zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

E2E tests for net-vpc module

This commit is contained in:
Thangaraju Rajasekaran 2023-11-29 14:36:03 +00:00
parent b5cd2d8088
commit 0af5e31ca3
19 changed files with 212 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
modules/net-vpc/README.md
View File

@ -29,7 +29,7 @@ This module allows creation and management of VPC networks including subnetworks
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -48,7 +48,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=simple.yaml
# tftest modules=1 resources=5 inventory=simple.yaml e2e
```
### Subnet Options
@ -56,7 +56,7 @@ module "vpc" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
# simple subnet
@ -95,7 +95,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=7 inventory=subnet-options.yaml
# tftest modules=1 resources=7 inventory=subnet-options.yaml e2e
```
### Subnet IAM
@ -105,7 +105,7 @@ Subnet IAM variables follow our general interface, with extra keys/members for t
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -114,12 +114,12 @@ module "vpc" {
ip_cidr_range = "10.0.1.0/24"
iam = {
"roles/compute.networkUser" = [
"user:user1@example.com", "group:group1@example.com"
"user:${var.user_email}", "group:${var.group_email}"
]
}
iam_bindings = {
subnet-1-iam = {
members = ["group:group2@example.com"]
members = ["group:${var.group_email}"]
role = "roles/compute.networkUser"
condition = {
expression = "resource.matchTag('123456789012/env', 'prod')"
@ -131,10 +131,10 @@ module "vpc" {
{
name = "subnet-2"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24"
ip_cidr_range = "10.0.2.0/24"
iam_bindings_additive = {
subnet-2-iam = {
member = "user:am1@example.com"
member = "user:${var.user_email}"
role = "roles/compute.networkUser"
subnet = "europe-west1/subnet-2"
}
@ -142,7 +142,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=8 inventory=subnet-iam.yaml
# tftest modules=1 resources=8 inventory=subnet-iam.yaml e2e
```
### Peering
@ -154,7 +154,7 @@ If you only want to create the "local" side of the peering, use `peering_create_
```hcl
module "vpc-hub" {
source = "./fabric/modules/net-vpc"
project_id = "hub"
project_id = var.project_id
name = "vpc-hub"
subnets = [{
ip_cidr_range = "10.0.0.0/24"
@ -165,7 +165,7 @@ module "vpc-hub" {
module "vpc-spoke-1" {
source = "./fabric/modules/net-vpc"
project_id = "spoke1"
project_id = var.project_id
name = "vpc-spoke1"
subnets = [{
ip_cidr_range = "10.0.1.0/24"
@ -187,18 +187,18 @@ module "vpc-spoke-1" {
```hcl
locals {
service_project_1 = {
project_id = "project1"
gke_service_account = "serviceAccount:gke"
cloud_services_service_account = "serviceAccount:cloudsvc"
project_id = var.service_project_1.project_id
gke_service_account = "serviceAccount:${var.service_account.email}"
cloud_services_service_account = "serviceAccount:${var.service_account.email}"
}
service_project_2 = {
project_id = "project2"
project_id = var.service_project_2.project_id
}
}
module "vpc-host" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-host-network"
subnets = [
{
@ -226,7 +226,7 @@ module "vpc-host" {
local.service_project_2.project_id
]
}
# tftest modules=1 resources=9 inventory=shared-vpc.yaml
# tftest modules=1 resources=9 inventory=shared-vpc.yaml e2e
```
### Private Service Networking
@ -234,7 +234,7 @@ module "vpc-host" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -247,7 +247,7 @@ module "vpc" {
ranges = { myrange = "10.0.1.0/24" }
}
}
# tftest modules=1 resources=7 inventory=psa.yaml
# tftest modules=1 resources=7 inventory=psa.yaml e2e
```
### Private Service Networking with peering routes and peered Cloud DNS domains
@ -257,7 +257,7 @@ Custom routes can be optionally exported/imported through the peering formed wit
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets = [
{
@ -273,7 +273,7 @@ module "vpc" {
peered_domains = ["gcp.example.com."]
}
}
# tftest modules=1 resources=8 inventory=psa-routes.yaml
# tftest modules=1 resources=8 inventory=psa-routes.yaml e2e
```
### Subnets for Private Service Connect, Proxy-only subnets
@ -286,7 +286,7 @@ Along with common private subnets module supports creation more service specific
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
subnets_proxy_only = [
@ -312,7 +312,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml
# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml e2e
```
### DNS Policies
@ -320,7 +320,7 @@ module "vpc" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
dns_policy = {
inbound = true
@ -337,7 +337,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=dns-policies.yaml
# tftest modules=1 resources=5 inventory=dns-policies.yaml e2e
```
### Subnet Factory
@ -347,7 +347,7 @@ The `net-vpc` module includes a subnet factory (see [Resource Factories](../../b
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
factories_config = {
subnets_folder = "config/subnets"
@ -430,7 +430,7 @@ locals {
module "vpc" {
source = "./fabric/modules/net-vpc"
for_each = local.route_types
project_id = "my-project"
project_id = var.project_id
name = "my-network-with-route-${replace(each.key, "_", "-")}"
routes = {
next-hop = {
@ -460,7 +460,7 @@ By default the VPC module creates IPv4 routes for the [Private Google Access ran
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-vpc"
create_googleapis_routes = {
restricted = false
@ -469,7 +469,7 @@ module "vpc" {
private-6 = true
}
}
# tftest modules=1 resources=3 inventory=googleapis.yaml
# tftest modules=1 resources=3 inventory=googleapis.yaml e2e
```
### Allow Firewall Policy to be evaluated before Firewall Rules
@ -477,7 +477,7 @@ module "vpc" {
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL"
subnets = [
@ -497,7 +497,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml
# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml e2e
```
### IPv6
@ -507,12 +507,12 @@ A non-overlapping private IPv6 address space can be configured for the VPC via t
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
project_id = var.project_id
name = "my-network"
ipv6_config = {
# internal_range is optional
enable_ula_internal = true
internal_range = "fd20:6b2:27e5:0:0:0:0:0/48"
# internal_range = "fd20:6b2:27e5::/48"
}
subnets = [
{
@ -531,7 +531,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=5 inventory=ipv6.yaml
# tftest modules=1 resources=5 inventory=ipv6.yaml e2e
```
<!-- BEGIN TFDOC -->
## Variables

4
modules/net-vpc/routes.tf
View File

@ -19,9 +19,9 @@
locals {
_googleapis_ranges = {
private = "199.36.153.8/30"
private-6 = "2600:2d00:0002:2000::/64"
private-6 = "2600:2d00:2:2000::/64"
restricted = "199.36.153.4/30"
restricted-6 = "2600:2d00:0002:1000::/64"
restricted-6 = "2600:2d00:2:1000::/64"
}
_googleapis_routes = {
for k, v in local._googleapis_ranges : "${k}-googleapis" => {

16
tests/examples/variables.tf
View File

@ -22,6 +22,10 @@ variable "billing_account_id" {
default = "123456-123456-123456"
}
variable "user_email" {
default = "user1@example.org"
}
variable "group_email" {
default = "organization-admins@example.org"
}
@ -94,3 +98,15 @@ variable "vpc2" {
variable "zone" {
default = "zone"
}
variable "service_project_1" {
default = {
project_id = "service-project-1-project-id"
}
}
variable "service_project_2" {
default = {
project_id = "service-project-2-project-id"
}
}

7
tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl
View File

@ -17,10 +17,17 @@ billing_account_id = "${billing_account_id}"
kms_key = {
id = "${kms_key_id}"
}
user_email = "${user_email}"
group_email = "${group_email}"
organization_id = "organizations/${organization_id}"
folder_id = "folders/${folder_id}"
project_id = "${project_id}"
service_project_1 = {
project_id = "${service_project_1.project_id}"
}
service_project_2 = {
project_id = "${service_project_2.project_id}"
}
region = "${region}"
service_account = {
id = "${service_account.id}"

44
tests/examples_e2e/setup_module/main.tf
View File

@ -35,6 +35,15 @@ locals {
"storage-component.googleapis.com",
"storage.googleapis.com",
"vpcaccess.googleapis.com",
"servicenetworking.googleapis.com",
"dns.googleapis.com",
]
services-svc = [
# trimmed down list of services, to be extended as needed
"cloudresourcemanager.googleapis.com",
"compute.googleapis.com",
"iam.googleapis.com",
"serviceusage.googleapis.com",
]
}
@ -57,6 +66,34 @@ resource "google_project_service" "project_service" {
disable_dependent_services = true
}
resource "google_project" "service_project_1" {
name = "${local.prefix}-prj-1"
billing_account = var.billing_account
folder_id = google_folder.folder.id
project_id = "${local.prefix}-prj-1"
}
resource "google_project_service" "service_project_1_service" {
for_each = toset(local.services-svc)
service = each.value
project = google_project.service_project_1.project_id
disable_dependent_services = true
}
resource "google_project" "service_project_2" {
name = "${local.prefix}-prj-2"
billing_account = var.billing_account
folder_id = google_folder.folder.id
project_id = "${local.prefix}-prj-2"
}
resource "google_project_service" "service_project_2_service" {
for_each = toset(local.services-svc)
service = each.value
project = google_project.service_project_2.project_id
disable_dependent_services = true
}
resource "google_storage_bucket" "bucket" {
location = var.region
name = "${local.prefix}-bucket"
@ -115,9 +152,16 @@ resource "local_file" "terraform_tfvars" {
billing_account_id = var.billing_account
folder_id = google_folder.folder.folder_id
group_email = var.group_email
user_email = var.user_email
kms_key_id = google_kms_crypto_key.key.id
organization_id = var.organization_id
project_id = google_project.project.project_id
service_project_1 = {
project_id = google_project.service_project_1.project_id
}
service_project_2 = {
project_id = google_project.service_project_2.project_id
}
region = var.region
service_account = {
id = google_service_account.service_account.id

3
tests/examples_e2e/setup_module/variables.tf
View File

@ -18,6 +18,9 @@ variable "billing_account" {
variable "group_email" {
type = string
}
variable "user_email" {
type = string
}
variable "organization_id" {
type = string
}

6
tests/modules/net_vpc/examples/dns-policies.yaml
View File

@ -15,7 +15,7 @@
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
module.vpc.google_dns_policy.default[0]:
alternative_name_server_config:
@ -30,9 +30,9 @@ values:
name: my-network
networks:
- {}
project: my-project
project: project-id
counts:
google_compute_network: 1
google_compute_subnetwork: 1
google_dns_policy: 1
google_dns_policy: 1

22
tests/modules/net_vpc/examples/factory.yaml
View File

@ -20,7 +20,7 @@ values:
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
project: my-project
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -32,7 +32,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -44,7 +44,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]:
@ -53,7 +53,7 @@ values:
ipv6_access_type: null
log_config: []
name: subnet-proxy
project: my-project
project: project-id
purpose: REGIONAL_MANAGED_PROXY
region: europe-west4
role: ACTIVE
@ -64,7 +64,7 @@ values:
ipv6_access_type: null
log_config: []
name: subnet-proxy-global
project: my-project
project: project-id
purpose: GLOBAL_MANAGED_PROXY
region: australia-southeast2
role: ACTIVE
@ -75,7 +75,7 @@ values:
ipv6_access_type: null
log_config: []
name: subnet-psc
project: my-project
project: project-id
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west4
role: null
@ -92,7 +92,7 @@ values:
metadata_fields: null
name: subnet-detailed
private_ip_google_access: false
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -106,7 +106,7 @@ values:
log_config: []
name: simple
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west4
role: null
secondary_ip_range: []
@ -118,7 +118,7 @@ values:
log_config: []
name: simple
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west8
role: null
secondary_ip_range: []
@ -129,7 +129,7 @@ values:
- group:lorem@example.com
- serviceAccount:fbz@prj.iam.gserviceaccount.com
- user:foobar@example.com
project: my-project
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-detailed
@ -142,4 +142,4 @@ counts:
modules: 1
resources: 10
outputs: {}
outputs: {}

8
tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml
View File

@ -18,7 +18,7 @@ values:
delete_default_routes_on_create: false
description: Terraform-managed.
name: my-network
project: my-project
project: project-id
routing_mode: GLOBAL
network_firewall_policy_enforcement_order: BEFORE_CLASSIC_FIREWALL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
@ -27,7 +27,7 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -41,11 +41,11 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west2
role: null
secondary_ip_range: []
counts:
google_compute_network: 1
google_compute_subnetwork: 2
google_compute_subnetwork: 2

13
tests/modules/net_vpc/examples/googleapis.yaml
View File

@ -13,27 +13,30 @@
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-vpc
project: project-id
module.vpc.google_compute_route.gateway["private-6-googleapis"]:
dest_range: 2600:2d00:0002:2000::/64
dest_range: 2600:2d00:2:2000::/64
name: my-vpc-private-6-googleapis
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc.google_compute_route.gateway["restricted-6-googleapis"]:
dest_range: 2600:2d00:0002:1000::/64
dest_range: 2600:2d00:2:1000::/64
name: my-vpc-restricted-6-googleapis
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
counts:
google_compute_network: 1
google_compute_route: 2
google_compute_route: 2

14
tests/modules/net_vpc/examples/ipv6.yaml
View File

@ -18,10 +18,10 @@ values:
delete_default_routes_on_create: false
description: Terraform-managed.
enable_ula_internal_ipv6: true
internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
# internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
project: my-project
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -33,7 +33,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -45,7 +45,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/test"]:
@ -55,7 +55,7 @@ values:
log_config: []
name: test
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
@ -68,7 +68,7 @@ values:
log_config: []
name: test
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west3
role: null
secondary_ip_range: []
@ -82,4 +82,4 @@ counts:
modules: 1
resources: 5
outputs: {}
outputs: {}

10
tests/modules/net_vpc/examples/proxy-only-subnets.yaml
View File

@ -15,13 +15,13 @@
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB.
ip_cidr_range: 10.0.1.0/24
log_config: []
name: regional-proxy
project: my-project
project: project-id
purpose: REGIONAL_MANAGED_PROXY
region: europe-west1
role: ACTIVE
@ -30,7 +30,7 @@ values:
ip_cidr_range: 10.0.4.0/24
log_config: []
name: global-proxy
project: my-project
project: project-id
purpose: GLOBAL_MANAGED_PROXY
region: australia-southeast2
role: ACTIVE
@ -39,11 +39,11 @@ values:
ip_cidr_range: 10.0.3.0/24
log_config: []
name: psc
project: my-project
project: project-id
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west1
role: null
counts:
google_compute_network: 1
google_compute_subnetwork: 3
google_compute_subnetwork: 3

12
tests/modules/net_vpc/examples/psa-routes.yaml
View File

@ -18,21 +18,21 @@ values:
address_type: INTERNAL
name: myrange
prefix_length: 24
project: my-project
project: project-id
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: true
import_custom_routes: true
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
secondary_ip_range: []
module.vpc.google_service_networking_connection.psa_connection[0]:
@ -42,7 +42,7 @@ values:
module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]:
dns_suffix: gcp.example.com.
name: gcp-example-com
project: my-project
project: project-id
service: servicenetworking.googleapis.com
counts:
@ -51,4 +51,4 @@ counts:
google_compute_network_peering_routes_config: 1
google_compute_subnetwork: 1
google_service_networking_connection: 1
google_service_networking_peered_dns_domain: 1
google_service_networking_peered_dns_domain: 1

10
tests/modules/net_vpc/examples/psa.yaml
View File

@ -18,19 +18,19 @@ values:
address_type: INTERNAL
name: myrange
prefix_length: 24
project: my-project
project: project-id
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
export_custom_routes: false
import_custom_routes: false
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
project: my-project
project: project-id
module.vpc.google_service_networking_connection.psa_connection[0]:
reserved_peering_ranges:
- myrange
@ -43,4 +43,4 @@ counts:
google_compute_subnetwork: 1
google_service_networking_connection: 1
outputs: {}
outputs: {}

32
tests/modules/net_vpc/examples/routes.yaml
View File

@ -15,7 +15,7 @@
values:
module.vpc["gateway"].google_compute_network.network[0]:
name: my-network-with-route-gateway
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -26,7 +26,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
@ -38,11 +38,11 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["ilb"].google_compute_network.network[0]:
name: my-network-with-route-ilb
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -53,7 +53,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
@ -65,11 +65,11 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["instance"].google_compute_network.network[0]:
name: my-network-with-route-instance
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["instance"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -80,7 +80,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["instance"].google_compute_route.instance["next-hop"]:
@ -93,11 +93,11 @@ values:
next_hop_instance_zone: europe-west1-b
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["ip"].google_compute_network.network[0]:
name: my-network-with-route-ip
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["ip"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -108,7 +108,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["ip"].google_compute_route.ip["next-hop"]:
@ -121,11 +121,11 @@ values:
next_hop_ip: 192.168.0.128
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
module.vpc["vpn_tunnel"].google_compute_network.network[0]:
name: my-network-with-route-vpn-tunnel
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
description: Terraform-managed.
@ -136,7 +136,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
project: project-id
tags:
- tag-a
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
@ -148,9 +148,9 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
priority: 1000
project: my-project
project: project-id
tags: null
counts:
google_compute_network: 5
google_compute_route: 10
google_compute_route: 10

28
tests/modules/net_vpc/examples/shared-vpc.yaml
View File

@ -15,15 +15,15 @@
values:
module.vpc-host.google_compute_network.network[0]:
name: my-host-network
project: my-project
project: project-id
module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
project: my-project
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
host_project: my-project
service_project: project1
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
host_project: my-project
service_project: project2
project: project-id
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-1-project-id"]:
host_project: project-id
service_project: service-project-1-project-id
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-2-project-id"]:
host_project: project-id
service_project: service-project-2-project-id
module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
secondary_ip_range:
- ip_cidr_range: 172.16.0.0/20
@ -33,17 +33,17 @@ values:
module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- serviceAccount:cloudsvc
- serviceAccount:gke
project: my-project
- serviceAccount:service_account_email
# - serviceAccount:gke
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.securityAdmin"]:
condition: []
members:
- serviceAccount:gke
project: my-project
- serviceAccount:service_account_email
project: project-id
region: europe-west1
role: roles/compute.securityAdmin
subnetwork: subnet-1
@ -53,4 +53,4 @@ counts:
google_compute_shared_vpc_host_project: 1
google_compute_shared_vpc_service_project: 2
google_compute_subnetwork: 1
google_compute_subnetwork_iam_binding: 2
google_compute_subnetwork_iam_binding: 2

12
tests/modules/net_vpc/examples/simple.yaml
View File

@ -18,7 +18,7 @@ values:
delete_default_routes_on_create: false
description: Terraform-managed.
name: my-network
project: my-project
project: project-id
routing_mode: GLOBAL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
description: Terraform-managed.
@ -26,7 +26,7 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -40,7 +40,7 @@ values:
log_config: []
name: production
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west2
role: null
secondary_ip_range: []
@ -52,7 +52,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -64,11 +64,11 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
counts:
google_compute_network: 1
google_compute_subnetwork: 2
google_compute_route: 2
google_compute_route: 2

28
tests/modules/net_vpc/examples/subnet-iam.yaml
View File

@ -20,7 +20,7 @@ values:
enable_ula_internal_ipv6: null
name: my-network
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
project: my-project
project: project-id
routing_mode: GLOBAL
timeouts: null
module.vpc.google_compute_route.gateway["private-googleapis"]:
@ -32,7 +32,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_route.gateway["restricted-googleapis"]:
@ -44,7 +44,7 @@ values:
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
project: project-id
tags: null
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
@ -54,19 +54,19 @@ values:
log_config: []
name: subnet-1
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
timeouts: null
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
description: Terraform-managed.
ip_cidr_range: 10.0.1.0/24
ip_cidr_range: 10.0.2.0/24
ipv6_access_type: null
log_config: []
name: subnet-2
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
@ -74,9 +74,9 @@ values:
module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- group:group1@example.com
- user:user1@example.com
project: my-project
- group:organization-admins@example.org
- user:user1@example.org
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
@ -86,15 +86,15 @@ values:
expression: resource.matchTag('123456789012/env', 'prod')
title: test_condition
members:
- group:group2@example.com
project: my-project
- group:organization-admins@example.org
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]:
condition: []
member: user:am1@example.com
project: my-project
member: user:user1@example.org
project: project-id
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-2
@ -108,4 +108,4 @@ counts:
modules: 1
resources: 8
outputs: {}
outputs: {}

12
tests/modules/net_vpc/examples/subnet-options.yaml
View File

@ -15,14 +15,14 @@
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
project: project-id
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
description: Subnet b
ip_cidr_range: 10.0.1.0/24
log_config: []
name: no-pga
private_ip_google_access: false
project: my-project
project: project-id
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
@ -31,7 +31,7 @@ values:
log_config: []
name: simple
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
@ -46,7 +46,7 @@ values:
metadata_fields: null
name: with-flow-logs
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range: []
@ -56,7 +56,7 @@ values:
log_config: []
name: with-secondary-ranges
private_ip_google_access: true
project: my-project
project: project-id
region: europe-west1
role: null
secondary_ip_range:
@ -67,4 +67,4 @@ values:
counts:
google_compute_network: 1
google_compute_subnetwork: 4
google_compute_subnetwork: 4