From 8a4dbdd827d6a8028d898f38cae80edec58def61 Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 12 Nov 2024 14:58:48 -0800 Subject: [PATCH] pubsub: additional test permissions fixes (#12311) (#20312) [upstream:8ff36d326452a6ae220d06ca5e5bfb51f839a5b5] Signed-off-by: Modular Magician --- .changelog/12311.txt | 3 ++ ...urce_pubsub_subscription_generated_test.go | 13 +++++---- .../resource_pubsub_subscription_test.go | 29 ++++++------------- .../docs/r/pubsub_subscription.html.markdown | 13 +++++---- 4 files changed, 28 insertions(+), 30 deletions(-) create mode 100644 .changelog/12311.txt diff --git a/.changelog/12311.txt b/.changelog/12311.txt new file mode 100644 index 00000000000..42b910df155 --- /dev/null +++ b/.changelog/12311.txt @@ -0,0 +1,3 @@ +```release-note:none + +``` \ No newline at end of file diff --git a/google/services/pubsub/resource_pubsub_subscription_generated_test.go b/google/services/pubsub/resource_pubsub_subscription_generated_test.go index a58f94a6fd0..cedee3d2adb 100644 --- a/google/services/pubsub/resource_pubsub_subscription_generated_test.go +++ b/google/services/pubsub/resource_pubsub_subscription_generated_test.go @@ -410,24 +410,27 @@ resource "google_pubsub_subscription" "example" { service_account_email = google_service_account.bq_write_service_account.email } - depends_on = [google_service_account.bq_write_service_account, google_project_iam_member.viewer, google_project_iam_member.editor] + depends_on = [ + google_service_account.bq_write_service_account, + google_project_iam_member.bigquery_metadata_viewer, + google_project_iam_member.bigquery_data_editor + ] } -data "google_project" "project" { -} +data "google_project" "project" {} resource "google_service_account" "bq_write_service_account" { account_id = "tf-test-example-bqw%{random_suffix}" display_name = "BQ Write Service Account" } -resource "google_project_iam_member" "viewer" { +resource "google_project_iam_member" "bigquery_metadata_viewer" { project = data.google_project.project.project_id role = "roles/bigquery.metadataViewer" member = "serviceAccount:${google_service_account.bq_write_service_account.email}" } -resource "google_project_iam_member" "editor" { +resource "google_project_iam_member" "bigquery_data_editor" { project = data.google_project.project.project_id role = "roles/bigquery.dataEditor" member = "serviceAccount:${google_service_account.bq_write_service_account.email}" diff --git a/google/services/pubsub/resource_pubsub_subscription_test.go b/google/services/pubsub/resource_pubsub_subscription_test.go index a3035c9330b..400f748efa4 100644 --- a/google/services/pubsub/resource_pubsub_subscription_test.go +++ b/google/services/pubsub/resource_pubsub_subscription_test.go @@ -685,6 +685,7 @@ resource "google_pubsub_subscription" "foo" { func testAccPubsubSubscriptionBigQuery_basic(dataset, table, topic, subscription string, useTableSchema bool, serviceAccountId string) string { serviceAccountEmailField := "" serviceAccountResource := "" + tfDependencies := "" if serviceAccountId != "" { serviceAccountResource = fmt.Sprintf(` resource "google_service_account" "bq_write_service_account" { @@ -692,34 +693,24 @@ resource "google_service_account" "bq_write_service_account" { display_name = "BQ Write Service Account" } -resource "google_project_iam_member" "viewer" { +resource "google_project_iam_member" "bigquery_metadata_viewer" { project = data.google_project.project.project_id role = "roles/bigquery.metadataViewer" member = "serviceAccount:${google_service_account.bq_write_service_account.email}" } -resource "google_project_iam_member" "editor" { +resource "google_project_iam_member" "bigquery_data_editor" { project = data.google_project.project.project_id role = "roles/bigquery.dataEditor" member = "serviceAccount:${google_service_account.bq_write_service_account.email}" }`, serviceAccountId) serviceAccountEmailField = "service_account_email = google_service_account.bq_write_service_account.email" + tfDependencies = ` google_project_iam_member.bigquery_metadata_viewer, + google_project_iam_member.bigquery_data_editor, + time_sleep.wait_30_seconds,` } else { - serviceAccountResource = fmt.Sprintf(` -resource "google_project_iam_member" "viewer" { - project = data.google_project.project.project_id - role = "roles/bigquery.metadataViewer" - member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "editor" { - project = data.google_project.project.project_id - role = "roles/bigquery.dataEditor" - member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com" -} - `) + tfDependencies = " time_sleep.wait_30_seconds," } - return fmt.Sprintf(` data "google_project" "project" {} @@ -765,12 +756,10 @@ resource "google_pubsub_subscription" "foo" { } depends_on = [ - google_project_iam_member.viewer, - google_project_iam_member.editor, - time_sleep.wait_30_seconds, + %s ] } - `, serviceAccountResource, dataset, table, topic, subscription, useTableSchema, serviceAccountEmailField) + `, serviceAccountResource, dataset, table, topic, subscription, useTableSchema, serviceAccountEmailField, tfDependencies) } func testAccPubsubSubscriptionCloudStorage_basic(bucket, topic, subscription, filenamePrefix, filenameSuffix, filenameDatetimeFormat string, maxBytes int, maxDuration string, maxMessages int, serviceAccountId, outputFormat string) string { diff --git a/website/docs/r/pubsub_subscription.html.markdown b/website/docs/r/pubsub_subscription.html.markdown index 72273216801..b31f51afbe6 100644 --- a/website/docs/r/pubsub_subscription.html.markdown +++ b/website/docs/r/pubsub_subscription.html.markdown @@ -273,24 +273,27 @@ resource "google_pubsub_subscription" "example" { service_account_email = google_service_account.bq_write_service_account.email } - depends_on = [google_service_account.bq_write_service_account, google_project_iam_member.viewer, google_project_iam_member.editor] + depends_on = [ + google_service_account.bq_write_service_account, + google_project_iam_member.bigquery_metadata_viewer, + google_project_iam_member.bigquery_data_editor + ] } -data "google_project" "project" { -} +data "google_project" "project" {} resource "google_service_account" "bq_write_service_account" { account_id = "example-bqw" display_name = "BQ Write Service Account" } -resource "google_project_iam_member" "viewer" { +resource "google_project_iam_member" "bigquery_metadata_viewer" { project = data.google_project.project.project_id role = "roles/bigquery.metadataViewer" member = "serviceAccount:${google_service_account.bq_write_service_account.email}" } -resource "google_project_iam_member" "editor" { +resource "google_project_iam_member" "bigquery_data_editor" { project = data.google_project.project.project_id role = "roles/bigquery.dataEditor" member = "serviceAccount:${google_service_account.bq_write_service_account.email}"