Update kms module key-level IAM

tests/modules/kms/examples/basic.yaml

@@ -18,37 +18,26 @@ values:
     name: key-a
     purpose: ENCRYPT_DECRYPT
     rotation_period: null
-    skip_initial_version_creation: null
-    timeouts: null
+    skip_initial_version_creation: false
   module.kms.google_kms_crypto_key.default["key-b"]:
     labels: null
     name: key-b
     purpose: ENCRYPT_DECRYPT
     rotation_period: 604800s
-    skip_initial_version_creation: null
-    timeouts: null
+    skip_initial_version_creation: false
   module.kms.google_kms_crypto_key.default["key-c"]:
     labels:
       env: test
     name: key-c
     purpose: ENCRYPT_DECRYPT
     rotation_period: null
-    skip_initial_version_creation: null
-    timeouts: null
-  module.kms.google_kms_crypto_key_iam_binding.default["key-a.roles/cloudkms.admin"]:
+    skip_initial_version_creation: false
+  module.kms.google_kms_crypto_key_iam_binding.authoritative["key-a.roles/cloudkms.admin"]:
     condition: []
     members:
     - user:user3@example.com
     role: roles/cloudkms.admin
-  ? module.kms.google_kms_crypto_key_iam_member.default["key-b.roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user4@example.com"]
-  : condition: []
-    member: user:user4@example.com
-    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
-  ? module.kms.google_kms_crypto_key_iam_member.default["key-b.roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user5@example.com"]
-  : condition: []
-    member: user:user5@example.com
-    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
-  module.kms.google_kms_crypto_key_iam_member.members["key-b-am1"]:
+  module.kms.google_kms_crypto_key_iam_member.members["key-b-iam1"]:
     condition: []
     member: user:am1@example.com
     role: roles/cloudkms.cryptoKeyEncrypterDecrypter
@@ -56,23 +45,9 @@ values:
     location: europe-west1
     name: test
     project: my-project
-    timeouts: null
-  module.kms.google_kms_key_ring_iam_member.default["roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user1@example.com"]:
-    condition: []
-    member: user:user1@example.com
-    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
-  module.kms.google_kms_key_ring_iam_member.default["roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user2@example.com"]:
-    condition: []
-    member: user:user2@example.com
-    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
 
 counts:
   google_kms_crypto_key: 3
   google_kms_crypto_key_iam_binding: 1
-  google_kms_crypto_key_iam_member: 3
+  google_kms_crypto_key_iam_member: 1
   google_kms_key_ring: 1
-  google_kms_key_ring_iam_member: 2
-  modules: 1
-  resources: 10
-
-outputs: {}

tests/modules/kms/examples/purpose.yaml

@@ -15,25 +15,19 @@
 values:
   module.kms.google_kms_crypto_key.default["key-a"]:
     name: key-a
-    purpose: ENCRYPT_DECRYPT
-  module.kms.google_kms_crypto_key.default["key-b"]:
-    name: key-b
-    purpose: ENCRYPT_DECRYPT
-  module.kms.google_kms_crypto_key.default["key-c"]:
-    name: key-c
     purpose: ASYMMETRIC_SIGN
     version_template:
     - algorithm: EC_SIGN_P384_SHA384
-      protection_level: SOFTWARE
+      protection_level: HSM
   module.kms.google_kms_key_ring.default[0]:
     location: europe-west1
     name: test
     project: my-project
 
 counts:
-  google_kms_crypto_key: 3
+  google_kms_crypto_key: 1
   google_kms_key_ring: 1
   modules: 1
-  resources: 4
+  resources: 2
 
 outputs: {}