Add test for key types, fix service account keys resource (#3452) (#393)

Signed-off-by: Modular Magician <magic-modules@google.com>

docs/resources/google_service_account_key.md

@@ -9,7 +9,7 @@ A `google_service_account_key` is used to test a Google ServiceAccountKey resour
 ## Examples
 ```
 google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name|
-	describe google_service_account_key(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com", name: sa_key_name) do
+	describe google_service_account_key(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com", name: sa_key_name.split('/').last) do
 		it { should exist }
 		its('key_type') { should_not cmp 'USER_MANAGED' }
 	end

docs/resources/google_service_account_keys.md

@@ -10,6 +10,7 @@ A `google_service_account_keys` is used to test a Google ServiceAccountKey resou
 ```
 describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do
   its('count') { should be <= 1000 }
+  its('key_types') { should_not include 'USER_MANAGED' }
 end
 ```
 

libraries/google_service_account_keys.rb

@@ -39,7 +39,7 @@ class IAMServiceAccountKeys < GcpResourceBase
   def initialize(params = {})
     super(params.merge({ use_http_transport: true }))
     @params = params
-    @table = fetch_wrapped_resource('serviceAccountKeys')
+    @table = fetch_wrapped_resource('keys')
   end
 
   def fetch_wrapped_resource(wrap_path)

test/integration/build/gcp-mm.tf

@@ -910,6 +910,11 @@ resource "google_service_account" "spanner_service_account" {
   display_name = "${var.gcp_service_account_display_name}-sp"
 }
 
+resource "google_service_account_key" "userkey" {
+  service_account_id = google_service_account.spanner_service_account.name
+  public_key_type    = "TYPE_X509_PEM_FILE"
+}
+
 resource "google_spanner_instance" "spanner_instance" {
   project      = var.gcp_project_id
   config       = var.spannerinstance["config"]

test/integration/verify/controls/google_service_account_key.rb

@@ -24,7 +24,7 @@
 
   only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
   google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com").key_names.each do |sa_key_name|
-  	describe google_service_account_key(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com", name: sa_key_name) do
+  	describe google_service_account_key(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com", name: sa_key_name.split('/').last) do
   		it { should exist }
   		its('key_type') { should_not cmp 'USER_MANAGED' }
   	end

test/integration/verify/controls/google_service_account_keys.rb

@@ -25,5 +25,6 @@
   only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
   describe google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
     its('count') { should be <= 1000 }
+    its('key_types') { should_not include 'USER_MANAGED' }
   end
 end