zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into hybrid-gke-updates

This commit is contained in:
apichick 2023-01-20 13:18:19 +01:00 committed by GitHub
parent 050daa65f2 fef45ed460
commit 6a633390b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
79 changed files with 1812 additions and 1367 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CONTRIBUTING.md
View File

@ -754,7 +754,7 @@ def test_name(plan_summary, tfvars_to_yaml, tmp_path):
assert s.values[address]['project'] == 'my-project'
```
For more examples on how to write python tests, the tests for [`organization`](./tests/modules/organization/test_plan_org_policies.py) and [`net-vpc`](./tests/modules/net_vpc/test_routes.py) modules.
For more examples on how to write python tests, check the tests for the [`organization`](./tests/modules/organization/test_plan_org_policies.py) module.
#### Testing documentation examples

28
modules/api-gateway/README.md
View File

@ -1,4 +1,4 @@
# Api Gateway
# API Gateway
This module allows creating an API with its associated API config and API gateway. It also allows you grant IAM roles on the created resources.
# Examples
@ -15,46 +15,46 @@ module "gateway" {
# ...
EOT
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=basic.yaml
```
## Basic example + customer service account
## Use existing service account
```hcl
module "gateway" {
source = "./fabric/modules/api-gateway"
project_id = "my-project"
api_id = "api"
region = "europe-west1"
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
service_account_email = "sa@my-project.iam.gserviceaccount.com"
iam = {
"roles/apigateway.admin" = ["user:user@example.com"]
}
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
}
# tftest modules=1 resources=7
# tftest modules=1 resources=7 inventory=existing-sa.yaml
```
## Basic example + service account creation
## Create service account
```hcl
module "gateway" {
source = "./fabric/modules/api-gateway"
project_id = "my-project"
api_id = "api"
region = "europe-west1"
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
service_account_create = true
iam = {
"roles/apigateway.admin" = ["user:mirene@google.com"]
"roles/apigateway.viewer" = ["user:mirene@google.com"]
}
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
}
# tftest modules=1 resources=11
# tftest modules=1 resources=11 inventory=create-sa.yaml
```
<!-- BEGIN TFDOC -->

29
modules/dns/README.md
View File

@ -21,7 +21,7 @@ module "private-dns" {
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=private-zone.yaml
```
### Forwarding Zone
@ -36,7 +36,7 @@ module "private-dns" {
client_networks = [var.vpc.self_link]
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=forwarding-zone.yaml
```
### Peering Zone
@ -47,11 +47,12 @@ module "private-dns" {
project_id = "myproject"
type = "peering"
name = "test-example"
domain = "test.example."
domain = "."
description = "Forwarding zone for ."
client_networks = [var.vpc.self_link]
peer_network = var.vpc2.self_link
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=peering-zone.yaml
```
### Routing Policies
@ -84,7 +85,7 @@ module "private-dns" {
}
}
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=routing-policies.yaml
```
### Reverse Lookup Zone
@ -98,7 +99,23 @@ module "private-dns" {
domain = "0.0.10.in-addr.arpa."
client_networks = [var.vpc.self_link]
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=reverse-zone.yaml
```
### Public Zone
```hcl
module "public-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
type = "public"
name = "example"
domain = "example.com."
recordsets = {
"A myhost" = { ttl = 300, records = ["127.0.0.1"] }
}
}
# tftest modules=1 resources=3 inventory=public-zone.yaml
```
<!-- BEGIN TFDOC -->

2
modules/dns/main.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.

37
modules/gcs/README.md
View File

@ -8,50 +8,46 @@ module "bucket" {
project_id = "myproject"
prefix = "test"
name = "my-bucket"
versioning = true
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
labels = {
cost-center = "devops"
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=simple.yaml
```
### Example with Cloud KMS
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
prefix = "test"
name = "my-bucket"
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
source = "./fabric/modules/gcs"
project_id = "myproject"
name = "my-bucket"
encryption_key = "my-encryption-key"
}
# tftest modules=1 resources=2
# tftest modules=1 resources=1 inventory=cmek.yaml
```
### Example with retention policy
### Example with retention policy and logging
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
prefix = "test"
name = "my-bucket"
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
retention_policy = {
retention_period = 100
is_locked = true
}
logging_config = {
log_bucket = var.bucket
log_bucket = "log-bucket"
log_object_prefix = null
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=1 inventory=retention-logging.yaml
```
### Example with lifecycle rule
@ -60,11 +56,7 @@ module "bucket" {
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
prefix = "test"
name = "my-bucket"
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
lifecycle_rules = {
lr-0 = {
action = {
@ -77,7 +69,7 @@ module "bucket" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=1 inventory=lifecycle.yaml
```
### Minimal example with GCS notifications
@ -86,7 +78,6 @@ module "bucket" {
module "bucket-gcs-notification" {
source = "./fabric/modules/gcs"
project_id = "myproject"
prefix = "test"
name = "my-bucket"
notification_config = {
enabled = true
@ -97,7 +88,7 @@ module "bucket-gcs-notification" {
custom_attributes = {}
}
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=notification.yaml
```
<!-- BEGIN TFDOC -->

34
modules/gke-cluster/README.md
View File

@ -33,7 +33,7 @@ module "cluster-1" {
environment = "dev"
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=basic.yaml
```
### GKE Cluster with Dataplane V2 enabled
@ -42,7 +42,7 @@ module "cluster-1" {
module "cluster-1" {
source = "./fabric/modules/gke-cluster"
project_id = "myproject"
name = "cluster-1"
name = "cluster-dataplane-v2"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
@ -68,8 +68,36 @@ module "cluster-1" {
environment = "dev"
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=dataplane-v2.yaml
```
### Autopilot Cluster
```hcl
module "cluster-autopilot" {
source = "./fabric/modules/gke-cluster"
project_id = "myproject"
name = "cluster-autopilot"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {
pods = "pods"
services = "services"
}
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
master_ipv4_cidr_block = "192.168.0.0/28"
}
enable_features = {
autopilot = true
}
}
# tftest modules=1 resources=1 inventory=autopilot.yaml
```
<!-- BEGIN TFDOC -->
## Variables

68
modules/gke-nodepool/README.md
View File

@ -16,7 +16,7 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b"
name = "nodepool-1"
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=basic.yaml
```
### Internally managed service account
@ -27,22 +27,11 @@ If you create a new service account, its resource and email (in both plain and I
#### GCE default service account
To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`.
```hcl
module "cluster-1-nodepool-1" {
source = "./fabric/modules/gke-nodepool"
project_id = "myproject"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
}
# tftest modules=1 resources=1
```
To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`. This is what the first example of this document does.
#### Externally defined service account
To use an existing service account, pass in just the `email` attribute.
To use an existing service account, pass in just the `email` attribute. If you do this, will most likely want to use the `cloud-platform` scope.
```hcl
module "cluster-1-nodepool-1" {
@ -52,10 +41,11 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b"
name = "nodepool-1"
service_account = {
email = "foo-bar@myproject.iam.gserviceaccount.com"
email = "foo-bar@myproject.iam.gserviceaccount.com"
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=external-sa.yaml
```
#### Auto-created service account
@ -70,12 +60,48 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b"
name = "nodepool-1"
service_account = {
create = true
# optional
email = "spam-eggs"
create = true
email = "spam-eggs" # optional
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=create-sa.yaml
```
### Node & node pool configuration
```hcl
module "cluster-1-nodepool-1" {
source = "./fabric/modules/gke-nodepool"
project_id = "myproject"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
labels = { environment = "dev" }
service_account = {
create = true
email = "nodepool-1" # optional
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
}
node_config = {
machine_type = "n2-standard-2"
disk_size_gb = 50
disk_type = "pd-ssd"
ephemeral_ssd_count = 1
gvnic = true
spot = true
}
nodepool_config = {
autoscaling = {
max_node_count = 10
min_node_count = 1
}
management = {
auto_repair = true
auto_upgrade = false
}
}
}
# tftest modules=1 resources=2 inventory=config.yaml
```
<!-- BEGIN TFDOC -->
@ -97,7 +123,7 @@ module "cluster-1-nodepool-1" {
| [nodepool_config](variables.tf#L115) | Nodepool-level configuration. | <code title="object&#40;&#123;&#10; autoscaling &#61; optional&#40;object&#40;&#123;&#10; location_policy &#61; optional&#40;string&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; min_node_count &#61; optional&#40;number&#41;&#10; use_total_nodes &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; management &#61; optional&#40;object&#40;&#123;&#10; auto_repair &#61; optional&#40;bool&#41;&#10; auto_upgrade &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; upgrade_settings &#61; optional&#40;object&#40;&#123;&#10; max_surge &#61; number&#10; max_unavailable &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [pod_range](variables.tf#L137) | Pod secondary range configuration. | <code title="object&#40;&#123;&#10; secondary_pod_range &#61; object&#40;&#123;&#10; cidr &#61; optional&#40;string&#41;&#10; create &#61; optional&#40;bool&#41;&#10; name &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [reservation_affinity](variables.tf#L154) | Configuration of the desired reservation which instances could take capacity from. | <code title="object&#40;&#123;&#10; consume_reservation_type &#61; string&#10; key &#61; optional&#40;string&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object&#40;&#123;&#10; create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string, null&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;, null&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object&#40;&#123;&#10; create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [sole_tenant_nodegroup](variables.tf#L175) | Sole tenant node group. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L181) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | <code title="list&#40;object&#40;&#123;&#10; key &#61; string&#10; value &#61; string&#10; effect &#61; string&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |

6
modules/gke-nodepool/variables.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -165,8 +165,8 @@ variable "service_account" {
description = "Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used."
type = object({
create = optional(bool, false)
email = optional(string, null)
oauth_scopes = optional(list(string), null)
email = optional(string)
oauth_scopes = optional(list(string))
})
default = {}
nullable = false

145
modules/net-vpc/README.md
View File

@ -30,7 +30,88 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=simple.yaml
```
### Subnet Options
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
name = "my-network"
subnets = [
# simple subnet
{
name = "simple"
region = "europe-west1"
ip_cidr_range = "10.0.0.0/24"
},
# custom description and PGA disabled
{
name = "no-pga"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24",
description = "Subnet b"
enable_private_access = false
},
# secondary ranges
{
name = "with-secondary-ranges"
region = "europe-west1"
ip_cidr_range = "10.0.2.0/24"
secondary_ip_ranges = {
a = "192.168.0.0/24"
b = "192.168.1.0/24"
}
},
# enable flow logs
{
name = "with-flow-logs"
region = "europe-west1"
ip_cidr_range = "10.0.3.0/24"
flow_logs_config = {
flow_sampling = 0.5
aggregation_interval = "INTERVAL_10_MIN"
}
}
]
}
# tftest modules=1 resources=5 inventory=subnet-options.yaml
```
### Subnet IAM
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
name = "my-network"
subnets = [
{
name = "subnet-1"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24"
},
{
name = "subnet-2"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24"
}
]
subnet_iam = {
"europe-west1/subnet-1" = {
"roles/compute.networkUser" = [
"user:user1@example.com", "group:group1@example.com"
]
}
"europe-west1/subnet-2" = {
"roles/compute.networkUser" = [
"user:user2@example.com", "group:group2@example.com"
]
}
}
}
# tftest modules=1 resources=5 inventory=subnet-iam.yaml
```
### Peering
@ -65,7 +146,7 @@ module "vpc-spoke-1" {
import_routes = true
}
}
# tftest modules=2 resources=6
# tftest modules=2 resources=6 inventory=peering.yaml
```
### Shared VPC
@ -116,7 +197,7 @@ module "vpc-host" {
}
}
}
# tftest modules=1 resources=7
# tftest modules=1 resources=7 inventory=shared-vpc.yaml
```
### Private Service Networking
@ -137,7 +218,7 @@ module "vpc" {
ranges = { myrange = "10.0.1.0/24" }
}
}
# tftest modules=1 resources=5
# tftest modules=1 resources=5 inventory=psc.yaml
```
### Private Service Networking with peering routes
@ -162,7 +243,7 @@ module "vpc" {
import_routes = true
}
}
# tftest modules=1 resources=5
# tftest modules=1 resources=5 inventory=psc-routes.yaml
```
### Subnets for Private Service Connect, Proxy-only subnets
@ -194,7 +275,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=proxy-only-subnets.yaml
```
### DNS Policies
@ -219,7 +300,7 @@ module "vpc" {
}
]
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=dns-policies.yaml
```
### Subnet Factory
@ -233,11 +314,17 @@ module "vpc" {
name = "my-network"
data_folder = "config/subnets"
}
# tftest modules=1 resources=2 files=subnets
# tftest modules=1 resources=3 files=subnet-simple,subnet-detailed inventory=factory.yaml
```
```yaml
# tftest-file id=subnets path=config/subnets/subnet-name.yaml
# tftest-file id=subnet-simple path=config/subnets/subnet-simple.yaml
region: europe-west4
ip_cidr_range: 10.0.1.0/24
```
```yaml
# tftest-file id=subnet-detailed path=config/subnets/subnet-detailed.yaml
region: europe-west1
description: Sample description
ip_cidr_range: 10.0.0.0/24
@ -254,7 +341,45 @@ flow_logs: # enable, set to empty map to use defaults
metadata: "INCLUDE_ALL_METADATA"
filter_expression: null
```
<!-- BEGIN TFDOC -->
### Custom Routes
VPC routes can be configured through the `routes` variable.
```hcl
locals {
route_types = {
gateway = "global/gateways/default-internet-gateway"
instance = "zones/europe-west1-b/test"
ip = "192.168.0.128"
ilb = "regions/europe-west1/forwardingRules/test"
vpn_tunnel = "regions/europe-west1/vpnTunnels/foo"
}
}
module "vpc" {
source = "./fabric/modules/net-vpc"
for_each = local.route_types
project_id = "my-project"
name = "my-network-with-route-${replace(each.key, "_", "-")}"
routes = {
next-hop = {
dest_range = "192.168.128.0/24"
tags = null
next_hop_type = each.key
next_hop = each.value
}
gateway = {
dest_range = "0.0.0.0/0",
priority = 100
tags = ["tag-a"]
next_hop_type = "gateway",
next_hop = "global/gateways/default-internet-gateway"
}
}
}
# tftest modules=5 resources=15 inventory=routes.yaml
```
## Variables

6
modules/net-vpc/main.tf
View File

@ -1,5 +1,5 @@
/**
* Copyright 2022 Google LLC
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -109,7 +109,7 @@ resource "google_dns_policy" "default" {
)
iterator = ns
content {
ipv4_address = ns.key
ipv4_address = ns.value
forwarding_path = "private"
}
}
@ -121,7 +121,7 @@ resource "google_dns_policy" "default" {
)
iterator = ns
content {
ipv4_address = ns.key
ipv4_address = ns.value
}
}
}

4
tests/examples/conftest.py
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -21,7 +21,7 @@ import marko
FABRIC_ROOT = Path(__file__).parents[2]
FILE_TEST_RE = re.compile(r'# tftest-file +id=(\w+) +path=([\S]+)')
FILE_TEST_RE = re.compile(r'# tftest-file +id=([\w_.-]+) +path=([\S]+)')
Example = collections.namedtuple('Example', 'name code module files')
File = collections.namedtuple('File', 'path content')

4
tests/examples/test_plan.py
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -18,7 +18,7 @@ from pathlib import Path
BASE_PATH = Path(__file__).parent
COUNT_TEST_RE = re.compile(r'# tftest +modules=(\d+) +resources=(\d+)' +
r'(?: +files=([\w,-.]+))?' +
r'(?: +files=([\w,_-]+))?' +
r'(?: +inventory=([\w\-.]+))?')

42
tests/modules/api_gateway/examples/basic.yaml Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gateway.google_api_gateway_api.api:
api_id: api
display_name: api
project: my-project
module.gateway.google_api_gateway_api_config.api_config:
api: api
gateway_config: []
grpc_services: []
labels: null
managed_service_configs: []
project: my-project
module.gateway.google_api_gateway_gateway.gateway:
display_name: gw-api
gateway_id: gw-api
labels: null
project: my-project
region: europe-west1
module.gateway.google_project_service.service:
disable_dependent_services: true
disable_on_destroy: true
project: my-project
counts:
google_api_gateway_api: 1
google_api_gateway_api_config: 1
google_api_gateway_gateway: 1
google_project_service: 1

90
tests/modules/api_gateway/examples/create-sa.yaml Normal file
View File

@ -0,0 +1,90 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gateway.google_api_gateway_api.api:
api_id: api
display_name: api
labels: null
project: my-project
module.gateway.google_api_gateway_api_config.api_config:
api: api
grpc_services: []
labels: null
managed_service_configs: []
project: my-project
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.viewer"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.viewer
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.viewer"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.viewer
module.gateway.google_api_gateway_gateway.gateway:
display_name: gw-api
gateway_id: gw-api
labels: null
project: my-project
region: europe-west1
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
condition: []
gateway: gw-api
members:
- user:mirene@google.com
project: my-project
region: europe-west1
role: roles/apigateway.admin
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.viewer"]:
condition: []
gateway: gw-api
members:
- user:mirene@google.com
project: my-project
region: europe-west1
role: roles/apigateway.viewer
module.gateway.google_project_service.service: {}
module.gateway.google_service_account.service_account[0]:
account_id: sa-api-cfg-api
project: my-project
counts:
google_api_gateway_api: 1
google_api_gateway_api_config: 1
google_api_gateway_api_config_iam_binding: 2
google_api_gateway_api_iam_binding: 2
google_api_gateway_gateway: 1
google_api_gateway_gateway_iam_binding: 2
google_project_service: 1
google_service_account: 1

71
tests/modules/api_gateway/examples/existing-sa.yaml Normal file
View File

@ -0,0 +1,71 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gateway.google_api_gateway_api.api:
api_id: api
display_name: api
labels: null
project: my-project
module.gateway.google_api_gateway_api_config.api_config:
api: api
gateway_config:
- backend_config:
- google_service_account: sa@my-project.iam.gserviceaccount.com
grpc_services: []
labels: null
managed_service_configs: []
project: my-project
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
api: api
api_config: api-cfg-api-8656c6040d6d9ba18a8b9b5f3955c223
condition: []
members:
- user:user@example.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
api: api
condition: []
members:
- user:user@example.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_gateway.gateway:
display_name: gw-api
gateway_id: gw-api
labels: null
project: my-project
region: europe-west1
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
condition: []
gateway: gw-api
members:
- user:user@example.com
project: my-project
region: europe-west1
role: roles/apigateway.admin
module.gateway.google_project_service.service:
disable_dependent_services: true
disable_on_destroy: true
project: my-project
counts:
google_api_gateway_api: 1
google_api_gateway_api_config: 1
google_api_gateway_api_config_iam_binding: 1
google_api_gateway_api_iam_binding: 1
google_api_gateway_gateway: 1
google_api_gateway_gateway_iam_binding: 1
google_project_service: 1

26
tests/modules/api_gateway/fixture/main.tf
View File

@ -1,26 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "gateway" {
source = "../../../../modules/api-gateway"
api_id = var.api_id
project_id = var.project_id
labels = var.labels
iam = var.iam
region = var.region
spec = var.spec
service_account_create = true
}

55
tests/modules/api_gateway/fixture/variables.tf
View File

@ -1,55 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "api_id" {
type = string
default = "my-api"
}
variable "iam" {
type = map(list(string))
default = null
}
variable "labels" {
type = map(string)
default = null
}
variable "project_id" {
type = string
default = "my-project"
}
variable "region" {
type = string
default = "europe-west1"
}
variable "service_account_create" {
type = bool
default = true
}
variable "service_account_email" {
type = string
default = null
}
variable "spec" {
type = string
default = "Spec contents"
}

34
tests/modules/dns/examples/forwarding-zone.yaml Normal file
View File

@ -0,0 +1,34 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.private-dns.google_dns_managed_zone.non-public[0]:
dns_name: test.example.
forwarding_config:
- target_name_servers:
- forwarding_path: ''
ipv4_address: 10.0.1.1
- forwarding_path: private
ipv4_address: 1.2.3.4
name: test-example
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: myproject
visibility: private
counts:
google_dns_managed_zone: 1

36
tests/modules/net_vpc/simple.yaml → tests/modules/dns/examples/peering-zone.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -13,24 +13,22 @@
# limitations under the License.
values:
google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
name: test
project: test-project
routing_mode: GLOBAL
module.private-dns.google_dns_managed_zone.non-public[0]:
description: Forwarding zone for .
dns_name: .
forwarding_config: []
name: test-example
peering_config:
- target_network:
- network_url: projects/xxx/global/networks/ccc
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: myproject
visibility: private
counts:
google_compute_network: 1
google_dns_managed_zone: 1
outputs:
bindings: {}
project_id: test-project
subnet_ips: {}
subnet_regions: {}
subnet_secondary_ranges: {}
subnet_self_links: {}
subnets: {}
subnets_proxy_only: {}
subnets_psc: {}
outputs: {}

50
tests/modules/dns/examples/private-zone.yaml Normal file
View File

@ -0,0 +1,50 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.private-dns.google_dns_managed_zone.non-public[0]:
description: Terraform managed.
dns_name: test.example.
force_destroy: false
forwarding_config: []
name: test-example
peering_config: []
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: myproject
visibility: private
module.private-dns.google_dns_record_set.cloud-static-records["A localhost"]:
managed_zone: test-example
name: localhost.test.example.
project: myproject
routing_policy: []
rrdatas:
- 127.0.0.1
ttl: 300
type: A
module.private-dns.google_dns_record_set.cloud-static-records["A myhost"]:
managed_zone: test-example
name: myhost.test.example.
project: myproject
routing_policy: []
rrdatas:
- 10.0.0.120
ttl: 600
type: A
counts:
google_dns_managed_zone: 1
google_dns_record_set: 2

38
tests/modules/dns/examples/public-zone.yaml Normal file
View File

@ -0,0 +1,38 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.public-dns.google_dns_managed_zone.public[0]:
dns_name: example.com.
name: example
project: myproject
visibility: public
module.public-dns.google_dns_record_set.cloud-static-records["A myhost"]:
managed_zone: example
name: myhost.example.com.
project: myproject
routing_policy: []
rrdatas:
- 127.0.0.1
ttl: 300
type: A
counts:
google_dns_keys: 1
google_dns_managed_zone: 1
google_dns_record_set: 1
modules: 1
resources: 3
outputs: {}

24
tests/modules/net_vpc/data/factory-subnet.yaml → tests/modules/dns/examples/reverse-zone.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,12 +12,16 @@
# See the License for the specific language governing permissions and
# limitations under the License.
region: europe-west1
description: Sample description
ip_cidr_range: 10.128.0.0/24
enable_private_access: false
iam_users: ["foobar@example.com"]
iam_groups: ["lorem@example.com"]
iam_service_accounts: ["foobar@project-id.iam.gserviceaccount.com"]
secondary_ip_ranges:
secondary-range-a: 192.168.128.0/24
values:
module.private-dns.google_dns_managed_zone.non-public[0]:
description: Terraform managed.
dns_name: 0.0.10.in-addr.arpa.
name: test-example
project: myproject
reverse_lookup: true
visibility: private
counts:
google_dns_managed_zone: 1
outputs: {}

80
tests/modules/dns/examples/routing-policies.yaml Normal file
View File

@ -0,0 +1,80 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.private-dns.google_dns_managed_zone.non-public[0]:
dns_name: test.example.
name: test-example
project: myproject
module.private-dns.google_dns_record_set.cloud-geo-records["A geo"]:
managed_zone: test-example
name: geo.test.example.
project: myproject
routing_policy:
- enable_geo_fencing: null
geo:
- health_checked_targets: []
location: europe-west1
rrdatas:
- 10.0.0.1
- health_checked_targets: []
location: europe-west2
rrdatas:
- 10.0.0.2
- health_checked_targets: []
location: europe-west3
rrdatas:
- 10.0.0.3
primary_backup: []
wrr: []
rrdatas: null
ttl: 300
type: A
module.private-dns.google_dns_record_set.cloud-static-records["A regular"]:
managed_zone: test-example
name: regular.test.example.
project: myproject
routing_policy: []
rrdatas:
- 10.20.0.1
ttl: 300
type: A
module.private-dns.google_dns_record_set.cloud-wrr-records["A wrr"]:
managed_zone: test-example
name: wrr.test.example.
project: myproject
routing_policy:
- enable_geo_fencing: null
geo: []
primary_backup: []
wrr:
- health_checked_targets: []
rrdatas:
- 10.10.0.1
weight: 0.6
- health_checked_targets: []
rrdatas:
- 10.10.0.2
weight: 0.2
- health_checked_targets: []
rrdatas:
- 10.10.0.3
weight: 0.2
rrdatas: null
ttl: 600
type: A
counts:
google_dns_managed_zone: 1
google_dns_record_set: 3

27
tests/modules/dns/fixture/main.tf
View File

@ -1,27 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/dns"
project_id = "my-project"
name = "test"
domain = "test.example."
client_networks = var.client_networks
type = var.type
forwarders = var.forwarders
peer_network = var.peer_network
recordsets = var.recordsets
}

62
tests/modules/dns/fixture/variables.tf
View File

@ -1,62 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "client_networks" {
type = list(string)
default = [
"https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default"
]
}
variable "forwarders" {
type = map(string)
default = {}
}
variable "peer_network" {
type = string
default = null
}
variable "recordsets" {
type = any
default = {
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
"A local-host.test.example." = { ttl = 300, records = ["127.0.0.2"] }
"CNAME *" = { ttl = 300, records = ["localhost.example.org."] }
"A " = { ttl = 300, records = ["127.0.0.3"] }
"A geo" = {
geo_routing = [
{ location = "europe-west1", records = ["127.0.0.4"] },
{ location = "europe-west2", records = ["127.0.0.5"] },
{ location = "europe-west3", records = ["127.0.0.6"] }
]
}
"A wrr" = {
ttl = 600
wrr_routing = [
{ weight = 0.6, records = ["127.0.0.7"] },
{ weight = 0.2, records = ["127.0.0.8"] },
{ weight = 0.2, records = ["127.0.0.9"] }
]
}
}
}
variable "type" {
type = string
default = "private"
}

5
tests/modules/dns/no_clients.tfvars Normal file
View File

@ -0,0 +1,5 @@
type = "private"
domain = "test.example."
name = "test"
project_id = "my-project"
client_networks = []

19
tests/modules/gcs/iam.yaml → tests/modules/dns/no_clients.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -13,18 +13,13 @@
# limitations under the License.
values:
google_storage_bucket.bucket:
google_dns_managed_zone.non-public[0]:
dns_name: test.example.
name: test
google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
bucket: test
condition: []
members:
- user:a@example.org
role: roles/storage.admin
private_visibility_config: []
visibility: private
counts:
google_storage_bucket: 1
google_storage_bucket_iam_binding: 1
google_dns_managed_zone: 1
modules: 0
resources: 2
resources: 1

4
tests/modules/dns/null_forwarders.tfvars Normal file
View File

@ -0,0 +1,4 @@
type = "forwarding"
domain = "test.example."
name = "test"
project_id = "my-project"

11
tests/modules/net_vpc/data/factory-subnet2.yaml → tests/modules/dns/null_forwarders.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,6 +12,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
region: europe-west4
description: Sample description
ip_cidr_range: 10.129.0.0/24
values:
google_dns_managed_zone.non-public[0]:
forwarding_config: []
counts:
google_dns_managed_zone: 1

138
tests/modules/dns/test_plan.py
View File

@ -1,138 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_private(plan_runner):
"Test private zone with three recordsets."
_, resources = plan_runner()
assert len(resources) == 7
assert set(r['type'] for r in resources) == {
'google_dns_record_set', 'google_dns_managed_zone'
}
for r in resources:
if r['type'] != 'google_dns_managed_zone':
continue
assert r['values']['visibility'] == 'private'
assert len(r['values']['private_visibility_config']) == 1
def test_private_recordsets(plan_runner):
"Test recordsets in private zone."
_, resources = plan_runner()
recordsets = [
r['values'] for r in resources if r['type'] == 'google_dns_record_set'
]
assert set(r['name'] for r in recordsets) == {
'localhost.test.example.', 'local-host.test.example.', '*.test.example.',
"test.example.", "geo.test.example.", "wrr.test.example."
}
for r in recordsets:
if r['name'] not in ['wrr.test.example.', 'geo.test.example.']:
assert r['routing_policy'] == []
assert r['rrdatas'] != []
def test_routing_policies(plan_runner):
"Test recordsets with routing policies."
_, resources = plan_runner()
recordsets = [
r['values'] for r in resources if r['type'] == 'google_dns_record_set'
]
geo_zone = [
r['values'] for r in resources if r['address'] ==
'module.test.google_dns_record_set.cloud-geo-records["A geo"]'
][0]
assert geo_zone['name'] == 'geo.test.example.'
assert geo_zone['routing_policy'][0]['wrr'] == []
geo_policy = geo_zone['routing_policy'][0]['geo']
assert geo_policy[0]['location'] == 'europe-west1'
assert geo_policy[0]['rrdatas'] == ['127.0.0.4']
assert geo_policy[1]['location'] == 'europe-west2'
assert geo_policy[1]['rrdatas'] == ['127.0.0.5']
assert geo_policy[2]['location'] == 'europe-west3'
assert geo_policy[2]['rrdatas'] == ['127.0.0.6']
wrr_zone = [
r['values'] for r in resources if r['address'] ==
'module.test.google_dns_record_set.cloud-wrr-records["A wrr"]'
][0]
assert wrr_zone['name'] == 'wrr.test.example.'
wrr_policy = wrr_zone['routing_policy'][0]['wrr']
assert wrr_policy[0]['weight'] == 0.6
assert wrr_policy[0]['rrdatas'] == ['127.0.0.7']
assert wrr_policy[1]['weight'] == 0.2
assert wrr_policy[1]['rrdatas'] == ['127.0.0.8']
assert wrr_policy[2]['weight'] == 0.2
assert wrr_policy[2]['rrdatas'] == ['127.0.0.9']
assert wrr_zone['routing_policy'][0]['geo'] == []
def test_private_no_networks(plan_runner):
"Test private zone not exposed to any network."
_, resources = plan_runner(client_networks='[]')
for r in resources:
if r['type'] != 'google_dns_managed_zone':
continue
assert r['values']['visibility'] == 'private'
assert len(r['values']['private_visibility_config']) == 0
def test_forwarding_recordsets_null_forwarders(plan_runner):
"Test forwarding zone with wrong set of attributes does not break."
_, resources = plan_runner(type='forwarding')
assert len(resources) == 1
resource = resources[0]
assert resource['type'] == 'google_dns_managed_zone'
assert resource['values']['forwarding_config'] == []
def test_forwarding(plan_runner):
"Test forwarding zone with single forwarder."
_, resources = plan_runner(type='forwarding', recordsets='null',
forwarders='{ "1.2.3.4" = null }')
assert len(resources) == 1
resource = resources[0]
assert resource['type'] == 'google_dns_managed_zone'
assert resource['values']['forwarding_config'] == [{
'target_name_servers': [{
'forwarding_path': '',
'ipv4_address': '1.2.3.4'
}]
}]
def test_peering(plan_runner):
"Test peering zone."
_, resources = plan_runner(type='peering', recordsets='null',
peer_network='dummy-vpc-self-link')
assert len(resources) == 1
resource = resources[0]
assert resource['type'] == 'google_dns_managed_zone'
assert resource['values']['peering_config'] == [{
'target_network': [{
'network_url': 'dummy-vpc-self-link'
}]
}]
def test_public(plan_runner):
"Test public zone with two recordsets."
_, resources = plan_runner(type='public')
for r in resources:
if r['type'] != 'google_dns_managed_zone':
continue
assert r['values']['visibility'] == 'public'
assert r['values']['private_visibility_config'] == []

11
tests/modules/gcs/tftest.yaml → tests/modules/dns/tftest.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,9 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/gcs
common_tfvars:
- common.tfvars
module: modules/dns
tests:
prefix:
iam:
no_clients:
null_forwarders:

13
tests/modules/gcs/common.tfvars
View File

@ -1,13 +0,0 @@
force_destroy = true
labels = { environment = "test" }
logging_config = {
log_bucket = "foo"
}
name = "test"
project_id = "test-project"
retention_policy = {
retention_period = 5
is_locked = false
}
storage_class = "MULTI_REGIONAL"
versioning = true

14
tests/modules/api_gateway/test_plan.py → tests/modules/gcs/examples/cmek.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,8 +12,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket.google_storage_bucket.bucket:
encryption:
- default_kms_key_name: my-encryption-key
name: my-bucket
project: myproject
def test_resource_count(plan_runner):
"Test number of resources created."
_, resources = plan_runner()
assert len(resources) == 5
counts:
google_storage_bucket: 1

46
tests/modules/gcs/prefix.yaml → tests/modules/gcs/examples/lifecycle.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -13,32 +13,26 @@
# limitations under the License.
values:
google_storage_bucket.bucket:
force_destroy: true
labels:
environment: test
location: EU
logging:
- log_bucket: foo
name: foo-test
project: test-project
retention_policy:
- is_locked: false
retention_period: 5
storage_class: MULTI_REGIONAL
uniform_bucket_level_access: true
versioning:
- enabled: true
module.bucket.google_storage_bucket.bucket:
lifecycle_rule:
- action:
- storage_class: STANDARD
type: SetStorageClass
condition:
- age: 30
created_before: ''
custom_time_before: ''
days_since_custom_time: null
days_since_noncurrent_time: null
matches_prefix: []
matches_storage_class: []
matches_suffix: []
noncurrent_time_before: ''
num_newer_versions: null
name: my-bucket
project: myproject
counts:
google_storage_bucket: 1
modules: 0
resources: 1
outputs:
bucket: __missing__
id: foo-test
name: foo-test
notification: null
topic: null
url: __missing__
outputs: {}

31
tests/modules/gcs/examples/notification.yaml Normal file
View File

@ -0,0 +1,31 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket-gcs-notification.google_pubsub_topic.topic[0]: {}
module.bucket-gcs-notification.google_pubsub_topic_iam_binding.binding[0]: {}
module.bucket-gcs-notification.google_storage_bucket.bucket:
name: my-bucket
project: myproject
module.bucket-gcs-notification.google_storage_notification.notification[0]:
bucket: my-bucket
event_types:
- OBJECT_FINALIZE
payload_format: JSON_API_V1
counts:
google_pubsub_topic: 1
google_pubsub_topic_iam_binding: 1
google_storage_bucket: 1
google_storage_notification: 1

26
tests/modules/gcs/examples/retention-logging.yaml Normal file
View File

@ -0,0 +1,26 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket.google_storage_bucket.bucket:
logging:
- log_bucket: log-bucket
name: my-bucket
project: myproject
retention_policy:
- is_locked: true
retention_period: 100
counts:
google_storage_bucket: 1

46
tests/modules/gcs/examples/simple.yaml Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket.google_storage_bucket.bucket:
autoclass: []
cors: []
custom_placement_config: []
default_event_based_hold: null
encryption: []
force_destroy: false
labels:
cost-center: devops
lifecycle_rule: []
location: EU
logging: []
name: test-my-bucket
project: myproject
requester_pays: null
retention_policy: []
storage_class: MULTI_REGIONAL
timeouts: null
uniform_bucket_level_access: true
versioning:
- enabled: true
module.bucket.google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
bucket: test-my-bucket
condition: []
members:
- group:storage@example.com
role: roles/storage.admin
counts:
google_storage_bucket: 1
google_storage_bucket_iam_binding: 1

3
tests/modules/gcs/iam.tfvars
View File

@ -1,3 +0,0 @@
iam = {
"roles/storage.admin" = ["user:a@example.org"]
}

1
tests/modules/gcs/prefix.tfvars
View File

@ -1 +0,0 @@
prefix = "foo"

32
tests/modules/gke_cluster/examples/autopilot.yaml Normal file
View File

@ -0,0 +1,32 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-autopilot.google_container_cluster.cluster:
enable_autopilot: true
ip_allocation_policy:
- cluster_secondary_range_name: pods
services_secondary_range_name: services
location: europe-west1-b
master_authorized_networks_config:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
name: cluster-autopilot
network: projects/xxx/global/networks/aaa
project: myproject
subnetwork: subnet_self_link
counts:
google_container_cluster: 1

42
tests/modules/gke_cluster/examples/basic.yaml Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1.google_container_cluster.cluster:
default_max_pods_per_node: 32
ip_allocation_policy:
- cluster_secondary_range_name: pods
services_secondary_range_name: services
location: europe-west1-b
master_authorized_networks_config:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
name: cluster-1
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: true
enable_private_nodes: true
master_global_access_config:
- enabled: false
master_ipv4_cidr_block: 192.168.0.0/28
private_endpoint_subnetwork: null
project: myproject
remove_default_node_pool: true
resource_labels:
environment: dev
subnetwork: subnet_self_link
counts:
google_container_cluster: 1

45
tests/modules/gke_cluster/examples/dataplane-v2.yaml Normal file
View File

@ -0,0 +1,45 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1.google_container_cluster.cluster:
datapath_provider: ADVANCED_DATAPATH
ip_allocation_policy:
- cluster_secondary_range_name: pods
services_secondary_range_name: services
location: europe-west1-b
master_authorized_networks_config:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
min_master_version: null
name: cluster-dataplane-v2
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: true
enable_private_nodes: true
master_global_access_config:
- enabled: false
master_ipv4_cidr_block: 192.168.0.0/28
private_endpoint_subnetwork: null
project: myproject
remove_default_node_pool: true
resource_labels:
environment: dev
subnetwork: subnet_self_link
workload_identity_config:
- workload_pool: myproject.svc.id.goog
counts:
google_container_cluster: 1

29
tests/modules/gke_cluster/fixture/main.tf
View File

@ -1,29 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/gke-cluster"
project_id = "my-project"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = "mynetwork"
subnetwork = "mysubnet"
}
enable_addons = var.enable_addons
enable_features = var.enable_features
tags = var.tags
}

43
tests/modules/gke_cluster/fixture/variables.tf
View File

@ -1,43 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "enable_addons" {
type = any
default = {
horizontal_pod_autoscaling = true
http_load_balancing = true
}
}
variable "enable_features" {
type = any
default = {
workload_identity = true
}
}
variable "monitoring_config" {
type = any
default = {
managed_prometheus = true
}
}
variable "tags" {
description = "Network tags applied to nodes."
type = list(string)
default = null
}

38
tests/modules/gke_cluster/test_plan.py
View File

@ -1,38 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_standard(plan_runner):
"Test resources created with variable defaults."
_, resources = plan_runner()
assert len(resources) == 1
cluster_config = resources[0]['values']
assert cluster_config['name'] == "cluster-1"
assert cluster_config['network'] == "mynetwork"
assert cluster_config['subnetwork'] == "mysubnet"
assert cluster_config['enable_autopilot'] is None
# assert 'service_account' not in node_config
def test_autopilot(plan_runner):
"Test resources created with variable defaults."
_, resources = plan_runner(enable_features='{ autopilot=true }')
assert len(resources) == 1
cluster_config = resources[0]['values']
assert cluster_config['name'] == "cluster-1"
assert cluster_config['network'] == "mynetwork"
assert cluster_config['subnetwork'] == "mysubnet"
assert cluster_config['enable_autopilot'] == True
# assert 'service_account' not in node_config

23
tests/modules/gke_nodepool/examples/basic.yaml Normal file
View File

@ -0,0 +1,23 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
cluster: cluster-1
location: europe-west1-b
name: nodepool-1
project: myproject
counts:
google_container_node_pool: 1

60
tests/modules/gke_nodepool/examples/config.yaml Normal file
View File

@ -0,0 +1,60 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
autoscaling:
- location_policy: null
max_node_count: 10
min_node_count: 1
total_max_node_count: null
total_min_node_count: null
cluster: cluster-1
initial_node_count: 1
location: europe-west1-b
management:
- auto_repair: true
auto_upgrade: false
name: nodepool-1
node_config:
- boot_disk_kms_key: null
disk_size_gb: 50
disk_type: pd-ssd
ephemeral_storage_config:
- local_ssd_count: 1
gcfs_config: []
gvnic: []
kubelet_config: []
labels:
environment: dev
linux_node_config: []
logging_variant: DEFAULT
machine_type: n2-standard-2
node_group: null
oauth_scopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: false
reservation_affinity: []
resource_labels: null
sandbox_config: []
spot: true
tags: null
taint: []
placement_policy: []
project: myproject
module.cluster-1-nodepool-1.google_service_account.service_account[0]: {}
counts:
google_container_node_pool: 1
google_service_account: 1

52
tests/modules/gke_nodepool/examples/create-sa.yaml Normal file
View File

@ -0,0 +1,52 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
cluster: cluster-1
location: europe-west1-b
name: nodepool-1
node_config:
- boot_disk_kms_key: null
disk_type: pd-balanced
ephemeral_storage_config: []
gcfs_config: []
gvnic: []
kubelet_config: []
linux_node_config: []
logging_variant: DEFAULT
node_group: null
oauth_scopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: false
reservation_affinity: []
resource_labels: null
sandbox_config: []
spot: false
tags: null
taint: []
placement_policy: []
project: myproject
timeouts: null
module.cluster-1-nodepool-1.google_service_account.service_account[0]:
account_id: spam-eggs
description: null
disabled: false
display_name: Terraform GKE cluster-1 nodepool-1.
project: myproject
timeouts: null
counts:
google_container_node_pool: 1
google_service_account: 1

43
tests/modules/gke_nodepool/examples/external-sa.yaml Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
cluster: cluster-1
location: europe-west1-b
name: nodepool-1
node_config:
- boot_disk_kms_key: null
disk_type: pd-balanced
ephemeral_storage_config: []
gcfs_config: []
gvnic: []
kubelet_config: []
linux_node_config: []
logging_variant: DEFAULT
node_group: null
oauth_scopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: false
reservation_affinity: []
resource_labels: null
sandbox_config: []
service_account: foo-bar@myproject.iam.gserviceaccount.com
spot: false
tags: null
taint: []
project: myproject
counts:
google_container_node_pool: 1

45
tests/modules/gke_nodepool/fixture/main.tf
View File

@ -1,45 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
resource "google_service_account" "test" {
project = "my-project"
account_id = "gke-nodepool-test"
display_name = "Test Service Account"
}
module "test" {
source = "../../../../modules/gke-nodepool"
project_id = "my-project"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
gke_version = var.gke_version
labels = var.labels
max_pods_per_node = var.max_pods_per_node
node_config = var.node_config
node_count = var.node_count
node_locations = var.node_locations
nodepool_config = var.nodepool_config
pod_range = var.pod_range
reservation_affinity = var.reservation_affinity
service_account = {
create = var.service_account_create
email = google_service_account.test.email
}
sole_tenant_nodegroup = var.sole_tenant_nodegroup
tags = var.tags
taints = var.taints
}

86
tests/modules/gke_nodepool/fixture/variables.tf
View File

@ -1,86 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "gke_version" {
type = string
default = null
}
variable "labels" {
type = map(string)
default = {}
nullable = false
}
variable "max_pods_per_node" {
type = number
default = null
}
variable "node_config" {
type = any
default = {
disk_type = "pd-balanced"
}
}
variable "node_count" {
type = any
default = {
initial = 1
}
nullable = false
}
variable "node_locations" {
type = list(string)
default = null
}
variable "nodepool_config" {
type = any
default = null
}
variable "pod_range" {
type = any
default = null
}
variable "reservation_affinity" {
type = any
default = null
}
variable "service_account_create" {
type = bool
default = false
}
variable "sole_tenant_nodegroup" {
type = string
default = null
}
variable "tags" {
type = list(string)
default = null
}
variable "taints" {
type = any
default = null
}

67
tests/modules/gke_nodepool/test_plan.py
View File

@ -1,67 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_defaults(plan_runner):
"Test resources created with variable defaults."
_, resources = plan_runner()
assert len(resources) == 1
assert resources[0]['values']['autoscaling'] == []
def test_service_account(plan_runner):
_, resources = plan_runner()
assert len(resources) == 1
_, resources = plan_runner(service_account_create='true')
assert len(resources) == 2
assert 'google_service_account' in [r['type'] for r in resources]
def test_nodepool_config(plan_runner):
nodepool_config = '''{
autoscaling = { use_total_nodes = true, max_node_count = 3}
management = {}
upgrade_settings = { max_surge = 3, max_unavailable = 3 }
}'''
_, resources = plan_runner(nodepool_config=nodepool_config)
assert resources[0]['values']['autoscaling'] == [{
'location_policy': None,
'max_node_count': None,
'min_node_count': None,
'total_max_node_count': 3,
'total_min_node_count': None
}]
nodepool_config = '{ autoscaling = { max_node_count = 3} }'
_, resources = plan_runner(nodepool_config=nodepool_config)
assert resources[0]['values']['autoscaling'] == [{
'location_policy': None,
'max_node_count': 3,
'min_node_count': None,
'total_max_node_count': None,
'total_min_node_count': None
}]
def test_node_config(plan_runner):
node_config = '''{
gcfs = true
metadata = { foo = "bar" }
}'''
_, resources = plan_runner(node_config=node_config)
values = resources[0]['values']['node_config'][0]
assert values['gcfs_config'] == [{'enabled': True}]
assert values['metadata'] == {
'disable-legacy-endpoints': 'true',
'foo': 'bar'
}

42
tests/modules/net_vpc/examples/dns-policies.yaml Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
module.vpc.google_dns_policy.default[0]:
alternative_name_server_config:
- target_name_servers:
- forwarding_path: ''
ipv4_address: '8.8.8.8'
- forwarding_path: private
ipv4_address: '10.0.0.1'
description: Managed by Terraform
enable_inbound_forwarding: true
enable_logging: null
name: my-network
networks:
- {}
project: my-project
counts:
google_compute_network: 1
google_compute_subnetwork: 1
google_dns_policy: 1
modules: 1
resources: 3
outputs: {}

50
tests/modules/net_vpc/examples/factory.yaml Normal file
View File

@ -0,0 +1,50 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
routing_mode: GLOBAL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-detailed"]:
description: Sample description
ip_cidr_range: 10.0.0.0/24
log_config:
- aggregation_interval: INTERVAL_5_SEC
filter_expr: 'true'
flow_sampling: 0.5
metadata: INCLUDE_ALL_METADATA
metadata_fields: null
name: subnet-detailed
private_ip_google_access: false
project: my-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 192.168.0.0/24
range_name: secondary-range-a
module.vpc.google_compute_subnetwork.subnetwork["europe-west4/subnet-simple"]:
description: Terraform-managed.
ip_cidr_range: 10.0.1.0/24
log_config: []
name: subnet-simple
private_ip_google_access: true
project: my-project
region: europe-west4
role: null
secondary_ip_range: []
counts:
google_compute_network: 1
google_compute_subnetwork: 2

43
tests/modules/net_vpc/peering.yaml → tests/modules/net_vpc/examples/peering.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -13,35 +13,22 @@
# limitations under the License.
values:
google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
name: test
project: test-project
routing_mode: GLOBAL
google_compute_network_peering.local[0]:
export_custom_routes: true
import_custom_routes: false
name: test-peer
peer_network: projects/my-project/global/networks/peer
google_compute_network_peering.remote[0]:
module.vpc-hub.google_compute_network.network[0]: {}
module.vpc-spoke-1.google_compute_network.network[0]: {}
module.vpc-hub.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
module.vpc-spoke-1.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]: {}
module.vpc-spoke-1.google_compute_network_peering.local[0]:
export_custom_routes: false
export_subnet_routes_with_public_ip: true
import_custom_routes: true
name: peer-test
network: projects/my-project/global/networks/peer
import_subnet_routes_with_public_ip: null
module.vpc-spoke-1.google_compute_network_peering.remote[0]:
export_custom_routes: true
export_subnet_routes_with_public_ip: true
import_custom_routes: false
import_subnet_routes_with_public_ip: null
counts:
google_compute_network: 1
google_compute_network: 2
google_compute_network_peering: 2
outputs:
bindings: {}
project_id: test-project
subnet_ips: {}
subnet_regions: {}
subnet_secondary_ranges: {}
subnet_self_links: {}
subnets: {}
subnets_proxy_only: {}
subnets_psc: {}
google_compute_subnetwork: 2

40
tests/modules/net_vpc/examples/proxy-only-subnets.yaml Normal file
View File

@ -0,0 +1,40 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
ip_cidr_range: 10.0.1.0/24
log_config: []
name: regional-proxy
project: my-project
purpose: REGIONAL_MANAGED_PROXY
region: europe-west1
role: ACTIVE
module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.0.3.0/24
log_config: []
name: psc
project: my-project
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west1
role: null
counts:
google_compute_network: 1
google_compute_subnetwork: 2

47
tests/modules/net_vpc/examples/psc-routes.yaml Normal file
View File

@ -0,0 +1,47 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
address: 10.0.1.0
address_type: INTERNAL
description: null
ip_version: null
name: myrange
prefix_length: 24
project: my-project
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
routing_mode: GLOBAL
module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
export_custom_routes: true
import_custom_routes: true
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
project: my-project
module.vpc.google_service_networking_connection.psa_connection["1"]:
reserved_peering_ranges:
- myrange
service: servicenetworking.googleapis.com
counts:
google_compute_global_address: 1
google_compute_network: 1
google_compute_network_peering_routes_config: 1
google_compute_subnetwork: 1
google_service_networking_connection: 1

46
tests/modules/net_vpc/examples/psc.yaml Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
address: 10.0.1.0
address_type: INTERNAL
name: myrange
prefix_length: 24
project: my-project
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
export_custom_routes: false
import_custom_routes: false
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
project: my-project
module.vpc.google_service_networking_connection.psa_connection["1"]:
reserved_peering_ranges:
- myrange
service: servicenetworking.googleapis.com
counts:
google_compute_global_address: 1
google_compute_network: 1
google_compute_network_peering_routes_config: 1
google_compute_subnetwork: 1
google_service_networking_connection: 1
outputs: {}

146
tests/modules/net_vpc/examples/routes.yaml Normal file
View File

@ -0,0 +1,146 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc["gateway"].google_compute_network.network[0]:
name: my-network-with-route-gateway
project: my-project
routing_mode: GLOBAL
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-gateway-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-gateway-next-hop
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["ilb"].google_compute_network.network[0]:
name: my-network-with-route-ilb
project: my-project
routing_mode: GLOBAL
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-ilb-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-ilb-next-hop
next_hop_gateway: null
next_hop_ilb: regions/europe-west1/forwardingRules/test
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["instance"].google_compute_network.network[0]:
name: my-network-with-route-instance
project: my-project
routing_mode: GLOBAL
module.vpc["instance"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-instance-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["instance"].google_compute_route.instance["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-instance-next-hop
next_hop_gateway: null
next_hop_ilb: null
next_hop_instance: zones/europe-west1-b/test
next_hop_instance_zone: europe-west1-b
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["ip"].google_compute_network.network[0]:
name: my-network-with-route-ip
project: my-project
routing_mode: GLOBAL
module.vpc["ip"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-ip-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["ip"].google_compute_route.ip["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-ip-next-hop
next_hop_gateway: null
next_hop_ilb: null
next_hop_instance: null
next_hop_ip: 192.168.0.128
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["vpn_tunnel"].google_compute_network.network[0]:
name: my-network-with-route-vpn-tunnel
project: my-project
routing_mode: GLOBAL
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-vpn-tunnel-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-vpn-tunnel-next-hop
next_hop_gateway: null
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
priority: 1000
project: my-project
tags: null
counts:
google_compute_network: 5
google_compute_route: 10

51
tests/modules/net_vpc/examples/shared-vpc.yaml Normal file
View File

@ -0,0 +1,51 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc-host.google_compute_network.network[0]:
name: my-host-network
project: my-project
module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
project: my-project
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
host_project: my-project
service_project: project1
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
host_project: my-project
service_project: project2
module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- serviceAccount:cloudsvc
- serviceAccount:gke
project: my-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.securityAdmin"]:
condition: []
members:
- serviceAccount:gke
project: my-project
region: europe-west1
role: roles/compute.securityAdmin
subnetwork: subnet-1
counts:
google_compute_network: 1
google_compute_shared_vpc_host_project: 1
google_compute_shared_vpc_service_project: 2
google_compute_subnetwork: 1
google_compute_subnetwork_iam_binding: 2

50
tests/modules/net_vpc/examples/simple.yaml Normal file
View File

@ -0,0 +1,50 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
name: my-network
project: my-project
routing_mode: GLOBAL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
log_config: []
name: production
private_ip_google_access: true
project: my-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 172.16.0.0/20
range_name: pods
- ip_cidr_range: 192.168.0.0/24
range_name: services
module.vpc.google_compute_subnetwork.subnetwork["europe-west2/production"]:
description: Terraform-managed.
ip_cidr_range: 10.0.16.0/24
log_config: []
name: production
private_ip_google_access: true
project: my-project
region: europe-west2
role: null
secondary_ip_range: []
counts:
google_compute_network: 1
google_compute_subnetwork: 2

54
tests/modules/net_vpc/examples/subnet-iam.yaml Normal file
View File

@ -0,0 +1,54 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
name: subnet-1
project: my-project
region: europe-west1
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
name: subnet-2
private_ip_google_access: true
project: my-project
region: europe-west1
module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- group:group1@example.com
- user:user1@example.com
project: my-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-2.roles/compute.networkUser"]:
condition: []
members:
- group:group2@example.com
- user:user2@example.com
project: my-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-2
counts:
google_compute_network: 1
google_compute_subnetwork: 2
google_compute_subnetwork_iam_binding: 2
modules: 1
resources: 5
outputs: {}

70
tests/modules/net_vpc/examples/subnet-options.yaml Normal file
View File

@ -0,0 +1,70 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
description: Subnet b
ip_cidr_range: 10.0.1.0/24
log_config: []
name: no-pga
private_ip_google_access: false
project: my-project
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
log_config: []
name: simple
private_ip_google_access: true
project: my-project
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
description: Terraform-managed.
ip_cidr_range: 10.0.3.0/24
ipv6_access_type: null
log_config:
- aggregation_interval: INTERVAL_10_MIN
filter_expr: 'true'
flow_sampling: 0.5
metadata: INCLUDE_ALL_METADATA
metadata_fields: null
name: with-flow-logs
private_ip_google_access: true
project: my-project
region: europe-west1
role: null
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-secondary-ranges"]:
description: Terraform-managed.
ip_cidr_range: 10.0.2.0/24
log_config: []
name: with-secondary-ranges
private_ip_google_access: true
project: my-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 192.168.0.0/24
range_name: a
- ip_cidr_range: 192.168.1.0/24
range_name: b
counts:
google_compute_network: 1
google_compute_subnetwork: 4

1
tests/modules/net_vpc/factory.tfvars
View File

@ -1 +0,0 @@
data_folder = "../../tests/modules/net_vpc/data"

44
tests/modules/net_vpc/factory.yaml
View File

@ -1,44 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_subnetwork.subnetwork["europe-west1/factory-subnet"]:
description: 'Sample description'
ip_cidr_range: '10.128.0.0/24'
ipv6_access_type: null
log_config: []
name: 'factory-subnet'
private_ip_google_access: false
project: 'test-project'
region: 'europe-west1'
role: null
secondary_ip_range:
- ip_cidr_range: '192.168.128.0/24'
range_name: 'secondary-range-a'
google_compute_subnetwork.subnetwork["europe-west4/factory-subnet2"]:
description: 'Sample description'
ip_cidr_range: '10.129.0.0/24'
log_config: []
name: 'factory-subnet2'
private_ip_google_access: true
project: 'test-project'
region: 'europe-west4'
role: null
secondary_ip_range: []
# FIXME: should we have some bindings here?
counts:
google_compute_network: 1
google_compute_subnetwork: 2

30
tests/modules/net_vpc/fixture/main.tf
View File

@ -1,30 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/net-vpc"
project_id = "test-project"
name = "test"
peering_config = var.peering_config
routes = var.routes
shared_vpc_host = var.shared_vpc_host
shared_vpc_service_projects = var.shared_vpc_service_projects
subnet_iam = var.subnet_iam
subnets = var.subnets
auto_create_subnetworks = var.auto_create_subnetworks
psa_config = var.psa_config
data_folder = var.data_folder
}

44
tests/modules/net_vpc/fixture/test.subnets.tfvars
View File

@ -1,44 +0,0 @@
subnet_iam = {
"europe-west1/a" = {
"roles/compute.networkUser" = [
"user:a@example.com", "group:g-a@example.com"
]
}
"europe-west1/c" = {
"roles/compute.networkUser" = [
"user:c@example.com", "group:g-c@example.com"
]
}
}
subnets = [
{
name = "a"
region = "europe-west1"
ip_cidr_range = "10.0.0.0/24"
},
{
name = "b"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24",
description = "Subnet b"
enable_private_access = false
},
{
name = "c"
region = "europe-west1"
ip_cidr_range = "10.0.2.0/24"
secondary_ip_ranges = {
a = "192.168.0.0/24"
b = "192.168.1.0/24"
}
},
{
name = "d"
region = "europe-west1"
ip_cidr_range = "10.0.3.0/24"
flow_logs_config = {
flow_sampling = 0.5
aggregation_interval = "INTERVAL_10_MIN"
}
}
]

101
tests/modules/net_vpc/fixture/variables.tf
View File

@ -1,101 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "auto_create_subnetworks" {
type = bool
default = false
}
variable "data_folder" {
type = string
default = null
}
variable "delete_default_routes_on_create" {
type = bool
default = false
}
variable "description" {
type = string
default = "Terraform-managed."
}
variable "dns_policy" {
type = any
default = null
}
variable "mtu" {
type = number
default = null
}
variable "peering_config" {
type = any
default = null
}
variable "psa_config" {
type = any
default = null
}
variable "routes" {
type = any
default = {}
nullable = false
}
variable "routing_mode" {
type = string
default = "GLOBAL"
}
variable "shared_vpc_host" {
type = bool
default = false
}
variable "shared_vpc_service_projects" {
type = list(string)
default = []
}
variable "subnets" {
type = any
default = []
}
variable "subnet_iam" {
type = map(map(list(string)))
default = {}
}
variable "subnets_proxy_only" {
type = any
default = []
}
variable "subnets_psc" {
type = any
default = []
}
variable "vpc_create" {
type = bool
default = true
}

5
tests/modules/net_vpc/peering.tfvars
View File

@ -1,5 +0,0 @@
peering_config = {
peer_vpc_self_link = "projects/my-project/global/networks/peer"
export_routes = true
import_routes = null
}

7
tests/modules/net_vpc/psa_simple.tfvars
View File

@ -1,7 +0,0 @@
psa_config = {
ranges = {
bar = "172.16.100.0/24"
foo = "172.16.101.0/24"
}
routes = null
}

70
tests/modules/net_vpc/psa_simple.yaml
View File

@ -1,70 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_global_address.psa_ranges["bar"]:
address: 172.16.100.0
address_type: INTERNAL
description: null
ip_version: null
name: bar
prefix_length: 24
project: test-project
purpose: VPC_PEERING
google_compute_global_address.psa_ranges["foo"]:
address: 172.16.101.0
address_type: INTERNAL
description: null
ip_version: null
name: foo
prefix_length: 24
project: test-project
purpose: VPC_PEERING
google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: test
project: test-project
routing_mode: GLOBAL
google_compute_network_peering_routes_config.psa_routes["1"]:
export_custom_routes: false
import_custom_routes: false
project: test-project
google_service_networking_connection.psa_connection["1"]:
reserved_peering_ranges:
- bar
- foo
service: servicenetworking.googleapis.com
counts:
google_compute_global_address: 2
google_compute_network: 1
google_compute_network_peering_routes_config: 1
google_service_networking_connection: 1
outputs:
bindings: {}
name: __missing__
network: __missing__
project_id: test-project
self_link: __missing__
subnet_ips: {}
subnet_regions: {}
subnet_secondary_ranges: {}
subnet_self_links: {}
subnets: {}
subnets_proxy_only: {}
subnets_psc: {}

1
tests/modules/net_vpc/simple.tfvars
View File

@ -1 +0,0 @@
# skip boilerplate check

44
tests/modules/net_vpc/subnets.tfvars
View File

@ -1,44 +0,0 @@
subnet_iam = {
"europe-west1/a" = {
"roles/compute.networkUser" = [
"user:a@example.com", "group:g-a@example.com"
]
}
"europe-west1/c" = {
"roles/compute.networkUser" = [
"user:c@example.com", "group:g-c@example.com"
]
}
}
subnets = [
{
name = "a"
region = "europe-west1"
ip_cidr_range = "10.0.0.0/24"
},
{
name = "b"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24",
description = "Subnet b"
enable_private_access = false
},
{
name = "c"
region = "europe-west1"
ip_cidr_range = "10.0.2.0/24"
secondary_ip_ranges = {
a = "192.168.0.0/24"
b = "192.168.1.0/24"
}
},
{
name = "d"
region = "europe-west1"
ip_cidr_range = "10.0.3.0/24"
flow_logs_config = {
flow_sampling = 0.5
aggregation_interval = "INTERVAL_10_MIN"
}
}
]

120
tests/modules/net_vpc/subnets.yaml
View File

@ -1,120 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
name: test
project: test-project
routing_mode: GLOBAL
google_compute_subnetwork.subnetwork["europe-west1/a"]:
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
log_config: []
name: a
private_ip_google_access: true
project: test-project
region: europe-west1
role: null
secondary_ip_range: []
google_compute_subnetwork.subnetwork["europe-west1/b"]:
description: Subnet b
ip_cidr_range: 10.0.1.0/24
log_config: []
name: b
private_ip_google_access: false
project: test-project
region: europe-west1
role: null
secondary_ip_range: []
google_compute_subnetwork.subnetwork["europe-west1/c"]:
description: Terraform-managed.
ip_cidr_range: 10.0.2.0/24
ipv6_access_type: null
log_config: []
name: c
private_ip_google_access: true
project: test-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 192.168.0.0/24
range_name: a
- ip_cidr_range: 192.168.1.0/24
range_name: b
google_compute_subnetwork.subnetwork["europe-west1/d"]:
description: Terraform-managed.
ip_cidr_range: 10.0.3.0/24
log_config:
- aggregation_interval: INTERVAL_10_MIN
filter_expr: 'true'
flow_sampling: 0.5
metadata: INCLUDE_ALL_METADATA
metadata_fields: null
name: d
private_ip_google_access: true
project: test-project
region: europe-west1
role: null
secondary_ip_range: []
google_compute_subnetwork_iam_binding.binding["europe-west1/a.roles/compute.networkUser"]:
condition: []
members:
- group:g-a@example.com
- user:a@example.com
project: test-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: a
google_compute_subnetwork_iam_binding.binding["europe-west1/c.roles/compute.networkUser"]:
condition: []
members:
- group:g-c@example.com
- user:c@example.com
project: test-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: c
counts:
google_compute_network: 1
google_compute_subnetwork: 4
google_compute_subnetwork_iam_binding: 2
outputs:
bindings: __missing__
project_id: test-project
subnet_ips:
europe-west1/a: 10.0.0.0/24
europe-west1/b: 10.0.1.0/24
europe-west1/c: 10.0.2.0/24
europe-west1/d: 10.0.3.0/24
subnet_regions:
europe-west1/a: europe-west1
europe-west1/b: europe-west1
europe-west1/c: europe-west1
europe-west1/d: europe-west1
subnet_secondary_ranges:
europe-west1/a: {}
europe-west1/b: {}
europe-west1/c:
a: 192.168.0.0/24
b: 192.168.1.0/24
europe-west1/d: {}
subnet_self_links: __missing__
subnets: __missing__
subnets_proxy_only: {}
subnets_psc: {}

47
tests/modules/net_vpc/test_routes.py
View File

@ -1,47 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
_route_parameters = [('gateway', 'global/gateways/default-internet-gateway'),
('instance', 'zones/europe-west1-b/test'),
('ip', '192.168.0.128'),
('ilb', 'regions/europe-west1/forwardingRules/test'),
('vpn_tunnel', 'regions/europe-west1/vpnTunnels/foo')]
@pytest.mark.parametrize('next_hop_type,next_hop', _route_parameters)
def test_vpc_routes(plan_summary, next_hop_type, next_hop):
'Test vpc routes.'
var_routes = '''{
next-hop = {
dest_range = "192.168.128.0/24"
tags = null
next_hop_type = "%s"
next_hop = "%s"
}
gateway = {
dest_range = "0.0.0.0/0",
priority = 100
tags = ["tag-a"]
next_hop_type = "gateway",
next_hop = "global/gateways/default-internet-gateway"
}
}''' % (next_hop_type, next_hop)
summary = plan_summary('modules/net-vpc', tf_var_files=['common.tfvars'],
routes=var_routes)
assert len(summary.values) == 3
route = summary.values[f'google_compute_route.{next_hop_type}["next-hop"]']
assert route[f'next_hop_{next_hop_type}'] == next_hop

7
tests/modules/net_vpc/tftest.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -17,12 +17,7 @@ common_tfvars:
- common.tfvars
tests:
simple:
subnets:
peering:
shared_vpc:
factory:
psa_simple:
psa_routes_export:
psa_routes_import:
psa_routes_import_export:

2
tests/modules/organization/examples/basic.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

8
tests/requirements.txt
View File

@ -1,6 +1,6 @@
pytest>=6.2.5
pytest>=7.2.1
PyYAML>=6.0
tftest>=1.8.1
marko>=1.2.0
deepdiff>=5.7.0
python-hcl2>=3.0.5
marko>=1.2.2
deepdiff>=6.2.3
python-hcl2>=4.3.0

36
tools/plan_summary.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
import click
import sys
import tempfile
import yaml
from pathlib import Path
@ -27,17 +28,32 @@ import fixtures
@click.command()
@click.option('--example', default=False, is_flag=True)
@click.argument('module', type=click.Path(), nargs=1)
@click.argument('tfvars', type=click.Path(exists=True), nargs=-1)
def main(module, tfvars):
module = BASEDIR / module
summary = fixtures.plan_summary(module, Path(), tfvars)
print(yaml.dump({'values': summary.values}))
print(yaml.dump({'counts': summary.counts}))
outputs = {
k: v.get('value', '__missing__') for k, v in summary.outputs.items()
}
print(yaml.dump({'outputs': outputs}))
def main(example, module, tfvars):
try:
if example:
tmp_dir = tempfile.TemporaryDirectory()
tmp_path = Path(tmp_dir.name)
common_vars = BASEDIR / 'tests' / 'examples' / 'variables.tf'
(tmp_path / 'main.tf').symlink_to(module)
(tmp_path / 'variables.tf').symlink_to(common_vars)
(tmp_path / 'fabric').symlink_to(BASEDIR)
module = tmp_path
else:
module = BASEDIR / module
summary = fixtures.plan_summary(module, Path(), tfvars)
print(yaml.dump({'values': summary.values}))
print(yaml.dump({'counts': summary.counts}))
outputs = {
k: v.get('value', '__missing__') for k, v in summary.outputs.items()
}
print(yaml.dump({'outputs': outputs}))
finally:
if example:
tmp_dir.cleanup()
if __name__ == '__main__':