_project_service.go‎
Lines changed: 97 additions & 0 deletions b/‎mmv1/third_party/terraform/services/resourcemanager/list_google_project_service.go‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎mmv1/third_party/terraform/services/resourcemanager/list_google_project_service_test.go‎
Lines changed: 72 additions & 0 deletions b/‎mmv1/third_party/terraform/services/resourcemanager/list_google_project_service_test.go‎
Lines changed: 72 additions & 0 deletions
@@ -378,6 +378,7 @@ properties:
                     The allowed number of adjacent intervals that will be used for verification to avoid clock skew.
   - name: 'multiTenant'
     type: NestedObject
+    default_from_api: true
     description: |
       Configuration related to multi-tenant functionality.
     custom_flatten: 'templates/terraform/custom_flatten/identity_platform_config_multi_tenant.go.tmpl'
 
@@ -16,4 +16,5 @@ var generatedListResources = []func() list.ListResource{}
 
 var handwrittenListResources = []func() list.ListResource{
 	listResourceFunc(resourcemanager.NewGoogleServiceAccountListResource()),
+	listResourceFunc(resourcemanager.NewGoogleProjectServiceListResource()),
 }
@@ -11,7 +11,6 @@ import (
 )
 
 func TestAccIdentityPlatformConfig_update(t *testing.T) {
-	acctest.SkipIfVcr(t)
 	t.Parallel()
 
 	context := map[string]interface{}{
@@ -34,6 +33,15 @@ func TestAccIdentityPlatformConfig_update(t *testing.T) {
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"client.0.api_key", "client.0.firebase_subdomain"},
 			},
+			{
+				Config: testAccIdentityPlatformConfig_disallowTenant(context),
+			},
+			{
+				ResourceName:            "google_identity_platform_config.basic",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"client.0.api_key", "client.0.firebase_subdomain"},
+			},
 			{
 				Config: testAccIdentityPlatformConfig_update(context),
 			},
@@ -122,6 +130,88 @@ resource "google_identity_platform_config" "basic" {
     allow_tenants           = true
     default_tenant_location = "organizations/%{org_id}"
   }
+
+  depends_on = [google_project_service.identitytoolkit]
+}
+`, context)
+}
+
+func testAccIdentityPlatformConfig_disallowTenant(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_project" "basic" {
+  project_id = "tf-test-my-project%{random_suffix}"
+  name       = "tf-test-my-project%{random_suffix}"
+  org_id     = "%{org_id}"
+  billing_account =  "%{billing_acct}"
+  deletion_policy = "DELETE"
+  labels = {
+    firebase = "enabled"
+  }
+}
+
+resource "google_project_service" "identitytoolkit" {
+  project = google_project.basic.project_id
+  service = "identitytoolkit.googleapis.com"
+}
+
+resource "google_identity_platform_config" "basic" {
+  project = google_project.basic.project_id
+  autodelete_anonymous_users = true
+  sign_in {
+    allow_duplicate_emails = true
+
+    anonymous {
+        enabled = true
+    }
+    email {
+        enabled = true
+        password_required = false
+    }
+    phone_number {
+        enabled = true
+        test_phone_numbers = {
+            "+11231231234" = "000000"
+        }
+    }
+  }
+  sms_region_config {
+    allow_by_default {
+      disallowed_regions = [
+        "CA",
+        "US",
+      ]
+    }
+  }
+
+  client {
+    permissions {
+      disabled_user_deletion = true
+      disabled_user_signup   = true
+    }
+  }
+
+  mfa {
+    enabled_providers = ["PHONE_SMS"]
+    provider_configs {
+      state = "ENABLED"
+      totp_provider_config {
+        adjacent_intervals = 3
+      }
+    }
+    state = "ENABLED"
+  }
+
+  monitoring {
+    request_logging {
+      enabled = true
+    }
+  }
+
+  multi_tenant {
+    allow_tenants           = false
+  }
+
+  depends_on = [google_project_service.identitytoolkit]
 }
 `, context)
 }
@@ -188,6 +278,8 @@ resource "google_identity_platform_config" "basic" {
       enabled = false
     }
   }
+
+  depends_on = [google_project_service.identitytoolkit]
 }
 `, context)
 }
@@ -0,0 +1,97 @@
+// Copyright (c) IBM Corp. 2014, 2026
+// SPDX-License-Identifier: MPL-2.0
+
+package resourcemanager
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/list"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+)
+
+type GoogleProjectServiceListResource struct {
+	tpgresource.ListResourceMetadata
+}
+
+// GoogleProjectServiceListModel matches [ListResourceMetadata.ListConfigFields] (tfsdk names and types).
+type GoogleProjectServiceListModel struct {
+	Project types.String `tfsdk:"project"`
+}
+
+func NewGoogleProjectServiceListResource() list.ListResource {
+	listR := &GoogleProjectServiceListResource{}
+	listR.TypeName = "google_project_service"
+	listR.SDKv2Resource = ResourceGoogleProjectService()
+	listR.ListConfigFields = []tpgresource.ListConfigField{{Name: "project", Kind: tpgresource.ListConfigKindString, Optional: true}}
+	return listR
+}
+
+func (listR *GoogleProjectServiceListResource) List(ctx context.Context, listReq list.ListRequest, stream *list.ListResultsStream) {
+	var data GoogleProjectServiceListModel
+	diags := listReq.Config.Get(ctx, &data)
+	if diags.HasError() {
+		stream.Results = list.ListResultsStreamDiagnostics(diags)
+		return
+	}
+	if listR.Client == nil {
+		diags = append(diags, diag.NewErrorDiagnostic(
+			"Provider not configured",
+			"The Google provider client is not available; ensure the provider is configured (e.g. credentials and default project).",
+		))
+		stream.Results = list.ListResultsStreamDiagnostics(diags)
+		return
+	}
+	project := tpgresource.GetResourceNameFromSelfLink(listR.GetProject(data.Project))
+
+	tempData := ResourceGoogleProjectService().Data(&terraform.InstanceState{})
+	if err := tempData.Set("project", project); err != nil {
+		diags.AddError("Config Error", fmt.Sprintf("Error setting project: %s", err))
+		stream.Results = list.ListResultsStreamDiagnostics(diags)
+		return
+	}
+
+	// BatchRequestReadServices (serviceusage_batching.go) calls ListCurrentlyEnabledServices
+	// in resource_google_project.go, which uses Service Usage Services.List(...).Pages(...)
+	servicesRaw, err := BatchRequestReadServices(project, tempData, listR.Client)
+	if err != nil {
+		diags.AddError("API Error", err.Error())
+		stream.Results = list.ListResultsStreamDiagnostics(diags)
+		return
+	}
+	servicesList := servicesRaw.(map[string]struct{})
+
+	stream.Results = func(push func(list.ListResult) bool) {
+		for serviceName := range servicesList {
+			rd := ResourceGoogleProjectService().Data(&terraform.InstanceState{})
+			if err := rd.Set("project", project); err != nil {
+				diags.AddError("Config Error", fmt.Sprintf("Error setting project: %s", err))
+				stream.Results = list.ListResultsStreamDiagnostics(diags)
+				return
+			}
+			if err := rd.Set("service", serviceName); err != nil {
+				diags.AddError("Config Error", fmt.Sprintf("Error setting service: %s", err))
+				stream.Results = list.ListResultsStreamDiagnostics(diags)
+				return
+			}
+			rd.SetId(fmt.Sprintf("%s/%s", project, serviceName))
+
+			result := listReq.NewListResult(ctx)
+			if err := listR.SetResult(ctx, listReq.IncludeResource, &result, rd, "service"); err != nil {
+				diags.AddError("Schema Error", err.Error())
+				stream.Results = list.ListResultsStreamDiagnostics(diags)
+				return
+			}
+			if !push(result) {
+				stream.Results = list.ListResultsStreamDiagnostics(diags)
+				return
+			}
+		}
+		stream.Results = list.ListResultsStreamDiagnostics(diags)
+	}
+}
@@ -0,0 +1,72 @@
+package resourcemanager_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/querycheck"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+// TestAccProjectServiceListResource_queryIdentity lists enabled project services via the
+// provider list resource API and asserts a known identity appears (Terraform 1.14+).
+func TestAccProjectServiceListResource_queryIdentity(t *testing.T) {
+	t.Parallel()
+
+	project := envvar.GetTestProjectFromEnv()
+	service := "iam.googleapis.com"
+
+	acctest.VcrTest(t, resource.TestCase{
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.SkipBelow(tfversion.Version1_14_0),
+		},
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccProjectServiceList_prereq(project, service),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_project_service.prereq", "service", service),
+					resource.TestCheckResourceAttr("google_project_service.prereq", "project", project),
+				),
+			},
+			{
+				Query:  true,
+				Config: testAccProjectServiceListQuery(project),
+				QueryResultChecks: []querycheck.QueryResultCheck{
+					querycheck.ExpectIdentity("google_project_service.all_in_project", map[string]knownvalue.Check{
+						"service": knownvalue.StringExact(service),
+						"project": knownvalue.StringExact(project),
+					}),
+					querycheck.ExpectLengthAtLeast("google_project_service.all_in_project", 1),
+				},
+			},
+		},
+	})
+}
+
+func testAccProjectServiceList_prereq(project, service string) string {
+	return fmt.Sprintf(`
+resource "google_project_service" "prereq" {
+  project = %q
+  service = %q
+}
+`, project, service)
+}
+
+func testAccProjectServiceListQuery(project string) string {
+	return fmt.Sprintf(`
+list "google_project_service" "all_in_project" {
+  provider = google
+
+  config {
+    project = %q
+  }
+}
+`, project)
+}
Original file line number	Diff line number	Diff line change
`@@ -16,4 +16,5 @@ var generatedListResources = []func() list.ListResource{}`
`16`	`16`
`17`	`17`	`var handwrittenListResources = []func() list.ListResource{`
`18`	`18`	`listResourceFunc(resourcemanager.NewGoogleServiceAccountListResource()),`
	`19`	`+ listResourceFunc(resourcemanager.NewGoogleProjectServiceListResource()),`
`19`	`20`	`}`