From 0de3255bafe90ba66eeb1295b79d46671638e512 Mon Sep 17 00:00:00 2001 From: justinsb Date: Wed, 22 May 2024 19:32:16 -0400 Subject: [PATCH] tests: add test for IAM for PrivateCACAPool --- ...ated_object_privatecacapooliam.golden.yaml | 30 + .../privatecacapooliam/_http.log | 827 ++++++++++++++++++ .../privatecacapooliam/create.yaml | 27 + .../privatecacapooliam/dependencies.yaml | 100 +++ 4 files changed, 984 insertions(+) create mode 100644 pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_generated_object_privatecacapooliam.golden.yaml create mode 100644 pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_http.log create mode 100644 pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/create.yaml create mode 100644 pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/dependencies.yaml diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_generated_object_privatecacapooliam.golden.yaml b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_generated_object_privatecacapooliam.golden.yaml new file mode 100644 index 00000000000..c9a58a241ea --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_generated_object_privatecacapooliam.golden.yaml @@ -0,0 +1,30 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + annotations: + cnrm.cloud.google.com/state-into-spec: merge + finalizers: + - cnrm.cloud.google.com/finalizer + - cnrm.cloud.google.com/deletion-defender + generation: 1 + labels: + cnrm-test: "true" + name: iampolicymember-${uniqueId} + namespace: ${uniqueId} +spec: + memberFrom: + serviceAccountRef: + name: privatecacapool-dep + resourceRef: + apiVersion: privateca.cnrm.cloud.google.com/v1beta1 + kind: PrivateCACAPool + name: privatecacapool-${uniqueId} + role: roles/privateca.admin +status: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: The resource is up to date + reason: UpToDate + status: "True" + type: Ready + observedGeneration: 1 diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_http.log b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_http.log new file mode 100644 index 00000000000..97a89a10ea6 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/_http.log @@ -0,0 +1,827 @@ +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/capool-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager +X-Goog-Api-Client: gl-go/1.22.3 gdcl/0.177.0 + +404 Not Found +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "error": { + "code": 404, + "errors": [ + { + "domain": "global", + "message": "Unknown service account", + "reason": "notFound" + } + ], + "message": "Unknown service account", + "status": "NOT_FOUND" + } +} + +--- + +POST https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager +X-Goog-Api-Client: gl-go/1.22.3 gdcl/0.177.0 + +{ + "accountId": "capool-${uniqueId}", + "serviceAccount": { + "displayName": "ExampleGSA" + } +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "displayName": "ExampleGSA", + "email": "capool-${uniqueId}@${projectId}.iam.gserviceaccount.com", + "etag": "abcdef0123A=", + "name": "projects/${projectId}/serviceAccounts/capool-${uniqueId}@${projectId}.iam.gserviceaccount.com", + "oauth2ClientId": "888888888888888888888", + "projectId": "${projectId}", + "uniqueId": "111111111111111111111" +} + +--- + +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/capool-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager +X-Goog-Api-Client: gl-go/1.22.3 gdcl/0.177.0 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "displayName": "ExampleGSA", + "email": "capool-${uniqueId}@${projectId}.iam.gserviceaccount.com", + "etag": "abcdef0123A=", + "name": "projects/${projectId}/serviceAccounts/capool-${uniqueId}@${projectId}.iam.gserviceaccount.com", + "oauth2ClientId": "888888888888888888888", + "projectId": "${projectId}", + "uniqueId": "111111111111111111111" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +404 Not Found +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "error": { + "code": 404, + "message": "Resource 'projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}' was not found", + "status": "NOT_FOUND" + } +} + +--- + +POST https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools?alt=json&caPoolId=privatecacapool-${uniqueId} +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +{ + "issuancePolicy": { + "allowedIssuanceModes": { + "allowConfigBasedIssuance": false, + "allowCsrBasedIssuance": true + }, + "allowedKeyTypes": [ + { + "rsa": { + "maxModulusSize": 128, + "minModulusSize": 64 + } + }, + { + "ellipticCurve": { + "signatureAlgorithm": "ECDSA_P384" + } + } + ], + "baselineValues": { + "additionalExtensions": [ + { + "critical": false, + "objectId": { + "objectIdPath": [ + 1, + 7 + ] + }, + "value": "c3RyaW5nCg==" + } + ], + "aiaOcspServers": [ + "string" + ], + "caOptions": { + "isCa": false, + "maxIssuerPathLength": 7 + }, + "keyUsage": { + "baseKeyUsage": { + "certSign": false, + "contentCommitment": false, + "crlSign": false, + "dataEncipherment": false, + "decipherOnly": false, + "digitalSignature": false, + "encipherOnly": false, + "keyAgreement": false, + "keyEncipherment": false + }, + "extendedKeyUsage": { + "clientAuth": false, + "codeSigning": false, + "emailProtection": false, + "ocspSigning": false, + "serverAuth": false, + "timeStamping": false + }, + "unknownExtendedKeyUsages": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "policyIds": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "identityConstraints": { + "allowSubjectAltNamesPassthrough": false, + "allowSubjectPassthrough": false, + "celExpression": { + "description": "Always false", + "expression": "false", + "location": "devops.ca_pool.json", + "title": "Sample expression" + } + }, + "maximumLifetime": "43200s", + "passthroughExtensions": { + "additionalExtensions": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ], + "knownExtensions": [ + "BASE_KEY_USAGE" + ] + } + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "tier": "ENTERPRISE" +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "verb": "create" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/operations/${operationID}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "done": true, + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "endTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "verb": "create" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}", + "response": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.CaPool", + "issuancePolicy": { + "allowedIssuanceModes": { + "allowCsrBasedIssuance": true + }, + "allowedKeyTypes": [ + { + "rsa": { + "maxModulusSize": "128", + "minModulusSize": "64" + } + }, + { + "ellipticCurve": { + "signatureAlgorithm": "ECDSA_P384" + } + } + ], + "baselineValues": { + "additionalExtensions": [ + { + "objectId": { + "objectIdPath": [ + 1, + 7 + ] + }, + "value": "c3RyaW5nCg==" + } + ], + "aiaOcspServers": [ + "string" + ], + "caOptions": { + "isCa": false, + "maxIssuerPathLength": 7 + }, + "keyUsage": { + "unknownExtendedKeyUsages": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "policyIds": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "identityConstraints": { + "allowSubjectAltNamesPassthrough": false, + "allowSubjectPassthrough": false, + "celExpression": { + "description": "Always false", + "expression": "false", + "location": "devops.ca_pool.json", + "title": "Sample expression" + } + }, + "maximumLifetime": "43200s", + "passthroughExtensions": { + "additionalExtensions": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ], + "knownExtensions": [ + "BASE_KEY_USAGE" + ] + } + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "tier": "ENTERPRISE" + } +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "issuancePolicy": { + "allowedIssuanceModes": { + "allowCsrBasedIssuance": true + }, + "allowedKeyTypes": [ + { + "rsa": { + "maxModulusSize": "128", + "minModulusSize": "64" + } + }, + { + "ellipticCurve": { + "signatureAlgorithm": "ECDSA_P384" + } + } + ], + "baselineValues": { + "additionalExtensions": [ + { + "objectId": { + "objectIdPath": [ + 1, + 7 + ] + }, + "value": "c3RyaW5nCg==" + } + ], + "aiaOcspServers": [ + "string" + ], + "caOptions": { + "isCa": false, + "maxIssuerPathLength": 7 + }, + "keyUsage": { + "unknownExtendedKeyUsages": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "policyIds": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "identityConstraints": { + "allowSubjectAltNamesPassthrough": false, + "allowSubjectPassthrough": false, + "celExpression": { + "description": "Always false", + "expression": "false", + "location": "devops.ca_pool.json", + "title": "Sample expression" + } + }, + "maximumLifetime": "43200s", + "passthroughExtensions": { + "additionalExtensions": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ], + "knownExtensions": [ + "BASE_KEY_USAGE" + ] + } + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "tier": "ENTERPRISE" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}:getIamPolicy?%24alt=json%3Benum-encoding%3Dint +Content-Type: application/json +x-goog-api-client: gl-go/1.22.3 gapic/1.15.6 gax/2.12.3 rest/UNKNOWN +x-goog-request-params: resource=projects%2F${projectId}%2Flocations%2Fus-central1%2FcaPools%2Fprivatecacapool-${uniqueId} + + + +{ + "etag": "abcdef0123A=", + "version": 3 +} + +--- + +POST https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}:setIamPolicy?%24alt=json%3Benum-encoding%3Dint +Content-Type: application/json +x-goog-api-client: gl-go/1.22.3 gapic/1.15.6 gax/2.12.3 rest/UNKNOWN +x-goog-request-params: resource=projects%2F${projectId}%2Flocations%2Fus-central1%2FcaPools%2Fprivatecacapool-${uniqueId} + +{ + "policy": { + "bindings": [ + { + "members": [ + "serviceAccount:capool-${uniqueId}@${projectId}.iam.gserviceaccount.com" + ], + "role": "roles/privateca.admin" + } + ], + "etag": "bRNUHSzt1iCSHUGuzpwB0w==", + "version": 3 + }, + "resource": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}" +} + + + +{ + "bindings": [ + { + "members": [ + "serviceAccount:capool-${uniqueId}@${projectId}.iam.gserviceaccount.com" + ], + "role": "roles/privateca.admin" + } + ], + "etag": "abcdef0123A=", + "version": 3 +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}:getIamPolicy?%24alt=json%3Benum-encoding%3Dint +Content-Type: application/json +x-goog-api-client: gl-go/1.22.3 gapic/1.15.6 gax/2.12.3 rest/UNKNOWN +x-goog-request-params: resource=projects%2F${projectId}%2Flocations%2Fus-central1%2FcaPools%2Fprivatecacapool-${uniqueId} + + + +{ + "bindings": [ + { + "members": [ + "serviceAccount:capool-${uniqueId}@${projectId}.iam.gserviceaccount.com" + ], + "role": "roles/privateca.admin" + } + ], + "etag": "abcdef0123A=", + "version": 3 +} + +--- + +POST https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}:setIamPolicy?%24alt=json%3Benum-encoding%3Dint +Content-Type: application/json +x-goog-api-client: gl-go/1.22.3 gapic/1.15.6 gax/2.12.3 rest/UNKNOWN +x-goog-request-params: resource=projects%2F${projectId}%2Flocations%2Fus-central1%2FcaPools%2Fprivatecacapool-${uniqueId} + +{ + "policy": { + "bindings": [ + { + "role": "roles/privateca.admin" + } + ], + "etag": "vgKkc4ty86qISQva0C3Q1A==", + "version": 3 + }, + "resource": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}" +} + + + +{ + "bindings": [ + { + "role": "roles/privateca.admin" + } + ], + "etag": "abcdef0123A=", + "version": 3 +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "issuancePolicy": { + "allowedIssuanceModes": { + "allowCsrBasedIssuance": true + }, + "allowedKeyTypes": [ + { + "rsa": { + "maxModulusSize": "128", + "minModulusSize": "64" + } + }, + { + "ellipticCurve": { + "signatureAlgorithm": "ECDSA_P384" + } + } + ], + "baselineValues": { + "additionalExtensions": [ + { + "objectId": { + "objectIdPath": [ + 1, + 7 + ] + }, + "value": "c3RyaW5nCg==" + } + ], + "aiaOcspServers": [ + "string" + ], + "caOptions": { + "isCa": false, + "maxIssuerPathLength": 7 + }, + "keyUsage": { + "unknownExtendedKeyUsages": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "policyIds": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ] + }, + "identityConstraints": { + "allowSubjectAltNamesPassthrough": false, + "allowSubjectPassthrough": false, + "celExpression": { + "description": "Always false", + "expression": "false", + "location": "devops.ca_pool.json", + "title": "Sample expression" + } + }, + "maximumLifetime": "43200s", + "passthroughExtensions": { + "additionalExtensions": [ + { + "objectIdPath": [ + 1, + 7 + ] + } + ], + "knownExtensions": [ + "BASE_KEY_USAGE" + ] + } + }, + "labels": { + "cnrm-test": "true", + "label-two": "value-two", + "managed-by-cnrm": "true" + }, + "name": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "tier": "ENTERPRISE" +} + +--- + +DELETE https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "verb": "delete" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}" +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/operations/${operationID}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "done": true, + "metadata": { + "@type": "type.googleapis.com/google.cloud.security.privateca.v1.OperationMetadata", + "apiVersion": "v1", + "createTime": "2024-04-01T12:34:56.123456Z", + "endTime": "2024-04-01T12:34:56.123456Z", + "target": "projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}", + "verb": "delete" + }, + "name": "projects/${projectId}/locations/us-central1/operations/${operationID}", + "response": { + "@type": "type.googleapis.com/google.protobuf.Empty" + } +} + +--- + +GET https://privateca.googleapis.com/v1/projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}?alt=json +Content-Type: application/json +User-Agent: kcc/controller-manager DeclarativeClientLib/0.0.1 + +404 Not Found +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "error": { + "code": 404, + "message": "Resource 'projects/${projectId}/locations/us-central1/caPools/privatecacapool-${uniqueId}' was not found", + "status": "NOT_FOUND" + } +} + +--- + +GET https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/capool-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager +X-Goog-Api-Client: gl-go/1.22.3 gdcl/0.177.0 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "displayName": "ExampleGSA", + "email": "capool-${uniqueId}@${projectId}.iam.gserviceaccount.com", + "etag": "abcdef0123A=", + "name": "projects/${projectId}/serviceAccounts/capool-${uniqueId}@${projectId}.iam.gserviceaccount.com", + "oauth2ClientId": "888888888888888888888", + "projectId": "${projectId}", + "uniqueId": "111111111111111111111" +} + +--- + +DELETE https://iam.googleapis.com/v1/projects/${projectId}/serviceAccounts/capool-${uniqueId}@${projectId}.iam.gserviceaccount.com?alt=json&prettyPrint=false +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager +X-Goog-Api-Client: gl-go/1.22.3 gdcl/0.177.0 + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{} \ No newline at end of file diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/create.yaml b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/create.yaml new file mode 100644 index 00000000000..ef95aa99c28 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/create.yaml @@ -0,0 +1,27 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: iampolicymember-${uniqueId} +spec: + memberFrom: + serviceAccountRef: + name: privatecacapool-dep + role: roles/privateca.admin + resourceRef: + apiVersion: privateca.cnrm.cloud.google.com/v1beta1 + kind: PrivateCACAPool + name: privatecacapool-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/dependencies.yaml b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/dependencies.yaml new file mode 100644 index 00000000000..3e39e2f1219 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/privateca/v1beta1/privatecacapool/privatecacapooliam/dependencies.yaml @@ -0,0 +1,100 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMServiceAccount +metadata: + name: privatecacapool-dep +spec: + displayName: ExampleGSA + resourceID: capool-${uniqueId} + +--- + +apiVersion: privateca.cnrm.cloud.google.com/v1beta1 +kind: PrivateCACAPool +metadata: + labels: + label-two: "value-two" + name: privatecacapool-${uniqueId} +spec: + projectRef: + external: projects/${projectId} + location: "us-central1" + tier: ENTERPRISE + issuancePolicy: + allowedKeyTypes: + - rsa: + minModulusSize: 64 + maxModulusSize: 128 + - ellipticCurve: + signatureAlgorithm: ECDSA_P384 + maximumLifetime: 43200s + allowedIssuanceModes: + allowCsrBasedIssuance: true + allowConfigBasedIssuance: false + baselineValues: + keyUsage: + baseKeyUsage: + digitalSignature: false + contentCommitment: false + keyEncipherment: false + dataEncipherment: false + keyAgreement: false + certSign: false + crlSign: false + encipherOnly: false + decipherOnly: false + extendedKeyUsage: + serverAuth: false + clientAuth: false + codeSigning: false + emailProtection: false + timeStamping: false + ocspSigning: false + unknownExtendedKeyUsages: + - objectIdPath: + - 1 + - 7 + caOptions: + isCa: false + maxIssuerPathLength: 7 + policyIds: + - objectIdPath: + - 1 + - 7 + aiaOcspServers: + - string + additionalExtensions: + - objectId: + objectIdPath: + - 1 + - 7 + critical: false + value: c3RyaW5nCg== + identityConstraints: + celExpression: + title: Sample expression + description: Always false + expression: 'false' + location: devops.ca_pool.json + allowSubjectPassthrough: false + allowSubjectAltNamesPassthrough: false + passthroughExtensions: + knownExtensions: + - BASE_KEY_USAGE + additionalExtensions: + - objectIdPath: + - 1 + - 7