pubsub: additional test permissions fixes (#12311) (#8685)

[upstream:8ff36d326452a6ae220d06ca5e5bfb51f839a5b5]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/12311.txt

@@ -0,0 +1,3 @@
+```release-note:none
+
+```

google-beta/services/pubsub/resource_pubsub_subscription_generated_test.go

@@ -410,24 +410,27 @@ resource "google_pubsub_subscription" "example" {
     service_account_email = google_service_account.bq_write_service_account.email
   }
 
-  depends_on = [google_service_account.bq_write_service_account, google_project_iam_member.viewer, google_project_iam_member.editor]
+  depends_on = [
+    google_service_account.bq_write_service_account,
+    google_project_iam_member.bigquery_metadata_viewer,
+    google_project_iam_member.bigquery_data_editor
+  ]
 }
 
-data "google_project" "project" {
-}
+data "google_project" "project" {}
 
 resource "google_service_account" "bq_write_service_account" {
   account_id = "tf-test-example-bqw%{random_suffix}"
   display_name = "BQ Write Service Account"
 }
 
-resource "google_project_iam_member" "viewer" {
+resource "google_project_iam_member" "bigquery_metadata_viewer" {
   project = data.google_project.project.project_id
   role   = "roles/bigquery.metadataViewer"
   member = "serviceAccount:${google_service_account.bq_write_service_account.email}"
 }
 
-resource "google_project_iam_member" "editor" {
+resource "google_project_iam_member" "bigquery_data_editor" {
   project = data.google_project.project.project_id
   role   = "roles/bigquery.dataEditor"
   member = "serviceAccount:${google_service_account.bq_write_service_account.email}"

google-beta/services/pubsub/resource_pubsub_subscription_test.go

@@ -685,41 +685,32 @@ resource "google_pubsub_subscription" "foo" {
 func testAccPubsubSubscriptionBigQuery_basic(dataset, table, topic, subscription string, useTableSchema bool, serviceAccountId string) string {
 	serviceAccountEmailField := ""
 	serviceAccountResource := ""
+	tfDependencies := ""
 	if serviceAccountId != "" {
 		serviceAccountResource = fmt.Sprintf(`
 resource "google_service_account" "bq_write_service_account" {
   account_id   = "%s"
   display_name = "BQ Write Service Account"
 }
 
-resource "google_project_iam_member" "viewer" {
+resource "google_project_iam_member" "bigquery_metadata_viewer" {
   project = data.google_project.project.project_id
   role    = "roles/bigquery.metadataViewer"
   member  = "serviceAccount:${google_service_account.bq_write_service_account.email}"
 }
 
-resource "google_project_iam_member" "editor" {
+resource "google_project_iam_member" "bigquery_data_editor" {
   project = data.google_project.project.project_id
   role    = "roles/bigquery.dataEditor"
   member  = "serviceAccount:${google_service_account.bq_write_service_account.email}"
 }`, serviceAccountId)
 		serviceAccountEmailField = "service_account_email = google_service_account.bq_write_service_account.email"
+		tfDependencies = `    google_project_iam_member.bigquery_metadata_viewer,
+    google_project_iam_member.bigquery_data_editor,
+    time_sleep.wait_30_seconds,`
 	} else {
-		serviceAccountResource = fmt.Sprintf(`
-resource "google_project_iam_member" "viewer" {
-  project = data.google_project.project.project_id
-  role    = "roles/bigquery.metadataViewer"
-  member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com"
-}
-
-resource "google_project_iam_member" "editor" {
-  project = data.google_project.project.project_id
-  role    = "roles/bigquery.dataEditor"
-  member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com"
-}
-	`)
+		tfDependencies = "    time_sleep.wait_30_seconds,"
 	}
-
 	return fmt.Sprintf(`
 data "google_project" "project" {}
 
@@ -765,12 +756,10 @@ resource "google_pubsub_subscription" "foo" {
   }
 
   depends_on = [
-    google_project_iam_member.viewer,
-    google_project_iam_member.editor,
-    time_sleep.wait_30_seconds,
+    %s
   ]
 }
-	`, serviceAccountResource, dataset, table, topic, subscription, useTableSchema, serviceAccountEmailField)
+	`, serviceAccountResource, dataset, table, topic, subscription, useTableSchema, serviceAccountEmailField, tfDependencies)
 }
 
 func testAccPubsubSubscriptionCloudStorage_basic(bucket, topic, subscription, filenamePrefix, filenameSuffix, filenameDatetimeFormat string, maxBytes int, maxDuration string, maxMessages int, serviceAccountId, outputFormat string) string {

website/docs/r/pubsub_subscription.html.markdown

@@ -273,24 +273,27 @@ resource "google_pubsub_subscription" "example" {
     service_account_email = google_service_account.bq_write_service_account.email
   }
 
-  depends_on = [google_service_account.bq_write_service_account, google_project_iam_member.viewer, google_project_iam_member.editor]
+  depends_on = [
+    google_service_account.bq_write_service_account,
+    google_project_iam_member.bigquery_metadata_viewer,
+    google_project_iam_member.bigquery_data_editor
+  ]
 }
 
-data "google_project" "project" {
-}
+data "google_project" "project" {}
 
 resource "google_service_account" "bq_write_service_account" {
   account_id = "example-bqw"
   display_name = "BQ Write Service Account"
 }
 
-resource "google_project_iam_member" "viewer" {
+resource "google_project_iam_member" "bigquery_metadata_viewer" {
   project = data.google_project.project.project_id
   role   = "roles/bigquery.metadataViewer"
   member = "serviceAccount:${google_service_account.bq_write_service_account.email}"
 }
 
-resource "google_project_iam_member" "editor" {
+resource "google_project_iam_member" "bigquery_data_editor" {
   project = data.google_project.project.project_id
   role   = "roles/bigquery.dataEditor"
   member = "serviceAccount:${google_service_account.bq_write_service_account.email}"