diff --git a/README.md b/README.md index b1944a1..ceac3dc 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ Functional examples are included in the | description | Default description of the created service accounts (defaults to no description) | `string` | `""` | no | | descriptions | List of descriptions for the created service accounts (elements default to the value of `description`) | `list(string)` | `[]` | no | | display\_name | Display names of the created service accounts (defaults to 'Terraform-managed service account') | `string` | `"Terraform-managed service account"` | no | +| display\_names | List of display\_names for the created service accounts (elements default to the value of `display_name`) | `list(string)` | `[]` | no | | generate\_keys | Generate keys for service accounts. | `bool` | `false` | no | | grant\_billing\_role | Grant billing user role. | `bool` | `false` | no | | grant\_xpn\_roles | Grant roles for shared VPC management. | `bool` | `true` | no | @@ -60,6 +61,7 @@ Functional examples are included in the | Name | Description | |------|-------------| +| display\_names | display names variable. | | email | Service account email (for single use). | | emails | Service account emails by name. | | emails\_list | Service account emails as list. | diff --git a/examples/multiple_service_accounts/main.tf b/examples/multiple_service_accounts/main.tf index 90c08fa..89b7b53 100644 --- a/examples/multiple_service_accounts/main.tf +++ b/examples/multiple_service_accounts/main.tf @@ -22,7 +22,7 @@ module "service_accounts" { prefix = "" names = ["test-first", "test-second"] generate_keys = true - display_name = "Test Service Accounts" + display_names = ["Test Service Accounts first", "Test Service Accounts second"] description = "Test Service Accounts description" project_roles = [ diff --git a/main.tf b/main.tf index 61376fd..6cb46a7 100644 --- a/main.tf +++ b/main.tf @@ -37,7 +37,7 @@ locals { resource "google_service_account" "service_accounts" { for_each = local.names account_id = "${local.prefix}${lower(each.value)}" - display_name = var.display_name + display_name = index(var.names, each.value) >= length(var.display_names) ? var.display_name : element(var.display_names, index(var.names, each.value)) description = index(var.names, each.value) >= length(var.descriptions) ? var.description : element(var.descriptions, index(var.names, each.value)) project = var.project_id } diff --git a/test/integration/multiple_service_accounts/controls/gcp.rb b/test/integration/multiple_service_accounts/controls/gcp.rb index 4272287..6bd289e 100644 --- a/test/integration/multiple_service_accounts/controls/gcp.rb +++ b/test/integration/multiple_service_accounts/controls/gcp.rb @@ -30,4 +30,9 @@ end end + attribute('display_names').each do |display_name| + describe google_service_accounts(project: "#{attribute('project_id')}") do + its('service_account_display_names'){ should include display_name } + end + end end diff --git a/test/integration/multiple_service_accounts/inspec.yml b/test/integration/multiple_service_accounts/inspec.yml index dfa7304..1b71492 100644 --- a/test/integration/multiple_service_accounts/inspec.yml +++ b/test/integration/multiple_service_accounts/inspec.yml @@ -30,3 +30,6 @@ attributes: - name: iam_emails required: true type: hash + - name: display_names + required: true + type: array diff --git a/variables.tf b/variables.tf index 484d229..5c102ca 100644 --- a/variables.tf +++ b/variables.tf @@ -73,6 +73,12 @@ variable "display_name" { default = "Terraform-managed service account" } +variable "display_names" { + type = list(string) + description = "List of display_names for the created service accounts (elements default to the value of `display_name`)" + default = [] +} + variable "description" { type = string description = "Default description of the created service accounts (defaults to no description)"