Support context interpolation for PAM email recipients (#3903)

2026-04-24 18:29:31 +02:00
parent d22320fe62
commit fb33752d8d
5 changed files with 88 additions and 15 deletions
--- a/tests/modules/organization/context.tfvars
+++ b/tests/modules/organization/context.tfvars
@@ -149,9 +149,14 @@ pam_entitlements = {
    manual_approvals = {
      require_approver_justification = true
      steps = [{
-        approvers = ["$iam_principals:mygroup"]
+        approvers                 = ["$iam_principals:mygroup"]
+        approver_email_recipients = ["$email_addresses:default"]
      }]
    }
+    additional_notification_targets = {
+      admin_email_recipients     = ["$email_addresses:default"]
+      requester_email_recipients = ["$email_addresses:default"]
+    }
    eligible_users = ["$iam_principals:mygroup"]
    privileged_access = [
      { role = "roles/compute.networkAdmin" },
--- a/tests/modules/organization/context.yaml
+++ b/tests/modules/organization/context.yaml
@@ -165,13 +165,18 @@ values:
    org_id: '1234567890'
    role: organizations/366118655033/roles/myRoleTwo
  google_privileged_access_manager_entitlement.default["net-admins"]:
-    additional_notification_targets: []
+    additional_notification_targets:
+    - admin_email_recipients:
+      - foo@example.com
+      requester_email_recipients:
+      - foo@example.com
    approval_workflow:
    - manual_approvals:
      - require_approver_justification: true
        steps:
        - approvals_needed: 1
-          approver_email_recipients: null
+          approver_email_recipients:
+          - foo@example.com
          approvers:
          - principals:
            - group:test-group@example.com