Allow granting network user role on host project from project module and factory (#1930)

* Update shared vpc config for project factory and project module for more granular Shared VPC configuration

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>

tests/modules/project/examples/shared-vpc-host-project-iam.yaml

@@ -0,0 +1,62 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.host-project.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
+    project: test-host
+  module.host-project.google_project.project[0]:
+    project_id: test-host
+  module.service-project.google_compute_shared_vpc_service_project.shared_vpc_service[0]:
+    host_project: test-host
+    service_project: test-service
+  module.service-project.google_project.project[0]:
+    project_id: test-service
+  module.service-project.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]:
+    condition: []
+    project: test-host
+    role: roles/compute.networkUser
+  module.service-project.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:container"]:
+    condition: []
+    project: test-host
+    role: roles/compute.networkUser
+  module.service-project.google_project_iam_member.shared_vpc_host_robots["roles/container.hostServiceAgentUser:container"]:
+    condition: []
+    project: test-host
+    role: roles/container.hostServiceAgentUser
+  module.service-project.google_project_iam_member.shared_vpc_host_iam["group:team-1@example.com"]:
+    condition: [ ]
+    project: test-host
+    role: roles/compute.networkUser
+  module.service-project.google_org_policy_policy.default["compute.restrictSharedVpcSubnetworks"]:
+    name: projects/test-service/policies/compute.restrictSharedVpcSubnetworks
+    parent: projects/test-service
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: [ ]
+        deny_all: null
+        enforce: null
+        values:
+        - allowed_values:
+          - projects/host/regions/europe-west1/subnetworks/prod-default-ew1
+          denied_values: null
+
+counts:
+  google_compute_shared_vpc_host_project: 1
+  google_compute_shared_vpc_service_project: 1
+  google_project: 2
+  google_project_iam_member: 5
+  google_org_policy_policy: 1

tests/modules/project/examples/shared-vpc-subnet-grants.yaml

@@ -57,10 +57,10 @@ values:
 counts:
   google_compute_shared_vpc_host_project: 1
   google_compute_shared_vpc_service_project: 1
-  google_compute_subnetwork_iam_member: 1
+  google_compute_subnetwork_iam_member: 2
   google_project: 2
   google_project_service: 1
   modules: 2
-  resources: 6
+  resources: 7
 
 outputs: {}