From f404ab3a0067607a1bcaa1c6dfc9fd2e8666da30 Mon Sep 17 00:00:00 2001
From: Benjamin Gandon <bgandon@users.noreply.github.com>
Date: Mon, 22 Jan 2024 17:43:31 +0100
Subject: [PATCH] Add basic test case for service account keys

---
 .../defaults/main.yml                         |   1 -
 .../tasks/main.yml                            |   3 +
 .../tasks/service-account-keys.yml            | 102 ++++++++++++++++++
 3 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 tests/integration/targets/gcp_iam_service_account_key/tasks/main.yml
 create mode 100644 tests/integration/targets/gcp_iam_service_account_key/tasks/service-account-keys.yml

diff --git a/tests/integration/targets/gcp_iam_service_account_key/defaults/main.yml b/tests/integration/targets/gcp_iam_service_account_key/defaults/main.yml
index aa65c31..ba66644 100644
--- a/tests/integration/targets/gcp_iam_service_account_key/defaults/main.yml
+++ b/tests/integration/targets/gcp_iam_service_account_key/defaults/main.yml
@@ -1,3 +1,2 @@
 ---
-# defaults file
 resource_name: "{{ resource_prefix }}"
diff --git a/tests/integration/targets/gcp_iam_service_account_key/tasks/main.yml b/tests/integration/targets/gcp_iam_service_account_key/tasks/main.yml
new file mode 100644
index 0000000..f7d2482
--- /dev/null
+++ b/tests/integration/targets/gcp_iam_service_account_key/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- name: Service Account Keys tests
+  ansible.builtin.include_tasks: service-account-keys.yml
diff --git a/tests/integration/targets/gcp_iam_service_account_key/tasks/service-account-keys.yml b/tests/integration/targets/gcp_iam_service_account_key/tasks/service-account-keys.yml
new file mode 100644
index 0000000..8f37ca7
--- /dev/null
+++ b/tests/integration/targets/gcp_iam_service_account_key/tasks/service-account-keys.yml
@@ -0,0 +1,102 @@
+---
+
+# Pre-test setup
+- name: Delete a service account
+  google.cloud.gcp_iam_service_account:
+    name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
+    display_name: Service Account used for Ansible integration tests
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file | default(omit) }}"
+    state: absent
+
+- name: Delete a service account key file
+  connection: local
+  ansible.builtin.file:
+    path: "{{ gcp_cred_file }}-temporary-service-account-key"
+    state: absent
+
+- name: Verify that service_account_key was deleted
+  connection: local
+  ansible.builtin.stat:
+    path: "{{ gcp_cred_file }}-temporary-service-account-key"
+  register: key_file
+
+- name: Verify that command succeeded
+  ansible.builtin.assert:
+    that:
+      - key_file.stat.exists == false
+
+- name: Create a service account
+  google.cloud.gcp_iam_service_account:
+    name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
+    display_name: Service Account used for Ansible integration tests
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file | default(omit) }}"
+    state: present
+
+#----------------------------------------------------------
+
+- name: Create a service account key
+  google.cloud.gcp_iam_service_account_key:
+    service_account:
+      name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
+    private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
+    path: "{{ gcp_cred_file }}-temporary-service-account-key"
+
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file | default(omit) }}"
+    state: present
+  register: result
+
+- name: Assert changed is true
+  ansible.builtin.assert:
+    that:
+      - result.changed == true
+
+- name: Verify that service_account_key was created
+  connection: local
+  ansible.builtin.stat:
+    path: "{{ gcp_cred_file }}-temporary-service-account-key"
+  register: key_file
+
+- name: Verify that command succeeded
+  ansible.builtin.assert:
+    that:
+      - key_file.stat.exists == true
+      - key_file.stat.isdir == false
+      - key_file.stat.size > 0
+
+# ----------------------------------------------------------------------------
+
+- name: Delete a service account key
+  google.cloud.gcp_iam_service_account_key:
+    service_account:
+      name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
+    private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
+    path: "{{ gcp_cred_file }}-temporary-service-account-key"
+
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file | default(omit) }}"
+    state: absent
+  register: result
+
+- name: Assert changed is true
+  ansible.builtin.assert:
+    that:
+      - result.changed == true
+
+# ----------------------------------------------------------------------------
+
+# Pre-test tear down
+- name: Delete a service account
+  google.cloud.gcp_iam_service_account:
+    name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
+    display_name: Service Account used for Ansible integration tests
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file | default(omit) }}"
+    state: absent