fix example README files, add simple tests

ludoo · ludoo · commit 716fb1277488 · 2019-05-27T22:18:28.000+02:00
diff --git a/examples/multiple_service_accounts/README.md b/examples/multiple_service_accounts/README.md
@@ -1,6 +1,6 @@
-# Simple Example
+# Multiple Service Accounts
 
-This example illustrates how to use the `service-accounts` module.
+This example illustrates how to use the `service-accounts` module to generate multiple service accounts.
 
 [^]: (autogen_docs_start)
 
diff --git a/examples/single_service_account/README.md b/examples/single_service_account/README.md
@@ -1,6 +1,6 @@
-# Simple Example
+# Single Service Account
 
-This example illustrates how to use the `service-accounts` module.
+This example illustrates how to use the `service-accounts` module to generate a single service account.
 
 [^]: (autogen_docs_start)
 
diff --git a/kitchen.yml b/kitchen.yml
@@ -36,3 +36,13 @@ suites:
           backend: gcp
           controls:
             - gcp
+  - name: multiple_service_accounts
+    driver:
+      root_module_directory: test/fixtures/multiple_service_accounts/
+    verifier:
+      color: false
+      systems:
+        - name: multiple_service_accounts gcp
+          backend: gcp
+          controls:
+            - gcp
diff --git a/test/fixtures/multiple_service_accounts/main.tf b/test/fixtures/multiple_service_accounts/main.tf
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "example" {
+  source     = "../../../examples/multiple_service_accounts"
+  project_id = "${var.project_id}"
+}
diff --git a/test/fixtures/multiple_service_accounts/outputs.tf b/test/fixtures/multiple_service_accounts/outputs.tf
@@ -0,0 +1,25 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "emails" {
+  description = "The service account emails."
+  value       = "${module.example.emails}"
+}
+
+output "project_id" {
+  description = "Project id variable."
+  value       = "${var.project_id}"
+}
diff --git a/test/fixtures/multiple_service_accounts/variables.tf b/test/fixtures/multiple_service_accounts/variables.tf
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The ID of the project in which to provision resources."
+  type        = "string"
+}
diff --git a/test/integration/multiple_service_accounts/controls/gcp.rb b/test/integration/multiple_service_accounts/controls/gcp.rb
@@ -12,12 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-control "gsutil" do
-  title "gsutil"
+control "gcp" do
+  title "GCP Resources"
 
-  describe command("gsutil ls -p #{attribute("project_id")}") do
-    its(:exit_status) { should eq 0 }
-    its(:stderr) { should eq "" }
-    its(:stdout) { should match "gs://#{attribute("bucket_name")}" }
+  attribute('emails').each do |email|
+    describe google_service_accounts(project: 'ludo-tf-playground') do
+      its('service_account_emails'){ should include email }
+    end
+    describe google_project_iam_binding(project: "#{attribute("project_id")}",  role: 'roles/viewer') do
+      its('members') {should include "serviceAccount:#{email}" }
+    end
+    describe google_project_iam_binding(project: "#{attribute("project_id")}",  role: 'roles/storage.objectViewer') do
+      its('members') {should include "serviceAccount:#{email}" }
+    end
   end
+
 end
diff --git a/test/integration/multiple_service_accounts/inspec.yml b/test/integration/multiple_service_accounts/inspec.yml
@@ -0,0 +1,12 @@
+name: multiple_service_accounts
+depends:
+  - name: inspec-gcp
+    git: https://github.com/inspec/inspec-gcp.git
+    tag: v0.10.0
+attributes:
+  - name: project_id
+    required: true
+    type: string
+  - name: emails
+    required: true
+    type: array
diff --git a/test/integration/single_service_account/controls/gcloud.rb b/test/integration/single_service_account/controls/gcloud.rb
