E2E tests fixes
This commit is contained in:
parent
01bd0b7b01
commit
0d486fb34e
|
@ -182,6 +182,12 @@ resource "google_compute_subnetwork" "proxy_only" {
|
|||
)
|
||||
purpose = each.value.global ? "GLOBAL_MANAGED_PROXY" : "REGIONAL_MANAGED_PROXY"
|
||||
role = each.value.active ? "ACTIVE" : "BACKUP"
|
||||
|
||||
lifecycle {
|
||||
# Until https://github.com/hashicorp/terraform-provider-google/issues/16804 is fixed
|
||||
# ignore permadiff in ipv6_access_type for proxy_only subnets
|
||||
ignore_changes = [ipv6_access_type]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_compute_subnetwork" "psc" {
|
||||
|
|
|
@ -354,7 +354,7 @@ module "service-project" {
|
|||
]
|
||||
shared_vpc_service_config = {
|
||||
host_project = module.host-project.project_id
|
||||
network_users = ["group:team-1@example.com"]
|
||||
network_users = ["group:${var.group_email}"]
|
||||
# reuse the list of services from the module's outputs
|
||||
service_iam_grants = module.service-project.services
|
||||
}
|
||||
|
@ -362,7 +362,7 @@ module "service-project" {
|
|||
# tftest modules=2 resources=11 inventory=shared-vpc-host-project-iam.yaml e2e
|
||||
```
|
||||
|
||||
In specific cases it might make sense to selectively grant the `compute.networkUser` role for service identities at the subnet level, and while that is best done via org policies it's also supported by this module. In this example, Compute service identity and `team-1@example.com` Google Group will be granted compute.networkUser in the `gce` subnet defined in `europe-west1` region via the `service_identity_subnet_iam` and `network_subnet_users` attributes.
|
||||
In specific cases it might make sense to selectively grant the `compute.networkUser` role for service identities at the subnet level, and while that is best done via org policies it's also supported by this module. In this example, Compute service identity and `team-1@example.com` Google Group will be granted compute.networkUser in the `gce` subnet defined in `europe-west1` region in the `host` project (not included in the example) via the `service_identity_subnet_iam` and `network_subnet_users` attributes.
|
||||
|
||||
```hcl
|
||||
module "host-project" {
|
||||
|
|
|
@ -34,7 +34,7 @@ values:
|
|||
condition: []
|
||||
project: test-host
|
||||
role: roles/container.hostServiceAgentUser
|
||||
module.service-project.google_project_iam_member.shared_vpc_host_iam["group:team-1@example.com"]:
|
||||
module.service-project.google_project_iam_member.shared_vpc_host_iam["group:organization-admins@example.org"]:
|
||||
condition: [ ]
|
||||
project: test-host
|
||||
role: roles/compute.networkUser
|
||||
|
|
Loading…
Reference in New Issue