2016-11-08 07:27:32 +00:00
|
|
|
package google
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
2016-11-14 17:42:11 +00:00
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
2016-11-08 07:27:32 +00:00
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
|
|
"github.com/hashicorp/terraform/terraform"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Test that a service account resource can be created, updated, and destroyed
|
2018-02-23 23:14:24 +00:00
|
|
|
func TestAccServiceAccount_basic(t *testing.T) {
|
2017-10-12 22:07:29 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2016-11-14 17:42:11 +00:00
|
|
|
accountId := "a" + acctest.RandString(10)
|
2017-10-25 19:33:21 +00:00
|
|
|
uniqueId := ""
|
2016-11-17 17:49:22 +00:00
|
|
|
displayName := "Terraform Test"
|
|
|
|
displayName2 := "Terraform Test Update"
|
2017-11-21 17:34:32 +00:00
|
|
|
project := getTestProjectFromEnv()
|
2018-10-16 18:08:27 +00:00
|
|
|
expectedEmail := fmt.Sprintf("%s@%s.iam.gserviceaccount.com", accountId, project)
|
2016-11-08 07:27:32 +00:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// The first step creates a basic service account
|
|
|
|
resource.TestStep{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccServiceAccountBasic(accountId, displayName),
|
2016-11-08 07:27:32 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2017-10-25 19:33:21 +00:00
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"google_service_account.acceptance", "project", project),
|
2016-11-08 07:27:32 +00:00
|
|
|
),
|
|
|
|
},
|
2018-09-17 18:15:11 +00:00
|
|
|
resource.TestStep{
|
|
|
|
ResourceName: "google_service_account.acceptance",
|
2018-10-16 18:08:27 +00:00
|
|
|
ImportStateId: fmt.Sprintf("projects/%s/serviceAccounts/%s", project, expectedEmail),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
resource.TestStep{
|
|
|
|
ResourceName: "google_service_account.acceptance",
|
|
|
|
ImportStateId: fmt.Sprintf("%s/%s", project, expectedEmail),
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
|
|
|
resource.TestStep{
|
|
|
|
ResourceName: "google_service_account.acceptance",
|
|
|
|
ImportStateId: expectedEmail,
|
2018-09-17 18:15:11 +00:00
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
2016-11-08 07:27:32 +00:00
|
|
|
// The second step updates the service account
|
|
|
|
resource.TestStep{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccServiceAccountBasic(accountId, displayName2),
|
2016-11-08 07:27:32 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2017-10-25 19:33:21 +00:00
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"google_service_account.acceptance", "project", project),
|
|
|
|
testAccStoreServiceAccountUniqueId(&uniqueId),
|
|
|
|
),
|
|
|
|
},
|
2018-09-17 18:15:11 +00:00
|
|
|
resource.TestStep{
|
|
|
|
ResourceName: "google_service_account.acceptance",
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
2017-10-25 19:33:21 +00:00
|
|
|
// The third step explicitely adds the same default project to the service account configuration
|
|
|
|
// and ensure the service account is not recreated by comparing the value of its unique_id with the one from the previous step
|
|
|
|
resource.TestStep{
|
2018-02-23 23:14:24 +00:00
|
|
|
Config: testAccServiceAccountWithProject(project, accountId, displayName2),
|
2017-10-25 19:33:21 +00:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
resource.TestCheckResourceAttr(
|
|
|
|
"google_service_account.acceptance", "project", project),
|
|
|
|
resource.TestCheckResourceAttrPtr(
|
|
|
|
"google_service_account.acceptance", "unique_id", &uniqueId),
|
2016-11-08 07:27:32 +00:00
|
|
|
),
|
|
|
|
},
|
2018-09-17 18:15:11 +00:00
|
|
|
resource.TestStep{
|
|
|
|
ResourceName: "google_service_account.acceptance",
|
|
|
|
ImportState: true,
|
|
|
|
ImportStateVerify: true,
|
|
|
|
},
|
2016-11-08 07:27:32 +00:00
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2017-10-25 19:33:21 +00:00
|
|
|
func testAccStoreServiceAccountUniqueId(uniqueId *string) resource.TestCheckFunc {
|
|
|
|
return func(s *terraform.State) error {
|
|
|
|
*uniqueId = s.RootModule().Resources["google_service_account.acceptance"].Primary.Attributes["unique_id"]
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-02-23 23:14:24 +00:00
|
|
|
func testAccServiceAccountBasic(account, name string) string {
|
2018-09-17 18:15:11 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_service_account" "acceptance" {
|
2016-11-08 07:27:32 +00:00
|
|
|
account_id = "%v"
|
2018-09-17 18:15:11 +00:00
|
|
|
display_name = "%v"
|
|
|
|
}
|
|
|
|
`, account, name)
|
2016-11-17 17:49:22 +00:00
|
|
|
}
|
2016-11-08 07:27:32 +00:00
|
|
|
|
2018-02-23 23:14:24 +00:00
|
|
|
func testAccServiceAccountWithProject(project, account, name string) string {
|
2018-09-17 18:15:11 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_service_account" "acceptance" {
|
2017-10-25 19:33:21 +00:00
|
|
|
project = "%v"
|
|
|
|
account_id = "%v"
|
|
|
|
display_name = "%v"
|
2018-09-17 18:15:11 +00:00
|
|
|
}
|
|
|
|
`, project, account, name)
|
2017-10-25 19:33:21 +00:00
|
|
|
}
|
|
|
|
|
2018-02-23 23:14:24 +00:00
|
|
|
func testAccServiceAccountPolicy(account, project string) string {
|
2018-09-17 18:15:11 +00:00
|
|
|
return fmt.Sprintf(`
|
|
|
|
resource "google_service_account" "acceptance" {
|
2016-11-08 07:27:32 +00:00
|
|
|
account_id = "%v"
|
2016-11-14 19:12:55 +00:00
|
|
|
display_name = "%v"
|
2016-11-08 07:27:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
data "google_iam_policy" "service_account" {
|
2018-09-17 18:15:11 +00:00
|
|
|
binding {
|
|
|
|
role = "roles/iam.serviceAccountActor"
|
|
|
|
members = [
|
|
|
|
"serviceAccount:%v@%v.iam.gserviceaccount.com",
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
`, account, account, account, project)
|
2016-11-17 17:49:22 +00:00
|
|
|
}
|