From c7fea22d938beed1059345f08d702583541cfc6f Mon Sep 17 00:00:00 2001 From: The Magician Date: Fri, 3 Feb 2023 08:58:54 -0800 Subject: [PATCH] Stop acc test using authoritative IAM on shared KMS resources (#7208) (#5167) * Stop acc test using authoritative IAM on shared KMS resources * Stop other tests using authoritative IAM on shared KMS resources Signed-off-by: Modular Magician --- .changelog/7208.txt | 3 +++ google-beta/resource_eventarc_channel_test.go | 16 ++++++---------- ...source_eventarc_google_channel_config_test.go | 16 ++++++---------- google-beta/resource_eventarc_trigger_test.go | 8 +++----- website/docs/r/eventarc_channel.html.markdown | 8 +++----- .../eventarc_google_channel_config.html.markdown | 8 +++----- 6 files changed, 24 insertions(+), 35 deletions(-) create mode 100644 .changelog/7208.txt diff --git a/.changelog/7208.txt b/.changelog/7208.txt new file mode 100644 index 0000000000..8ec013c069 --- /dev/null +++ b/.changelog/7208.txt @@ -0,0 +1,3 @@ +```release-note:none + +``` diff --git a/google-beta/resource_eventarc_channel_test.go b/google-beta/resource_eventarc_channel_test.go index 7d43c362c9..ec2144e273 100644 --- a/google-beta/resource_eventarc_channel_test.go +++ b/google-beta/resource_eventarc_channel_test.go @@ -110,13 +110,11 @@ data "google_kms_crypto_key" "key1" { } -resource "google_kms_crypto_key_iam_binding" "key1_binding" { +resource "google_kms_crypto_key_iam_member" "key1_member" { crypto_key_id = data.google_kms_crypto_key.key1.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ - "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - ] + member = "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com" } resource "google_eventarc_channel" "primary" { @@ -124,7 +122,7 @@ resource "google_eventarc_channel" "primary" { name = "tf-test-name%{random_suffix}" crypto_key_name = data.google_kms_crypto_key.key1.id third_party_provider = "projects/${data.google_project.test_project.project_id}/locations/%{region}/providers/datadog" - depends_on = [google_kms_crypto_key_iam_binding.key1_binding] + depends_on = [google_kms_crypto_key_iam_member.key1_member] } `, context) } @@ -145,13 +143,11 @@ data "google_kms_crypto_key" "key2" { key_ring = data.google_kms_key_ring.test_key_ring.id } -resource "google_kms_crypto_key_iam_binding" "key2_binding" { +resource "google_kms_crypto_key_iam_member" "key2_member" { crypto_key_id = data.google_kms_crypto_key.key2.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ - "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - ] + member = "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com" } resource "google_eventarc_channel" "primary" { @@ -159,7 +155,7 @@ resource "google_eventarc_channel" "primary" { name = "tf-test-name%{random_suffix}" crypto_key_name= data.google_kms_crypto_key.key2.id third_party_provider = "projects/${data.google_project.test_project.project_id}/locations/%{region}/providers/datadog" - depends_on = [google_kms_crypto_key_iam_binding.key2_binding] + depends_on = [google_kms_crypto_key_iam_member.key2_member] } `, context) } diff --git a/google-beta/resource_eventarc_google_channel_config_test.go b/google-beta/resource_eventarc_google_channel_config_test.go index ad51825c77..2e379b6eb4 100644 --- a/google-beta/resource_eventarc_google_channel_config_test.go +++ b/google-beta/resource_eventarc_google_channel_config_test.go @@ -104,20 +104,18 @@ data "google_kms_crypto_key" "key1" { key_ring = data.google_kms_key_ring.test_key_ring.id } -resource "google_kms_crypto_key_iam_binding" "key1_binding" { +resource "google_kms_crypto_key_iam_member" "key1_member" { crypto_key_id = data.google_kms_crypto_key.key1.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ - "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - ] + member = "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com" } resource "google_eventarc_google_channel_config" "primary" { location = "%{region}" name = "projects/%{project_name}/locations/%{region}/googleChannelConfig" crypto_key_name = data.google_kms_crypto_key.key1.id - depends_on =[google_kms_crypto_key_iam_binding.key1_binding] + depends_on =[google_kms_crypto_key_iam_member.key1_member] } `, context) } @@ -138,20 +136,18 @@ data "google_kms_crypto_key" "key2" { key_ring = data.google_kms_key_ring.test_key_ring.id } -resource "google_kms_crypto_key_iam_binding" "key2_binding" { +resource "google_kms_crypto_key_iam_member" "key2_member" { crypto_key_id = data.google_kms_crypto_key.key2.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ - "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - ] + member = "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com" } resource "google_eventarc_google_channel_config" "primary" { location = "%{region}" name = "projects/%{project_name}/locations/%{region}/googleChannelConfig" crypto_key_name = data.google_kms_crypto_key.key2.id - depends_on =[google_kms_crypto_key_iam_binding.key2_binding] + depends_on =[google_kms_crypto_key_iam_member.key2_member] } `, context) } diff --git a/google-beta/resource_eventarc_trigger_test.go b/google-beta/resource_eventarc_trigger_test.go index 86ae65b714..e35cfaf449 100644 --- a/google-beta/resource_eventarc_trigger_test.go +++ b/google-beta/resource_eventarc_trigger_test.go @@ -63,13 +63,11 @@ data "google_kms_crypto_key" "key1" { } -resource "google_kms_crypto_key_iam_binding" "key1_binding" { +resource "google_kms_crypto_key_iam_member" "key1_member" { crypto_key_id = data.google_kms_crypto_key.key1.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ - "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - ] + member = "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com" } resource "google_eventarc_channel" "test_channel" { @@ -77,7 +75,7 @@ resource "google_eventarc_channel" "test_channel" { name = "tf-test-channel%{random_suffix}" crypto_key_name = data.google_kms_crypto_key.key1.id third_party_provider = "projects/${data.google_project.test_project.project_id}/locations/%{region}/providers/datadog" - depends_on = [google_kms_crypto_key_iam_binding.key1_binding] + depends_on = [google_kms_crypto_key_iam_member.key1_member] } resource "google_cloud_run_service" "default" { diff --git a/website/docs/r/eventarc_channel.html.markdown b/website/docs/r/eventarc_channel.html.markdown index 1177b527c8..1f0b2d7d3e 100644 --- a/website/docs/r/eventarc_channel.html.markdown +++ b/website/docs/r/eventarc_channel.html.markdown @@ -38,13 +38,11 @@ data "google_kms_crypto_key" "key" { key_ring = data.google_kms_key_ring.test_key_ring.id } -resource "google_kms_crypto_key_iam_binding" "key1_binding" { +resource "google_kms_crypto_key_iam_member" "key1_member" { crypto_key_id = data.google_kms_crypto_key.key1.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ - "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - ] + member = "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com" } resource "google_eventarc_channel" "primary" { @@ -53,7 +51,7 @@ resource "google_eventarc_channel" "primary" { project = "${data.google_project.test_project.project_id}" crypto_key_name = "${data.google_kms_crypto_key.key1.id}" third_party_provider = "projects/${data.google_project.test_project.project_id}/locations/us-west1/providers/datadog" - depends_on = [google_kms_crypto_key_iam_binding.key1_binding] + depends_on = [google_kms_crypto_key_iam_member.key1_member] } ``` diff --git a/website/docs/r/eventarc_google_channel_config.html.markdown b/website/docs/r/eventarc_google_channel_config.html.markdown index 1d6fdc3b97..6f24cbde29 100644 --- a/website/docs/r/eventarc_google_channel_config.html.markdown +++ b/website/docs/r/eventarc_google_channel_config.html.markdown @@ -38,13 +38,11 @@ data "google_kms_crypto_key" "key" { key_ring = data.google_kms_key_ring.test_key_ring.id } -resource "google_kms_crypto_key_iam_binding" "key1_binding" { +resource "google_kms_crypto_key_iam_member" "key1_member" { crypto_key_id = data.google_kms_crypto_key.key1.id role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - members = [ - "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com", - ] + member = "serviceAccount:service-${data.google_project.test_project.number}@gcp-sa-eventarc.iam.gserviceaccount.com" } resource "google_eventarc_google_channel_config" "primary" { @@ -52,7 +50,7 @@ resource "google_eventarc_google_channel_config" "primary" { name = "channel" project = "${data.google_project.test_project.project_id}" crypto_key_name = "${data.google_kms_crypto_key.key1.id}" - depends_on = [google_kms_crypto_key_iam_binding.key1_binding] + depends_on = [google_kms_crypto_key_iam_member.key1_member] } ```