diff --git a/modules/folder/README.md b/modules/folder/README.md index 7169776e..71cf3e08 100644 --- a/modules/folder/README.md +++ b/modules/folder/README.md @@ -101,8 +101,7 @@ module "folder" { ``` ```yaml -# cidrs.yaml - +# tftest file configs/firewall-policies/cidrs.yaml rfc1918: - 10.0.0.0/8 - 172.16.0.0/12 @@ -110,8 +109,7 @@ rfc1918: ``` ```yaml -# rules.yaml - +# tftest file configs/firewall-policies/rules.yaml allow-admins: description: Access from the admin subnet to all subnets direction: INGRESS diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md index 877b15e7..d0cd32ff 100644 --- a/modules/net-vpc-firewall/README.md +++ b/modules/net-vpc-firewall/README.md @@ -147,7 +147,7 @@ module "firewall" { ``` ```yaml -# ./configs/firewall/rules/load_balancers.yaml +# tftest file configs/firewall/rules/load_balancers.yaml allow-healthchecks: description: Allow ingress from healthchecks. ranges: @@ -161,10 +161,9 @@ allow-healthchecks: ``` ```yaml -# ./configs/firewall/cidr_template.yaml +# tftest file configs/firewall/cidr_template.yaml healthchecks: - 35.191.0.0/16 - - 130.211.0.0/22 - 209.85.152.0/22 - 209.85.204.0/22 diff --git a/modules/organization/README.md b/modules/organization/README.md index ce495863..f60413f2 100644 --- a/modules/organization/README.md +++ b/modules/organization/README.md @@ -143,9 +143,9 @@ module "org" { ``` ```yaml -# configs/custom-constraints/gke.yaml +# tftest file configs/custom-constraints/gke.yaml custom.gkeEnableLogging: - resource_types: + resource_types: - container.googleapis.com/Cluster method_types: - CREATE @@ -154,7 +154,7 @@ custom.gkeEnableLogging: action_type: DENY display_name: Do not disable Cloud Logging custom.gkeEnableAutoUpgrade: - resource_types: + resource_types: - container.googleapis.com/NodePool method_types: - CREATE @@ -165,9 +165,9 @@ custom.gkeEnableAutoUpgrade: ``` ```yaml -# configs/custom-constraints/dataproc.yaml +# tftest file configs/custom-constraints/dataproc.yaml custom.dataprocNoMoreThan10Workers: - resource_types: + resource_types: - dataproc.googleapis.com/Cluster method_types: - CREATE @@ -238,8 +238,7 @@ module "org" { ``` ```yaml -# cidrs.yaml - +# tftest file configs/firewall-policies/cidrs.yaml rfc1918: - 10.0.0.0/8 - 172.16.0.0/12 @@ -247,8 +246,7 @@ rfc1918: ``` ```yaml -# rules.yaml - +# tftest file configs/firewall-policies/rules.yaml allow-admins: description: Access from the admin subnet to all subnets direction: INGRESS diff --git a/modules/project/README.md b/modules/project/README.md index f5277cd0..53ab731d 100644 --- a/modules/project/README.md +++ b/modules/project/README.md @@ -230,7 +230,7 @@ module "folder" { ``` ```yaml -# configs/org-policies/boolean.yaml +# tftest file configs/org-policies/boolean.yaml iam.disableServiceAccountKeyCreation: enforce: true @@ -246,7 +246,7 @@ iam.disableServiceAccountKeyUpload: ``` ```yaml -# configs/org-policies/list.yaml +# tftest file configs/org-policies/list.yaml compute.vmExternalIpAccess: deny: all: true diff --git a/tests/examples/configs/custom-constraints/dataproc.yaml b/tests/examples/configs/custom-constraints/dataproc.yaml index 05a8d2b8..0aa55484 100644 --- a/tests/examples/configs/custom-constraints/dataproc.yaml +++ b/tests/examples/configs/custom-constraints/dataproc.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check custom.dataprocNoMoreThan10Workers: resource_types: - dataproc.googleapis.com/Cluster diff --git a/tests/examples/configs/custom-constraints/gke.yaml b/tests/examples/configs/custom-constraints/gke.yaml index d80a2005..c47c41e3 100644 --- a/tests/examples/configs/custom-constraints/gke.yaml +++ b/tests/examples/configs/custom-constraints/gke.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check custom.gkeEnableLogging: resource_types: - container.googleapis.com/Cluster diff --git a/tests/examples/configs/firewall-policies/cidrs.yaml b/tests/examples/configs/firewall-policies/cidrs.yaml index 6df2b79e..de1b86fb 100644 --- a/tests/examples/configs/firewall-policies/cidrs.yaml +++ b/tests/examples/configs/firewall-policies/cidrs.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check rfc1918: - 10.0.0.0/8 - 172.16.0.0/12 diff --git a/tests/examples/configs/firewall-policies/rules.yaml b/tests/examples/configs/firewall-policies/rules.yaml index d823983c..d7725a4d 100644 --- a/tests/examples/configs/firewall-policies/rules.yaml +++ b/tests/examples/configs/firewall-policies/rules.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check allow-admins: description: Access from the admin subnet to all subnets direction: INGRESS diff --git a/tests/examples/configs/firewall/cidr_template.yaml b/tests/examples/configs/firewall/cidr_template.yaml index 99026641..3350e0e0 100644 --- a/tests/examples/configs/firewall/cidr_template.yaml +++ b/tests/examples/configs/firewall/cidr_template.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check healthchecks: - 35.191.0.0/16 - 130.211.0.0/22 diff --git a/tests/examples/configs/firewall/rules/laod_balancers.yaml b/tests/examples/configs/firewall/rules/load_balancers.yaml similarity index 88% rename from tests/examples/configs/firewall/rules/laod_balancers.yaml rename to tests/examples/configs/firewall/rules/load_balancers.yaml index 29b2dfc8..bfaf474e 100644 --- a/tests/examples/configs/firewall/rules/laod_balancers.yaml +++ b/tests/examples/configs/firewall/rules/load_balancers.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check allow-healthchecks: description: Allow ingress from healthchecks. ranges: diff --git a/tests/examples/configs/org-policies/boolean.yaml b/tests/examples/configs/org-policies/boolean.yaml index 83aea420..b9cbe388 100644 --- a/tests/examples/configs/org-policies/boolean.yaml +++ b/tests/examples/configs/org-policies/boolean.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check iam.disableServiceAccountKeyCreation: enforce: true diff --git a/tests/examples/configs/org-policies/list.yaml b/tests/examples/configs/org-policies/list.yaml index d66a3da2..00a44a88 100644 --- a/tests/examples/configs/org-policies/list.yaml +++ b/tests/examples/configs/org-policies/list.yaml @@ -1,3 +1,4 @@ +# skip boilerplate check compute.vmExternalIpAccess: deny: all: true diff --git a/tests/examples/conftest.py b/tests/examples/conftest.py index 2cea9e36..6d6246a3 100644 --- a/tests/examples/conftest.py +++ b/tests/examples/conftest.py @@ -39,17 +39,18 @@ def pytest_generate_tests(metafunc): last_header = None mark = pytest.mark.xdist_group(name=module.name) for child in doc.children: - if isinstance(child, marko.block.FencedCode) and child.lang == 'hcl': + if isinstance(child, marko.block.FencedCode): index += 1 code = child.children[0].children if 'tftest skip' in code: continue - examples.append(pytest.param(code, marks=mark)) - path = module.relative_to(FABRIC_ROOT) - name = f'{path}:{last_header}' - if index > 1: - name += f' {index}' - ids.append(name) + if child.lang == 'hcl' or 'tftest file' in code: + examples.append(pytest.param(code, marks=mark)) + path = module.relative_to(FABRIC_ROOT) + name = f'{path}:{last_header}' + if index > 1: + name += f' {index}' + ids.append(name) elif isinstance(child, marko.block.Heading): last_header = child.children[0].children index = 0 diff --git a/tests/examples/test_plan.py b/tests/examples/test_plan.py index fda7284a..c22f9998 100644 --- a/tests/examples/test_plan.py +++ b/tests/examples/test_plan.py @@ -16,7 +16,8 @@ import re from pathlib import Path BASE_PATH = Path(__file__).parent -EXPECTED_RESOURCES_RE = re.compile(r'# tftest modules=(\d+) resources=(\d+)') +COUNT_TEST_RE = re.compile(r'# tftest modules=(\d+) resources=(\d+)') +FILE_TEST_RE = re.compile(r'# tftest file (.+)') def test_example(recursive_e2e_plan_runner, tmp_path, example): @@ -26,13 +27,25 @@ def test_example(recursive_e2e_plan_runner, tmp_path, example): (tmp_path / 'configs').symlink_to(Path(BASE_PATH, 'configs').resolve()) (tmp_path / 'main.tf').write_text(example) - match = EXPECTED_RESOURCES_RE.search(example) - expected_modules = int(match.group(1)) if match is not None else 1 - expected_resources = int(match.group(2)) if match is not None else 1 + if match := COUNT_TEST_RE.search(example): + expected_modules = int(match.group(1)) if match is not None else 1 + expected_resources = int(match.group(2)) if match is not None else 1 - assert match is not None, "can't find tftest directive" + num_modules, num_resources = recursive_e2e_plan_runner( + str(tmp_path), tmpdir=False) + assert expected_modules == num_modules, 'wrong number of modules' + assert expected_resources == num_resources, 'wrong number of resources' - num_modules, num_resources = recursive_e2e_plan_runner( - str(tmp_path), tmpdir=False) - assert expected_modules == num_modules, 'wrong number of modules' - assert expected_resources == num_resources, 'wrong number of resources' + elif match := FILE_TEST_RE.search(example): + filename = tmp_path / match.group(1) + assert filename.exists(), f'cant read {filename}' + + file_content = filename.read_text() + + # skip first line + file_content = file_content.split('\n', 1)[1] + example = example.split('\n', 1)[1] + assert file_content == example, "README inline file and fixture file don't match" + + else: + assert False, "can't find tftest directive"