From 3195fbbfd3ddc0831f15743f1e5226c611b42ca5 Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Mon, 4 May 2020 20:02:35 -0400
Subject: [PATCH] Add test for key types, fix service account keys resource
 (#3452) (#393)

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 docs/resources/google_service_account_key.md                 | 2 +-
 docs/resources/google_service_account_keys.md                | 1 +
 libraries/google_service_account_keys.rb                     | 2 +-
 test/integration/build/gcp-mm.tf                             | 5 +++++
 .../verify/controls/google_service_account_key.rb            | 2 +-
 .../verify/controls/google_service_account_keys.rb           | 1 +
 6 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/docs/resources/google_service_account_key.md b/docs/resources/google_service_account_key.md
index 4cd4ada29..6ba03a66c 100644
--- a/docs/resources/google_service_account_key.md
+++ b/docs/resources/google_service_account_key.md
@@ -9,7 +9,7 @@ A `google_service_account_key` is used to test a Google ServiceAccountKey resour
 ## Examples
 ```
 google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name|
-	describe google_service_account_key(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com", name: sa_key_name) do
+	describe google_service_account_key(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com", name: sa_key_name.split('/').last) do
 		it { should exist }
 		its('key_type') { should_not cmp 'USER_MANAGED' }
 	end
diff --git a/docs/resources/google_service_account_keys.md b/docs/resources/google_service_account_keys.md
index be1b6e1ae..03006946c 100644
--- a/docs/resources/google_service_account_keys.md
+++ b/docs/resources/google_service_account_keys.md
@@ -10,6 +10,7 @@ A `google_service_account_keys` is used to test a Google ServiceAccountKey resou
 ```
 describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do
   its('count') { should be <= 1000 }
+  its('key_types') { should_not include 'USER_MANAGED' }
 end
 ```
 
diff --git a/libraries/google_service_account_keys.rb b/libraries/google_service_account_keys.rb
index 04c629a23..27eb9944f 100644
--- a/libraries/google_service_account_keys.rb
+++ b/libraries/google_service_account_keys.rb
@@ -39,7 +39,7 @@ class IAMServiceAccountKeys < GcpResourceBase
   def initialize(params = {})
     super(params.merge({ use_http_transport: true }))
     @params = params
-    @table = fetch_wrapped_resource('serviceAccountKeys')
+    @table = fetch_wrapped_resource('keys')
   end
 
   def fetch_wrapped_resource(wrap_path)
diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf
index 6e01cfc66..e77ee9d0d 100644
--- a/test/integration/build/gcp-mm.tf
+++ b/test/integration/build/gcp-mm.tf
@@ -910,6 +910,11 @@ resource "google_service_account" "spanner_service_account" {
   display_name = "${var.gcp_service_account_display_name}-sp"
 }
 
+resource "google_service_account_key" "userkey" {
+  service_account_id = google_service_account.spanner_service_account.name
+  public_key_type    = "TYPE_X509_PEM_FILE"
+}
+
 resource "google_spanner_instance" "spanner_instance" {
   project      = var.gcp_project_id
   config       = var.spannerinstance["config"]
diff --git a/test/integration/verify/controls/google_service_account_key.rb b/test/integration/verify/controls/google_service_account_key.rb
index dc36386de..309428ed7 100644
--- a/test/integration/verify/controls/google_service_account_key.rb
+++ b/test/integration/verify/controls/google_service_account_key.rb
@@ -24,7 +24,7 @@
 
   only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
   google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com").key_names.each do |sa_key_name|
-  	describe google_service_account_key(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com", name: sa_key_name) do
+  	describe google_service_account_key(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com", name: sa_key_name.split('/').last) do
   		it { should exist }
   		its('key_type') { should_not cmp 'USER_MANAGED' }
   	end
diff --git a/test/integration/verify/controls/google_service_account_keys.rb b/test/integration/verify/controls/google_service_account_keys.rb
index e0832935e..67ffed829 100644
--- a/test/integration/verify/controls/google_service_account_keys.rb
+++ b/test/integration/verify/controls/google_service_account_keys.rb
@@ -25,5 +25,6 @@
   only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
   describe google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
     its('count') { should be <= 1000 }
+    its('key_types') { should_not include 'USER_MANAGED' }
   end
 end