E2E: Align triggers location to the bucket
This commit is contained in:
Wiktor Niesiobędzki
@@ -644,10 +644,19 @@ module "cloud_run" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
service_account_email = module.iam-service-account.email
|
||||||
}
|
}
|
||||||
deletion_protection = false
|
deletion_protection = false
|
||||||
|
depends_on = [google_project_iam_member.trigger_sa_event_receiver]
|
||||||
}
|
}
|
||||||
# tftest fixtures=fixtures/gcs.tf inventory=service-eventarc-storage.yaml e2e
|
|
||||||
|
resource "google_project_iam_member" "trigger_sa_event_receiver" {
|
||||||
|
member = module.iam-service-account.iam_email
|
||||||
|
project = var.project_id
|
||||||
|
role = "roles/eventarc.eventReceiver"
|
||||||
|
}
|
||||||
|
|
||||||
|
# tftest fixtures=fixtures/gcs.tf,fixtures/iam-service-account.tf inventory=service-eventarc-storage.yaml e2e
|
||||||
```
|
```
|
||||||
|
|
||||||
### Using custom service accounts for triggers
|
### Using custom service accounts for triggers
|
||||||
@@ -675,11 +684,11 @@ module "cloud_run" {
|
|||||||
service = "cloudresourcemanager.googleapis.com"
|
service = "cloudresourcemanager.googleapis.com"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
service_account_email = "cloud-run-trigger@my-project.iam.gserviceaccount.com"
|
service_account_email = module.iam-service-account.email
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest inventory=service-eventarc-auditlogs-external-sa.yaml
|
# tftest fixtures=fixtures/iam-service-account.tf inventory=service-eventarc-auditlogs-external-sa.yaml e2e
|
||||||
```
|
```
|
||||||
|
|
||||||
Example using automatically created service account:
|
Example using automatically created service account:
|
||||||
@@ -734,7 +743,7 @@ module "cloud_run" {
|
|||||||
}
|
}
|
||||||
deletion_protection = false
|
deletion_protection = false
|
||||||
}
|
}
|
||||||
# tftest modules=2 resources=6 fixtures=fixtures/gcs.tf inventory=service-eventarc-storage-sa-create.yaml e2e
|
# tftest fixtures=fixtures/gcs.tf inventory=service-eventarc-storage-sa-create.yaml e2e
|
||||||
```
|
```
|
||||||
|
|
||||||
## Cloud Run Invoker IAM Disable
|
## Cloud Run Invoker IAM Disable
|
||||||
|
|||||||
@@ -167,6 +167,9 @@ resource "google_eventarc_trigger" "storage_triggers" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
service_account = local.trigger_sa_email
|
service_account = local.trigger_sa_email
|
||||||
|
depends_on = [
|
||||||
|
google_project_iam_member.trigger_sa_event_receiver
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_service_account" "trigger_service_account" {
|
resource "google_service_account" "trigger_service_account" {
|
||||||
@@ -175,3 +178,10 @@ resource "google_service_account" "trigger_service_account" {
|
|||||||
account_id = "tf-cr-trigger-${var.name}"
|
account_id = "tf-cr-trigger-${var.name}"
|
||||||
display_name = "Terraform trigger for Cloud Run ${var.name}."
|
display_name = "Terraform trigger for Cloud Run ${var.name}."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_project_iam_member" "trigger_sa_event_receiver" {
|
||||||
|
count = local.trigger_sa_create ? 1 : 0
|
||||||
|
member = google_service_account.trigger_service_account[0].member
|
||||||
|
project = var.project_id
|
||||||
|
role = "roles/eventarc.eventReceiver"
|
||||||
|
}
|
||||||
|
|||||||
2
tests/fixtures/gcs.tf
vendored
2
tests/fixtures/gcs.tf
vendored
@@ -17,7 +17,7 @@ module "gcs" {
|
|||||||
project_id = var.project_id
|
project_id = var.project_id
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
name = "my-bucket"
|
name = "my-bucket"
|
||||||
location = "EU"
|
location = var.region
|
||||||
iam = {
|
iam = {
|
||||||
"roles/storage.admin" = ["serviceAccount:service-${var.project_number}@gcp-sa-pubsub.iam.gserviceaccount.com"]
|
"roles/storage.admin" = ["serviceAccount:service-${var.project_number}@gcp-sa-pubsub.iam.gserviceaccount.com"]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -49,12 +49,12 @@ values:
|
|||||||
value: google.cloud.audit.log.v1.written
|
value: google.cloud.audit.log.v1.written
|
||||||
name: audit-log-setiampolicy
|
name: audit-log-setiampolicy
|
||||||
project: project-id
|
project: project-id
|
||||||
service_account: cloud-run-trigger@my-project.iam.gserviceaccount.com
|
service_account: fixture-service-account@project-id.iam.gserviceaccount.com
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
google_cloud_run_v2_service: 1
|
google_cloud_run_v2_service: 1
|
||||||
google_eventarc_trigger: 1
|
google_eventarc_trigger: 1
|
||||||
modules: 1
|
modules: 2
|
||||||
resources: 2
|
resources: 3
|
||||||
|
|
||||||
outputs: {}
|
outputs: {}
|
||||||
|
|||||||
@@ -69,6 +69,6 @@ counts:
|
|||||||
google_eventarc_trigger: 1
|
google_eventarc_trigger: 1
|
||||||
google_service_account: 1
|
google_service_account: 1
|
||||||
modules: 1
|
modules: 1
|
||||||
resources: 4
|
resources: 5
|
||||||
|
|
||||||
outputs: {}
|
outputs: {}
|
||||||
|
|||||||
@@ -66,6 +66,6 @@ counts:
|
|||||||
google_eventarc_trigger: 1
|
google_eventarc_trigger: 1
|
||||||
google_service_account: 1
|
google_service_account: 1
|
||||||
modules: 2
|
modules: 2
|
||||||
resources: 6
|
resources: 7
|
||||||
|
|
||||||
outputs: {}
|
outputs: {}
|
||||||
|
|||||||
@@ -68,6 +68,6 @@ counts:
|
|||||||
google_eventarc_trigger: 1
|
google_eventarc_trigger: 1
|
||||||
google_service_account: 1
|
google_service_account: 1
|
||||||
modules: 2
|
modules: 2
|
||||||
resources: 6
|
resources: 7
|
||||||
|
|
||||||
outputs: {}
|
outputs: {}
|
||||||
|
|||||||
@@ -47,12 +47,12 @@ values:
|
|||||||
value: google.cloud.storage.object.v1.finalized
|
value: google.cloud.storage.object.v1.finalized
|
||||||
name: storage-bucket-upload
|
name: storage-bucket-upload
|
||||||
project: project-id
|
project: project-id
|
||||||
service_account: null
|
service_account: fixture-service-account@project-id.iam.gserviceaccount.com
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
google_cloud_run_v2_service: 1
|
google_cloud_run_v2_service: 1
|
||||||
google_eventarc_trigger: 1
|
google_eventarc_trigger: 1
|
||||||
modules: 2
|
modules: 3
|
||||||
resources: 4
|
resources: 6
|
||||||
|
|
||||||
outputs: {}
|
outputs: {}
|
||||||
|
|||||||
Reference in New Issue
Block a user