fix: cloud build integration tests

m0ps · m0ps · commit 0aa420bc45c7 · 2025-09-26T15:05:41.000+08:00
diff --git a/examples/simple_bucket/main.tf b/examples/simple_bucket/main.tf
@@ -58,12 +58,4 @@ module "bucket" {
   retention_policy = {
     retention_period = 2
   }
-
-  ip_filter = {
-    mode = "Enabled"
-    public_network_source = {
-      allowed_ip_cidr_ranges = ["0.0.0.0/0"]
-    }
-    allow_all_service_agent_access = true
-  }
 }
diff --git a/test/setup/iam.tf b/test/setup/iam.tf
@@ -35,9 +35,18 @@ locals {
     "roles/cloudkms.cryptoKeyEncrypterDecrypter",
     "roles/iam.serviceAccountUser",
     "roles/storage.admin",
+    "projects/${module.project.project_id}/roles/${google_project_iam_custom_role.int_test.role_id}",
   ], flatten(values(local.per_module_roles)))
 }
 
+resource "google_project_iam_custom_role" "int_test" {
+  project     = module.project.project_id
+  role_id     = "BypassBucketIPfiltering"
+  title       = "Bypass bucket IP filtering"
+  description = "Allow test service account to bypass bucket ip filtering rules"
+  permissions = ["storage.buckets.exemptFromIpFilter"]
+}
+
 resource "google_service_account" "int_test" {
   project      = module.project.project_id
   account_id   = "ci-cloud-storage"

Original file line number	Diff line number	Diff line change
`@@ -58,12 +58,4 @@ module "bucket" {`
`58`	`58`	`retention_policy = {`
`59`	`59`	`retention_period = 2`
`60`	`60`	`}`
`61`		`-`
`62`		`- ip_filter = {`
`63`		`- mode = "Enabled"`
`64`		`- public_network_source = {`
`65`		`- allowed_ip_cidr_ranges = ["0.0.0.0/0"]`
`66`		`- }`
`67`		`- allow_all_service_agent_access = true`
`68`		`- }`
`69`	`61`	`}`