single service account test

Author: ludoo

examples/single_service_account/main.tf

@@ -21,7 +21,7 @@ provider "google" {
 module "service_accounts" {
   source        = "../.."
   project_id    = "${var.project_id}"
-  prefix        = "single-test"
-  names         = ["first"]
+  prefix        = "${var.prefix}"
+  names         = ["single-account"]
   project_roles = ["${var.project_id}=>roles/viewer"]
 }

examples/single_service_account/variables.tf

@@ -18,3 +18,8 @@ variable "project_id" {
   description = "The ID of the project in which to provision resources."
   type        = "string"
 }
+
+variable "prefix" {
+  description = "Prefix applied to service account names."
+  default     = ""
+}

kitchen.yml

@@ -26,18 +26,13 @@ platforms:
   - name: default
 
 suites:
-  - name: simple_example
+  - name: single_service_account
     driver:
-      root_module_directory: test/fixtures/simple_example/
+      root_module_directory: test/fixtures/single_service_account/
     verifier:
       color: false
       systems:
-        - name: simple_example local
-          backend: local
-          controls:
-            - gcloud
-            - gsutil
-        - name: simple_example gcp
+        - name: single_service_account gcp
           backend: gcp
           controls:
             - gcp

test/fixtures/simple_example/main.tf renamed to test/fixtures/single_service_account/main.tf

@@ -14,19 +14,7 @@
  * limitations under the License.
  */
 
-provider "random" {
-  version = "~> 2.0"
-}
-
-resource "random_pet" "main" {
-  length    = 1
-  prefix    = "simple-example"
-  separator = "-"
-}
-
 module "example" {
-  source = "../../../examples/simple_example"
-
-  project_id  = "${var.project_id}"
-  bucket_name = "${random_pet.main.id}"
+  source     = "../../../examples/single_service_account"
+  project_id = "${var.project_id}"
 }

test/fixtures/simple_example/outputs.tf renamed to test/fixtures/single_service_account/outputs.tf

@@ -14,12 +14,17 @@
  * limitations under the License.
  */
 
-output "bucket_name" {
-  description = "The name of the bucket."
-  value       = "${module.example.bucket_name}"
+output "email" {
+  description = "The service account email."
+  value       = "${module.example.email}"
+}
+
+output "iam_email" {
+  description = "The service account IAM-format email."
+  value       = "${module.example.iam_email}"
 }
 
 output "project_id" {
-  description = "The ID of the project in which resources are provisioned."
+  description = "Project id variable."
   value       = "${var.project_id}"
 }

test/fixtures/simple_example/variables.tf renamed to test/fixtures/single_service_account/variables.tf

@@ -15,7 +15,12 @@
 control "gcp" do
   title "GCP Resources"
 
-  describe google_storage_bucket(name: attribute("bucket_name")) do
-    it { should exist }
+  describe google_service_account(name: "projects/#{attribute("project_id")}/serviceAccounts/#{attribute("email")}") do
+    its('project_id') { should eq attribute('project_id') }
   end
+
+  describe google_project_iam_binding(project: "#{attribute("project_id")}",  role: 'roles/viewer') do
+    its('members') {should include attribute('iam_email') }
+  end
+
 end

test/integration/simple_example/controls/gcloud.rb renamed to test/integration/single_service_account/controls/gcloud.rb

@@ -1,4 +1,4 @@
-name: simple_example
+name: single_service_account
 depends:
   - name: inspec-gcp
     git: https://github.com/inspec/inspec-gcp.git
@@ -7,6 +7,9 @@ attributes:
   - name: project_id
     required: true
     type: string
-  - name: bucket_name
+  - name: email
+    required: true
+    type: string
+  - name: iam_email
     required: true
     type: string