Fixed PR comments

chrisghill · Feb 14, 2020 · 94baf3a · 94baf3a
1 parent 0f51548
commit 94baf3a
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 32 deletions.
diff --git a/examples/billing_account/README.md b/examples/billing_account/README.md
@@ -16,7 +16,7 @@ This example illustrates how to use the `billing_accounts_iam` submodule
 |------|-------------|
 | billing\_account\_ids | Billing Accounts which received bindings. |
 | members | Members which were bound to the billing accounts. |
-| service\_account\_address | Member which was bound to projects. |
+| service\_account\_addresses | Service Account Addresses which were bound to projects. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
diff --git a/examples/billing_account/outputs.tf b/examples/billing_account/outputs.tf
@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-output "service_account_address" {
+output "service_account_addresses" {
   value       = [google_service_account.service_account_01.email, google_service_account.service_account_02.email]
-  description = "Member which was bound to projects."
+  description = "Service Account Addresses which were bound to projects."
 }
 
 output "billing_account_ids" {

diff --git a/test/fixtures/billing-iam/outputs.tf b/test/fixtures/billing-iam/outputs.tf
@@ -18,17 +18,12 @@
 
 #Additive
 
-output "billing_iam_test_account" {
+output "billing_iam_test_accounts" {
   value       = module.iam_binding_billing_accounts_additive.billing_account_ids
-  description = "Billing Account which received bindings."
+  description = "Billing Accounts which received bindings."
 }
 
 output "members" {
   value       = module.iam_binding_billing_accounts_additive.members
   description = "Members which were bound to the billing accounts."
 }
-
-output "billing_sa_admin" {
-  value       = var.billing_sa_admin
-  description = "Admin Service Account bound to Test Billing Account."
-}
diff --git a/test/fixtures/billing-iam/variables.tf b/test/fixtures/billing-iam/variables.tf
@@ -19,11 +19,6 @@ variable "billing_iam_test_account" {
   description = "Billing Account ID to use for testing IAM policies/bindings."
 }
 
-variable "billing_sa_admin" {
-  type        = string
-  description = "Admin Service Account bound to Test Billing Account."
-}
-
 variable "project_id" {
   type        = string
   description = "Project ID"

diff --git a/test/integration/billing-iam/controls/billing-iam.rb b/test/integration/billing-iam/controls/billing-iam.rb
@@ -14,14 +14,13 @@
 
 # Billing Bindings
 
-billing_iam_test_account = attribute('billing_iam_test_account')
+billing_iam_test_accounts = attribute('billing_iam_test_accounts')
 members = attribute('members')
-billing_sa_admin = attribute('billing_sa_admin')
 
 control "GCP Billing IAM" do
             title "GCP Billing Bindings"
-            billing_iam_test_account.each do |billing_iam_test_account|
-                describe command ("gcloud beta billing accounts get-iam-policy #{billing_iam_test_account} --format=json") do
+            billing_iam_test_accounts.each do |billing_iam_test_accounts|
+                describe command ("gcloud beta billing accounts get-iam-policy #{billing_iam_test_accounts} --format=json") do
                 its(:exit_status) { should eq 0 }
                 its(:stderr) { should eq '' }
 
@@ -35,16 +34,14 @@
 
                 describe "members" do
                 it "are bound" do
-                    members.each_value do |member_value|
-                        member_value.each do |member|
-                            expect(data['bindings'][0]['members']).to include(member)
-                        end
+                    transformed_data={}
+                    data['bindings'].each do |binding|
+                        transformed_data.store(binding["role"],binding["members"])
                     end
-                end
-
-                describe "Billing IAM SA" do
-                it "is bound" do
-                    expect(data['bindings'][0]['members']).to include("serviceAccount:#{billing_sa_admin}")
+                    members.each do |role,saMembers|
+                        saMembers.each do |member|
+                            expect(transformed_data[role]).to include(member)
+                        end
                     end
                 end
             end

diff --git a/test/integration/billing-iam/inspec.yml b/test/integration/billing-iam/inspec.yml
@@ -14,7 +14,7 @@
 
 name: billing-iam
 attributes:
-  - name: billing_iam_test_account
+  - name: billing_iam_test_accounts
     required: true
     type: array
   - name: roles
@@ -23,6 +23,3 @@ attributes:
   - name: members
     required: true
     type: hash
-  - name: billing_sa_admin
-    required: true
-    type: string