zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1143 from GoogleCloudPlatform/jccb/bluprint-inline-tests 

Test blueprints from README files
This commit is contained in:
Julio Castillo 2023-02-27 09:57:41 +01:00 committed by GitHub
parent 7bfa2dbd34 526c8d9f1a
commit 067ca37e50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
222 changed files with 1285 additions and 3913 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
blueprints/apigee/bigquery-analytics/README.md
View File

@ -76,3 +76,35 @@ Do the following to verify that everything works as expected.
| [ip_address](outputs.tf#L17) | IP address. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/apigee/bigquery-analytics"
project_create = {
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
}
project_id = "my-project"
envgroups = {
test = ["test.cool-demos.space"]
}
environments = {
apis-test = {
envgroups = ["test"]
}
}
instances = {
instance-ew1 = {
region = "europe-west1"
environments = ["apis-test"]
runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.0.0/28"
}
}
psc_config = {
europe-west1 = "10.0.0.0/28"
}
}
# tftest modules=10 resources=62
```

17
blueprints/apigee/hybrid-gke/README.md
View File

@ -29,7 +29,7 @@ The diagram below depicts the architecture.
5. Install Apigee hybrid using de ansible playbook that is in the ansible folder by running this command
ansible-playbook playbook.yaml -vvvß
ansible-playbook playbook.yaml -vvv
## Testing the blueprint
@ -67,3 +67,18 @@ The diagram below depicts the architecture.
| [ip_address](outputs.tf#L17) | GLB IP address. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/apigee/hybrid-gke"
project_create = {
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
}
project_id = "my-project"
hostname = "test.myorg.org"
}
# tftest modules=18 resources=59
```

14
blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md
View File

@ -67,3 +67,17 @@ Do the following to verify that everything works as expected.
| [ip_address](outputs.tf#L17) | GLB IP address. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg"
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
apigee_project_id = "my-apigee-project"
onprem_project_id = "my-onprem-project"
hostname = "test.myorg.org"
}
# tftest modules=14 resources=73
```

17
blueprints/cloud-operations/adfs/README.md
View File

@ -74,3 +74,20 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| [ip_address](outputs.tf#L15) | IP address. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/adfs"
prefix = "test"
project_create = {
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
}
project_id = "project-1"
ad_dns_domain_name = "example.com"
adfs_dns_domain_name = "adfs.example.com"
}
# tftest modules=5 resources=18
```

12
blueprints/cloud-operations/asset-inventory-feed-remediation/README.md
View File

@ -72,3 +72,15 @@ Run the `subscription_pull` command until it returns nothing, then run the follo
| [tag_show](outputs.tf#L49) | Instance add tag command. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/asset-inventory-feed-remediation"
project_create = true
project_id = "project-1"
}
# tftest modules=7 resources=21
```

4
blueprints/cloud-operations/asset-inventory-feed-remediation/main.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -82,7 +82,7 @@ module "cf" {
location = var.region
}
bundle_config = {
source_dir = "cf"
source_dir = "${path.module}/cf"
output_path = var.bundle_path
}
service_account = module.service-account.email

12
blueprints/cloud-operations/dns-fine-grained-iam/README.md
View File

@ -118,3 +118,15 @@ dig app1.svc.example.org +short
| [vms](outputs.tf#L25) | VM names. | |
<!-- END TFDOC -->
## Test
```hcl
module "test1" {
source = "./fabric/blueprints/cloud-operations/dns-fine-grained-iam"
name = "dns-sd-test"
project_create = true
project_id = "test"
}
# tftest modules=9 resources=25
```

14
blueprints/cloud-operations/dns-shared-vpc/README.md
View File

@ -39,3 +39,17 @@ Note that Terraform 0.13 at least is required due to the use of `for_each` with
| [teams](outputs.tf#L17) | Team resources. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/dns-shared-vpc"
billing_account_id = "111111-222222-333333"
folder_id = "folders/1234567890"
prefix = "test"
shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
teams = ["team1", "team2"]
}
# tftest modules=9 resources=12
```

12
blueprints/cloud-operations/iam-delegated-role-grants/README.md
View File

@ -76,3 +76,15 @@ If you get any warnings, check the roles and remove any of them granting any of
| [restricted_role_grant](variables.tf#L78) | Role grant to which the restrictions will apply. | <code>string</code> | | <code>&#34;roles&#47;resourcemanager.projectIamAdmin&#34;</code> |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/iam-delegated-role-grants"
project_create = true
project_id = "project-1"
project_administrators = ["user:user@example.com"]
}
# tftest modules=2 resources=4
```

11
blueprints/cloud-operations/onprem-sa-key-management/README.md
View File

@ -78,3 +78,14 @@ terraform destroy -var project_id=$GOOGLE_CLOUD_PROJECT
| [sa-credentials](outputs.tf#L17) | SA json key templates. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/onprem-sa-key-management"
project_create = true
project_id = "test"
}
# tftest modules=4 resources=7
```

24
blueprints/cloud-operations/packer-image-builder/README.md
View File

@ -93,3 +93,27 @@ address for security reasons, Internet connectivity is done with [Cloud NAT](htt
| [compute_zone](outputs.tf#L32) | Name of a compute engine zone for Packer's temporary VM. | |
<!-- END TFDOC -->
## Test
```tpl
# tftest-file id=pkrvars path=packer/build.pkrvars.tpl
# Packer variables file template.
# Used by Terraform to generate Packer variable file.
project_id = "${PROJECT_ID}"
compute_zone = "${COMPUTE_ZONE}"
builder_sa = "${BUILDER_SA}"
compute_sa = "${COMPUTE_SA}"
compute_subnetwork = "${COMPUTE_SUBNETWORK}"
use_iap = ${USE_IAP}
```
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/packer-image-builder"
project_id = "test-project"
packer_account_users = ["user:john@example.com"]
create_packer_vars = true
}
# tftest modules=7 resources=17 files=pkrvars
```

12
blueprints/cloud-operations/quota-monitoring/README.md
View File

@ -52,3 +52,15 @@ Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/c
| [schedule_config](variables.tf#L66) | Schedule timer configuration in crontab format. | <code>string</code> | | <code>&#34;0 &#42; &#42; &#42; &#42;&#34;</code> |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/quota-monitoring"
name = "name"
project_create = true
project_id = "test"
}
# tftest modules=4 resources=14
```

4
blueprints/cloud-operations/quota-monitoring/main.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -55,7 +55,7 @@ module "cf" {
location = var.region
}
bundle_config = {
source_dir = "cf"
source_dir = "${path.module}/cf"
output_path = var.bundle_path
}
# https://github.com/hashicorp/terraform-provider-archive/issues/40

26
blueprints/cloud-operations/scheduled-asset-inventory-export-bq/README.md
View File

@ -77,3 +77,29 @@ This is an optional part, created if `cai_gcs_export` is set to `true`. The high
| [cloud-function](outputs.tf#L22) | Cloud Function instance details. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/scheduled-asset-inventory-export-bq"
billing_account = "1234-ABCD-1234"
cai_config = {
bq_dataset = "my-dataset"
bq_table = "my_table"
bq_table_overwrite = "true"
target_node = "organization/1234567890"
}
cai_gcs_export = true
file_config = {
bucket = "my-bucket"
filename = "my-folder/myfile.json"
format = "NEWLINE_DELIMITED_JSON"
bq_dataset = "my-dataset"
bq_table = "my_table"
}
project_create = true
project_id = "project-1"
}
# tftest modules=8 resources=34
```

6
blueprints/cloud-operations/scheduled-asset-inventory-export-bq/main.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -94,7 +94,7 @@ module "cf" {
location = var.region
}
bundle_config = {
source_dir = "cf"
source_dir = "${path.module}/cf"
output_path = var.bundle_path
}
service_account = module.service-account.email
@ -118,7 +118,7 @@ module "cffile" {
lifecycle_delete_age_days = null
}
bundle_config = {
source_dir = "cffile"
source_dir = "${path.module}/cffile"
output_path = var.bundle_path_cffile
excludes = null
}

1
blueprints/cloud-operations/terraform-cloud-dynamic-credentials/README.md
View File

@ -120,3 +120,4 @@ terraform apply
As a result we have a successfully deployed GCS bucket from Terraform Cloud workflow using Workload Identity Federation.
Once done testing, you can clean up resources by running `terraform destroy` first in the `tfc-workflow-using-wif` and then `gcp-workload-identity-provider` folders.

19
blueprints/cloud-operations/terraform-cloud-dynamic-credentials/gcp-workload-identity-provider/README.md
View File

@ -33,3 +33,22 @@ The codebase provisions the following list of resources:
| [tfc_workspace_wariables](outputs.tf#L20) | Variables to be set on the TFC workspace. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/terraform-cloud-dynamic-credentials/gcp-workload-identity-provider"
billing_account = "1234-ABCD-1234"
project_create = true
project_id = "project-1"
parent = "folders/12345"
tfc_organization_id = "org-123"
tfc_workspace_id = "ws-123"
workload_identity_pool_id = "tfe-pool"
workload_identity_pool_provider_id = "tf-provider"
issuer_uri = "https://app.terraform.io/"
}
# tftest modules=3 resources=12
```

12
blueprints/cloud-operations/unmanaged-instances-healthcheck/README.md
View File

@ -118,3 +118,15 @@ gcloud compute ssh --zone europe-west1-b nginx-test -- 'uptime'
| [pubsub-topic](outputs.tf#L26) | Restarter PubSub topic. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/unmanaged-instances-healthcheck"
project_id = "project-1"
billing_account = "123456-123456-123456"
project_create = true
}
# tftest modules=11 resources=35
```

27
blueprints/cloud-operations/vm-migration/host-target-projects/README.md
View File

@ -38,3 +38,30 @@ This sample creates\updates several distinct groups of resources:
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/vm-migration/host-target-projects"
project_create = {
billing_account_id = "1234-ABCD-1234"
parent = "folders/1234563"
}
migration_admin_users = ["user:admin@example.com"]
migration_viewer_users = ["user:viewer@example.com"]
migration_target_projects = [module.test-target-project.name]
depends_on = [
module.test-target-project
]
}
module "test-target-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-target-project"
project_create = true
}
# tftest modules=5 resources=24
```

36
blueprints/cloud-operations/vm-migration/host-target-sharedvpc/README.md
View File

@ -42,3 +42,39 @@ This sample creates\update several distinct groups of resources:
<!-- END TFDOC -->
## Manual Steps
Once this blueprint is deployed the M4CE [m4ce_gmanaged_service_account](https://cloud.google.com/migrate/compute-engine/docs/5.0/how-to/target-sa-compute-engine#configuring_the_default_service_account) has to be configured to grant the access to the shared VPC and allow the deploy of Compute Engine instances as the result of the migration.
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/vm-migration/host-target-sharedvpc"
project_create = {
billing_account_id = "1234-ABCD-1234"
parent = "folders/1234563"
}
migration_admin_users = ["user:admin@example.com"]
migration_viewer_users = ["user:viewer@example.com"]
migration_target_projects = [module.test-target-project.name]
sharedvpc_host_projects = [module.test-sharedvpc-host-project.name]
depends_on = [
module.test-target-project,
module.test-sharedvpc-host-project,
]
}
module "test-target-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-target-project"
project_create = true
}
module "test-sharedvpc-host-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-sharedvpc-host-project"
project_create = true
}
# tftest modules=7 resources=25
```

15
blueprints/cloud-operations/vm-migration/single-project/README.md
View File

@ -39,3 +39,18 @@ This sample creates several distinct groups of resources:
| [m4ce_gmanaged_service_account](outputs.tf#L15) | Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/cloud-operations/vm-migration/single-project"
project_create = {
billing_account_id = "1234-ABCD-1234"
parent = "folders/1234563"
}
migration_admin_users = ["user:admin@example.com"]
migration_viewer_users = ["user:viewer@example.com"]
}
# tftest modules=5 resources=20
```

17
blueprints/data-solutions/cloudsql-multiregion/README.md
View File

@ -165,3 +165,20 @@ The above command will delete the associated resources so there will be no billa
| [service_accounts](outputs.tf#L46) | Service Accounts. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/cloudsql-multiregion/"
data_eng_principals = ["dataeng@example.com"]
postgres_user_password = "my-root-password"
project_id = "project"
project_create = {
billing_account_id = "123456-123456-123456"
parent = "folders/12345678"
}
prefix = "prefix"
}
# tftest modules=10 resources=50
```

14
blueprints/data-solutions/cmek-via-centralized-kms/README.md
View File

@ -54,3 +54,17 @@ This sample creates several distinct groups of resources:
| [vm_keys](outputs.tf#L41) | GCE VM Cloud KMS crypto keys. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/cmek-via-centralized-kms/"
project_config = {
billing_account_id = "123456-123456-123456"
parent = "folders/12345678"
}
prefix = "prefix"
}
# tftest modules=8 resources=27
```

15
blueprints/data-solutions/composer-2/README.md
View File

@ -113,3 +113,18 @@ service_encryption_keys = {
| [composer_dag_gcs](outputs.tf#L22) | The Cloud Storage prefix of the DAGs for the Cloud Composer environment. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/composer-2/"
project_id = "project"
project_create = {
billing_account_id = "123456-123456-123456"
parent = "folders/12345678"
}
prefix = "prefix"
}
# tftest modules=5 resources=26
```

15
blueprints/data-solutions/data-platform-foundations/README.md
View File

@ -289,3 +289,18 @@ Features to add in future releases:
- Add example on how to use Cloud Data Loss Prevention
- Add solution to handle Tables, Views, and Authorized Views lifecycle
- Add solution to handle Metadata lifecycle
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/data-platform-foundations/"
organization_domain = "example.com"
project_config = {
billing_account_id = "123456-123456-123456"
parent = "folders/12345678"
}
prefix = "prefix"
}
# tftest modules=43 resources=278
```

15
blueprints/data-solutions/data-playground/README.md
View File

@ -68,3 +68,18 @@ You can now connect to the Vertex AI notbook to perform your data analysy.
| [vpc](outputs.tf#L38) | VPC Network. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/data-playground"
project_id = "sampleproject"
prefix = "tst"
project_create = {
billing_account_id = "123456-123456-123456",
parent = "folders/467898377"
}
}
# tftest modules=8 resources=39
```

15
blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md
View File

@ -215,3 +215,18 @@ The above command will delete the associated resources so there will be no billa
| [service_accounts](outputs.tf#L69) | Service account. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/gcs-to-bq-with-least-privileges/"
project_create = {
billing_account_id = "123456-123456-123456"
parent = "folders/12345678"
}
project_id = "project-1"
prefix = "prefix"
}
# tftest modules=12 resources=47
```

30
blueprints/data-solutions/shielded-folder/README.md
View File

@ -178,3 +178,33 @@ terraform apply
| [folders_sink_writer_identities](outputs.tf#L23) | Folders id. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/shielded-folder"
data_dir = "./fabric/blueprints/data-solutions/shielded-folder/data"
access_policy_config = {
access_policy_create = {
parent = "organizations/1234567890123"
title = "ShieldedMVP"
}
}
folder_config = {
folder_create = {
display_name = "ShieldedMVP"
parent = "organizations/1234567890123"
}
}
organization = {
domain = "example.com"
id = "1122334455"
}
prefix = "prefix"
project_config = {
billing_account_id = "123456-123456-123456"
}
}
# tftest modules=6 resources=38 inventory=simple.yaml
```

20
blueprints/data-solutions/sqlserver-alwayson/README.md
View File

@ -69,3 +69,23 @@ and to `C:\GcpSetupLog.txt` file.
| [instructions](outputs.tf#L19) | List of steps to follow after applying. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/sqlserver-alwayson/"
project_create = {
billing_account_id = "123456-123456-123456"
parent = "folders/12345678"
}
project_id = "project-1"
prefix = "test"
network = "example-network"
subnetwork = "example-subnetwork"
sql_admin_password = "password"
ad_domain_fqdn = "ad.example.com"
ad_domain_netbios = "ad"
}
# tftest modules=12 resources=38
```

32
blueprints/data-solutions/vertex-mlops/README.md
View File

@ -74,6 +74,36 @@ This blueprint can be used as a building block for setting up an end2end ML Ops
| [project_id](outputs.tf#L49) | Project ID. | |
<!-- END TFDOC -->
# TODO
## TODO
- Add support for User Managed Notebooks, SA permission option and non default SA for Single User mode.
- Improve default naming for local VPC and Cloud NAT
## Test
```hcl
module "test" {
source = "./fabric/blueprints/data-solutions/vertex-mlops/"
labels = {
"env" : "dev",
"team" : "ml"
}
bucket_name = "test-dev"
dataset_name = "test"
identity_pool_claims = "attribute.repository/ORGANIZATION/REPO"
notebooks = {
"myworkbench" : {
"owner" : "user@example.com",
"region" : "europe-west4",
"subnet" : "default",
}
}
prefix = "pref"
project_id = "test-dev"
project_create = {
billing_account_id = "000000-123456-123456"
parent = "folders/111111111111"
}
}
# tftest modules=12 resources=56
```

1
blueprints/factories/bigquery-factory/README.md
View File

@ -71,6 +71,7 @@ module "bq" {
| [views_path](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ | |
<!-- END TFDOC -->
## TODO
- [ ] add external table support

15
blueprints/factories/cloud-identity-group-factory/README.md
View File

@ -9,13 +9,22 @@ Yaml abstraction for Groups can simplify groups creation and members management.
### Terraform code
```hcl
module "prod-firewall" {
module "groups" {
source = "./fabric/blueprints/factories/cloud-identity-group-factory"
customer_id = "customers/C0xxxxxxx"
data_dir = "data"
}
# tftest skip
# tftest modules=2 resources=3 files=group1 inventory=example.yaml
```
```yaml
# tftest-file id=group1 path=data/group1@example.com.yaml
display_name: Group 1
description: Group 1
members:
- user1@example.com
managers:
- user2@example.com
```
### Configuration Structure

131
blueprints/factories/net-vpc-firewall-yaml/README.md
View File

@ -17,8 +17,8 @@ module "prod-firewall" {
project_id = "my-prod-project"
network = "my-prod-network"
config_directories = [
"./prod",
"./common"
"./firewall/prod",
"./firewall/common"
]
log_config = {
@ -32,13 +32,86 @@ module "dev-firewall" {
project_id = "my-dev-project"
network = "my-dev-network"
config_directories = [
"./dev",
"./common"
"./firewall/dev",
"./firewall/common"
]
}
# tftest skip
# tftest modules=2 resources=16 files=common,dev,prod inventory=example.yaml
```
```yaml
# tftest-file id=common path=firewall/common/common.yaml
# allow ingress from GCLB to all instances in the network
lb-health-checks:
allow:
- ports: []
protocol: tcp
direction: INGRESS
priority: 1001
source_ranges:
- 35.191.0.0/16
- 130.211.0.0/22
# deny all egress
deny-all:
deny:
- ports: []
protocol: all
direction: EGRESS
priority: 65535
destination_ranges:
- 0.0.0.0/0
```
```yaml
# tftest-file id=dev path=firewall/dev/app.yaml
# Myapp egress
web-app-dev-egress:
allow:
- ports: [443]
protocol: tcp
direction: EGRESS
destination_ranges:
- 192.168.0.0/24
target_service_accounts:
- myapp@myproject-dev.iam.gserviceaccount.com
# Myapp ingress
web-app-dev-ingress:
allow:
- ports: [1234]
protocol: tcp
direction: INGRESS
source_service_accounts:
- frontend-sa@myproject-dev.iam.gserviceaccount.com
target_service_accounts:
- web-app-a@myproject-dev.iam.gserviceaccount.com
```
```yaml
# tftest-file id=prod path=firewall/prod/app.yaml
# Myapp egress
web-app-prod-egress:
allow:
- ports: [443]
protocol: tcp
direction: EGRESS
destination_ranges:
- 192.168.10.0/24
target_service_accounts:
- myapp@myproject-prod.iam.gserviceaccount.com
# Myapp ingress
web-app-prod-ingress:
allow:
- ports: [1234]
protocol: tcp
direction: INGRESS
source_service_accounts:
- frontend-sa@myproject-prod.iam.gserviceaccount.com
target_service_accounts:
- web-app-a@myproject-prod.iam.gserviceaccount.com
```
### Configuration Structure
```bash
@ -86,54 +159,6 @@ rule-name: # descriptive name, naming convention is adjusted by the module
- myapp@myproject-id.iam.gserviceaccount.com
```
Firewall rules example yaml configuration
```bash
cat ./prod/core-network/common-rules.yaml
# allow ingress from GCLB to all instances in the network
lb-health-checks:
allow:
- ports: []
protocol: tcp
direction: INGRESS
priority: 1001
source_ranges:
- 35.191.0.0/16
- 130.211.0.0/22
# deny all egress
deny-all:
deny:
- ports: []
protocol: all
direction: EGRESS
priority: 65535
destination_ranges:
- 0.0.0.0/0
cat ./dev/team-a/web-app-a.yaml
# Myapp egress
web-app-a-egress:
allow:
- ports: [443]
protocol: tcp
direction: EGRESS
destination_ranges:
- 192.168.0.0/24
target_service_accounts:
- myapp@myproject-id.iam.gserviceaccount.com
# Myapp ingress
web-app-a-ingress:
allow:
- ports: [1234]
protocol: tcp
direction: INGRESS
source_service_accounts:
- frontend-sa@myproject-id.iam.gserviceaccount.com
target_service_accounts:
- web-app-a@myproject-id.iam.gserviceaccount.com
```
<!-- BEGIN TFDOC -->
## Variables

6
blueprints/factories/net-vpc-firewall-yaml/main.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,8 +20,8 @@ locals {
for config_path in var.config_directories :
concat(
[
for config_file in fileset("${path.root}/${config_path}", "**/*.yaml") :
"${path.root}/${config_path}/${config_file}"
for config_file in fileset(config_path, "**/*.yaml") :
"${config_path}/${config_file}"
]
)

2
blueprints/factories/project-factory/README.md
View File

@ -76,7 +76,7 @@ module "projects" {
service_identities_iam = try(each.value.service_identities_iam, {})
vpc = try(each.value.vpc, null)
}
# tftest modules=7 resources=29
# tftest modules=7 resources=30 inventory=example.yaml
```
### Projects configuration

2
blueprints/factories/project-factory/main.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.

7
blueprints/factories/project-factory/sample-data/projects/project.yaml
View File

@ -44,7 +44,8 @@ kms_service_agents:
# [opt] Labels for the project - merged with the ones defined in defaults
labels:
environment: dev
environment: dev2
costcenter: apps
# [opt] Org policy overrides defined at project level
org_policies:
@ -70,7 +71,7 @@ service_accounts:
another-service-account:
- roles/compute.admin
my-service-account:
- roles/compute.admin
- roles/compute.adminv1
# [opt] APIs to enable on the project.
services:
@ -103,4 +104,4 @@ vpc:
subnets_iam:
europe-west1/dev-default-ew1:
- user:foobar@example.com
- serviceAccount:service-account1
- serviceAccount:my-service-account

15
blueprints/gke/binauthz/README.md
View File

@ -125,3 +125,18 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| [image_repo_url](outputs.tf#L22) | Image source repository url. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/gke/binauthz"
prefix = "test"
project_create = {
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
}
project_id = "my-project"
}
# tftest modules=14 resources=47
```

31
blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
View File

@ -75,3 +75,34 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| [region](variables.tf#L99) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/gke/multi-cluster-mesh-gke-fleet-api"
billing_account_id = "123-456-789"
parent = "folders/123456789"
host_project_id = "my-host-project"
fleet_project_id = "my-fleet-project"
mgmt_project_id = "my-mgmt-project"
region = "europe-west1"
clusters_config = {
cluster-a = {
subnet_cidr_block = "10.0.1.0/24"
master_cidr_block = "10.16.0.0/28"
services_cidr_block = "192.168.1.0/24"
pods_cidr_block = "172.16.0.0/20"
}
cluster-b = {
subnet_cidr_block = "10.0.2.0/24"
master_cidr_block = "10.16.0.16/28"
services_cidr_block = "192.168.2.0/24"
pods_cidr_block = "172.16.16.0/20"
}
}
mgmt_subnet_cidr_block = "10.0.0.0/24"
istio_version = "1.14.1-asm.3"
}
# tftest modules=13 resources=57
```

12
blueprints/networking/decentralized-firewall/README.md
View File

@ -41,3 +41,15 @@ in the [`validator/`](validator/) subdirectory, which can be integrated as part
| [vpc](outputs.tf#L41) | Shared VPCs. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/decentralized-firewall"
billing_account_id = "ABCDE-12345-ABCDE"
prefix = "prefix"
root_node = "organizations/0123456789"
}
# tftest modules=9 resources=50
```

16
blueprints/networking/filtering-proxy-psc/README.md
View File

@ -26,3 +26,19 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each
| [region](variables.tf#L75) | Default region for resources. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/filtering-proxy-psc"
prefix = "fabric"
project_create = {
billing_account = "123456-ABCDEF-123456"
parent = "folders/1234567890"
}
project_id = "test-project"
}
# tftest modules=13 resources=37
```

24
blueprints/networking/filtering-proxy/README.md
View File

@ -36,3 +36,27 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c
| [squid-address](outputs.tf#L17) | IP address of the Squid proxy. | |
<!-- END TFDOC -->
## Test
```hcl
module "test1" {
source = "./fabric/blueprints/networking/filtering-proxy"
billing_account = "123456-123456-123456"
mig = true
prefix = "fabric"
root_node = "folders/123456789"
}
# tftest modules=14 resources=36
```
```hcl
module "test2" {
source = "./fabric/blueprints/networking/filtering-proxy"
billing_account = "123456-123456-123456"
mig = false
prefix = "fabric"
root_node = "folders/123456789"
}
# tftest modules=12 resources=30
```

16
blueprints/networking/glb-and-armor/README.md
View File

@ -137,3 +137,19 @@ The above command will delete the associated resources so there will be no billa
| [vm_siege_external_ip](outputs.tf#L23) | Siege VM external IP address. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/glb-and-armor"
prefix = "test"
project_create = {
billing_account_id = "123456789"
parent = "organizations/123456789"
}
project_id = "project-1"
enforce_security_policy = true
}
# tftest modules=12 resources=26
```

17
blueprints/networking/hub-and-spoke-peering/README.md
View File

@ -100,3 +100,20 @@ The VPN used to connect the GKE masters VPC does not account for HA, upgrading t
| [vms](outputs.tf#L20) | GCE VMs. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/hub-and-spoke-peering"
prefix = "prefix"
project_create = {
billing_account = "123456-123456-123456"
oslogin = true
parent = "folders/123456789"
}
project_id = "project-1"
}
# tftest modules=22 resources=61
```

15
blueprints/networking/hub-and-spoke-vpn/README.md
View File

@ -101,3 +101,18 @@ ping test-r2.dev.example.com
| [vms](outputs.tf#L39) | GCE VMs. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/hub-and-spoke-vpn"
prefix = "prefix"
project_create_config = {
billing_account_id = "123456-123456-123456"
parent_id = "folders/123456789"
}
project_id = "project-1"
}
# tftest modules=20 resources=73
```

12
blueprints/networking/ilb-next-hop/README.md
View File

@ -86,3 +86,15 @@ A sample testing session using `tmux`:
| [ssh_vm_right](outputs.tf#L64) | Command-line login to right VMs. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/ilb-next-hop"
prefix = "test"
project_create = true
project_id = "project-1"
}
# tftest modules=18 resources=42
```

14
blueprints/networking/private-cloud-function-from-onprem/README.md
View File

@ -33,3 +33,17 @@ curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME
| [function_url](outputs.tf#L17) | URL of the Cloud Function. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/networking/private-cloud-function-from-onprem/"
project_create = {
billing_account_id = "123456-ABCDEF-123456"
parent = "folders/1234567890"
}
project_id = "test-project"
}
# tftest modules=11 resources=40
```

12
blueprints/networking/shared-vpc-gke/README.md
View File

@ -70,3 +70,15 @@ There's a minor glitch that can surface running `terraform destroy`, where the s
| [vpc](outputs.tf#L40) | Shared VPC. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/gke/shared-vpc-gke"
billing_account_id = "ABCDE-12345-ABCDE"
prefix = "test"
root_node = "organizations/0123456789"
}
# tftest modules=11 resources=43
```

20
blueprints/serverless/api-gateway/README.md
View File

@ -22,6 +22,8 @@ Clone this repository or [open it in cloud shell](https://ssh.cloud.google.com/c
curl -v http://<IP_ADDRESS>/hello
Once done testing, you can clean up resources by running `terraform destroy`.
<!-- BEGIN TFDOC -->
## Variables
@ -39,3 +41,21 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| [ip_address](outputs.tf#L17) | The reserved global IP address. | |
<!-- END TFDOC -->
## Test
```hcl
module "test" {
source = "./fabric/blueprints/serverless/api-gateway"
project_create = {
billing_account_id = "123456789"
parent = "organizations/123456789"
}
project_id = "project-1"
regions = [
"europe-west1",
"europe-west2"
]
}
# tftest modules=8 resources=34
```

13
tests/blueprints/apigee/bigquery-analytics/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

24
tests/blueprints/apigee/bigquery-analytics/basic.tfvars
View File

@ -1,24 +0,0 @@
project_create = {
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
}
project_id = "my-project"
envgroups = {
test = ["test.cool-demos.space"]
}
environments = {
apis-test = {
envgroups = ["test"]
}
}
instances = {
instance-ew1 = {
region = "europe-west1"
environments = ["apis-test"]
runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.0.0/28"
}
}
psc_config = {
europe-west1 = "10.0.0.0/28"
}

17
tests/blueprints/apigee/bigquery-analytics/basic.yaml
View File

@ -1,17 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
counts:
modules: 9
resources: 62

18
tests/blueprints/apigee/bigquery-analytics/tftest.yaml
View File

@ -1,18 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: blueprints/apigee/bigquery-analytics
tests:
basic:

13
tests/blueprints/apigee/hybrid-gke/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

6
tests/blueprints/apigee/hybrid-gke/basic.tfvars
View File

@ -1,6 +0,0 @@
project_create = {
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
}
project_id = "my-project"
hostname = "test.myorg.org"

17
tests/blueprints/apigee/hybrid-gke/basic.yaml
View File

@ -1,17 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
counts:
modules: 17
resources: 59

18
tests/blueprints/apigee/hybrid-gke/tftest.yaml
View File

@ -1,18 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: blueprints/apigee/hybrid-gke
tests:
basic:

13
tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

5
tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.tfvars
View File

@ -1,5 +0,0 @@
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
apigee_project_id = "my-apigee-project"
onprem_project_id = "my-onprem-project"
hostname = "test.myorg.org"

17
tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/basic.yaml
View File

@ -1,17 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
counts:
modules: 13
resources: 73

18
tests/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/tftest.yaml
View File

@ -1,18 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg
tests:
basic:

13
tests/blueprints/cloud_operations/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

13
tests/blueprints/cloud_operations/adfs/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

24
tests/blueprints/cloud_operations/adfs/fixture/main.tf
View File

@ -1,24 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/adfs"
prefix = var.prefix
project_create = var.project_create
project_id = var.project_id
ad_dns_domain_name = var.ad_dns_domain_name
adfs_dns_domain_name = var.adfs_dns_domain_name
}

106
tests/blueprints/cloud_operations/adfs/fixture/variables.tf
View File

@ -1,106 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "project_create" {
type = object({
billing_account_id = string
parent = string
})
default = {
billing_account_id = "12345-12345-12345"
parent = "folders/123456789"
}
}
variable "project_id" {
type = string
default = "my-project"
}
variable "prefix" {
type = string
default = "test"
}
variable "network_config" {
type = object({
network = string
subnet = string
})
default = null
}
variable "ad_dns_domain_name" {
type = string
default = "example.com"
}
variable "adfs_dns_domain_name" {
type = string
default = "adfs.example.com"
}
variable "disk_size" {
type = number
default = 50
}
variable "disk_type" {
type = string
default = "pd-ssd"
}
variable "image" {
type = string
default = "projects/windows-cloud/global/images/family/windows-2022"
}
variable "instance_type" {
type = string
default = "n1-standard-2"
}
variable "region" {
type = string
default = "europe-west1"
}
variable "zone" {
type = string
default = "europe-west1-c"
}
variable "ad_ip_cidr_block" {
type = string
default = "10.0.0.0/24"
}
variable "subnet_ip_cidr_block" {
type = string
default = "10.0.1.0/28"
}

19
tests/blueprints/cloud_operations/adfs/test_plan.py
View File

@ -1,19 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 4
assert len(resources) == 15

13
tests/blueprints/cloud_operations/asset_inventory_feed_remediation/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

0
tests/blueprints/cloud_operations/asset_inventory_feed_remediation/fixture/cf/README
View File

21
tests/blueprints/cloud_operations/asset_inventory_feed_remediation/fixture/main.tf
View File

@ -1,21 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/asset-inventory-feed-remediation"
project_create = var.project_create
project_id = var.project_id
}

23
tests/blueprints/cloud_operations/asset_inventory_feed_remediation/fixture/variables.tf
View File

@ -1,23 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "project_create" {
type = bool
default = true
}
variable "project_id" {
type = string
default = "project-1"
}

19
tests/blueprints/cloud_operations/asset_inventory_feed_remediation/test_plan.py
View File

@ -1,19 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 6
assert len(resources) == 19

13
tests/blueprints/cloud_operations/dns_fine_grained_iam/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

22
tests/blueprints/cloud_operations/dns_fine_grained_iam/fixture/main.tf
View File

@ -1,22 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/dns-fine-grained-iam"
name = var.name
project_create = var.project_create
project_id = var.project_id
}

38
tests/blueprints/cloud_operations/dns_fine_grained_iam/fixture/variables.tf
View File

@ -1,38 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "name" {
type = string
default = "dns-sd-test"
}
variable "project_create" {
type = bool
default = true
}
variable "project_id" {
type = string
default = "test"
}
variable "region" {
type = string
default = "europe-west1"
}
variable "zone_domain" {
type = string
default = "svc.example.org."
}

19
tests/blueprints/cloud_operations/dns_fine_grained_iam/test_plan.py
View File

@ -1,19 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 8
assert len(resources) == 25

13
tests/blueprints/cloud_operations/dns_shared_vpc/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

24
tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf
View File

@ -1,24 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/dns-shared-vpc"
billing_account_id = "111111-222222-333333"
folder_id = "folders/1234567890"
prefix = var.prefix
shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
teams = var.teams
}

23
tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf
View File

@ -1,23 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "prefix" {
type = string
default = "test"
}
variable "teams" {
type = list(string)
default = ["team1", "team2"]
}

19
tests/blueprints/cloud_operations/dns_shared_vpc/test_plan.py
View File

@ -1,19 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 8
assert len(resources) == 12

13
tests/blueprints/cloud_operations/iam_delegated_role_grants/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

22
tests/blueprints/cloud_operations/iam_delegated_role_grants/fixture/main.tf
View File

@ -1,22 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/iam-delegated-role-grants"
project_create = true
project_id = var.project_id
project_administrators = ["user:user@example.com"]
}

18
tests/blueprints/cloud_operations/iam_delegated_role_grants/fixture/variables.tf
View File

@ -1,18 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "project_id" {
type = string
default = "project-1"
}

26
tests/blueprints/cloud_operations/iam_delegated_role_grants/test_plan.py
View File

@ -1,26 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner(include_bare_resources=True)
assert len(modules) == 1
assert len(resources) == 4
# TODO(jccb): test audit function (requires extending requirement for
# test suite)
# def test_audit():
# AUDIT_PATH = os.path.join(os.path.dirname(__file__), "../../../cloud-operations/delegated-role-grants/")
# sys.path.append(AUDIT_PATH)
# import audit

13
tests/blueprints/cloud_operations/onprem_sa_key_management/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

21
tests/blueprints/cloud_operations/onprem_sa_key_management/fixture/main.tf
View File

@ -1,21 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/onprem-sa-key-management"
project_create = var.project_create
project_id = var.project_id
}

23
tests/blueprints/cloud_operations/onprem_sa_key_management/fixture/variables.tf
View File

@ -1,23 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "project_create" {
type = bool
default = true
}
variable "project_id" {
type = string
default = "test"
}

19
tests/blueprints/cloud_operations/onprem_sa_key_management/test_plan.py
View File

@ -1,19 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 3
assert len(resources) == 7

13
tests/blueprints/cloud_operations/packer_image_builder/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

22
tests/blueprints/cloud_operations/packer_image_builder/fixture/main.tf
View File

@ -1,22 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/packer-image-builder"
project_id = "test-project"
packer_account_users = ["user:john@testdomain.com"]
create_packer_vars = var.create_packer_vars
}

8
tests/blueprints/cloud_operations/packer_image_builder/fixture/packer/build.pkrvars.tpl
View File

@ -1,8 +0,0 @@
# Packer variables file template.
# Used by Terraform to generate Packer variable file.
project_id = "${PROJECT_ID}"
compute_zone = "${COMPUTE_ZONE}"
builder_sa = "${BUILDER_SA}"
compute_sa = "${COMPUTE_SA}"
compute_subnetwork = "${COMPUTE_SUBNETWORK}"
use_iap = ${USE_IAP}

20
tests/blueprints/cloud_operations/packer_image_builder/fixture/variables.tf
View File

@ -1,20 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "create_packer_vars" {
type = bool
default = false
}

26
tests/blueprints/cloud_operations/packer_image_builder/test_plan.py
View File

@ -1,26 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner(include_bare_resources="true")
assert len(modules) == 6
assert len(resources) == 16
modules, resources = e2e_plan_runner(include_bare_resources="true",
create_packer_vars="true")
assert len(modules) == 6
assert len(resources) == 17

13
tests/blueprints/cloud_operations/quota_monitoring/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

0
tests/blueprints/cloud_operations/quota_monitoring/fixture/cf/README
View File

22
tests/blueprints/cloud_operations/quota_monitoring/fixture/main.tf
View File

@ -1,22 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../../blueprints/cloud-operations/quota-monitoring"
name = var.name
project_create = var.project_create
project_id = var.project_id
}

38
tests/blueprints/cloud_operations/quota_monitoring/fixture/variables.tf
View File

@ -1,38 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "name" {
type = string
default = "dns-sd-test"
}
variable "project_create" {
type = bool
default = true
}
variable "project_id" {
type = string
default = "test"
}
variable "region" {
type = string
default = "europe-west1"
}
variable "zone_domain" {
type = string
default = "svc.example.org."
}

19
tests/blueprints/cloud_operations/quota_monitoring/test_plan.py
View File

@ -1,19 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 3
assert len(resources) == 10

13
tests/blueprints/cloud_operations/scheduled_asset_inventory_export_bq/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

BIN
tests/blueprints/cloud_operations/scheduled_asset_inventory_export_bq/fixture/bundle_cffile.zip
View File

Binary file not shown.

0
tests/blueprints/cloud_operations/scheduled_asset_inventory_export_bq/fixture/cf/README
View File

Some files were not shown because too many files have changed in this diff Show More