Add support for IAM bindings on service accounts to project factory (#753)

* Fix #748

* fix linting

* remove trailing whitespace

* update FAST pf

tests/examples/factories/project_factory/fixture/variables.tf

@@ -38,6 +38,19 @@ variable "defaults_file" {
   default     = "./defaults.yaml"
 }
 
+variable "service_accounts" {
+  description = "Service accounts to be created, and roles assigned them on the project."
+  type        = map(list(string))
+  default     = {}
+}
+
+variable "service_accounts_iam" {
+  description = "IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]}"
+  type        = map(map(list(string)))
+  default     = {}
+  nullable    = false
+}
+
 variable "shared_vpc_self_link" {
   description = "Self link for the shared VPC."
   type        = string

tests/examples/factories/project_factory/test_plan.py

@@ -12,7 +12,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-def test_counts(e2e_plan_runner):
+
+def test_plan(e2e_plan_runner):
   "Check for a clean plan"
   modules, resources = e2e_plan_runner()
   assert len(modules) > 0 and len(resources) > 0
+
+
+def test_plan_service_accounts(e2e_plan_runner):
+  "Check for a clean plan"
+  service_accounts = '''{
+    sa-001 = []
+    sa-002 = ["roles/owner"]
+  }'''
+  service_accounts_iam = '''{
+    sa-002 = {
+      "roles/iam.serviceAccountTokenCreator" = ["group:team-1@example.com"]
+    }
+  }'''
+  modules, resources = e2e_plan_runner(
+      service_accounts=service_accounts,
+      service_accounts_iam=service_accounts_iam)
+  assert len(modules) > 0 and len(resources) > 0