E2E: Align triggers location to the bucket

modules/cloud-run-v2/README.md

@@ -644,10 +644,19 @@ module "cloud_run" {
         }
       }
     }
+    service_account_email = module.iam-service-account.email
   }
   deletion_protection = false
+  depends_on          = [google_project_iam_member.trigger_sa_event_receiver]
 }
-# tftest fixtures=fixtures/gcs.tf inventory=service-eventarc-storage.yaml e2e
+
+resource "google_project_iam_member" "trigger_sa_event_receiver" {
+  member  = module.iam-service-account.iam_email
+  project = var.project_id
+  role    = "roles/eventarc.eventReceiver"
+}
+
+# tftest fixtures=fixtures/gcs.tf,fixtures/iam-service-account.tf inventory=service-eventarc-storage.yaml e2e
 ```
 
 ### Using custom service accounts for triggers
@@ -675,11 +684,11 @@ module "cloud_run" {
           service = "cloudresourcemanager.googleapis.com"
         }
       }
-      service_account_email = "cloud-run-trigger@my-project.iam.gserviceaccount.com"
+      service_account_email = module.iam-service-account.email
     }
   }
 }
-# tftest inventory=service-eventarc-auditlogs-external-sa.yaml
+# tftest fixtures=fixtures/iam-service-account.tf inventory=service-eventarc-auditlogs-external-sa.yaml e2e
 ```
 
 Example using automatically created service account:
@@ -734,7 +743,7 @@ module "cloud_run" {
   }
   deletion_protection = false
 }
-# tftest modules=2 resources=6 fixtures=fixtures/gcs.tf inventory=service-eventarc-storage-sa-create.yaml e2e
+# tftest fixtures=fixtures/gcs.tf inventory=service-eventarc-storage-sa-create.yaml e2e
 ```
 
 ## Cloud Run Invoker IAM Disable

modules/cloud-run-v2/main.tf

@@ -167,6 +167,9 @@ resource "google_eventarc_trigger" "storage_triggers" {
     }
   }
   service_account = local.trigger_sa_email
+  depends_on = [
+    google_project_iam_member.trigger_sa_event_receiver
+  ]
 }
 
 resource "google_service_account" "trigger_service_account" {
@@ -175,3 +178,10 @@ resource "google_service_account" "trigger_service_account" {
   account_id   = "tf-cr-trigger-${var.name}"
   display_name = "Terraform trigger for Cloud Run ${var.name}."
 }
+
+resource "google_project_iam_member" "trigger_sa_event_receiver" {
+  count   = local.trigger_sa_create ? 1 : 0
+  member  = google_service_account.trigger_service_account[0].member
+  project = var.project_id
+  role    = "roles/eventarc.eventReceiver"
+}

tests/fixtures/gcs.tf

@@ -17,7 +17,7 @@ module "gcs" {
   project_id = var.project_id
   prefix     = var.prefix
   name       = "my-bucket"
-  location   = "EU"
+  location   = var.region
   iam = {
     "roles/storage.admin" = ["serviceAccount:service-${var.project_number}@gcp-sa-pubsub.iam.gserviceaccount.com"]
   }

tests/modules/cloud_run_v2/examples/service-eventarc-auditlogs-external-sa.yaml

@@ -49,12 +49,12 @@ values:
         value: google.cloud.audit.log.v1.written
     name: audit-log-setiampolicy
     project: project-id
-    service_account: cloud-run-trigger@my-project.iam.gserviceaccount.com
+    service_account: fixture-service-account@project-id.iam.gserviceaccount.com
 
 counts:
   google_cloud_run_v2_service: 1
   google_eventarc_trigger: 1
-  modules: 1
-  resources: 2
+  modules: 2
+  resources: 3
 
 outputs: {}

tests/modules/cloud_run_v2/examples/service-eventarc-auditlogs-sa-create.yaml

@@ -69,6 +69,6 @@ counts:
   google_eventarc_trigger: 1
   google_service_account: 1
   modules: 1
-  resources: 4
+  resources: 5
 
 outputs: {}

tests/modules/cloud_run_v2/examples/service-eventarc-pubsub-sa-create.yaml

@@ -66,6 +66,6 @@ counts:
   google_eventarc_trigger: 1
   google_service_account: 1
   modules: 2
-  resources: 6
+  resources: 7
 
 outputs: {}

tests/modules/cloud_run_v2/examples/service-eventarc-storage-sa-create.yaml

@@ -68,6 +68,6 @@ counts:
   google_eventarc_trigger: 1
   google_service_account: 1
   modules: 2
-  resources: 6
+  resources: 7
 
 outputs: {}

tests/modules/cloud_run_v2/examples/service-eventarc-storage.yaml

@@ -47,12 +47,12 @@ values:
         value: google.cloud.storage.object.v1.finalized
     name: storage-bucket-upload
     project: project-id
-    service_account: null
+    service_account: fixture-service-account@project-id.iam.gserviceaccount.com
 
 counts:
   google_cloud_run_v2_service: 1
   google_eventarc_trigger: 1
-  modules: 2
-  resources: 4
+  modules: 3
+  resources: 6
 
 outputs: {}