Use context prefixes for auto service grants

tests/fixtures/shared-vpc.tf

@@ -56,7 +56,7 @@ module "project-service" {
   shared_vpc_service_config = {
     host_project = module.project-host.project_id
     # reuse the list of services from the module's outputs
-    service_iam_grants = module.project-service.services
+    service_iam_grants = [for service in module.project-service.services : "$service_agents:${service}"]
   }
 }
 

tests/modules/cloud_run_v2/examples/service-vpc-access-connector-create-sharedvpc.yaml

@@ -39,11 +39,20 @@ values:
     subnet:
       - name: fixture-subnet-28
         project_id: test-host
+  # those IAM grants from shared-vpc.tf fixture are necessary for successful connector deployment
+  module.project-service.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]:
+    condition: []
+    project: test-host
+    role: roles/compute.networkUser
+  module.project-service.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:vpcaccess"]:
+    condition: []
+    project: test-host
+    role: roles/compute.networkUser
 
 counts:
   google_cloud_run_v2_service: 1
   google_vpc_access_connector: 1
   modules: 4
-  resources: 55
+  resources: 59
 
 outputs: {}