Open morgante opened 5 years ago
Just to reiterate, the scenarios that need to be tested are:
group_name
, and create_group = false
=> grant the roles to the groupgroup_name
and create_group = true
=> create the given group name and grant it the required rolescreate_group = true
=> creates a group named project_name-editors
and grants it the required roles.create_group = false
=> no group roles grantedAlso
sa_group
=> default service account is part of given G Suite groupWe will need to alter the test setup to support a long-lived service account, or identify an alternative approach to satisfy the authentication requirements of the G Suite provider.
Here's how I suggest we tackle this:
setup/
contentsetup/
stage of this repo, remove the project creation and and simply use google_service_account_key
to grab the key from the pre-created service accountI think that sounds like a good approach. I suggest that we maintain the setup configuration so contributors can continue to easily create a test environment for the minimal suite, and push the exceptional logic in to the build configuration file. May be add a separate "full-ci-setup" configuration which does what you propose.
Sure, we could have a separate folder which behaves similarly but is only used for CI.
The tests currently don't make it easy to test G Suite-related functionality in the module.
We should add fixtures to consistently exercise the create_group and API/SA group functionalities.