Migrate apigee tests

tests/modules/apigee/__init__.py

@@ -1,13 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.

tests/modules/apigee/all.yaml

@@ -0,0 +1,83 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-1"]:
+    endpoint_attachment_id: endpoint-backend-1
+    location: europe-west1
+    service_attachment: projects/my-project-1/serviceAttachments/gkebackend1
+  google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-2"]:
+    endpoint_attachment_id: endpoint-backend-2
+    location: europe-west1
+    service_attachment: projects/my-project-2/serviceAttachments/gkebackend2
+  google_apigee_envgroup.envgroups["prod"]:
+    hostnames:
+    - prod.example.com
+    name: prod
+  google_apigee_envgroup.envgroups["test"]:
+    hostnames:
+    - test.example.com
+    name: test
+  google_apigee_envgroup_attachment.envgroup_attachments["apis-prod-prod"]:
+    environment: apis-prod
+  google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
+    environment: apis-test
+  google_apigee_environment.environments["apis-prod"]:
+    description: APIs prod
+    display_name: APIs prod
+    name: apis-prod
+  google_apigee_environment.environments["apis-test"]:
+    description: APIs Test
+    display_name: APIs test
+    name: apis-test
+  google_apigee_environment_iam_binding.binding["apis-prod-roles/viewer"]:
+    condition: []
+    env_id: apis-prod
+    members:
+    - group:devops@myorg.com
+    role: roles/viewer
+  google_apigee_instance.instances["instance-prod-ew3"]:
+    description: Terraform-managed
+    disk_encryption_key_name: null
+    display_name: null
+    ip_range: 10.0.6.0/22,10.1.0.16/28
+    location: europe-west3
+    name: instance-prod-ew3
+  google_apigee_instance.instances["instance-test-ew1"]:
+    description: Terraform-managed
+    disk_encryption_key_name: null
+    display_name: null
+    ip_range: 10.0.4.0/22,10.1.0.0/28
+    location: europe-west1
+    name: instance-test-ew1
+  google_apigee_organization.organization[0]:
+    analytics_region: europe-west1
+    authorized_network: my-vpc
+    billing_type: Pay-as-you-go
+    description: null
+    display_name: null
+    project_id: my-project
+    retention: DELETION_RETENTION_UNSPECIFIED
+    runtime_database_encryption_key_name: '123456789'
+    runtime_type: CLOUD
+
+counts:
+  google_apigee_endpoint_attachment: 2
+  google_apigee_envgroup: 2
+  google_apigee_envgroup_attachment: 2
+  google_apigee_environment: 2
+  google_apigee_environment_iam_binding: 1
+  google_apigee_instance: 2
+  google_apigee_instance_attachment: 2
+  google_apigee_organization: 1

tests/modules/apigee/endpoint_attachment_only.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,3 +11,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+values:
+  google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-1"]:
+    endpoint_attachment_id: endpoint-backend-1
+    location: europe-west1
+    org_id: organizations/my-project
+    service_attachment: projects/my-project-1/serviceAttachments/gkebackend1
+
+counts:
+  google_apigee_endpoint_attachment: 1

tests/modules/apigee/env_only.yaml

@@ -0,0 +1,32 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
+    envgroup_id: test
+    environment: apis-test
+    timeouts: null
+  google_apigee_environment.environments["apis-test"]:
+    description: APIs Test
+    display_name: APIs test
+    name: apis-test
+    node_config:
+    - max_node_count: '5'
+      min_node_count: '2'
+    org_id: organizations/my-project
+    timeouts: null
+
+counts:
+  google_apigee_envgroup_attachment: 1
+  google_apigee_environment: 1

tests/modules/apigee/env_only_with_api_proxy_type.yaml

@@ -0,0 +1,31 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
+    envgroup_id: test
+    environment: apis-test
+  google_apigee_environment.environments["apis-test"]:
+    api_proxy_type: PROGRAMMABLE
+    description: APIs Test
+    display_name: APIs test
+    name: apis-test
+    node_config:
+    - max_node_count: '5'
+      min_node_count: '2'
+    org_id: organizations/my-project
+
+counts:
+  google_apigee_envgroup_attachment: 1
+  google_apigee_environment: 1

tests/modules/apigee/env_only_with_deployment_type.yaml

@@ -0,0 +1,34 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
+    envgroup_id: test
+    environment: apis-test
+    timeouts: null
+  google_apigee_environment.environments["apis-test"]:
+    deployment_type: ARCHIVE
+    description: APIs Test
+    display_name: APIs test
+    name: apis-test
+    node_config:
+    - max_node_count: '5'
+      min_node_count: '2'
+    org_id: organizations/my-project
+    timeouts: null
+
+counts:
+  google_apigee_envgroup_attachment: 1
+  google_apigee_environment: 1
+

tests/modules/apigee/envgroup_only.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,3 +11,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+values:
+  google_apigee_envgroup.envgroups["test"]:
+    hostnames:
+    - test.example.com
+    name: test
+    org_id: organizations/my-project
+
+counts:
+  google_apigee_envgroup: 1

tests/modules/apigee/fixture/main.tf

@@ -1,25 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module "test" {
-  source               = "../../../../modules/apigee"
-  project_id           = var.project_id
-  organization         = var.organization
-  envgroups            = var.envgroups
-  environments         = var.environments
-  instances            = var.instances
-  endpoint_attachments = var.endpoint_attachments
-}

tests/modules/apigee/fixture/variables.tf

@@ -1,81 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "endpoint_attachments" {
-  description = "Endpoint attachments."
-  type = map(object({
-    region             = string
-    service_attachment = string
-  }))
-  default = null
-}
-
-variable "envgroups" {
-  description = "Environment groups (NAME => [HOSTNAMES])."
-  type        = map(list(string))
-  default     = null
-}
-
-variable "environments" {
-  description = "Environments."
-  type = map(object({
-    display_name    = optional(string)
-    description     = optional(string, "Terraform-managed")
-    deployment_type = optional(string)
-    api_proxy_type  = optional(string)
-    node_config = optional(object({
-      min_node_count = optional(number)
-      max_node_count = optional(number)
-    }))
-    iam       = optional(map(list(string)))
-    envgroups = list(string)
-  }))
-  default = null
-}
-
-variable "instances" {
-  description = "Instances."
-  type = map(object({
-    display_name                  = optional(string)
-    description                   = optional(string, "Terraform-managed")
-    region                        = string
-    environments                  = list(string)
-    runtime_ip_cidr_range         = string
-    troubleshooting_ip_cidr_range = string
-    disk_encryption_key           = optional(string)
-    consumer_accept_list          = optional(list(string))
-  }))
-  default = null
-}
-
-variable "organization" {
-  description = "Apigee organization. If set to null the organization must already exist."
-  type = object({
-    display_name            = optional(string)
-    description             = optional(string, "Terraform-managed")
-    authorized_network      = optional(string)
-    runtime_type            = optional(string, "CLOUD")
-    billing_type            = optional(string)
-    database_encryption_key = optional(string)
-    analytics_region        = optional(string, "europe-west1")
-  })
-  default = null
-}
-
-variable "project_id" {
-  description = "Project ID."
-  type        = string
-}

tests/modules/apigee/instance_only.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,3 +11,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+values:
+  google_apigee_instance.instances["instance-test-ew1"]:
+    ip_range: 10.0.4.0/22,10.1.1.0.0/28
+    location: europe-west1
+    name: instance-test-ew1
+    org_id: organizations/my-project
+  google_apigee_instance_attachment.instance_attachments["instance-test-ew1-apis-test"]:
+    environment: organizations/my-project/environments/apis-test
+
+counts:
+  google_apigee_instance: 1
+  google_apigee_instance_attachment: 1

tests/modules/apigee/no_instances.yaml

@@ -0,0 +1,51 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_apigee_envgroup.envgroups["prod"]:
+    hostnames:
+    - prod.example.com
+    name: prod
+  google_apigee_envgroup.envgroups["test"]:
+    hostnames:
+    - test.example.com
+    name: test
+  google_apigee_envgroup_attachment.envgroup_attachments["apis-prod-prod"]:
+    environment: apis-prod
+  google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
+    environment: apis-test
+  google_apigee_environment.environments["apis-prod"]:
+    description: APIs prod
+    display_name: APIs prod
+    name: apis-prod
+  google_apigee_environment.environments["apis-test"]:
+    description: APIs Test
+    display_name: APIs test
+    name: apis-test
+  google_apigee_organization.organization[0]:
+    analytics_region: europe-west1
+    authorized_network: my-vpc
+    billing_type: PAYG
+    description: null
+    display_name: null
+    project_id: my-project
+    retention: DELETION_RETENTION_UNSPECIFIED
+    runtime_database_encryption_key_name: '123456789'
+    runtime_type: CLOUD
+
+counts:
+  google_apigee_envgroup: 2
+  google_apigee_envgroup_attachment: 2
+  google_apigee_environment: 2
+  google_apigee_organization: 1

tests/modules/apigee/organization_only.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,3 +11,18 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+values:
+  google_apigee_organization.organization[0]:
+    analytics_region: europe-west1
+    authorized_network: my-vpc
+    billing_type: PAYG
+    description: null
+    display_name: null
+    project_id: my-project
+    retention: DELETION_RETENTION_UNSPECIFIED
+    runtime_database_encryption_key_name: '123456789'
+    runtime_type: CLOUD
+
+counts:
+  google_apigee_organization: 1

tests/modules/apigee/test_plan.py

@@ -1,95 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import collections
-
-def test_all(plan_runner):
-    "Test that creates all resources."
-    _, resources = plan_runner(tf_var_file='test.all.tfvars')
-    counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
-    assert counts == {
-        'google_apigee_organization.organization': 1,
-        'google_apigee_envgroup.envgroups': 2,
-        'google_apigee_environment.environments': 2,
-        'google_apigee_envgroup_attachment.envgroup_attachments': 2,
-        'google_apigee_instance.instances': 2,
-        'google_apigee_instance_attachment.instance_attachments': 2,
-        'google_apigee_endpoint_attachment.endpoint_attachments': 2,
-        'google_apigee_environment_iam_binding.binding': 1
-    }
-
-def test_organization_only(plan_runner):
-    "Test that creates only an organization."
-    _, resources = plan_runner(tf_var_file='test.organization_only.tfvars')
-    counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
-    assert counts == {
-        'google_apigee_organization.organization': 1
-    }
-
-def test_envgroup_only(plan_runner):
-    "Test that creates only an environment group in an existing organization."
-    _, resources = plan_runner(tf_var_file='test.envgroup_only.tfvars')
-    counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
-    assert counts == {
-        'google_apigee_envgroup.envgroups': 1,
-    }
-
-def test_env_only(plan_runner):
-    "Test that creates an environment in an existing environment group."
-    _, resources = plan_runner(tf_var_file='test.env_only.tfvars')
-    counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
-    assert counts == {
-        'google_apigee_environment.environments': 1,
-        'google_apigee_envgroup_attachment.envgroup_attachments': 1,
-    }
-
-def test_env_only_with_deployment_type(plan_runner):
-    "Test that creates an environment in an existing environment group, with deployment_type set."
-    _, resources = plan_runner(tf_var_file='test.env_only_with_deployment_type.tfvars')
-    assert [r['values'].get('deployment_type') for r in resources
-            ] == [None, 'ARCHIVE']
-
-def test_env_only_with_api_proxy_type(plan_runner):
-    "Test that creates an environment in an existing environment group, with api_proxy_type set."
-    _, resources = plan_runner(tf_var_file='test.env_only_with_api_proxy_type.tfvars')
-    assert [r['values'].get('api_proxy_type') for r in resources
-            ] == [None, 'PROGRAMMABLE']
-
-def test_instance_only(plan_runner):
-    "Test that creates only an instance."
-    _, resources = plan_runner(tf_var_file='test.instance_only.tfvars')
-    counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
-    assert counts == {
-        'google_apigee_instance.instances': 1,
-        'google_apigee_instance_attachment.instance_attachments': 1
-    }
-
-def test_endpoint_attachment_only(plan_runner):
-    "Test that creates only an instance."
-    _, resources = plan_runner(tf_var_file='test.endpoint_attachment_only.tfvars')
-    counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
-    assert counts == {
-        'google_apigee_endpoint_attachment.endpoint_attachments': 1,
-    }
-
-def test_no_instances(plan_runner):
-    "Test that creates everything but the instances."
-    _, resources = plan_runner(tf_var_file='test.no_instances.tfvars')
-    counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
-    assert counts == {
-        'google_apigee_organization.organization': 1,
-        'google_apigee_envgroup.envgroups': 2,
-        'google_apigee_environment.environments': 2,
-        'google_apigee_envgroup_attachment.envgroup_attachments': 2,
-    }

tests/modules/apigee/tftest.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,13 +12,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import pytest
+module: modules/apigee
 
-@pytest.fixture
-def resources(plan_runner):
-  _, resources = plan_runner()
-  return resources
-
-def test_resource_count(resources):
-  "Test number of resources created."
-  assert len(resources) == 4
+tests:
+  all:
+  endpoint_attachment_only:
+  env_only:
+  env_only_with_api_proxy_type:
+  env_only_with_deployment_type:
+  envgroup_only:
+  instance_only:
+  no_instances:
+  organization_only:

tests/modules/binauthz/__init__.py

@@ -1,13 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.

tests/modules/binauthz/fixture/main.tf

@@ -1,23 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module "test" {
-  source                        = "../../../../modules/binauthz"
-  project_id                    = var.project_id
-  global_policy_evaluation_mode = var.global_policy_evaluation_mode
-  default_admission_rule        = var.default_admission_rule
-  attestors_config              = var.attestors_config
-}

tests/modules/binauthz/fixture/variables.tf

@@ -1,103 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "project_id" {
-  type    = string
-  default = "my_project"
-}
-
-variable "global_policy_evaluation_mode" {
-  type    = string
-  default = null
-}
-
-variable "admission_whitelist_patterns" {
-  type = list(string)
-  default = [
-    "gcr.io/google_containers/*"
-  ]
-}
-
-variable "default_admission_rule" {
-  type = object({
-    evaluation_mode  = string
-    enforcement_mode = string
-    attestors        = list(string)
-  })
-  default = {
-    evaluation_mode  = "ALWAYS_ALLOW"
-    enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
-    attestors        = null
-  }
-}
-
-variable "cluster_admission_rules" {
-  type = map(object({
-    evaluation_mode  = string
-    enforcement_mode = string
-    attestors        = list(string)
-  }))
-  default = {
-    "europe-west1-c.cluster" = {
-      evaluation_mode  = "REQUIRE_ATTESTATION"
-      enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
-      attestors        = ["test"]
-    }
-  }
-}
-
-variable "attestors_config" {
-  description = "Attestors configuration"
-  type = map(object({
-    note_reference  = string
-    iam             = map(list(string))
-    pgp_public_keys = list(string)
-    pkix_public_keys = list(object({
-      id                  = string
-      public_key_pem      = string
-      signature_algorithm = string
-    }))
-  }))
-  default = {
-    "test" : {
-      note_reference = null
-      pgp_public_keys = [
-        <<EOT
-        mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
-        bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
-        oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
-        V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
-        Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
-        83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
-        IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
-        uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
-        0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
-        51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
-        WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
-        MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
-        +OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
-        qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
-        =6Bvm
-        EOT
-      ]
-      pkix_public_keys = null
-      iam = {
-        "roles/viewer" = ["user:user1@my_org.com"]
-      }
-    }
-  }
-}
-