E2E tests fixes

GoogleCloudPlatform · Dec 19, 2023 · 0d486fb · 0d486fb
1 parent 01bd0b7
commit 0d486fb
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/modules/net-vpc/subnets.tf b/modules/net-vpc/subnets.tf
@@ -182,6 +182,12 @@ resource "google_compute_subnetwork" "proxy_only" {
   )
   purpose = each.value.global ? "GLOBAL_MANAGED_PROXY" : "REGIONAL_MANAGED_PROXY"
   role    = each.value.active ? "ACTIVE" : "BACKUP"
+
+  lifecycle {
+    # Until https://github.com/hashicorp/terraform-provider-google/issues/16804 is fixed
+    # ignore permadiff in ipv6_access_type for proxy_only subnets
+    ignore_changes = [ipv6_access_type]
+  }
 }
 
 resource "google_compute_subnetwork" "psc" {

diff --git a/modules/project/README.md b/modules/project/README.md
@@ -354,15 +354,15 @@ module "service-project" {
   ]
   shared_vpc_service_config = {
     host_project  = module.host-project.project_id
-    network_users = ["group:[email protected]"]
+    network_users = ["group:${var.group_email}"]
     # reuse the list of services from the module's outputs
     service_iam_grants = module.service-project.services
   }
 }
 # tftest modules=2 resources=11 inventory=shared-vpc-host-project-iam.yaml e2e
 ```
 
-In specific cases it might make sense to selectively grant the `compute.networkUser` role for service identities at the subnet level, and while that is best done via org policies it's also supported by this module. In this example, Compute service identity and `[email protected]` Google Group will be granted compute.networkUser in the `gce` subnet defined in `europe-west1` region via the `service_identity_subnet_iam` and `network_subnet_users` attributes.
+In specific cases it might make sense to selectively grant the `compute.networkUser` role for service identities at the subnet level, and while that is best done via org policies it's also supported by this module. In this example, Compute service identity and `[email protected]` Google Group will be granted compute.networkUser in the `gce` subnet defined in `europe-west1` region in the `host` project (not included in the example) via the `service_identity_subnet_iam` and `network_subnet_users` attributes.
 
 ```hcl
 module "host-project" {

diff --git a/tests/modules/project/examples/shared-vpc-host-project-iam.yaml b/tests/modules/project/examples/shared-vpc-host-project-iam.yaml
@@ -34,7 +34,7 @@ values:
     condition: []
     project: test-host
     role: roles/container.hostServiceAgentUser
-  module.service-project.google_project_iam_member.shared_vpc_host_iam["group:team-1@example.com"]:
+  module.service-project.google_project_iam_member.shared_vpc_host_iam["group:organization-admins@example.org"]:
     condition: [ ]
     project: test-host
     role: roles/compute.networkUser