actually test both map and list output styles

terraform-google-modules · Aug 14, 2019 · b52e90e · b52e90e
1 parent df3777e
commit b52e90e
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 10 deletions.
diff --git a/examples/multiple_service_accounts/outputs.tf b/examples/multiple_service_accounts/outputs.tf
@@ -16,12 +16,17 @@
 
 output "emails" {
   description = "The service account emails."
+  value       = module.service_accounts.emails
+}
+
+output "emails_list" {
+  description = "The service account emails as a list."
   value       = module.service_accounts.emails_list
 }
 
 output "iam_emails" {
-  description = "The service account IAM-format emails."
-  value       = module.service_accounts.iam_emails_list
+  description = "The service account IAM-format emails as a map."
+  value       = module.service_accounts.iam_emails
 }
 
 output "keys" {

diff --git a/test/fixtures/multiple_service_accounts/outputs.tf b/test/fixtures/multiple_service_accounts/outputs.tf
@@ -19,8 +19,13 @@ output "emails" {
   value       = module.example.emails
 }
 
+output "emails_list" {
+  description = "The service account emails as a list."
+  value       = module.example.emails_list
+}
+
 output "iam_emails" {
-  description = "The service account IAM-format emails."
+  description = "The service account IAM-format emails as a map."
   value       = module.example.iam_emails
 }
 

diff --git a/test/integration/multiple_service_accounts/controls/gcp.rb b/test/integration/multiple_service_accounts/controls/gcp.rb
@@ -15,15 +15,18 @@
 control "gcp" do
   title "GCP Resources"
 
-  attribute('emails').each do |email|
-    describe google_service_accounts(project: "#{attribute('project_id')}") do
-      its('service_account_emails'){ should include email }
-    end
+  attribute('iam_emails').each_value do |email|
     describe google_project_iam_binding(project: "#{attribute("project_id")}",  role: 'roles/viewer') do
-      its('members') {should include "serviceAccount:#{email}" }
+      its('members') {should include email }
     end
     describe google_project_iam_binding(project: "#{attribute("project_id")}",  role: 'roles/storage.objectViewer') do
-      its('members') {should include "serviceAccount:#{email}" }
+      its('members') {should include email }
+    end
+  end
+
+  attribute('emails_list').each do |email|
+    describe google_service_accounts(project: "#{attribute('project_id')}") do
+      its('service_account_emails'){ should include email }
     end
   end
 

diff --git a/test/integration/multiple_service_accounts/inspec.yml b/test/integration/multiple_service_accounts/inspec.yml
@@ -8,8 +8,11 @@ attributes:
     required: true
     type: string
   - name: emails
+    required: true
+    type: hash
+  - name: emails_list
     required: true
     type: array
   - name: iam_emails
     required: true
-    type: array
+    type: hash