2016-11-08 08:27:32 +01:00
|
|
|
package google
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"testing"
|
|
|
|
|
2016-11-14 18:42:11 +01:00
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
2016-11-08 08:27:32 +01:00
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
|
|
"github.com/hashicorp/terraform/terraform"
|
|
|
|
)
|
|
|
|
|
2016-11-23 07:55:40 +01:00
|
|
|
var (
|
|
|
|
projectId = multiEnvSearch([]string{
|
|
|
|
"GOOGLE_PROJECT",
|
|
|
|
"GCLOUD_PROJECT",
|
|
|
|
"CLOUDSDK_CORE_PROJECT",
|
|
|
|
})
|
|
|
|
)
|
|
|
|
|
2016-11-08 08:27:32 +01:00
|
|
|
// Test that a service account resource can be created, updated, and destroyed
|
|
|
|
func TestAccGoogleServiceAccount_basic(t *testing.T) {
|
2016-11-14 18:42:11 +01:00
|
|
|
accountId := "a" + acctest.RandString(10)
|
2016-11-17 18:49:22 +01:00
|
|
|
displayName := "Terraform Test"
|
|
|
|
displayName2 := "Terraform Test Update"
|
2016-11-08 08:27:32 +01:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// The first step creates a basic service account
|
|
|
|
resource.TestStep{
|
2016-11-17 18:49:22 +01:00
|
|
|
Config: testAccGoogleServiceAccountBasic(accountId, displayName),
|
2016-11-08 08:27:32 +01:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleServiceAccountExists("google_service_account.acceptance"),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
// The second step updates the service account
|
|
|
|
resource.TestStep{
|
2016-11-17 18:49:22 +01:00
|
|
|
Config: testAccGoogleServiceAccountBasic(accountId, displayName2),
|
2016-11-08 08:27:32 +01:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
2016-11-17 18:49:22 +01:00
|
|
|
testAccCheckGoogleServiceAccountNameModified("google_service_account.acceptance", displayName2),
|
2016-11-08 08:27:32 +01:00
|
|
|
),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Test that a service account resource can be created with a policy, updated,
|
|
|
|
// and destroyed.
|
|
|
|
func TestAccGoogleServiceAccount_createPolicy(t *testing.T) {
|
2016-11-14 18:42:11 +01:00
|
|
|
accountId := "a" + acctest.RandString(10)
|
2016-11-17 18:49:22 +01:00
|
|
|
displayName := "Terraform Test"
|
2016-11-08 08:27:32 +01:00
|
|
|
resource.Test(t, resource.TestCase{
|
|
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
|
|
Providers: testAccProviders,
|
|
|
|
Steps: []resource.TestStep{
|
|
|
|
// The first step creates a basic service account with an IAM policy
|
|
|
|
resource.TestStep{
|
2016-11-17 18:49:22 +01:00
|
|
|
Config: testAccGoogleServiceAccountPolicy(accountId, projectId),
|
2016-11-08 08:27:32 +01:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
// The second step updates the service account with no IAM policy
|
|
|
|
resource.TestStep{
|
2016-11-17 18:49:22 +01:00
|
|
|
Config: testAccGoogleServiceAccountBasic(accountId, displayName),
|
2016-11-08 08:27:32 +01:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 0),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
// The final step re-applies the IAM policy
|
|
|
|
resource.TestStep{
|
2016-11-17 18:49:22 +01:00
|
|
|
Config: testAccGoogleServiceAccountPolicy(accountId, projectId),
|
2016-11-08 08:27:32 +01:00
|
|
|
Check: resource.ComposeTestCheckFunc(
|
|
|
|
testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccCheckGoogleServiceAccountPolicyCount(r string, n int) resource.TestCheckFunc {
|
|
|
|
return func(s *terraform.State) error {
|
|
|
|
c := testAccProvider.Meta().(*Config)
|
|
|
|
p, err := getServiceAccountIamPolicy(s.RootModule().Resources[r].Primary.ID, c)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Failed to retrieve IAM Policy for service account: %s", err)
|
|
|
|
}
|
|
|
|
if len(p.Bindings) != n {
|
|
|
|
return fmt.Errorf("The service account has %v bindings but %v were expected", len(p.Bindings), n)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccCheckGoogleServiceAccountExists(r string) resource.TestCheckFunc {
|
|
|
|
return func(s *terraform.State) error {
|
|
|
|
rs, ok := s.RootModule().Resources[r]
|
|
|
|
if !ok {
|
|
|
|
return fmt.Errorf("Not found: %s", r)
|
|
|
|
}
|
|
|
|
|
|
|
|
if rs.Primary.ID == "" {
|
|
|
|
return fmt.Errorf("No ID is set")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-17 18:49:22 +01:00
|
|
|
func testAccCheckGoogleServiceAccountNameModified(r, n string) resource.TestCheckFunc {
|
2016-11-08 08:27:32 +01:00
|
|
|
return func(s *terraform.State) error {
|
|
|
|
rs, ok := s.RootModule().Resources[r]
|
|
|
|
if !ok {
|
|
|
|
return fmt.Errorf("Not found: %s", r)
|
|
|
|
}
|
|
|
|
|
2016-11-17 18:49:22 +01:00
|
|
|
if rs.Primary.Attributes["display_name"] != n {
|
|
|
|
return fmt.Errorf("display_name is %q expected %q", rs.Primary.Attributes["display_name"], n)
|
2016-11-08 08:27:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-17 18:49:22 +01:00
|
|
|
func testAccGoogleServiceAccountBasic(account, name string) string {
|
|
|
|
t := `resource "google_service_account" "acceptance" {
|
2016-11-08 08:27:32 +01:00
|
|
|
account_id = "%v"
|
|
|
|
display_name = "%v"
|
2016-11-17 18:49:22 +01:00
|
|
|
}`
|
|
|
|
return fmt.Sprintf(t, account, name)
|
|
|
|
}
|
2016-11-08 08:27:32 +01:00
|
|
|
|
2016-11-17 18:49:22 +01:00
|
|
|
func testAccGoogleServiceAccountPolicy(account, name string) string {
|
|
|
|
|
|
|
|
t := `resource "google_service_account" "acceptance" {
|
2016-11-08 08:27:32 +01:00
|
|
|
account_id = "%v"
|
2016-11-14 20:12:55 +01:00
|
|
|
display_name = "%v"
|
2016-11-08 08:27:32 +01:00
|
|
|
policy_data = "${data.google_iam_policy.service_account.policy_data}"
|
|
|
|
}
|
|
|
|
|
|
|
|
data "google_iam_policy" "service_account" {
|
|
|
|
binding {
|
|
|
|
role = "roles/iam.serviceAccountActor"
|
|
|
|
members = [
|
2016-11-14 18:42:11 +01:00
|
|
|
"serviceAccount:%v@%v.iam.gserviceaccount.com",
|
2016-11-08 08:27:32 +01:00
|
|
|
]
|
|
|
|
}
|
|
|
|
}`
|
2016-11-17 18:49:22 +01:00
|
|
|
|
|
|
|
return fmt.Sprintf(t, account, name, account, projectId)
|
|
|
|
}
|