update examples and tests for project and folder modules variable changes

cloud-operations/asset-inventory-feed-remediation/main.tf

@@ -41,7 +41,7 @@ module "project" {
       "compute.zoneOperations.list"
     ]
   }
-  iam_members = {
+  iam = {
     (local.role_id) = [module.service-account.iam_email]
   }
 }

cloud-operations/quota-monitoring/main.tf

@@ -34,7 +34,7 @@ module "project" {
     disable_on_destroy         = false,
     disable_dependent_services = false
   }
-  iam_members = {
+  iam = {
     "roles/monitoring.metricWriter" = [module.cf.service_account_iam_email]
   }
 }

foundations/business-units/main.tf

@@ -21,9 +21,9 @@
 # Shared folder
 
 module "shared-folder" {
-  source = "../../modules/folders"
+  source = "../../modules/folder"
   parent = var.root_node
-  names  = ["shared"]
+  name   = "shared"
 }
 
 # Terraform project
@@ -34,7 +34,7 @@ module "tf-project" {
   parent          = module.shared-folder.id
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive_bindings = {
+  iam_additive = {
     for name in var.iam_terraform_owners : (name) => ["roles/owner"]
   }
   services = var.project_services
@@ -45,7 +45,7 @@ module "tf-project" {
 module "tf-gcs-bootstrap" {
   source     = "../../modules/gcs"
   project_id = module.tf-project.project_id
-  names      = ["tf-bootstrap"]
+  name       = "tf-bootstrap"
   prefix     = "${var.prefix}-tf"
   location   = var.gcs_defaults.location
 }
@@ -96,14 +96,10 @@ module "audit-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_members = {
+  iam = {
     "roles/bigquery.dataEditor" = [module.audit-log-sinks.writer_identities[0]]
     "roles/viewer"              = var.iam_audit_viewers
   }
-  iam_roles = [
-    "roles/bigquery.dataEditor",
-    "roles/viewer"
-  ]
   services = concat(var.project_services, [
     "bigquery.googleapis.com",
   ])
@@ -147,7 +143,7 @@ module "shared-project" {
   parent          = module.shared-folder.id
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive_bindings = {
+  iam_additive = {
     for name in var.iam_shared_owners : (name) => ["roles/owner"]
   }
   services = var.project_services

foundations/environments/README.md

@@ -33,7 +33,7 @@ If no shared services are needed, the shared service project module can of cours
 | name | description | type | required | default |
 |---|---|:---: |:---:|:---:|
 | billing_account_id | Billing account id used as to create projects. | <code title="">string</code> | ✓ |  |
-| environments | Environment short names. | <code title="list&#40;string&#41;">list(string)</code> | ✓ |  |
+| environments | Environment short names. | <code title="set&#40;string&#41;">set(string)</code> | ✓ |  |
 | organization_id | Organization id in organizations/nnnnnnnn format. | <code title="">string</code> | ✓ |  |
 | prefix | Prefix used for resources that need unique names. | <code title="">string</code> | ✓ |  |
 | root_node | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | <code title="">string</code> | ✓ |  |

foundations/environments/main.tf

@@ -24,7 +24,7 @@ module "tf-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive_bindings = {
+  iam_additive = {
     for name in var.iam_terraform_owners : (name) => ["roles/owner"]
   }
   services = var.project_services
@@ -34,8 +34,8 @@ module "tf-project" {
 
 module "tf-service-accounts" {
   source     = "../../modules/iam-service-account"
-  project_id = module.tf-project.project_id
   for_each   = var.environments
+  project_id = module.tf-project.project_id
   name       = each.value
   prefix     = var.prefix
   iam_billing_roles = {
@@ -67,8 +67,8 @@ module "tf-gcs-bootstrap" {
 
 module "tf-gcs-environments" {
   source     = "../../modules/gcs"
-  project_id = module.tf-project.project_id
   for_each   = var.environments
+  project_id = module.tf-project.project_id
   name       = each.value
   prefix     = "${var.prefix}-tf"
   location   = var.gcs_location
@@ -86,7 +86,7 @@ module "environment-folders" {
   for_each = var.environments
   parent   = var.root_node
   name     = each.value
-  iam_members = {
+  iam = {
     for role in local.folder_roles :
     (role) => [module.tf-service-accounts[each.value].iam_email]
   }
@@ -104,7 +104,7 @@ module "audit-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_members = {
+  iam = {
     "roles/bigquery.dataEditor" = [module.audit-log-sinks.writer_identities[0]]
     "roles/viewer"              = var.iam_audit_viewers
   }
@@ -152,7 +152,7 @@ module "sharedsvc-project" {
   parent          = var.root_node
   prefix          = var.prefix
   billing_account = var.billing_account_id
-  iam_additive_bindings = {
+  iam_additive = {
     for name in var.iam_shared_owners : (name) => ["roles/owner"]
   }
   services = var.project_services

networking/shared-vpc-gke/main.tf

@@ -30,7 +30,7 @@ module "project-host" {
     enabled          = true
     service_projects = [] # defined later
   }
-  iam_members = {
+  iam = {
     "roles/container.hostServiceAgentUser" = [
       "serviceAccount:${module.project-svc-gke.service_accounts.robots.container-engine}"
     ]
@@ -51,7 +51,7 @@ module "project-svc-gce" {
     attach       = true
     host_project = module.project-host.project_id
   }
-  iam_members = {
+  iam = {
     "roles/logging.logWriter"       = [module.vm-bastion.service_account_iam_email],
     "roles/monitoring.metricWriter" = [module.vm-bastion.service_account_iam_email],
     "roles/owner"                   = var.owners_gce,
@@ -72,7 +72,7 @@ module "project-svc-gke" {
     attach       = true
     host_project = module.project-host.project_id
   }
-  iam_members = {
+  iam = {
     "roles/container.developer"     = [module.vm-bastion.service_account_iam_email],
     "roles/logging.logWriter"       = [module.service-account-gke-node.iam_email],
     "roles/monitoring.metricWriter" = [module.service-account-gke-node.iam_email],

tests/foundations/business_units/__init__.py

@@ -0,0 +1,13 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

tests/foundations/business_units/fixture/main.tf

@@ -0,0 +1,23 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "test" {
+  source             = "../../../../foundations/business-units"
+  billing_account_id = var.billing_account_id
+  organization_id    = var.organization_id
+  prefix             = var.prefix
+  root_node          = var.root_node
+}

tests/foundations/business_units/fixture/variables.tf

@@ -0,0 +1,35 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "billing_account_id" {
+  type    = string
+  default = "1234-5678-9012"
+}
+
+variable "organization_id" {
+  type    = string
+  default = "organizations/1234567890"
+}
+
+variable "prefix" {
+  description = "Prefix used for resources that need unique names."
+  type        = string
+  default     = "test"
+}
+
+variable "root_node" {
+  description = "Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'."
+  type        = string
+  default     = "folders/1234567890"
+}

tests/foundations/business_units/test_plan.py

@@ -0,0 +1,27 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+def test_resources(e2e_plan_runner):
+  "Test that plan works and the numbers of resources is as expected."
+  modules, resources = e2e_plan_runner(FIXTURES_DIR)
+  assert len(modules) == 9
+  assert len(resources) == 84

tests/modules/folders/fixture/main.tf

@@ -18,7 +18,7 @@ module "test" {
   source         = "../../../../modules/folder"
   parent         = "organizations/12345678"
   name           = "folder-a"
-  iam_members    = var.iam_members
+  iam            = var.iam
   policy_boolean = var.policy_boolean
   policy_list    = var.policy_list
 }

tests/modules/folders/fixture/variables.tf

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-variable "iam_members" {
+variable "iam" {
   type    = map(list(string))
   default = {}
 }

tests/modules/folders/test_plan.py

@@ -32,26 +32,25 @@ def test_folder(plan_runner):
 
 def test_iam(plan_runner):
   "Test folder resources with iam roles and members."
-  iam_members = '{"roles/owner" = ["user:a@b.com"] }'
-  _, resources = plan_runner(FIXTURES_DIR,
-                             iam_members=iam_members)
+  iam = '{"roles/owner" = ["user:a@b.com"] }'
+  _, resources = plan_runner(FIXTURES_DIR, iam=iam)
   assert len(resources) == 2
 
+
 def test_iam_multiple_members(plan_runner):
   "Test folder resources with multiple iam members."
-  iam_members = '{"roles/owner" = ["user:a@b.com", "user:c@d.com"] }'
-  _, resources = plan_runner(FIXTURES_DIR,
-                             iam_members=iam_members)
+  iam = '{"roles/owner" = ["user:a@b.com", "user:c@d.com"] }'
+  _, resources = plan_runner(FIXTURES_DIR, iam=iam)
   assert len(resources) == 2
 
+
 def test_iam_multiple_roles(plan_runner):
   "Test folder resources with multiple iam roles."
-  iam_members = (
-    '{ '
-    '"roles/owner" = ["user:a@b.com"], '
-    '"roles/viewer" = ["user:c@d.com"] '
-    '} '
+  iam = (
+      '{ '
+      '"roles/owner" = ["user:a@b.com"], '
+      '"roles/viewer" = ["user:c@d.com"] '
+      '} '
   )
-  _, resources = plan_runner(FIXTURES_DIR,
-                             iam_members=iam_members)
+  _, resources = plan_runner(FIXTURES_DIR, iam=iam)
   assert len(resources) == 3