fixup(project-factory): Use the correct KMS Service Agents attribute … (#1446)

* fixup(project-factory): Use the correct KMS Service Agents attribute name * Add new KMS bindings to tests * Update test resource counts * Update README.md resource count
2023-06-20 09:53:08 +10:00 · 2023-06-20 09:53:08 +10:00 · 7cacc46b4b
parent bd3296bc46
commit 7cacc46b4b
3 changed files with 20 additions and 3 deletions
--- a/blueprints/factories/project-factory/README.md
+++ b/blueprints/factories/project-factory/README.md
@ -67,7 +67,7 @@ module "projects" {
  folder_id              = each.value.folder_id
  group_iam              = try(each.value.group_iam, {})
  iam                    = try(each.value.iam, {})
-  kms_service_agents     = try(each.value.kms, {})
+  kms_service_agents     = try(each.value.kms_service_agents, {})
  labels                 = try(each.value.labels, {})
  org_policies           = try(each.value.org_policies, {})
  prefix                 = each.value.prefix
@ -76,7 +76,7 @@ module "projects" {
  service_identities_iam = try(each.value.service_identities_iam, {})
  vpc                    = try(each.value.vpc, null)
 }
-# tftest modules=7 resources=30 inventory=example.yaml
+# tftest modules=7 resources=34 inventory=example.yaml
 ```

 ### Projects configuration
--- a/fast/stages/3-project-factory/dev/main.tf
+++ b/fast/stages/3-project-factory/dev/main.tf
@ -44,7 +44,7 @@ module "projects" {
  folder_id              = try(each.value.folder_id, local.defaults.folder_id)
  group_iam              = try(each.value.group_iam, {})
  iam                    = try(each.value.iam, {})
-  kms_service_agents     = try(each.value.kms, {})
+  kms_service_agents     = try(each.value.kms_service_agents, {})
  labels                 = try(each.value.labels, {})
  org_policies           = try(each.value.org_policies, null)
  prefix                 = var.prefix
--- a/tests/blueprints/factories/project_factory/examples/example.yaml
+++ b/tests/blueprints/factories/project_factory/examples/example.yaml
@ -170,6 +170,22 @@ values:
    condition: []
    project: fast-dev-net-spoke-0
    role: roles/compute.securityAdmin
+  module.projects["project"].module.project.google_kms_crypto_key_iam_member.service_identity_cmek["compute.key1"]:
+    condition: []
+    crypto_key_id: key1
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
+  module.projects["project"].module.project.google_kms_crypto_key_iam_member.service_identity_cmek["compute.key2"]:
+    condition: []
+    crypto_key_id: key2
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
+  module.projects["project"].module.project.google_kms_crypto_key_iam_member.service_identity_cmek["storage.key1"]:
+    condition: []
+    crypto_key_id: key1
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
+  module.projects["project"].module.project.google_kms_crypto_key_iam_member.service_identity_cmek["storage.key2"]:
+    condition: []
+    crypto_key_id: key2
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
  module.projects["project"].module.project.google_project_service.project_services["billingbudgets.googleapis.com"]:
    disable_dependent_services: false
    disable_on_destroy: false
@ -233,3 +249,4 @@ counts:
  google_project_service: 8
  google_service_account: 2
  google_storage_project_service_account: 1
+  google_kms_crypto_key_iam_member: 4