Merge pull request #1322 from GoogleCloudPlatform/jccb/fw-tests

Add inventories to net-vpc-firewall tests

modules/net-vpc-firewall/README.md

@@ -22,7 +22,7 @@ module "firewall" {
     admin_ranges = ["10.0.0.0/8"]
   }
 }
-# tftest modules=1 resources=4
+# tftest modules=1 resources=4 inventory=basic.yaml
 ```
 
 ### Custom rules
@@ -77,7 +77,7 @@ module "firewall" {
     }
   }
 }
-# tftest modules=1 resources=9
+# tftest modules=1 resources=9 inventory=custom-rules.yaml
 ```
 
 ### Controlling or turning off default rules
@@ -103,7 +103,7 @@ module "firewall" {
     ssh_tags   = ["ssh-default"]
   }
 }
-# tftest modules=1 resources=3
+# tftest modules=1 resources=3 inventory=custom-ssh-default-rule.yaml
 ```
 
 #### Disabling predefined rules
@@ -119,7 +119,7 @@ module "firewall" {
     ssh_ranges = []
   }
 }
-# tftest modules=1 resources=2
+# tftest modules=1 resources=2 inventory=no-ssh-default-rules.yaml
 ```
 
 Or the entire set of rules can be disabled via the `disabled` attribute:
@@ -133,7 +133,7 @@ module "firewall" {
     disabled = true
   }
 }
-# tftest modules=0 resources=0
+# tftest modules=0 resources=0 inventory=no-default-rules.yaml
 ```
 
 ### Including source & destination ranges
@@ -163,7 +163,7 @@ module "firewall" {
     }
   }
 }
-# tftest modules=1 resources=2
+# tftest modules=1 resources=2 inventory=local-ranges.yaml
 ```
 
 ### Rules Factory
@@ -181,7 +181,7 @@ module "firewall" {
   }
   default_rules_config = { disabled = true }
 }
-# tftest modules=1 resources=3 files=lbs,cidrs
+# tftest modules=1 resources=3 files=lbs,cidrs inventory=factory.yaml
 ```
 
 ```yaml

tests/modules/net_vpc_firewall/auto-rules.tfvars

@@ -1,4 +0,0 @@
-default_rules_config = {
-  admin_ranges = ["10.0.0.0/8"]
-  https_ranges = []
-}

tests/modules/net_vpc_firewall/auto-rules.yaml

@@ -1,44 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  google_compute_firewall.allow-admins[0]:
-    source_ranges:
-      - 10.0.0.0/8
-  google_compute_firewall.allow-tag-http[0]:
-    allow:
-      - ports:
-          - "80"
-        protocol: tcp
-    source_ranges:
-      - 130.211.0.0/22
-      - 209.85.152.0/22
-      - 209.85.204.0/22
-      - 35.191.0.0/16
-  google_compute_firewall.allow-tag-ssh[0]:
-    allow:
-      - ports:
-          - "22"
-        protocol: tcp
-    source_ranges:
-      - 35.235.240.0/20
-
-counts:
-  google_compute_firewall: 3
-  modules: 0
-  resources: 3
-
-outputs:
-  default_rules: __missing__
-  rules: {}

tests/modules/net_vpc_firewall/common.tfvars

@@ -1,2 +0,0 @@
-project_id = "test-project"
-network    = "test-network"

tests/modules/net_vpc_firewall/custom-rules.tfvars

@@ -1,33 +0,0 @@
-default_rules_config = {
-  disabled = true
-}
-egress_rules = {
-  allow-egress-rfc1918 = {
-    deny        = false
-    description = "Allow egress to RFC 1918 ranges."
-    destination_ranges = [
-      "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"
-    ]
-  }
-  allow-egress-tag = {
-    deny        = false
-    description = "Allow egress from a specific tag to 0/0."
-    targets     = ["target-tag"]
-  }
-  deny-egress-all = {
-    description = "Block egress."
-  }
-}
-ingress_rules = {
-  allow-ingress-ntp = {
-    description = "Allow NTP service based on tag."
-    targets     = ["ntp-svc"]
-    rules       = [{ protocol = "udp", ports = [123] }]
-  }
-  allow-ingress-tag = {
-    description   = "Allow ingress from a specific tag."
-    source_ranges = []
-    sources       = ["client-tag"]
-    targets       = ["target-tag"]
-  }
-}

tests/modules/net_vpc_firewall/custom-rules.yaml

@@ -1,83 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
-  google_compute_firewall.custom-rules["allow-egress-rfc1918"]:
-    allow:
-      - ports: []
-        protocol: all
-    deny: []
-    description: Allow egress to RFC 1918 ranges.
-    destination_ranges:
-      - 10.0.0.0/8
-      - 172.16.0.0/12
-      - 192.168.0.0/16
-    direction: EGRESS
-  google_compute_firewall.custom-rules["allow-egress-tag"]:
-    allow:
-      - ports: []
-        protocol: all
-    deny: []
-    description: Allow egress from a specific tag to 0/0.
-    destination_ranges:
-      - 0.0.0.0/0
-    direction: EGRESS
-    target_tags:
-      - target-tag
-  google_compute_firewall.custom-rules["allow-ingress-ntp"]:
-    allow:
-      - ports:
-          - "123"
-        protocol: udp
-    deny: []
-    description: Allow NTP service based on tag.
-    direction: INGRESS
-    source_ranges:
-      - 0.0.0.0/0
-    source_service_accounts: null
-    source_tags: null
-    target_tags:
-      - ntp-svc
-  google_compute_firewall.custom-rules["allow-ingress-tag"]:
-    allow:
-      - ports: []
-        protocol: all
-    deny: []
-    description: Allow ingress from a specific tag.
-    direction: INGRESS
-    source_ranges: null
-    source_tags:
-      - client-tag
-    target_tags:
-      - target-tag
-  google_compute_firewall.custom-rules["deny-egress-all"]:
-    allow: []
-    deny:
-      - ports: []
-        protocol: all
-    description: Block egress.
-    direction: EGRESS
-
-counts:
-  google_compute_firewall: 5
-  modules: 0
-  resources: 5
-
-outputs:
-  default_rules:
-    admin: []
-    http: []
-    https: []
-    ssh: []
-  rules: __missing__

tests/modules/net_vpc_firewall/data/firewall/load_balancers.yaml

@@ -1,25 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ingress:
-  allow-healthchecks:
-    description: Allow ingress from healthchecks.
-    source_ranges:
-      - healthchecks
-    targets: ["lb-backends"]
-    rules:
-      - protocol: tcp
-        ports:
-          - 80
-          - 443

tests/modules/net_vpc_firewall/examples/basic.yaml

@@ -0,0 +1,98 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.firewall.google_compute_firewall.allow-admins[0]:
+    allow:
+    - ports: []
+      protocol: all
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-admins
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 10.0.0.0/8
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags: null
+  module.firewall.google_compute_firewall.allow-tag-http[0]:
+    allow:
+    - ports:
+      - '80'
+      protocol: tcp
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-tag-http
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 130.211.0.0/22
+    - 209.85.152.0/22
+    - 209.85.204.0/22
+    - 35.191.0.0/16
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - http-server
+  module.firewall.google_compute_firewall.allow-tag-https[0]:
+    allow:
+    - ports:
+      - '443'
+      protocol: tcp
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-tag-https
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 130.211.0.0/22
+    - 209.85.152.0/22
+    - 209.85.204.0/22
+    - 35.191.0.0/16
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - https-server
+  module.firewall.google_compute_firewall.allow-tag-ssh[0]:
+    allow:
+    - ports:
+      - '22'
+      protocol: tcp
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-tag-ssh
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 35.235.240.0/20
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - ssh
+
+counts:
+  google_compute_firewall: 4

tests/modules/net_vpc_firewall/examples/custom-rules.yaml

@@ -0,0 +1,127 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  # the following 4 rules are already tested by simple.yaml
+  module.firewall.google_compute_firewall.allow-admins[0]: {}
+  module.firewall.google_compute_firewall.allow-tag-http[0]: {}
+  module.firewall.google_compute_firewall.allow-tag-https[0]: {}
+  module.firewall.google_compute_firewall.allow-tag-ssh[0]: {}
+  module.firewall.google_compute_firewall.custom-rules["allow-egress-rfc1918"]:
+    allow:
+    - ports: []
+      protocol: all
+    deny: []
+    description: Allow egress to RFC 1918 ranges.
+    destination_ranges:
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    - 192.168.0.0/16
+    direction: EGRESS
+    disabled: false
+    log_config: []
+    name: allow-egress-rfc1918
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges: null
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags: null
+  module.firewall.google_compute_firewall.custom-rules["allow-egress-tag"]:
+    allow:
+    - ports: []
+      protocol: all
+    deny: []
+    description: Allow egress from a specific tag to 0/0.
+    destination_ranges:
+    - 0.0.0.0/0
+    direction: EGRESS
+    disabled: false
+    log_config: []
+    name: allow-egress-tag
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges: null
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - target-tag
+  module.firewall.google_compute_firewall.custom-rules["allow-ingress-ntp"]:
+    allow:
+    - ports:
+      - '123'
+      protocol: udp
+    deny: []
+    description: Allow NTP service based on tag.
+    direction: INGRESS
+    disabled: false
+    log_config: []
+    name: allow-ingress-ntp
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 0.0.0.0/0
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - ntp-svc
+  module.firewall.google_compute_firewall.custom-rules["allow-ingress-tag"]:
+    allow:
+    - ports: []
+      protocol: all
+    deny: []
+    description: Allow ingress from a specific tag.
+    direction: INGRESS
+    disabled: false
+    log_config: []
+    name: allow-ingress-tag
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges: null
+    source_service_accounts: null
+    source_tags:
+    - client-tag
+    target_service_accounts: null
+    target_tags:
+    - target-tag
+  module.firewall.google_compute_firewall.custom-rules["deny-egress-all"]:
+    allow: []
+    deny:
+    - ports: []
+      protocol: all
+    description: Block egress.
+    destination_ranges:
+    - 0.0.0.0/0
+    direction: EGRESS
+    disabled: false
+    log_config: []
+    name: deny-egress-all
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges: null
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags: null
+
+counts:
+  google_compute_firewall: 9

tests/modules/net_vpc_firewall/examples/custom-ssh-default-rule.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,42 +13,28 @@
 # limitations under the License.
 
 values:
-  google_compute_firewall.custom-rules["allow-healthchecks"]:
+  module.firewall.google_compute_firewall.allow-tag-http[0]: {}
+  module.firewall.google_compute_firewall.allow-tag-https[0]: {}
+  module.firewall.google_compute_firewall.allow-tag-ssh[0]:
     allow:
-      - ports:
-          - "80"
-          - "443"
-        protocol: tcp
+    - ports:
+      - '22'
+      protocol: tcp
     deny: []
-    description: Allow ingress from healthchecks.
-    direction: INGRESS
-    disabled: false
+    description: Allow SSH to machines with matching tags.
+    disabled: null
     log_config: []
-    name: allow-healthchecks
-    network: test-network
+    name: my-network-ingress-tag-ssh
+    network: my-network
     priority: 1000
-    project: test-project
+    project: my-project
     source_ranges:
-      - 130.211.0.0/22
-      - 209.85.152.0/22
-      - 209.85.204.0/22
-      - 35.191.0.0/16
+    - 10.0.0.0/8
     source_service_accounts: null
     source_tags: null
     target_service_accounts: null
     target_tags:
-      - lb-backends
-    timeouts: null
+    - ssh-default
 
 counts:
-  google_compute_firewall: 1
-  modules: 0
-  resources: 1
-
-outputs:
-  default_rules:
-    admin: []
-    http: []
-    https: []
-    ssh: []
-  rules: __missing__
+  google_compute_firewall: 3

tests/modules/net_vpc_firewall/examples/factory.yaml

@@ -0,0 +1,87 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.firewall.google_compute_firewall.custom-rules["allow-healthchecks"]:
+    allow:
+    - ports:
+      - '80'
+      - '443'
+      protocol: tcp
+    deny: []
+    description: Allow ingress from healthchecks.
+    direction: INGRESS
+    disabled: false
+    log_config: []
+    name: allow-healthchecks
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 130.211.0.0/22
+    - 209.85.152.0/22
+    - 209.85.204.0/22
+    - 35.191.0.0/16
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - lb-backends
+  module.firewall.google_compute_firewall.custom-rules["allow-service-1-to-service-2"]:
+    allow:
+    - ports:
+      - '80'
+      - '443'
+      protocol: tcp
+    deny: []
+    description: Allow ingress from service-1 SA
+    direction: INGRESS
+    disabled: false
+    log_config: []
+    name: allow-service-1-to-service-2
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 0.0.0.0/0
+    source_service_accounts:
+    - service-1@my-project.iam.gserviceaccount.com
+    source_tags: null
+    target_service_accounts:
+    - service-2
+    target_tags: null
+  module.firewall.google_compute_firewall.custom-rules["block-telnet"]:
+    allow: []
+    deny:
+    - ports:
+      - '23'
+      protocol: tcp
+    description: block outbound telnet
+    destination_ranges:
+    - 0.0.0.0/0
+    direction: EGRESS
+    disabled: false
+    log_config: []
+    name: block-telnet
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges: null
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags: null
+
+counts:
+  google_compute_firewall: 3

tests/modules/net_vpc_firewall/examples/local-ranges.yaml

@@ -0,0 +1,62 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.firewall.google_compute_firewall.custom-rules["allow-ingress-source-destination-ranges"]:
+    allow:
+    - ports: []
+      protocol: all
+    deny: []
+    description: Allow ingress using source and destination ranges
+    destination_ranges:
+    - 10.132.0.0/20
+    - 10.138.0.0/20
+    direction: INGRESS
+    disabled: false
+    log_config: []
+    name: allow-ingress-source-destination-ranges
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 172.16.0.0/12
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags: null
+  module.firewall.google_compute_firewall.custom-rules["deny-egress-source-destination-ranges"]:
+    allow: []
+    deny:
+    - ports: []
+      protocol: all
+    description: Deny egress using source and destination ranges
+    destination_ranges:
+    - 172.16.0.0/12
+    direction: EGRESS
+    disabled: false
+    log_config: []
+    name: deny-egress-source-destination-ranges
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 10.132.0.0/20
+    - 10.138.0.0/20
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags: null
+
+counts:
+  google_compute_firewall: 2

tests/modules/net_vpc_firewall/examples/no-default-rules.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,3 +11,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+values: {}
+
+counts:
+  modules: 0
+  resources: 0

tests/modules/net_vpc_firewall/examples/no-ssh-default-rules.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,8 +12,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-healthchecks:
-  - 35.191.0.0/16
-  - 130.211.0.0/22
-  - 209.85.152.0/22
-  - 209.85.204.0/22
+values:
+  module.firewall.google_compute_firewall.allow-tag-http[0]: {}
+  module.firewall.google_compute_firewall.allow-tag-https[0]: {}
+
+counts:
+  google_compute_firewall: 2

tests/modules/net_vpc_firewall/factory.tfvars

@@ -1,7 +0,0 @@
-default_rules_config = {
-  disabled = true
-}
-factories_config = {
-  cidr_tpl_file = "../../tests/modules/net_vpc_firewall/data/cidr_template.yaml"
-  rules_folder  = "../../tests/modules/net_vpc_firewall/data/firewall"
-}

tests/modules/net_vpc_firewall/test_plan.py_

@@ -1,58 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import pytest
-
-
-def test_defaults(plan_runner):
-  "Test variable defaults."
-  _, resources = plan_runner()
-  assert len(resources) == 3
-  assert set([r['type'] for r in resources]) == set(['google_compute_firewall'])
-  assert set([r['values']['name'] for r in resources]) == set([
-      'test-vpc-ingress-tag-http', 'test-vpc-ingress-tag-https',
-      'test-vpc-ingress-tag-ssh'
-  ])
-  assert set([r['values']['project'] for r in resources
-             ]) == set(['test-project'])
-  assert set([r['values']['network'] for r in resources]) == set(['test-vpc'])
-
-
-def test_rules(plan_runner):
-  "Test custom rules."
-  _, resources = plan_runner(tf_var_file='test.rules.tfvars')
-  assert len(resources) == 3
-  rules = {r['index']: r['values'] for r in resources}
-  rule = rules['allow-ingress-ntp']
-  assert rule['source_ranges'] == ['0.0.0.0/0']
-  assert rule['allow'] == [{'ports': ['123'], 'protocol': 'udp'}]
-  rule = rules['deny-egress-all']
-  assert rule['destination_ranges'] == ['0.0.0.0/0']
-  assert rule['deny'] == [{'ports': [], 'protocol': 'all'}]
-
-
-def test_factory(plan_runner):
-  "Test factory."
-  factories_config = '''{
-    cidr_tpl_file = "config/cidr_template.yaml"
-    rules_folder  = "config/firewall"
-  }'''
-  _, resources = plan_runner(factories_config=factories_config)
-  assert len(resources) == 4
-  factory_rule = [
-      r for r in resources if r["values"]["name"] == "allow-healthchecks"
-  ][0]["values"]
-  assert set(factory_rule["source_ranges"]) == set(
-      ["130.211.0.0/22", "209.85.152.0/22", "209.85.204.0/22", "35.191.0.0/16"])
-  assert set(factory_rule["target_tags"]) == set(["lb-backends"])

tests/modules/net_vpc_firewall/tftest.yaml

@@ -1,21 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-module: modules/net-vpc-firewall
-common_tfvars:
-  - common.tfvars
-tests:
-  auto-rules:
-  custom-rules:
-  factory: