Add basic tests for nwt-vpc-firewall-yaml module

2021-03-14 19:49:07 +01:00 · 2021-03-14 19:49:07 +01:00 · 07cf386427
parent 5a796f3637
commit 07cf386427
5 changed files with 129 additions and 0 deletions
--- a/tests/modules/net_vpc_firewall_yaml/init.py
+++ b/tests/modules/net_vpc_firewall_yaml/init.py
@ -0,0 +1,13 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
--- a/tests/modules/net_vpc_firewall_yaml/fixture/main.tf
+++ b/tests/modules/net_vpc_firewall_yaml/fixture/main.tf
@ -0,0 +1,23 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "firewall" {
+  source      = "../../../../modules/net-vpc-firewall-yaml"
+  project_id  = "my-project"
+  network     = "my-network"
+  config_path = "./rules"
+  log_config  = var.log_config
+}
--- a/tests/modules/net_vpc_firewall_yaml/fixture/rules/common..yaml
+++ b/tests/modules/net_vpc_firewall_yaml/fixture/rules/common..yaml
@ -0,0 +1,20 @@
+# allow ingress from GCLB to all instances in the network
+lb-health-checks:
+  allow:
+  - ports: []
+    protocol: tcp
+  direction: INGRESS
+  priority: 1001
+  source_ranges:
+  - 35.191.0.0/16
+  - 130.211.0.0/22
+
+# deny all egress
+deny-all:
+  deny:
+  - ports: []
+    protocol: all
+  direction: EGRESS
+  priority: 65535
+  destination_ranges:
+  - 0.0.0.0/0
--- a/tests/modules/net_vpc_firewall_yaml/fixture/variables.tf
+++ b/tests/modules/net_vpc_firewall_yaml/fixture/variables.tf
@ -0,0 +1,23 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "log_config" {
+  description = "Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging."
+  type = object({
+    metadata = string
+  })
+  default = null
+}
--- a/tests/modules/net_vpc_firewall_yaml/test_plan.py
+++ b/tests/modules/net_vpc_firewall_yaml/test_plan.py
@ -0,0 +1,50 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_firewall_simple(plan_runner):
+    "Test firewall rules from rules/common.yaml with no extra options."
+    _, resources = plan_runner(FIXTURES_DIR)
+    assert len(resources) == 4
+    assert set(r['type'] for r in resources) == set([
+        'google_compute_firewall', 'time_static'
+    ])
+    firewall_values = [r['values'] for r in resources if r['type']
+            == 'google_compute_firewall']
+    assert set([f['project'] for f in firewall_values]) == set(['my-project'])
+    assert set([f['network'] for f in firewall_values]) == set(['my-network'])
+
+
+def test_firewall_log_config(plan_runner):
+    "Test firewall rules log configuration."
+    log_config = """ {
+      metadata = "INCLUDE_ALL_METADATA"
+    }
+    """
+    log_config_value = [{"metadata": "INCLUDE_ALL_METADATA"}]
+    _, resources = plan_runner(FIXTURES_DIR, log_config=log_config)
+    assert len(resources) == 4
+    assert set(r['type'] for r in resources) == set([
+        'google_compute_firewall', 'time_static'
+    ])
+    firewall_values = [r['values'] for r in resources if r['type']
+            == 'google_compute_firewall']
+    assert all(f['log_config'] == log_config_value for f in firewall_values)