diff --git a/test/fixtures/billing-iam/outputs.tf b/test/fixtures/billing-iam/outputs.tf index c3371f7a..e5195a31 100644 --- a/test/fixtures/billing-iam/outputs.tf +++ b/test/fixtures/billing-iam/outputs.tf @@ -27,3 +27,8 @@ output "members" { value = module.iam_binding_billing_accounts_additive.members description = "Members which were bound to the billing accounts." } + +output "project_id" { + value = var.project_id + description = "Project ID" +} diff --git a/test/integration/billing-iam/controls/billing-iam.rb b/test/integration/billing-iam/controls/billing-iam.rb index 50d1f72c..7da631ae 100644 --- a/test/integration/billing-iam/controls/billing-iam.rb +++ b/test/integration/billing-iam/controls/billing-iam.rb @@ -16,6 +16,7 @@ billing_iam_test_accounts = attribute('billing_iam_test_accounts') members = attribute('members') +project_id = attribute('project_id') control "GCP Billing IAM" do title "GCP Billing Bindings" @@ -38,11 +39,9 @@ data['bindings'].each do |binding| transformed_data.store(binding["role"],binding["members"]) end - members.each do |role,saMembers| - saMembers.each do |member| - expect(transformed_data[role]).to include(member) - end - end + expect(transformed_data["roles/billing.viewer"]).to include("serviceAccount:billing-iam-test-01@#{project_id}.iam.gserviceaccount.com") + expect(transformed_data["roles/billing.admin"]).to include("serviceAccount:billing-iam-test-01@#{project_id}.iam.gserviceaccount.com") + expect(transformed_data["roles/billing.admin"]).to include("serviceAccount:billing-iam-test-02@#{project_id}.iam.gserviceaccount.com") end end end diff --git a/test/integration/billing-iam/inspec.yml b/test/integration/billing-iam/inspec.yml index 377d973b..2f9a0e5d 100644 --- a/test/integration/billing-iam/inspec.yml +++ b/test/integration/billing-iam/inspec.yml @@ -23,3 +23,6 @@ attributes: - name: members required: true type: hash + - name: project_id + required: true + type: string