e2e test fix for iam-service-account module (#1894)

2023-12-01 09:23:37 +01:00 · 2023-12-01 09:23:37 +01:00 · da5371b391
parent 11206ed54b
commit da5371b391
2 changed files with 10 additions and 10 deletions
--- a/modules/iam-service-account/README.md
+++ b/modules/iam-service-account/README.md
@ -13,21 +13,21 @@ Note that outputs have no dependencies on IAM bindings to prevent resource cycle
 ```hcl
 module "myproject-default-service-accounts" {
  source     = "./fabric/modules/iam-service-account"
-  project_id = "myproject"
+  project_id = var.project_id
  name       = "vm-default"
  # authoritative roles granted *on* the service accounts to other identities
  iam = {
-    "roles/iam.serviceAccountUser" = ["user:foo@example.com"]
+    "roles/iam.serviceAccountUser" = ["group:${var.group_email}"]
  }
  # non-authoritative roles granted *to* the service accounts on other resources
  iam_project_roles = {
-    "myproject" = [
+    "${var.project_id}" = [
      "roles/logging.logWriter",
      "roles/monitoring.metricWriter",
    ]
  }
 }
-# tftest modules=1 resources=4 inventory=basic.yaml
+# tftest modules=1 resources=4 inventory=basic.yaml e2e
 ```
 <!-- TFDOC OPTS files:1 -->
 <!-- BEGIN TFDOC -->
--- a/tests/modules/iam_service_account/examples/basic.yaml
+++ b/tests/modules/iam_service_account/examples/basic.yaml
@ -12,25 +12,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 values:
-  module.myproject-default-service-accounts.google_project_iam_member.project-roles["myproject-roles/logging.logWriter"]:
+  module.myproject-default-service-accounts.google_project_iam_member.project-roles["project-id-roles/logging.logWriter"]:
    condition: []
-    project: myproject
+    project: project-id
    role: roles/logging.logWriter
-  module.myproject-default-service-accounts.google_project_iam_member.project-roles["myproject-roles/monitoring.metricWriter"]:
+  module.myproject-default-service-accounts.google_project_iam_member.project-roles["project-id-roles/monitoring.metricWriter"]:
    condition: []
-    project: myproject
+    project: project-id
    role: roles/monitoring.metricWriter
  module.myproject-default-service-accounts.google_service_account.service_account[0]:
    account_id: vm-default
    description: null
    disabled: false
    display_name: Terraform-managed.
-    project: myproject
+    project: project-id
    timeouts: null
  module.myproject-default-service-accounts.google_service_account_iam_binding.authoritative["roles/iam.serviceAccountUser"]:
    condition: []
    members:
-    - user:foo@example.com
+    - group:organization-admins@example.org
    role: roles/iam.serviceAccountUser

 counts: