Skip to content

Commit 4f84377

Browse files
modular-magicianmodular-magician
authored
User workloads service account fix (#14155) (#23101)
[upstream:49051e1e0553b2a5fa73b5be6801ca926d3004d5] Signed-off-by: Modular Magician <[email protected]>
1 parent 4512737 commit 4f84377

File tree

2 files changed

+114
-13
lines changed

2 files changed

+114
-13
lines changed

google/services/composer/resource_composer_user_workloads_config_map_test.go

Lines changed: 52 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,8 @@ func TestAccComposerUserWorkloadsConfigMap_composerUserWorkloadsConfigMapBasicEx
3131
t.Parallel()
3232

3333
context := map[string]interface{}{
34-
"random_suffix": acctest.RandString(t, 10),
34+
"random_suffix": acctest.RandString(t, 10),
35+
"service_account": fmt.Sprintf("tf-test-%d", acctest.RandInt(t)),
3536
}
3637

3738
acctest.VcrTest(t, resource.TestCase{
@@ -67,7 +68,8 @@ func TestAccComposerUserWorkloadsConfigMap_composerUserWorkloadsConfigMapBasicEx
6768
t.Parallel()
6869

6970
context := map[string]interface{}{
70-
"random_suffix": acctest.RandString(t, 10),
71+
"random_suffix": acctest.RandString(t, 10),
72+
"service_account": fmt.Sprintf("tf-test-%d", acctest.RandInt(t)),
7173
}
7274

7375
acctest.VcrTest(t, resource.TestCase{
@@ -95,14 +97,30 @@ func TestAccComposerUserWorkloadsConfigMap_composerUserWorkloadsConfigMapBasicEx
9597

9698
func testAccComposerUserWorkloadsConfigMap_composerUserWorkloadsConfigMapBasicExample_basic(context map[string]interface{}) string {
9799
return acctest.Nprintf(`
100+
data "google_project" "project" {}
101+
102+
resource "google_service_account" "test" {
103+
account_id = "%{service_account}"
104+
display_name = "Test Service Account for Composer Environment"
105+
}
106+
resource "google_project_iam_member" "composer-worker" {
107+
project = data.google_project.project.project_id
108+
role = "roles/composer.worker"
109+
member = "serviceAccount:${google_service_account.test.email}"
110+
}
111+
98112
resource "google_composer_environment" "environment" {
99113
name = "tf-test-test-environment%{random_suffix}"
100114
region = "us-central1"
101115
config {
116+
node_config {
117+
service_account = google_service_account.test.name
118+
}
102119
software_config {
103120
image_version = "composer-3-airflow-2"
104121
}
105122
}
123+
depends_on = [google_project_iam_member.composer-worker]
106124
}
107125
108126
resource "google_composer_user_workloads_config_map" "config_map" {
@@ -118,14 +136,30 @@ resource "google_composer_user_workloads_config_map" "config_map" {
118136

119137
func testAccComposerUserWorkloadsConfigMap_composerUserWorkloadsConfigMapBasicExample_update(context map[string]interface{}) string {
120138
return acctest.Nprintf(`
139+
data "google_project" "project" {}
140+
141+
resource "google_service_account" "test" {
142+
account_id = "%{service_account}"
143+
display_name = "Test Service Account for Composer Environment"
144+
}
145+
resource "google_project_iam_member" "composer-worker" {
146+
project = data.google_project.project.project_id
147+
role = "roles/composer.worker"
148+
member = "serviceAccount:${google_service_account.test.email}"
149+
}
150+
121151
resource "google_composer_environment" "environment" {
122152
name = "tf-test-test-environment%{random_suffix}"
123153
region = "us-central1"
124154
config {
155+
node_config {
156+
service_account = google_service_account.test.name
157+
}
125158
software_config {
126159
image_version = "composer-3-airflow-2"
127160
}
128161
}
162+
depends_on = [google_project_iam_member.composer-worker]
129163
}
130164
131165
resource "google_composer_user_workloads_config_map" "config_map" {
@@ -141,14 +175,30 @@ resource "google_composer_user_workloads_config_map" "config_map" {
141175

142176
func testAccComposerUserWorkloadsConfigMap_composerUserWorkloadsConfigMapBasicExample_delete(context map[string]interface{}) string {
143177
return acctest.Nprintf(`
178+
data "google_project" "project" {}
179+
180+
resource "google_service_account" "test" {
181+
account_id = "%{service_account}"
182+
display_name = "Test Service Account for Composer Environment"
183+
}
184+
resource "google_project_iam_member" "composer-worker" {
185+
project = data.google_project.project.project_id
186+
role = "roles/composer.worker"
187+
member = "serviceAccount:${google_service_account.test.email}"
188+
}
189+
144190
resource "google_composer_environment" "environment" {
145191
name = "tf-test-test-environment%{random_suffix}"
146192
region = "us-central1"
147193
config {
194+
node_config {
195+
service_account = google_service_account.test.name
196+
}
148197
software_config {
149198
image_version = "composer-3-airflow-2"
150199
}
151200
}
201+
depends_on = [google_project_iam_member.composer-worker]
152202
}
153203
`, context)
154204
}

google/services/composer/resource_composer_user_workloads_secret_test.go

Lines changed: 62 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -36,14 +36,15 @@ func TestAccComposerUserWorkloadsSecret_basic(t *testing.T) {
3636

3737
envName := fmt.Sprintf("%s-%d", testComposerEnvironmentPrefix, acctest.RandInt(t))
3838
secretName := fmt.Sprintf("%s-%d", testComposerUserWorkloadsSecretPrefix, acctest.RandInt(t))
39+
serviceAccount := fmt.Sprintf("tf-test-%d", acctest.RandInt(t))
3940

4041
acctest.VcrTest(t, resource.TestCase{
4142
PreCheck: func() { acctest.AccTestPreCheck(t) },
4243
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
4344
CheckDestroy: testAccComposerEnvironmentDestroyProducer(t),
4445
Steps: []resource.TestStep{
4546
{
46-
Config: testAccComposerUserWorkloadsSecret_basic(envName, secretName, envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv()),
47+
Config: testAccComposerUserWorkloadsSecret_basic(envName, secretName, envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv(), serviceAccount),
4748
Check: resource.ComposeTestCheckFunc(
4849
resource.TestCheckResourceAttrSet("google_composer_user_workloads_secret.test", "data.username"),
4950
resource.TestCheckResourceAttrSet("google_composer_user_workloads_secret.test", "data.password"),
@@ -62,17 +63,18 @@ func TestAccComposerUserWorkloadsSecret_update(t *testing.T) {
6263

6364
envName := fmt.Sprintf("%s-%d", testComposerEnvironmentPrefix, acctest.RandInt(t))
6465
secretName := fmt.Sprintf("%s-%d", testComposerUserWorkloadsSecretPrefix, acctest.RandInt(t))
66+
serviceAccount := fmt.Sprintf("tf-test-%d", acctest.RandInt(t))
6567

6668
acctest.VcrTest(t, resource.TestCase{
6769
PreCheck: func() { acctest.AccTestPreCheck(t) },
6870
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
6971
CheckDestroy: testAccComposerEnvironmentDestroyProducer(t),
7072
Steps: []resource.TestStep{
7173
{
72-
Config: testAccComposerUserWorkloadsSecret_basic(envName, secretName, envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv()),
74+
Config: testAccComposerUserWorkloadsSecret_basic(envName, secretName, envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv(), serviceAccount),
7375
},
7476
{
75-
Config: testAccComposerUserWorkloadsSecret_update(envName, secretName),
77+
Config: testAccComposerUserWorkloadsSecret_update(envName, secretName, serviceAccount),
7678
Check: resource.ComposeTestCheckFunc(
7779
resource.TestCheckResourceAttrSet("google_composer_user_workloads_secret.test", "data.email"),
7880
resource.TestCheckResourceAttrSet("google_composer_user_workloads_secret.test", "data.password"),
@@ -88,17 +90,18 @@ func TestAccComposerUserWorkloadsSecret_delete(t *testing.T) {
8890

8991
envName := fmt.Sprintf("%s-%d", testComposerEnvironmentPrefix, acctest.RandInt(t))
9092
secretName := fmt.Sprintf("%s-%d", testComposerUserWorkloadsSecretPrefix, acctest.RandInt(t))
93+
serviceAccount := fmt.Sprintf("tf-test-%d", acctest.RandInt(t))
9194

9295
acctest.VcrTest(t, resource.TestCase{
9396
PreCheck: func() { acctest.AccTestPreCheck(t) },
9497
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
9598
CheckDestroy: testAccComposerEnvironmentDestroyProducer(t),
9699
Steps: []resource.TestStep{
97100
{
98-
Config: testAccComposerUserWorkloadsSecret_basic(envName, secretName, envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv()),
101+
Config: testAccComposerUserWorkloadsSecret_basic(envName, secretName, envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv(), serviceAccount),
99102
},
100103
{
101-
Config: testAccComposerUserWorkloadsSecret_delete(envName),
104+
Config: testAccComposerUserWorkloadsSecret_delete(envName, serviceAccount),
102105
Check: resource.ComposeTestCheckFunc(
103106
testAccComposerUserWorkloadsSecretDestroyed(t),
104107
),
@@ -107,15 +110,31 @@ func TestAccComposerUserWorkloadsSecret_delete(t *testing.T) {
107110
})
108111
}
109112

110-
func testAccComposerUserWorkloadsSecret_basic(envName, secretName, project, region string) string {
113+
func testAccComposerUserWorkloadsSecret_basic(envName, secretName, project, region, serviceAccount string) string {
111114
return fmt.Sprintf(`
115+
data "google_project" "project" {}
116+
117+
resource "google_service_account" "test" {
118+
account_id = "%s"
119+
display_name = "Test Service Account for Composer Environment"
120+
}
121+
resource "google_project_iam_member" "composer-worker" {
122+
project = data.google_project.project.project_id
123+
role = "roles/composer.worker"
124+
member = "serviceAccount:${google_service_account.test.email}"
125+
}
126+
112127
resource "google_composer_environment" "test" {
113128
name = "%s"
114129
config {
130+
node_config {
131+
service_account = google_service_account.test.name
132+
}
115133
software_config {
116134
image_version = "composer-3-airflow-2"
117135
}
118136
}
137+
depends_on = [google_project_iam_member.composer-worker]
119138
}
120139
resource "google_composer_user_workloads_secret" "test" {
121140
environment = google_composer_environment.test.name
@@ -127,18 +146,34 @@ resource "google_composer_user_workloads_secret" "test" {
127146
password: base64encode("password"),
128147
}
129148
}
130-
`, envName, secretName, project, region)
149+
`, serviceAccount, envName, secretName, project, region)
131150
}
132151

133-
func testAccComposerUserWorkloadsSecret_update(envName, secretName string) string {
152+
func testAccComposerUserWorkloadsSecret_update(envName, secretName, serviceAccount string) string {
134153
return fmt.Sprintf(`
154+
data "google_project" "project" {}
155+
156+
resource "google_service_account" "test" {
157+
account_id = "%s"
158+
display_name = "Test Service Account for Composer Environment"
159+
}
160+
resource "google_project_iam_member" "composer-worker" {
161+
project = data.google_project.project.project_id
162+
role = "roles/composer.worker"
163+
member = "serviceAccount:${google_service_account.test.email}"
164+
}
165+
135166
resource "google_composer_environment" "test" {
136167
name = "%s"
137168
config {
169+
node_config {
170+
service_account = google_service_account.test.name
171+
}
138172
software_config {
139173
image_version = "composer-3-airflow-2"
140174
}
141175
}
176+
depends_on = [google_project_iam_member.composer-worker]
142177
}
143178
resource "google_composer_user_workloads_secret" "test" {
144179
environment = google_composer_environment.test.name
@@ -148,20 +183,36 @@ resource "google_composer_user_workloads_secret" "test" {
148183
password: base64encode("password"),
149184
}
150185
}
151-
`, envName, secretName)
186+
`, serviceAccount, envName, secretName)
152187
}
153188

154-
func testAccComposerUserWorkloadsSecret_delete(envName string) string {
189+
func testAccComposerUserWorkloadsSecret_delete(envName, serviceAccount string) string {
155190
return fmt.Sprintf(`
191+
data "google_project" "project" {}
192+
193+
resource "google_service_account" "test" {
194+
account_id = "%s"
195+
display_name = "Test Service Account for Composer Environment"
196+
}
197+
resource "google_project_iam_member" "composer-worker" {
198+
project = data.google_project.project.project_id
199+
role = "roles/composer.worker"
200+
member = "serviceAccount:${google_service_account.test.email}"
201+
}
202+
156203
resource "google_composer_environment" "test" {
157204
name = "%s"
158205
config {
206+
node_config {
207+
service_account = google_service_account.test.name
208+
}
159209
software_config {
160210
image_version = "composer-3-airflow-2"
161211
}
162212
}
213+
depends_on = [google_project_iam_member.composer-worker]
163214
}
164-
`, envName)
215+
`, serviceAccount, envName)
165216
}
166217

167218
func testAccComposerUserWorkloadsSecretDestroyed(t *testing.T) func(s *terraform.State) error {

0 commit comments

Comments
 (0)