From 3a298fc2c18022c6d7ff59c4b8488f04d5cbe3a4 Mon Sep 17 00:00:00 2001 From: dkuji Date: Sun, 29 Oct 2023 00:25:49 +0900 Subject: [PATCH 1/2] feat: Enable multiple display name --- README.md | 2 ++ examples/multiple_service_accounts/main.tf | 2 +- main.tf | 2 +- outputs.tf | 5 +++++ test/integration/multiple_service_accounts/controls/gcp.rb | 5 +++++ test/integration/multiple_service_accounts/inspec.yml | 3 +++ variables.tf | 6 ++++++ 7 files changed, 23 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 19d096d..87570b3 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ Functional examples are included in the | description | Default description of the created service accounts (defaults to no description) | `string` | `""` | no | | descriptions | List of descriptions for the created service accounts (elements default to the value of `description`) | `list(string)` | `[]` | no | | display\_name | Display names of the created service accounts (defaults to 'Terraform-managed service account') | `string` | `"Terraform-managed service account"` | no | +| display\_names | List of display\_names for the created service accounts (elements default to the value of `display_name`) | `list(string)` | `[]` | no | | generate\_keys | Generate keys for service accounts. | `bool` | `false` | no | | grant\_billing\_role | Grant billing user role. | `bool` | `false` | no | | grant\_xpn\_roles | Grant roles for shared VPC management. | `bool` | `true` | no | @@ -60,6 +61,7 @@ Functional examples are included in the | Name | Description | |------|-------------| +| display\_names | display names variable. | | email | Service account email (for single use). | | emails | Service account emails by name. | | emails\_list | Service account emails as list. | diff --git a/examples/multiple_service_accounts/main.tf b/examples/multiple_service_accounts/main.tf index b4fd667..6259fd7 100644 --- a/examples/multiple_service_accounts/main.tf +++ b/examples/multiple_service_accounts/main.tf @@ -20,7 +20,7 @@ module "service_accounts" { prefix = "" names = ["test-first", "test-second"] generate_keys = true - display_name = "Test Service Accounts" + display_names = ["Test Service Accounts first", "Test Service Accounts second"] description = "Test Service Accounts description" project_roles = [ diff --git a/main.tf b/main.tf index 61376fd..6cb46a7 100644 --- a/main.tf +++ b/main.tf @@ -37,7 +37,7 @@ locals { resource "google_service_account" "service_accounts" { for_each = local.names account_id = "${local.prefix}${lower(each.value)}" - display_name = var.display_name + display_name = index(var.names, each.value) >= length(var.display_names) ? var.display_name : element(var.display_names, index(var.names, each.value)) description = index(var.names, each.value) >= length(var.descriptions) ? var.description : element(var.descriptions, index(var.names, each.value)) project = var.project_id } diff --git a/outputs.tf b/outputs.tf index 35e2506..d66d913 100644 --- a/outputs.tf +++ b/outputs.tf @@ -70,3 +70,8 @@ output "keys" { sensitive = true value = { for k, v in local.names : k => var.generate_keys ? base64decode(google_service_account_key.keys[v].private_key) : "" } } + +output "display_names" { + description = "display names variable." + value = var.display_names +} diff --git a/test/integration/multiple_service_accounts/controls/gcp.rb b/test/integration/multiple_service_accounts/controls/gcp.rb index 4272287..6bd289e 100644 --- a/test/integration/multiple_service_accounts/controls/gcp.rb +++ b/test/integration/multiple_service_accounts/controls/gcp.rb @@ -30,4 +30,9 @@ end end + attribute('display_names').each do |display_name| + describe google_service_accounts(project: "#{attribute('project_id')}") do + its('service_account_display_names'){ should include display_name } + end + end end diff --git a/test/integration/multiple_service_accounts/inspec.yml b/test/integration/multiple_service_accounts/inspec.yml index dfa7304..1b71492 100644 --- a/test/integration/multiple_service_accounts/inspec.yml +++ b/test/integration/multiple_service_accounts/inspec.yml @@ -30,3 +30,6 @@ attributes: - name: iam_emails required: true type: hash + - name: display_names + required: true + type: array diff --git a/variables.tf b/variables.tf index 484d229..5c102ca 100644 --- a/variables.tf +++ b/variables.tf @@ -73,6 +73,12 @@ variable "display_name" { default = "Terraform-managed service account" } +variable "display_names" { + type = list(string) + description = "List of display_names for the created service accounts (elements default to the value of `display_name`)" + default = [] +} + variable "description" { type = string description = "Default description of the created service accounts (defaults to no description)" From c6522bcbc733939afb3ea955845278a6ab6c4b26 Mon Sep 17 00:00:00 2001 From: dkuji Date: Thu, 30 Nov 2023 22:39:45 +0900 Subject: [PATCH 2/2] Delete display_names in outputs.tf --- outputs.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/outputs.tf b/outputs.tf index d66d913..35e2506 100644 --- a/outputs.tf +++ b/outputs.tf @@ -70,8 +70,3 @@ output "keys" { sensitive = true value = { for k, v in local.names : k => var.generate_keys ? base64decode(google_service_account_key.keys[v].private_key) : "" } } - -output "display_names" { - description = "display names variable." - value = var.display_names -}