e2e test fix for iam-service-account module (#1894)
This commit is contained in:
parent
11206ed54b
commit
da5371b391
|
@ -13,21 +13,21 @@ Note that outputs have no dependencies on IAM bindings to prevent resource cycle
|
|||
```hcl
|
||||
module "myproject-default-service-accounts" {
|
||||
source = "./fabric/modules/iam-service-account"
|
||||
project_id = "myproject"
|
||||
project_id = var.project_id
|
||||
name = "vm-default"
|
||||
# authoritative roles granted *on* the service accounts to other identities
|
||||
iam = {
|
||||
"roles/iam.serviceAccountUser" = ["user:foo@example.com"]
|
||||
"roles/iam.serviceAccountUser" = ["group:${var.group_email}"]
|
||||
}
|
||||
# non-authoritative roles granted *to* the service accounts on other resources
|
||||
iam_project_roles = {
|
||||
"myproject" = [
|
||||
"${var.project_id}" = [
|
||||
"roles/logging.logWriter",
|
||||
"roles/monitoring.metricWriter",
|
||||
]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4 inventory=basic.yaml
|
||||
# tftest modules=1 resources=4 inventory=basic.yaml e2e
|
||||
```
|
||||
<!-- TFDOC OPTS files:1 -->
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
|
|
@ -12,25 +12,25 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
values:
|
||||
module.myproject-default-service-accounts.google_project_iam_member.project-roles["myproject-roles/logging.logWriter"]:
|
||||
module.myproject-default-service-accounts.google_project_iam_member.project-roles["project-id-roles/logging.logWriter"]:
|
||||
condition: []
|
||||
project: myproject
|
||||
project: project-id
|
||||
role: roles/logging.logWriter
|
||||
module.myproject-default-service-accounts.google_project_iam_member.project-roles["myproject-roles/monitoring.metricWriter"]:
|
||||
module.myproject-default-service-accounts.google_project_iam_member.project-roles["project-id-roles/monitoring.metricWriter"]:
|
||||
condition: []
|
||||
project: myproject
|
||||
project: project-id
|
||||
role: roles/monitoring.metricWriter
|
||||
module.myproject-default-service-accounts.google_service_account.service_account[0]:
|
||||
account_id: vm-default
|
||||
description: null
|
||||
disabled: false
|
||||
display_name: Terraform-managed.
|
||||
project: myproject
|
||||
project: project-id
|
||||
timeouts: null
|
||||
module.myproject-default-service-accounts.google_service_account_iam_binding.authoritative["roles/iam.serviceAccountUser"]:
|
||||
condition: []
|
||||
members:
|
||||
- user:foo@example.com
|
||||
- group:organization-admins@example.org
|
||||
role: roles/iam.serviceAccountUser
|
||||
|
||||
counts:
|
||||
|
|
Loading…
Reference in New Issue