Use test env project for VPC

tdbhacks · Mar 26, 2024 · 540195a · 540195a
1 parent 3a1b5f2
commit 540195a
Showing 1 changed file with 28 additions and 22 deletions.
diff --git a/mmv1/third_party/terraform/services/kms/resource_kms_crypto_key_test.go b/mmv1/third_party/terraform/services/kms/resource_kms_crypto_key_test.go
@@ -578,9 +578,7 @@ func TestAccKmsCryptoKeyVersion_externalProtectionLevelOptions(t *testing.T) {
 func TestAccKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(t *testing.T) {
 	t.Parallel()
 
-	projectId := fmt.Sprintf("tf-test-%d", acctest.RandInt(t))
-	projectOrg := envvar.GetTestOrgFromEnv(t)
-	projectBillingAccount := envvar.GetTestBillingAccountFromEnv(t)
+	projectId := envvar.GetTestProjectFromEnv()
 	keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10))
 	cryptoKeyName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10))
 	ekmConnectionName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10))
@@ -592,7 +590,7 @@ func TestAccKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(t *testing.T)
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testGoogleKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName, ekmConnectionName, keyPath),
+				Config: testGoogleKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(projectId, keyRingName, cryptoKeyName, ekmConnectionName, keyPath),
 			},
 			{
 				ResourceName:            "google_kms_crypto_key_version.crypto_key_version",
@@ -601,7 +599,7 @@ func TestAccKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(t *testing.T)
 				ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
 			},
 			{
-				Config: testGoogleKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName, ekmConnectionName, updatedKeyPath),
+				Config: testGoogleKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(projectId, keyRingName, cryptoKeyName, ekmConnectionName, updatedKeyPath),
 			},
 			{
 				ResourceName:            "google_kms_crypto_key_version.crypto_key_version",
@@ -1083,31 +1081,18 @@ resource "google_kms_crypto_key_version" "crypto_key_version" {
 }
 
 // EkmConnection setup and creation is based off of resource_kms_ekm_connection_test.go
-func testGoogleKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName, ekmConnectionName, keyPath string) string {
+func testGoogleKmsCryptoKeyVersion_externalProtectionLevelOptionsVpc(projectId, keyRingName, cryptoKeyName, ekmConnectionName, keyPath string) string {
 	return fmt.Sprintf(`
-resource "google_project" "acceptance" {
-	name            = "%s"
-	project_id      = "%s"
-	org_id          = "%s"
-	billing_account = "%s"
-}
-
 resource "google_project_service" "acceptance" {
-	project = google_project.acceptance.project_id
+	project = google_project.project.project_id
 	service = "cloudkms.googleapis.com"
 }
 
-resource "google_kms_key_ring" "key_ring" {
-	project  = google_project_service.acceptance.project
-	name     = "%s"
-	location = "us-central1"
-}
-
 data "google_project" "vpc-project" {
   project_id = "cloud-ekm-refekm-playground"
 }
 data "google_project" "project" {
-  project_id = google_project.acceptance.project_id
+  project_id = %s
 }
 
 data "google_secret_manager_secret_version" "raw_der" {
@@ -1123,6 +1108,17 @@ data "google_secret_manager_secret_version" "servicedirectoryservice" {
   project = "315636579862"
 }
 
+resource "google_project_iam_member" "add_sdviewer" {
+  project = data.google_project.vpc-project.number
+  role    = "roles/servicedirectory.viewer"
+  member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-ekms.iam.gserviceaccount.com"
+}
+resource "google_project_iam_member" "add_pscAuthorizedService" {
+  project = data.google_project.vpc-project.number
+  role    = "roles/servicedirectory.pscAuthorizedService"
+  member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-ekms.iam.gserviceaccount.com"
+}
+
 resource "google_kms_ekm_connection" "example-ekmconnection" {
   name            	= "%s"
   location		= "us-central1"
@@ -1134,6 +1130,16 @@ resource "google_kms_ekm_connection" "example-ekmconnection" {
       		raw_der	= data.google_secret_manager_secret_version.raw_der.secret_data
       }
   }
+  depends_on = [
+        google_project_iam_member.add_pscAuthorizedService,
+        google_project_iam_member.add_sdviewer
+  ]
+}
+
+resource "google_kms_key_ring" "key_ring" {
+	project  = google_project_service.acceptance.project
+	name     = "%s"
+	location = "us-central1"
 }
 
 resource "google_kms_crypto_key" "crypto_key" {
@@ -1167,5 +1173,5 @@ resource "google_kms_crypto_key_version" "crypto_key_version" {
 		ekm_connection_key_path = %s
 	}
 }
-`, projectId, projectId, projectOrg, projectBillingAccount, keyRingName, ekmConnectionName, cryptoKeyName, keyPath)
+`, projectId, ekmConnectionName, keyRingName, cryptoKeyName, keyPath)
 }