e2e test fix for iam-service-account module (#1894)

GoogleCloudPlatform · Dec 1, 2023 · da5371b · da5371b
1 parent 11206ed
commit da5371b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/modules/iam-service-account/README.md b/modules/iam-service-account/README.md
@@ -13,21 +13,21 @@ Note that outputs have no dependencies on IAM bindings to prevent resource cycle
 ```hcl
 module "myproject-default-service-accounts" {
   source     = "./fabric/modules/iam-service-account"
-  project_id = "myproject"
+  project_id = var.project_id
   name       = "vm-default"
   # authoritative roles granted *on* the service accounts to other identities
   iam = {
-    "roles/iam.serviceAccountUser" = ["user:[email protected]"]
+    "roles/iam.serviceAccountUser" = ["group:${var.group_email}"]
   }
   # non-authoritative roles granted *to* the service accounts on other resources
   iam_project_roles = {
-    "myproject" = [
+    "${var.project_id}" = [
       "roles/logging.logWriter",
       "roles/monitoring.metricWriter",
     ]
   }
 }
-# tftest modules=1 resources=4 inventory=basic.yaml
+# tftest modules=1 resources=4 inventory=basic.yaml e2e
 ```
 <!-- TFDOC OPTS files:1 -->
 <!-- BEGIN TFDOC -->

diff --git a/tests/modules/iam_service_account/examples/basic.yaml b/tests/modules/iam_service_account/examples/basic.yaml
@@ -12,25 +12,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 values:
-  module.myproject-default-service-accounts.google_project_iam_member.project-roles["myproject-roles/logging.logWriter"]:
+  module.myproject-default-service-accounts.google_project_iam_member.project-roles["project-id-roles/logging.logWriter"]:
     condition: []
-    project: myproject
+    project: project-id
     role: roles/logging.logWriter
-  module.myproject-default-service-accounts.google_project_iam_member.project-roles["myproject-roles/monitoring.metricWriter"]:
+  module.myproject-default-service-accounts.google_project_iam_member.project-roles["project-id-roles/monitoring.metricWriter"]:
     condition: []
-    project: myproject
+    project: project-id
     role: roles/monitoring.metricWriter
   module.myproject-default-service-accounts.google_service_account.service_account[0]:
     account_id: vm-default
     description: null
     disabled: false
     display_name: Terraform-managed.
-    project: myproject
+    project: project-id
     timeouts: null
   module.myproject-default-service-accounts.google_service_account_iam_binding.authoritative["roles/iam.serviceAccountUser"]:
     condition: []
     members:
-    - user:foo@example.com
+    - group:organization-admins@example.org
     role: roles/iam.serviceAccountUser
 
 counts: