add: test

.vscode/settings.json

@@ -34,6 +34,12 @@
         "editor.formatOnSaveMode": "file",
         "editor.tabSize": 2
     },
+    "[terraform-test]": {
+        "editor.defaultFormatter": "hashicorp.terraform",
+        "editor.formatOnSave": true,
+        "editor.formatOnSaveMode": "file",
+        "editor.tabSize": 2
+    },
     "[terraform-vars]": {
         "editor.defaultFormatter": "hashicorp.terraform",
         "editor.formatOnSave": true,

modules/gcs2spanner/README.md

@@ -12,9 +12,9 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_archive"></a> [archive](#provider\_archive) | 2.6.0 |
-| <a name="provider_google"></a> [google](#provider\_google) | 6.12.0 |
-| <a name="provider_google-beta"></a> [google-beta](#provider\_google-beta) | 6.12.0 |
+| <a name="provider_archive"></a> [archive](#provider\_archive) | >=2.4.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | >= 5.22.0 |
+| <a name="provider_google-beta"></a> [google-beta](#provider\_google-beta) | >= 5.22.0 |
 
 ## Modules
 

modules/gcs2spanner/dataflow.tf

@@ -30,7 +30,7 @@ resource "google_project_iam_member" "dataflow" {
   for_each = local.dataflow_roles
   member   = "serviceAccount:${google_service_account.dataflow.email}"
 
-  project = data.google_project.main.project_id
+  project = var.project_id
   role    = each.value
 
   depends_on = [google_project_service.main]

modules/gcs2spanner/functoins.tf

@@ -97,7 +97,7 @@ resource "google_project_iam_member" "functions" {
   for_each = local.functions_roles
   member   = "serviceAccount:${google_service_account.functions.email}"
 
-  project = data.google_project.main.project_id
+  project = var.project_id
   role    = each.value
 
   depends_on = [google_project_service.main]

modules/gcs2spanner/main.tftest.hcl

@@ -0,0 +1,64 @@
+mock_provider "archive" {}
+mock_provider "google" {}
+mock_provider "google-beta" {}
+
+run "valid_roles" {
+  module {
+    source = "./"
+  }
+
+  variables {
+    project_id = "project_id"
+    location   = "location"
+
+    dataflow = {
+      name              = "name"
+      temp_gcs_location = "temp_gcs_location"
+      parameters = {
+        instanceId = "instanceId"
+        databaseId = "databaseId"
+        subnetwork = "subnetwork"
+      }
+      sa = {
+        id = "account-id"
+      }
+    }
+
+    functions = {
+      name   = "name"
+      bucket = "bucket"
+      sa = {
+        id = "account-id"
+      }
+      event = {
+        sa = {
+          id = "account-id"
+        }
+      }
+    }
+
+    gcs = {
+      name = "name"
+      allows = [
+        "serviceAccount:mail", "group:adress"
+      ]
+    }
+
+    vpc = {
+      network = {
+        name = "name"
+      }
+      subnetwork = {
+        name          = "name"
+        ip_cidr_range = "0.0.0.0/0"
+      }
+    }
+  }
+
+  command = plan
+
+  assert {
+    condition     = length(google_storage_bucket_iam_member.data) == 4
+    error_message = "Service accounts is not properly tied to roles"
+  }
+}

modules/gcs2spanner/sa.tf

@@ -16,7 +16,7 @@ resource "google_project_iam_member" "event" {
   for_each = local.event_roles
   member   = "serviceAccount:${google_service_account.event.email}"
 
-  project = data.google_project.main.project_id
+  project = var.project_id
   role    = each.value
 
   depends_on = [google_project_service.main]
@@ -35,14 +35,14 @@ resource "google_cloud_run_v2_service_iam_member" "event" {
 
 resource "google_project_service_identity" "storage" {
   provider = google-beta
-  project  = data.google_project.main.project_id
+  project  = var.project_id
   service  = "storage.googleapis.com"
 
   depends_on = [google_project_service.main]
 }
 
 resource "google_project_iam_member" "gcs" {
-  project = data.google_project.main.project_id
+  project = var.project_id
   role    = "roles/pubsub.publisher"
   member  = "serviceAccount:service-${data.google_project.main.number}@gs-project-accounts.iam.gserviceaccount.com"