update service account

Author: glasnt

run/idp-sql/test/e2e_test_setup.yaml

@@ -15,6 +15,10 @@ steps:
         --replication-policy="automatic" \
         --data-file=postgres-secrets.json"
 
+      ./test/retry.sh "gcloud secrets add-iam-policy-binding ${_SERVICE}-secrets \
+        --member=serviceAccount:${_SERVICE_ACCOUNT} \
+        --role=roles/secretmanager.secretAccessor"
+
 - id: 'Build Container Image'
   name: 'gcr.io/cloud-builders/docker'
   entrypoint: '/bin/bash'
@@ -57,3 +61,9 @@ substitutions:
   _DB_NAME: postgres
   _DB_USER: postgres
   _DB_PASSWORD: password1234
+  _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com
+
+serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}'
+options:
+    logging: CLOUD_LOGGING_ONLY
+    dynamicSubstitutions: true

run/idp-sql/test/system.test.js

@@ -33,6 +33,7 @@ describe('System Tests', () => {
     SERVICE_NAME = 'idp-sql';
   }
   const {SAMPLE_VERSION} = process.env;
+  const {SERVICE_ACCOUNT} = process.env;
   const PLATFORM = 'managed';
   const REGION = 'us-central1';
 
@@ -61,6 +62,7 @@ describe('System Tests', () => {
       `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}` +
       `,_DB_PASSWORD=${DB_PASSWORD},_CLOUD_SQL_CONNECTION_NAME=${CLOUD_SQL_CONNECTION_NAME}`;
     if (SAMPLE_VERSION) buildCmd += `,_VERSION=${SAMPLE_VERSION}`;
+    if (SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${SERVICE_ACCOUNT}`;
 
     console.log('Starting Cloud Build...');
     execSync(buildCmd, {timeout: 240000, shell: true}); // timeout at 4 mins
@@ -110,6 +112,7 @@ describe('System Tests', () => {
       '--config ./test/e2e_test_cleanup.yaml ' +
       `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}`;
     if (SAMPLE_VERSION) cleanUpCmd += `,_VERSION=${SAMPLE_VERSION}`;
+    if (SERVICE_ACCOUNT) cleanUpCmd += `,_SERVICE_ACCOUNT=${SERVICE_ACCOUNT}`;
 
     execSync(cleanUpCmd, {shell: true});
   });