Merge branch 'master' into elia-gcve

tests/modules/dataplex_datascan/examples/datascan_iam.yaml

@@ -58,7 +58,7 @@ values:
     - group:user-group@example.com
     project: my-project-name
     role: roles/dataplex.dataScanViewer
-  module.dataplex-datascan.google_dataplex_datascan_iam_member.members["am1-viewer"]:
+  module.dataplex-datascan.google_dataplex_datascan_iam_member.bindings["am1-viewer"]:
     condition: []
     data_scan_id: test-datascan
     location: us-central1

tests/modules/folder/examples/iam-policy.yaml

@@ -1,27 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  module.folder.google_folder.folder[0]:
-    display_name: my-folder
-    parent: folders/657104291943
-    timeouts: null
-  module.folder.google_folder_iam_policy.authoritative[0]:
-    policy_data: '{"auditConfigs":[{"auditLogConfigs":[{"exemptedMembers":["group:organization-admins@example.org"],"logType":"ADMIN_READ"}],"service":"allServices"},{"auditLogConfigs":[{"logType":"DATA_WRITE"},{"logType":"DATA_READ"}],"service":"storage.googleapis.com"}],"bindings":[{"members":["group:org-admins@example.com"],"role":"roles/owner"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.folderAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.organizationAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.projectCreator"}]}'
-
-counts:
-  google_folder: 1
-  google_folder_iam_policy: 1
-  modules: 1
-  resources: 2

tests/modules/folder/examples/iam.yaml

@@ -33,27 +33,7 @@ values:
     members:
     - group:cloud-owners@example.org
     role: roles/resourcemanager.projectCreator
-  module.folder.google_folder_iam_member.additive["roles/compute.admin-user:a1@example.org"]:
-    condition: []
-    member: user:a1@example.org
-    role: roles/compute.admin
-  module.folder.google_folder_iam_member.additive["roles/compute.admin-user:a2@example.org"]:
-    condition: []
-    member: user:a2@example.org
-    role: roles/compute.admin
-  module.folder.google_folder_iam_member.additive["roles/compute.viewer-user:a2@example.org"]:
-    condition: []
-    member: user:a2@example.org
-    role: roles/compute.viewer
-  module.folder.google_folder_iam_member.additive["roles/storage.admin-user:am1@example.org"]:
-    condition: []
-    member: user:am1@example.org
-    role: roles/storage.admin
-  module.folder.google_folder_iam_member.additive["roles/storage.objectViewer-user:am2@example.org"]:
-    condition: []
-    member: user:am2@example.org
-    role: roles/storage.objectViewer
-  module.folder.google_folder_iam_member.members["am1-storage-admin"]:
+  module.folder.google_folder_iam_member.bindings["am1-storage-admin"]:
     condition: []
     member: user:am1@example.org
     role: roles/storage.admin
@@ -61,8 +41,9 @@ values:
 counts:
   google_folder: 1
   google_folder_iam_binding: 3
-  google_folder_iam_member: 6
+  google_folder_iam_member: 1
   modules: 1
-  resources: 10
+  resources: 5
 
 outputs: {}
+

tests/modules/iam_service_account/examples/basic.yaml

@@ -27,7 +27,7 @@ values:
     display_name: Terraform-managed.
     project: myproject
     timeouts: null
-  module.myproject-default-service-accounts.google_service_account_iam_binding.roles["roles/iam.serviceAccountUser"]:
+  module.myproject-default-service-accounts.google_service_account_iam_binding.authoritative["roles/iam.serviceAccountUser"]:
     condition: []
     members:
     - user:foo@example.com

tests/modules/net_vpc/examples/factory.yaml

@@ -14,12 +14,66 @@
 
 values:
   module.vpc.google_compute_network.network[0]:
+    auto_create_subnetworks: false
+    delete_default_routes_on_create: false
+    description: Terraform-managed.
+    enable_ula_internal_ipv6: null
     name: my-network
+    network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
     project: my-project
     routing_mode: GLOBAL
+    timeouts: null
+  module.vpc.google_compute_route.gateway["private-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.8/30
+    name: my-network-private-googleapis
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: my-project
+    tags: null
+    timeouts: null
+  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.4/30
+    name: my-network-restricted-googleapis
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: my-project
+    tags: null
+    timeouts: null
+  module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
+    description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal
+      HTTPS LB.
+    ip_cidr_range: 10.1.0.0/24
+    ipv6_access_type: null
+    log_config: []
+    name: subnet-proxy
+    project: my-project
+    purpose: REGIONAL_MANAGED_PROXY
+    region: europe-west4
+    role: ACTIVE
+    timeouts: null
+  module.vpc.google_compute_subnetwork.psc["europe-west4/subnet-psc"]:
+    description: Terraform-managed subnet for Private Service Connect (PSC NAT).
+    ip_cidr_range: 10.2.0.0/24
+    ipv6_access_type: null
+    log_config: []
+    name: subnet-psc
+    project: my-project
+    purpose: PRIVATE_SERVICE_CONNECT
+    region: europe-west4
+    role: null
+    timeouts: null
   module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-detailed"]:
     description: Sample description
     ip_cidr_range: 10.0.0.0/24
+    ipv6_access_type: null
     log_config:
     - aggregation_interval: INTERVAL_5_SEC
       filter_expr: 'true'
@@ -34,9 +88,11 @@ values:
     secondary_ip_range:
     - ip_cidr_range: 192.168.0.0/24
       range_name: secondary-range-a
+    timeouts: null
   module.vpc.google_compute_subnetwork.subnetwork["europe-west4/simple"]:
     description: Terraform-managed.
     ip_cidr_range: 10.0.1.0/24
+    ipv6_access_type: null
     log_config: []
     name: simple
     private_ip_google_access: true
@@ -44,9 +100,11 @@ values:
     region: europe-west4
     role: null
     secondary_ip_range: []
+    timeouts: null
   module.vpc.google_compute_subnetwork.subnetwork["europe-west8/simple"]:
     description: Terraform-managed.
     ip_cidr_range: 10.0.2.0/24
+    ipv6_access_type: null
     log_config: []
     name: simple
     private_ip_google_access: true
@@ -54,7 +112,8 @@ values:
     region: europe-west8
     role: null
     secondary_ip_range: []
-  module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-detailed.roles/compute.networkUser"]:
+    timeouts: null
+  module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-detailed.roles/compute.networkUser"]:
     condition: []
     members:
     - group:lorem@example.com
@@ -64,16 +123,13 @@ values:
     region: europe-west1
     role: roles/compute.networkUser
     subnetwork: subnet-detailed
-  module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
-    region: europe-west4
-    ip_cidr_range: 10.1.0.0/24
-    purpose: REGIONAL_MANAGED_PROXY
-  module.vpc.google_compute_subnetwork.psc["europe-west4/subnet-psc"]:
-    region: europe-west4
-    ip_cidr_range: 10.2.0.0/24
-    purpose: PRIVATE_SERVICE_CONNECT
 
 counts:
   google_compute_network: 1
+  google_compute_route: 2
   google_compute_subnetwork: 5
   google_compute_subnetwork_iam_binding: 1
+  modules: 1
+  resources: 9
+
+outputs: {}

tests/modules/net_vpc/examples/shared-vpc.yaml

@@ -30,7 +30,7 @@ values:
       range_name: pods
     - ip_cidr_range: 192.168.0.0/24
       range_name: services
-  module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
+  module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
     condition: []
     members:
     - serviceAccount:cloudsvc
@@ -39,7 +39,7 @@ values:
     region: europe-west1
     role: roles/compute.networkUser
     subnetwork: subnet-1
-  module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.securityAdmin"]:
+  module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.securityAdmin"]:
     condition: []
     members:
     - serviceAccount:gke

tests/modules/net_vpc/examples/subnet-iam.yaml

@@ -71,7 +71,7 @@ values:
     role: null
     secondary_ip_range: []
     timeouts: null
-  module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
+  module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
     condition: []
     members:
     - group:group1@example.com
@@ -80,21 +80,18 @@ values:
     region: europe-west1
     role: roles/compute.networkUser
     subnetwork: subnet-1
-  ? module.vpc.google_compute_subnetwork_iam_member.binding["europe-west1/subnet-2.roles/compute.networkUser.group:group2@example.com"]
-  : condition: []
-    member: group:group2@example.com
+  module.vpc.google_compute_subnetwork_iam_binding.bindings["europe-west1/subnet-1.roles/compute.networkUser.test_condition"]:
+    condition:
+    - description: null
+      expression: resource.matchTag('123456789012/env', 'prod')
+      title: test_condition
+    members:
+    - group:group2@example.com
     project: my-project
     region: europe-west1
     role: roles/compute.networkUser
-    subnetwork: subnet-2
-  ? module.vpc.google_compute_subnetwork_iam_member.binding["europe-west1/subnet-2.roles/compute.networkUser.user:user2@example.com"]
-  : condition: []
-    member: user:user2@example.com
-    project: my-project
-    region: europe-west1
-    role: roles/compute.networkUser
-    subnetwork: subnet-2
-  module.vpc.google_compute_subnetwork_iam_member.members["subnet-2-am1"]:
+    subnetwork: subnet-1
+  module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-am1"]:
     condition: []
     member: user:am1@example.com
     project: my-project
@@ -106,9 +103,9 @@ counts:
   google_compute_network: 1
   google_compute_route: 2
   google_compute_subnetwork: 2
-  google_compute_subnetwork_iam_binding: 1
-  google_compute_subnetwork_iam_member: 3
+  google_compute_subnetwork_iam_binding: 2
+  google_compute_subnetwork_iam_member: 1
   modules: 1
-  resources: 9
+  resources: 8
 
 outputs: {}

tests/modules/net_vpc/psa_routes_export.yaml

@@ -46,7 +46,6 @@ counts:
   google_service_networking_connection: 1
 
 outputs:
-  bindings: {}
   name: __missing__
   network: __missing__
   project_id: test-project

tests/modules/net_vpc/psa_routes_import.yaml

@@ -46,7 +46,6 @@ counts:
   google_service_networking_connection: 1
 
 outputs:
-  bindings: {}
   name: __missing__
   network: __missing__
   project_id: test-project

tests/modules/net_vpc/psa_routes_import_export.yaml

@@ -46,7 +46,6 @@ counts:
   google_service_networking_connection: 1
 
 outputs:
-  bindings: {}
   name: __missing__
   network: __missing__
   project_id: test-project

tests/modules/net_vpc/shared_vpc.yaml

@@ -35,7 +35,6 @@ counts:
   google_compute_shared_vpc_service_project: 2
 
 outputs:
-  bindings: {}
   project_id: test-project
   subnet_ips: {}
   subnet_regions: {}

tests/modules/organization/examples/basic.yaml

@@ -166,17 +166,7 @@ values:
     - group:cloud-admins@example.org
     org_id: '1234567890'
     role: roles/resourcemanager.projectCreator
-  module.org.google_organization_iam_member.additive["roles/compute.admin-user:compute@example.org"]:
-    condition: []
-    member: user:compute@example.org
-    org_id: '1234567890'
-    role: roles/compute.admin
-  module.org.google_organization_iam_member.additive["roles/container.viewer-user:compute@example.org"]:
-    condition: []
-    member: user:compute@example.org
-    org_id: '1234567890'
-    role: roles/container.viewer
-  module.org.google_organization_iam_member.members["am1-storage-admin"]:
+  module.org.google_organization_iam_member.bindings["am1-storage-admin"]:
     condition: []
     member: user:am1@example.org
     org_id: '1234567890'
@@ -200,10 +190,10 @@ values:
 counts:
   google_org_policy_policy: 8
   google_organization_iam_binding: 3
-  google_organization_iam_member: 3
+  google_organization_iam_member: 1
   google_tags_tag_key: 1
   google_tags_tag_value: 2
   modules: 1
-  resources: 17
+  resources: 15
 
 outputs: {}

tests/modules/organization/examples/iam-policy.yaml

@@ -1,23 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  module.org.google_organization_iam_policy.authoritative[0]:
-    org_id: '1122334455'
-    policy_data: '{"auditConfigs":[{"auditLogConfigs":[{"exemptedMembers":["group:organization-admins@example.org"],"logType":"ADMIN_READ"}],"service":"allServices"},{"auditLogConfigs":[{"logType":"DATA_WRITE"},{"logType":"DATA_READ"}],"service":"storage.googleapis.com"}],"bindings":[{"members":["group:org-admins@example.com"],"role":"roles/owner"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.folderAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.organizationAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.projectCreator"}]}'
-
-counts:
-  google_organization_iam_policy: 1
-  modules: 1
-  resources: 1

tests/modules/organization/test_plan_org_policies_modules.py

@@ -57,9 +57,9 @@ def test_policy_implementation():
       '@@ -116,0 +117,9 @@\n',
       '+  depends_on = [\n',
       '+    google_organization_iam_binding.authoritative,\n',
+      '+    google_organization_iam_binding.bindings,\n',
+      '+    google_organization_iam_member.bindings,\n',
       '+    google_organization_iam_custom_role.roles,\n',
-      '+    google_organization_iam_member.additive,\n',
-      '+    google_organization_iam_policy.authoritative,\n',
       '+    google_org_policy_custom_constraint.constraint,\n',
       '+    google_tags_tag_key.default,\n',
       '+    google_tags_tag_value.default,\n',

tests/modules/project/examples/iam-additive-members.yaml

@@ -1,33 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  module.project.google_project.project[0]:
-    project_id: project-example
-  module.project.google_project_iam_member.additive["roles/editor-user:two@example.org"]:
-    condition: []
-    project: project-example
-    role: roles/editor
-  module.project.google_project_iam_member.additive["roles/owner-user:one@example.org"]:
-    condition: []
-    project: project-example
-    role: roles/owner
-  module.project.google_project_iam_member.additive["roles/owner-user:two@example.org"]:
-    condition: []
-    project: project-example
-    role: roles/owner
-
-counts:
-  google_project: 1
-  google_project_iam_member: 3

tests/modules/project/examples/iam-additive.yaml

@@ -1,36 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  module.project.google_project.project[0]: {}
-  module.project.google_project_iam_member.additive["roles/owner-group:three@example.org"]:
-    condition: []
-    project: project-example
-    role: roles/owner
-  module.project.google_project_iam_member.additive["roles/storage.objectAdmin-group:two@example.org"]:
-    condition: []
-    project: project-example
-    role: roles/storage.objectAdmin
-  module.project.google_project_iam_member.additive["roles/viewer-group:one@example.org"]:
-    condition: []
-    project: project-example
-    role: roles/viewer
-  module.project.google_project_iam_member.additive["roles/viewer-group:two@xample.org"]:
-    condition: []
-    project: project-example
-    role: roles/viewer
-
-counts:
-  google_project: 1
-  google_project_iam_member: 4

tests/modules/project/examples/iam-authoritative.yaml

@@ -13,7 +13,16 @@
 # limitations under the License.
 
 values:
-  module.project.google_project.project[0]: {}
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    folder_id: '1234567890'
+    labels: null
+    name: foo-project-example
+    org_id: null
+    project_id: foo-project-example
+    skip_delete: false
+    timeouts: null
   module.project.google_project_iam_binding.authoritative["roles/container.hostServiceAgentUser"]:
     condition: []
     members:
@@ -37,3 +46,8 @@ counts:
   google_project: 1
   google_project_iam_binding: 1
   google_project_service: 2
+  modules: 1
+  resources: 4
+
+outputs: {}
+

tests/modules/project/examples/iam-bindings-additive.yaml

@@ -0,0 +1,46 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: null
+    folder_id: null
+    labels: null
+    name: project-1
+    org_id: null
+    project_id: project-1
+    skip_delete: false
+    timeouts: null
+  module.project.google_project_iam_member.bindings["group-owner"]:
+    condition: []
+    member: group:p1-owners@example.org
+    project: project-1
+    role: roles/owner
+  module.project.google_project_service.project_services["compute.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: project-1
+    service: compute.googleapis.com
+    timeouts: null
+
+counts:
+  google_project: 1
+  google_project_iam_member: 1
+  google_project_service: 1
+  modules: 1
+  resources: 3
+
+outputs: {}
+

tests/modules/project/examples/iam-bindings.yaml

@@ -15,44 +15,43 @@
 values:
   module.project.google_project.project[0]:
     auto_create_network: false
-    billing_account: null
-    folder_id: null
+    billing_account: 123456-123456-123456
+    folder_id: '1234567890'
     labels: null
-    name: project-example
+    name: foo-project-example
     org_id: null
-    project_id: project-example
+    project_id: foo-project-example
     skip_delete: false
     timeouts: null
-  module.project.google_project_iam_member.members["one-delegated-grant"]:
+  module.project.google_project_iam_binding.bindings["roles/resourcemanager.projectIamAdmin"]:
     condition:
     - description: null
       expression: "api.getAttribute(\n  'iam.googleapis.com/modifiedGrantsByRole',\
         \ []\n).hasOnly([\n  'roles/compute.networkAdmin'\n])\n"
       title: delegated_network_user_one
-    member: user:one@example.org
-    project: project-example
+    members:
+    - group:test-admins@example.org
+    project: foo-project-example
     role: roles/resourcemanager.projectIamAdmin
-  module.project.google_project_iam_member.members["one-owner"]:
-    condition: []
-    member: user:one@example.org
-    project: project-example
-    role: roles/owner
-  module.project.google_project_iam_member.members["two-compute-admin"]:
-    condition: []
-    member: user:two@example.org
-    project: project-example
-    role: roles/compute.admin
-  module.project.google_project_iam_member.members["two-viewer"]:
-    condition: []
-    member: user:two@example.org
-    project: project-example
-    role: roles/viewer
+  module.project.google_project_service.project_services["container.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: foo-project-example
+    service: container.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: foo-project-example
+    service: stackdriver.googleapis.com
+    timeouts: null
 
 counts:
   google_project: 1
-  google_project_iam_member: 4
+  google_project_iam_binding: 1
+  google_project_service: 2
   modules: 1
-  resources: 5
+  resources: 4
 
 outputs: {}
 

tests/modules/project/examples/iam-policy.yaml

@@ -1,34 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  module.project.google_project.project[0]:
-    auto_create_network: false
-    billing_account: 123456-123456-123456
-    folder_id: '1234567890'
-    labels: null
-    name: my-project
-    org_id: null
-    project_id: my-project
-    skip_delete: false
-    timeouts: null
-  module.project.google_project_iam_policy.authoritative[0]:
-    policy_data: '{"auditConfigs":[{"auditLogConfigs":[{"exemptedMembers":["group:organization-admins@example.org"],"logType":"ADMIN_READ"}],"service":"allServices"},{"auditLogConfigs":[{"logType":"DATA_WRITE"},{"logType":"DATA_READ"}],"service":"storage.googleapis.com"}],"bindings":[{"members":["group:org-admins@example.com"],"role":"roles/owner"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.folderAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.organizationAdmin"},{"members":["group:org-admins@example.com"],"role":"roles/resourcemanager.projectCreator"}]}'
-    project: my-project
-
-counts:
-  google_project: 1
-  google_project_iam_policy: 1
-  modules: 1
-  resources: 2

tests/modules/source_repository/examples/simple.yaml

@@ -25,7 +25,7 @@ values:
     project: my-project
     repository: my-repo
     role: roles/source.reader
-  module.repo.google_sourcerepo_repository_iam_member.members["am1-reader"]:
+  module.repo.google_sourcerepo_repository_iam_member.bindings["am1-reader"]:
     condition: []
     member: user:am1@example.com
     project: my-project
@@ -40,3 +40,4 @@ counts:
   resources: 3
 
 outputs: {}
+